Managing Risks of Employee Theft and Internet Scams

While the widespread use of technology and the internet has generated numerous advantages for law firms and their clients, it also has enabled employees and outsiders alike to perpetrate frauds that can continue for months without detection, and result in significant losses.

Employee theft and internet scams represent expanding risks for law firms and their clients. In its 2014 Report to the Nations on Occupational Fraud and Abuse, the Association of Certified Fraud Examiners found the median duration of employee frauds was 18 months before detection; the median loss from all such incidents at professional service firms was $180,000.

The widened reliance on the internet, shared information platforms and related technology applications—along with mergers, acquisitions, downsizing, restructuring, rapid expansion, the difficult economy and globalization—has increased the challenges for law firms trying to establish and maintain strong systems of internal controls.  In this context, many law firms have fallen victim to employee theft and fraud, as well as to internet scams. Consider some recent incidents of employee fraud:

  • A paralegal embezzled thousands of dollars from a firm, even pilfering from a lawyer out on disability.
  • An attorney stole private information from client files and then used the information to open fake credit card accounts.
  • An attorney set up false escrow accounts with local banks (in the firm’s name) and then lost millions in client funds on bad investment deals.
  • An employee bought large quantities of ink/toner for the firm and then re-sold toner on the black market.

Common Types of Employee Theft

Although employee or “occupational” fraud and theft can take on a variety of forms depending on the size of a business, scope of operations, and industry, those most frequently seen among law firms and other professional service firms include the following:

  • Payroll theft. This takes many forms. Employees may submit false reports of hours worked or false expense reimbursement requests. Or an employee with access to the payroll system might pay a bonus, accrue extra vacation time, or create a “ghost” employee.
  • Phantom vendors. One form of employee theft involves setting up a fictitious vendor, producing fake invoices and sending payments to the vendor (who is actually the employee). A variation of this approach is to set up duplicate vendors, with the duplicate being a personal account of the employee. The employee writes checks to both accounts, possibly seeking signatures from different authorized signers. An employee with the ability to make electronic payments could pay the employee account with an electronic transfer.
  • Use of business accounts for personal expenses. In this crime scenario, an employee purchases personal items from one of the firm’s vendors. The purchases are taken home, but the bill is submitted to the employer. An employee might also charge personal expenses to a charge card of the firm or one of its owners.
  • Information. Employees might intentionally steal client information or operational information and use it to their own benefit, or sell the information. This type of theft might occur by email, or the employee might print the information or copy it to a flash drive or cellphone.
  • Trust account misuse. Misuse of trust funds may be as simple as someone writing a check that shouldn’t be written. Alternately, trust fund transactions can involve collusion with third parties.
  • Supply theft. An employee might walk out every night with a ream of paper, a toner cartridge, staplers, paper clips, three-ring binders, coffee, pop, paper towels or other supplies. This adds up over time.

Reasons for Employee Theft

What leads employees to do this? Generally, employee theft occurs as a result of motivation, rationalization, and opportunity. An employee may be going through personal financial issues, or simply perceive that they are underpaid and undervalued by the firm. The employee then rationalizes that the theft is justified as a replacement for the “pay raise” or “profit share” they were denied.

Motivation and rationalization are difficult to predict and are not within the firm’s control. The firm can control opportunity, however. Firms with careful controls that are rigorously followed not only send a message of deterrence to employees, but are better prepared to detect fraud sooner, catch perpetrators faster and reduce the costs of these incidents.

Internal Controls and Loss Prevention

When it comes to managing the risks of employee fraud and theft, top management of the law firm must be directly involved – not only in setting a tone of zero tolerance for theft of any kind with all the firm’s attorneys and other employees, but also in making sure adequate checks and balances are in place to minimize the risk of theft.  Notably, financial control should not be over-delegated; for instance, thresholds should be established for approvals of disbursements of funds that exceed designated amounts.

A critical element of an anti-theft program involves adopting effective hiring practices. Preventing theft starts with hiring the right people. Law firms should conduct comprehensive background checks on all hires, especially any individuals who might have access to the firm’s client information, billing, financial and bank accounts.

