Q. FRAUD AWARENESS
How do you best protect against fraud the trust money that clients have entrusted to your firm? Educate yourself and others in your firm – lawyer and support staff alike – about the fraud risks and then creating and maintaining an environment of internal controls that helps prevent fraud.
Remember that this means protecting the channels by which you may receive trust money, or disburse it. For example:
- If your client is providing a cheque or bank draft, scrutinize it, does it look right?
- If you are acting on a collections matter and the opposing party provides the funds right away, does that make sense?
- If your client is pressuring you to disburse trust money in a hurry without following your firm’s established protocols, is that a warning sign?
- Are you being asked to change payout instructions late in the matter, inconsistent with the original instructions from your client?
- Do payment instructions make sense in the context of the matter? For example, if your client has recently moved to Alberta, why would they ask you to send funds out of Canada?
You should also know that beyond internal controls, you should always question the unusual when something doesn’t feel right. These questions should be investigated and resolved before accepting or disbursing trust money.
Be constantly diligent, as new fraud methods are relentlessly being developed and existing methods are being changed. Not all frauds will have the same red flags, but there are warning signs if you listen to them. Trust your instincts. Don’t forget basic security practices such as keeping passwords confidential, regularly changing passwords, and keeping your software up to date. Learn about social engineering scams that can often arrive by email and trick recipients into entering passwords or inadvertently allowing ransomware to be installed on your network.
Know that fraud risks exist both inside and outside of your firm. Proper controls, implemented consistently, and an appropriate level of oversight on an ongoing basis will help reduce these risks. Ensure new staff are trained properly. Check from time to time to make sure the controls are still working properly or are updated to reflect new practices.
For further information about good cyber hygiene, see the Cyber Security resource library.