With everyone worried about Cyber Security and Data Breaches, many people forget that most frauds happen from within. One might be surprised to find out that some malpractice claims can be attributed to fraud from with the law firm. Law firms frequently deal with clients that have either committed fraud or helping a client investigate a fraud committed against the client. Surprisingly law firms tend to overlook the possibility of fraud committed in their own firm. Attorneys want to practice law but not take care of the business of running a law firm. Many attorneys delegate the business of the law to a “trusted” employee who has a great deal of autonomy with little oversight.
Many firms do not have written policies and procedures in place designed to prevent fraudulent activities. For example, the same “trusted” employee has the responsibilities for opening the mail and preparing the bills. If there is a system of controls, when was the last time those controls were reviewed and updated?
Onsite management by a team of professional owners would seem to make it more difficult for thieves to carry out elaborate and costly schemes. But law firm partners tend to override internal controls. So you must enforce and regularly update controls. Otherwise, your firm may be just as vulnerable to fraud as firms that have taken no controls in place.
Work environments where there is considerable pressure to meet ambitious financial and performance goals can turn normally upright employees into lawbreakers. Employees that are stressed out about meeting their bills with ready access to the check book are just waiting from a fraud. Plus if firms tend to be lax in punishing perpetrators because of the fear of bad publicity word gets around. Remember the saying “Trust but Verify.”
An Ounce of Prevention
Review your firm's policies and procedures. Identify potential vulnerabilities. This includes hiring, payroll, billing, collections and IT security. At the very least, ensure that your firm follows these steps:
1. Screens Employees--When you hire anyone (including lateral partners), perform credit and criminal background checks and verify résumé items related to past employment, education, military service and professional certification. Check bar websites to see if there are any past disciplinary issues. The federal Fair Credit Reporting Act generally requires you to obtain a person's permission to run a credit check, and some states allow credit checks only for positions with certain financial responsibilities.
- Separates Duties--Make sure no single employee or partner is in charge of purchasing and approving vendors or receiving payments and depositing them. With a small law firm it can be difficult to spread duties. Consider outsourcing some accounting functions. Never let a non-partner have check signing authority, which is one avenue for fraud. You should likely require that two partners sign checks above a certain amount. For ACH transactions or wire transfers, make sure that it is a 2 step process so no one employee can initiate a money transfer. If possible periodically rotate duties.
- Vendor Gifts—Either limit or prohibit gifts, trips or entertainment provided by vendors.
- Reconcile Accounts--Balance financial records by comparing receipts that are recorded in the billing system to revenues recorded in the accounting system. These accounts should tie out and be balanced against your bank and credit card statements. Review bank and credit card statements regularly looking for suspicious transactions or unknown unapproved vendors.
- Vacation Policy—All attorneys and staff that handle funds should be required to take at least a week off consecutively. This means that backups should be able to handle the duties.
- Periodic Audits—If you have delegated the reconciliations make sure to have your outside accountant or internal audit audit certain accounts. Let employees know that unannounced audits are possible at any time, but do not let them know what data or records the auditors will review.
In addition to strong internal controls, firm management must project and encourage integrity and ethical behavior. Part of any good internal control program is to make sure attorneys and staff understand what constitutes fraud, and how to steer clear of it. Periodically provide examples of illegal and unethical behavior, and explain how employees can help prevent and deter fraud by adhering to your firm's internal controls. Make sure staff knows the consequences for violating internal controls.
Train partners and managers in spotting potential perpetrators and suspicious behavior. Sometimes the people committing a fraud may exhibit control issues, such as an unwillingness to share duties, files or billing records, irritability or defensiveness when confronted about irregularities, or unusually close associations with vendors. Provide reporting guidelines and a process for investigating such suspicions.
Avoid the Surprise
You may think that fraud happens only to someone else. But the consequences financially and professionally to having a law firm having their trust account drained or unknowingly paying for an employee to take an expensive vacations can cause bar complaints at a minimum. A fraud from the firm could also impact an attorney’s personal assets and earning ability in the future. Remember the attorney is ultimately responsible for the actions of their staff.