Your accounts department is the one at greatest risk from fraud and theft, and it will be its activities that are the most targeted by criminals, whether it is to launder money, divert client money by intercepting emails, accounts fraud, or to obtain money from office account via scams like CEO fraud or false invoicing.
Principle 10 of the SRA Handbook states that “you must protect client monies and assets”; it is breaches of this principle and the SRA Accounts Rules generally that see most solicitors being hauled before the Solicitors Disciplinary Tribunal (SDT) and struck off, but it is also these breaches that have seen a number of accounts staff being disciplined and banned from working in the profession.
A recent case heard by the SDT involved a head cashier who had been with the same firm for 36 years, but who stole around £8,500 from her firm to fund a bingo habit. Another case involved a Compliance Officer for Finance and Administration (COFA) who stole £120,000 from his firm’s office account over a ten month period.
In a further case a cashier in a large London firm stole £727,597.31 over two years; she handled currency transactions and would receive this currency and take it to a local foreign exchange and transfer it back into sterling, she would then pay this money into her bank.
The fact that these frauds were allowed to continue over prolonged periods of time before being picked up, goes to show how weak or non-existent the checks and balances were within the firms concerned.
Due to the increase in cybercrime, you have probably focused your attentions on protecting your firm and your clients from criminals involved in these types of crimes, but actually you need to focus just as much on those employed within your accounts department, as it is these people that criminals are now targeting.
So what do you need to watch out for in terms of red flags?
· Unusual behaviour of staff - could they be the target of an online romance fraud where criminals ask for money as a loan, or are living beyond means
· Long service with the firm – cases clearly show that firms can be too trusting of their long-serving staff and don’t want to question them for fear of losing them
· Head of accounts is also the COFA – although appointing the head of accounts as the COFA can seem a good choice, it can create a risk if proper checks and balances are not put in place; for example, they could commit fraud and then hide it by telling the partners in a
COFA report that everything is fine. It would be wise to appoint a partner as the COFA who has the capacity to question transactions and delve into issues that may ring alarm bells, so that there is independence between the operational and compliance aspects of the accounts function. In a recent poll 42% of firms said that their COFA was also the head of accounts, with another 21% saying that the COFA was a partner with limited knowledge of the SRA Accounts Rules; the latter statistic clearly shows that such firms are at risk from problems/fraud going unnoticed due to the COFA’s inability to properly interrogate accounts related matters.
· Daily reconciliations – many firms will reconcile accounts but will not dig into each transaction as part of this, therefore missing “sandwiched” fraudulent transactions; one of the checks and balances could be random in-depth checks on selected transactions. Such checks would deter staff who may think that their activities would be difficult to identify if the firm only focused on the reconciliation of broad totals rather than full breakdowns of figures.
· Access to online/telephone banking – firms need to check who is doing these and whether they stack up with each transaction.
· Lack of questioning over transactions – there have been cases where it has been the COFA that has defrauded the firm so it is important that the rest of the partners are able to interrogate the accounts aspects of the business, whether it is with the head of accounts or the COFA. In a recent poll 12.5% of firms said their partners were not able to interrogate transactions in client and office accounts, with another 5% saying they did not know if they could.
Principle 8 of the SRA Handbook says that you must, “run your business or carry out your role in the business effectively and in accordance with proper governance and sound financial and risk management principles”, which means you must ensure that appropriate checks and balances are in place to reduce the risks of fraud being perpetrated, whether by internal or external parties.
Due to the actions of a small number of bad apples holding responsible positions within their firms or accounts departments, you now need to question the honesty of your staff to ensure you have taken all appropriate steps to protect your firm and its clients.
Ensure you put appropriate checks and balances in place now so anyone who may be tempted to commit fraud is deterred from doing so; we all want to be able to trust the people we work with but misplacing this trust can lead to your business and reputation being irrevocably damaged.