A couple of years ago it is fair to say that as an industry we were not exactly quaking with fear at the prospect of identity theft.
Yes, we were all aware of it as a notion; certainly we may well have all been vigilant for quite some years in respect of personal identity theft. It was common practice to ensure that we shredded the likes of bank statements, bills and other personal documents, but it was with an ‘it won’t happen to us/me’ attitude.
Fast forward to the here and now — albeit only two years later – and there has been a very scary increase in the threat of corporate identity theft. Not a week goes by now without a scam alert from the SRA and more information on cybercrime from the likes of Action Fraud and CIFAS. The figures of 2011 of ONE scam alert in the month of September are a distant, and quite frankly desirable, memory. The subsequent rise to 21 alerts in 2012, which included the case of Aplins in December that same year, meant that the SRA released its now well-known warning with regards to the reliability of the Law Society’s Find A Solicitor site. http://www.sra.org.uk/identitytheft/
Within its second Risk Outlook, released last month, the SRA stated clearly that there has been an increase in firms targeted by criminals looking to gain a badge of legitimacy; by using the brand and identity of law firms. This is clearly a very real and present threat; at the time of writing the number of alerts for 2014 so far stands at 108. A severe increase on last year’s total at 103.
So what next? We wait for the criminals to keep targeting law firms, well known for holding large sums of client money? Look out for the scam alerts and circulate these and any other issued documents on the subject?
Yes and no, it serves a business well to keep abreast of this as an issue, but what are you doing to be proactive in this age of cyber-crime? How many checks do your firm and its teams do? For example, in your conveyancing department, which more than likely has one of, if not the, highest values in the client bank account, what do you do to ensure the protection of client money, the adherence to Rule 10?
Can you really say to your client that you are certain that the bank account their purchase funds are being transferred to is a bona fide solicitor’s bank account? If the answer is no to this question then you need to take a look at how your department and your staff risk manage transactions.
Two strategies we suggest are:
1. Blanket Policy
Using Lawyer Checker on all of your transactions allows you to demonstrate Outcomes Focused thinking across the board for this specific risk. It avoids having to create a process for deciding on whether to use Lawyer Checker in each transaction and potentially failing to use Lawyer Checker when important information could have been picked up
2. Safe List Policy
For this policy, transactions fall into two categories.
1. Transactions with firms that you deal with on a regular basis
2. Transactions with firms you have had little or no dealings with previously.
This could include transactions where you are dealing with a firm that you recognize but the Fee Earner is not known to you or if you have concerns about the transaction.
For the firms that you deal with regularly, we recommend that you build a safe list of their accounts that can be checked before you send funds each time you conduct a transaction with them.
For those firms that you do not know well, we suggest you conduct a Lawyer Checker search in order to adequately manage the risk associated with the transaction.
Please do not hesitate to contact the Lawyer Checker team on 0845 8354 666 or email [email protected]