Fraud – how to deal with a rogue partner or employeeNovember 2022
A firm’s worst nightmare – an employee informs you that they think someone within the firm has been stealing from the firm and/or its clients by making unauthorised payments. An immediate response is required. But what is the best response to this situation, how should your firm investigate and what can you do to protect against partner misconduct?
Your professional indemnity insurer
Your first contact should be your firm’s professional indemnity insurers. You will need to comply with the notification requirements set out in your policy. This can either be directly or through your broker who will be able to assist you with this process.
A prompt notification is also essential for regulatory reasons. All partners in your firm are under a regulatory duty to replenish any shortfall in client funds promptly upon discovery and are jointly and severally liable for any breaches of the SRA rules. The duty to replace client monies promptly applies regardless of whether you have yet (or ever will) recover that money either from the member of staff responsible or from the insurers. A prompt notification might mean that insurers are prepared to replenish any client account deficit at the outset rather than your firm having to do this itself and then look for reimbursement from insurers further down the line. This would obviously be beneficial from a cash flow perspective.
Much however will depend on timescales.
In our experience, insurers will take a little time to confirm that there is a valid claim under the policy and thereafter make any payment. This is particularly so where the professional indemnity insurance is written on the SRA Minimum Terms and Conditions (as most are, and all will be interpreted in line with). Insurers will want to be satisfied that there are ‘innocent’ partners involved so the fraud exclusion in that cover does not come into play. The larger the firm, the less likely an issue this will be.
DEALING WITH A FRAUD
You should also notify your firm’s Compliance Office for Legal Practice (COLP) and Compliance Office for Finance and Administration (COFA). They should help investigate the matter. At this point, the potential fraudster should not be informed that they are under investigation and the police should not be called.
Initial investigations need not be extensive. What should be established is whether the whistleblower’s concerns are potentially valid. Investigations should include whether any unauthorised payments have occurred. If the whistleblower’s concerns are found to be potentially valid and insurers have not yet instructed defence solicitors, you should consider engaging external solicitors. Why? Because issues of privilege and client confidentiality may apply, and because the statutory regime around handling crime and its proceeds is difficult to negotiate without specialist input.
The appointment of external solicitors maximises your firm’s chances of the next steps of your investigation being protected by legal professional privilege. This is for two reasons: 1) your firm may face a claim from clients relating to the misappropriation of funds; and 2) your firm may be investigated by third parties such as the SRA or HMRC.
It is important to remember that legal advice privilege does not apply to advice given by accountants. Accordingly, any advice prepared by an accountant could be disclosable to third parties during the course of any future proceedings. If accountancy advice is needed (and the likelihood in this scenario is that it will), then it is your external solicitors that should instruct the accountants directly (rather than you doing it yourself) as this maximises the likelihood that litigation privilege will apply.
Your external solicitors will assist in preparing your strategy for resolving the matter. Time is of the essence. The objective should be to identify as much information as possible about the fraud as quickly as possible in order to maximise the chances of recovering any misappropriated funds from the fraudster. This will also likely result in minimising the damage to the business, both financially and reputationally. Freezing orders and search and seize orders should be considered. These sorts of applications need to be made without undue delay. Disclosure orders could also be sought against third parties such as banks to find out where the fraudster has deposited the money. It might also be considered appropriate to instruct legal advisers from other jurisdictions to advise on obtaining interim relief in other jurisdictions at the same time.
Where client funds are affected, you must ensure clients are informed and kept updated. Clients do not necessarily need to be informed of all the detailed findings of the investigation or of your firm’s strategy. However, they should be given sufficient information to enable them to appreciate that their concerns and assets are being safeguarded as best as possible. Your external solicitors may draft these communications on your behalf, as they do need care.
Check any agreements and policies
You should carefully review your contractual duties and powers contained in any partnership or LLP agreement together with any policies around partner behavioural standards, partner grievance or disciplinary procedures. Any relevant process should be carefully followed as far as possible to avoid any claim that your firm has breached its obligations or taken any action inconsistent with the handling of a similar matter (and therefore potentially discriminatory). The firm should also undertake a careful review of policies and procedures that might apply to the whistleblower.
Manage regulatory risk
A law firm has specific reporting obligations to the SRA in the event of misconduct by partners or staff, and in the event of financial concerns which may have been caused by the fraudster’s actions. The SRA’s main concern will be whether your firm moved quickly to replenish any deficit in client funds. You should report promptly to the SRA and continue to provide regular updating regulatory reports which evidence the client protection steps you have in place. You should be demonstrating to the SRA that you have a plan and that you are on top of matters.
You may feel it beneficial to engage a specialist PR consultancy to assist you in a reputation management exercise. In our experience, these professionals can be very useful in mitigating the effects of an internal fraud which, if left to their own devices, can be potentially very harmful indeed. The right PR consultant will be able to deal with external messaging and also assist in any internal needs so as to re-establish calm within the staff.
PREVENTION BEING BETTER THAN CURE
The situation described above is, mercifully, rare. However, it does happen and when it does it is horribly unsettling, time-consuming and distressing for all concerned. So, what steps could you take now to mitigate the risk of having to deal with something like this further down the line? We have set out a few practical tips below:
1. Complete a risk assessment – this should include an assessment of the circumstances where partner misconduct is likely to arise and responsive control measures. In recessionary times where workflows may be declining, the temptation to use the client account as a slush fund to keep the firm going before the good times come back is ever-present. Consider how you can prevent any one individual (at whatever level in the firm) having unfettered access to client account funds. Do the firm’s financial systems generally need to be made more robust to make frauds harder to perpetrate or quicker to detect?
2. Consider policy and procedural changes – think about likely ‘red flags’ for fraud; changes to lifestyle, working hours/patterns, unusual requests for funds to be paid in a particular way or into particular accounts. Get a feel for what ‘normal’ looks like and consider mapping that, so that you will be able to spot changes more easily.
3. Provide training – this should include training for all staff (including those dealing with the firm’s finances) on the firm’s behaviour policies and values, and on the likely consequences for staff members who act in breach of those obligations and expectations. Training should also be provided to HR, partners and other members of the firm who are likely to be first responders to any issues. Such training should include how to escalate issues and regulatory obligations etc.
4. Raise awareness – this should be through introducing and communicating policies on the behaviours and conduct expected from members of staff.
5. Enforcement – a ‘zero-tolerance’ approach to all forms of serious misconduct should be adopted and communicated.
6. Monitoring – a process for monitoring staff behaviour and reporting concerns should be implemented.
7. Update Partnership/LLP agreements – consider whether these agreements need to be updated to require compliance with related policies and procedures or to allow for partner suspension etc if they are under suspicion.
8. Consider insurance – do you have adequate types and levels of insurance in place to cover this type of situation? Should additional cover be purchased?
The key take away point is that your firm should act quickly if a fraud is suspected. A failure to do so is likely to result in your firm failing to contain and minimise the damage to the business, both financially and reputationally. Your firm will also be hindered in its ability to maximise the chances of recovery of the funds.
Decisive action in this situation will be the difference between success and failure for the firm and, of course, the partners personally. The assistance of specialist external professionals can significantly assist you in this process and help to bring the situation under control quickly, effectively and with the minimum of long-term disruption to the firm’s business.Download PDF