The Regulation of Practice Committee has noted an increase in cases involving misappropriation of client and office moneys by employees of solicitors’ practices. While misappropriation by employees is not widespread, the number of cases that have come to the attention of the committee has increased recently. This practice note describes common methods of misappropriation and details the steps you can take to protect your practice.
Who is at risk?
Misappropriation by employees has occurred in large and small practices, in firms in Dublin and all over the country. The employees who have misappropriated the moneys include assistant solicitors, legal executives, office managers, bookkeepers and secretarial staff. Long-serving employees as well as recent appointments have been involved in the misappropriation. Employees with no direct access to the finances of the practice have misappropriated moneys, as well as employees with direct access to practice moneys.
The cost
Many solicitors have had to dig deep into their own resources in order to make good deficits on the client account caused by misappropriation of clients’ moneys by their employees. Employees have also misappropriated practice moneys. Not just money is at risk: electronic data, including client details, matter and file information, can be easily extracted by USB key and taken by a departing employee or passed on to third parties, the loss of which may be costly, not least in reputational damage.
Some methods used
One of the most common methods by which employees have misappropriated moneys from solicitors’ practices is the withdrawal of moneys by way of cheques made payable to financial institutions. An employee has either drawn or requisitioned a cheque made payable to a financial institution, usually to redeem a mortgage with that financial institution or to acquire a bank draft to complete a transaction or for payment of a beneficiary. Having obtained the signed cheque, the employee has lodged that cheque to their own bank account, very often held in a branch of the financial institution to which the cheque has been made payable, or purchased a bank draft for their own benefit.
Other methods of misappropriating clients’ moneys have included the drawing or the requisition of a cheque made payable to the client, where the name of the client has been endorsed on the reverse of the cheque and that cheque has been cashed or lodged to the bank account of the employee. Third-party cheques made payable to the firm or to clients have been intercepted by employees, endorsed, and lodged to the employee’s own bank account. Employees have obtained cash directly from clients and have not disclosed the receipt of these moneys to their employer.
Another way is to pay personal or family expenses disguised as an expense of the client – for example, hospital bills from an estate – or to pay personal utility bills from the office account, particularly if the provider is the same utility as supplies the firm.
In order to avoid detection, employees have misappropriated further moneys from the client account, using any of the methods described above, and lodged those moneys back into the client account in order to make a payment to the original client. False documentation has been placed on file to make it appear that moneys were received from, or paid to, a client on a particular date. Having managed to conceal the initial misappropriation, further misappropriation has occurred by the employee who, having found a method of misappropriating clients’ moneys and concealing it from his or her employer, continued to do so for a number of years.
However, it is not just cheques that are susceptible to misappropriation. Misappropriation has occurred where employees have had access to the firm’s online banking facilities. Employees have been able to transfer moneys from the bank accounts of the practice to their own personal accounts, often held in the same financial institution as the practice bank accounts.
The risk of unauthorised undertakings
Solicitors have also discovered that employees have issued undertakings to financial institutions in the name of the firm, without the knowledge or consent of their employers, in order to draw down loans for their own benefit. The signature of their employer has been forged on the undertakings and, on foot of those undertakings, financial institutions have released moneys to the employees. The employees have intercepted the post from the financial institutions enclosing the cheques, with the employer unaware of the transaction. In some cases, the undertaking included an obligation to redeem an existing mortgage from another financial institution, but the employee did not do so. Employees have also obtained loans on property that the employee did not own on foot of a solicitor’s undertaking. In other cases, loans have been obtained from credit unions on the basis of undertakings from the firm that the proceeds of a loan from another financial institution would be used to redeem the loan to the credit union. These letters were issued without the knowledge or consent of the solicitors of the firm.
Vigilance
It is important that solicitors are permanently aware that misappropriation can occur in any office, at any time, and be perpetrated by any employee. Solicitors should constantly review the procedures in their offices to prevent and detect misappropriation. It is an ongoing process, and it is not sufficient to rely on the reporting accountants to detect misappropriation, although the reporting accountants can advise the solicitor on methods of prevention and detection.
Some warning signs include an employee rarely taking leave, or only taking very short holidays; always working long hours, both morning and evening; reluctance to pass over work or files to a colleague; and constant computer crashes for no apparent reason.
Prevention strategies
Attention is drawn to regulation 9(3)(b) of the Solicitors Accounts Regulations 2014, which provides: “Where a solicitor withdraws moneys from a client account by means of a cheque drawn on that client account which is made payable to a bank in order to purchase a draft or other negotiable or non-negotiable instrument, the payee details, to be recorded on the client account cheque and the cheque stub or lodgement docket or other document of record in respect thereof maintained and kept by the solicitor, shall include the name of the person shown as payee on such draft or other negotiable or non-negotiable instrument.”
The Regulation of Practice Committee considers that, if this regulation is complied with fully, the opportunity for employees to lodge client account cheques made payable to financial institutions to their own bank accounts is reduced.
Sample internal controls
Solicitors should install internal controls appropriate to the size of the practice. It is not practicable in a practice note addressed to the whole profession to set out in detail all the controls a practice should have. The precise controls appropriate to each practice should be designed to meet the needs of the practice concerned. However, in general, measures that will assist solicitors in reducing the risk of misappropriation of clients’ moneys and office moneys by employees include:
- Ensuring that cheques made payable to banks and other financial institutions to purchase bank drafts disclose the name of the intended beneficiary of the transaction,
- Ensuring cheques made payable to banks and financial institutions to redeem mortgages clearly identify the person and the account number of the person or entity whose mortgage is to be redeemed,
- Having procedures in place to ensure that a principal solicitor or a partner in the firm opens the post and, where possible, the person in charge of the post should be rotated,
- Obtaining confirmation of receipt from clients and other third parties to whom payments have been made – though be aware of the possibility of forged documents,
- Issuing pre-numbered receipts for cash and cheques received directly from clients, and recording the receipt of those moneys in the books of accounts without delay,
- Keeping a register of undertakings and diligently managing the operation of the register, including periodic review,
- Regularly reviewing listings of client and office balances – in particular, dormant balances that may be targeted,
- Restricting access to the firm’s online banking facilities, as much as possible, to the authorised cheque signatories,
- Restricting physical access to all cheque books,
- Refusing to sign blank cheques under any circumstances,
- Only signing cheques/authorising electronic payment when backing documentation to explain the reason for the payment is attached – look for original documents as much as possible, since photocopies can easily be altered and recopied,
- Where possible, there should be division of duties – whoever requisitions or signs a cheque should not be responsible for sending out the cheque in the post,
- Prohibiting employees from signing client and office cheques without a second signatory – be alert to the possibility of collusion,
- Checking out the references of new employees and the circumstances under which they left their previous employer,
- Individuals recently promoted to a more senior financial position, who may not be as experienced as their predecessor, may be exploited or may not be as aware of the importance of various controls,
- Regular periodic review of files, picked at random, in conjunction with the client ledger account to compare transaction details to documents.
John Elliot,
Registrar of Solicitors and Director of Regulation