Law firms should verify all information reported on the employment application, and contact all references and past employers.

The following checklists may help law firms strengthen their internal controls that can help prevent incidents of employee theft and fraud.

Watch employee fraud red flags.

  • Unbalanced accounts.
  • Unexplained losses of funds.
  • Missing payment documents.
  • Bank deposits delayed or made on an inconsistent schedule.
  • An employee who refuses to take vacation or works unnecessarily long hours.
  • Significant changes in an employee’s lifestyle, such as substance abuse, gambling, divorce, and living beyond salary level.
  • Watch attempts by employees to start up a personal side business.

Establish anti-theft policies and procedures.

  • Create written policies and procedures for all financial functions.
  • Scrutinize the processes and re-evaluate the policies on a regular basis.
  • Communicate the policies regularly and enforce them with no exceptions.

Manage supplies.

  • Compare physical inventory against shipment and sales records.
  • Keep a supply inventory and track purchase dates of supplies.
  • Review the reasons for any supply consumption that appears higher than usual.
  • Consider installing cameras in areas where supplies are stored.

Strengthen the firm’s accounting controls.

  • Split all functions related to the collection of money or the payment of bills.
  • The individual responsible for opening mail and receiving checks should not be the same person entering checks into the accounting system.
  • Individuals writing checks should not be authorized to sign them or make electronic payments.
  • Books kept by one person should be reconciled by another.
  • If more than one individual is authorized to sign checks, establish procedures to prevent taking one check to one signer and another check to a different signer.
  • Segregate duties related to finance wherever possible. For instance, if you have online banking, review the transactions frequently to ensure there are no irregularities. For a solo or very small firm, use an outside professional for some functions. Midsize and large firms should consider engaging a professional consultant to review and report on their organizational controls.

Establish controls on any trust funds.

  • Adhere to the highest security standards for trust accounts.
  • Require two signatures for any trust account transactions.
  • Limit electronic activity.
  • Have at least three people monitor trust accounts.
  • One of the monitors should be an independent professional.

Check your accounting software controls.

  • Restrict access to application and data files.
  • Use audit trail controls.
  • Regularly use voided/related transaction reports.
  • Be aware that most accounting software includes budgetary controls, which are a great source of early warnings.
  • Use the software limits on specific categories.
  • Adopt a policy of escalating approval level for expenses.
  • The managing partner should also maintain an up-to-date list of logons and passwords of financial users.

Implement enhanced security measures.

  • Install security systems that include time tracking and cameras.
  • Establish high-level controls. High-ranking firm members should be subject to the same level of controls as other employees; generally, frauds perpetrated by senior business leaders tend to continue longer and involve significantly higher losses than those by other members of the firm.
  • Establish a system in which good faith inquiries are encouraged.
  • Utilize “surprise” inspections. Conduct unscheduled inspections of the firm’s financial records, and use third parties for some of these inspections.
  • Establish a reporting program. Adopt a policy to encourage employees to report suspicious activity or theft. Allow employees to make reports anonymously and respect that anonymity.

Assessing your insurance protection

Generally, employee dishonesty coverage, which can be found in crime and fidelity insurance policies as well as some packaged policies, is designed to address losses resulting from forgery, alteration, unauthorized electronic transfers, credit card fraud and counterfeit fraud.

Law firms should work with their insurance brokers to review the amount of their coverage and how it is likely to respond to various types of potential incidents. Many firms are surprisingly underinsured in this area. This coverage also has specific loss reporting requirements, which should be reviewed and understood by the firm.

Internet scams and data security

Establishing strong internal controls may not only serve to help law firms address potential risks associated with employee fraud and theft, but also may be adjusted to provide protection against external threats, including the growing number of internet scams and other frauds being perpetrated – increasingly by sophisticated international crime rings – against firms of all sizes and across all industries.  Here’s an example of one of the many internet scams that have been perpetrated against law firms:

  1. Initial contact: A wealthy foreigner or foreign company asks your firm for help in getting back funds owed by an American company, in exchange for a large fee based on a high percentage of the amount to be collected.
  1. Easy work: The debt is described as being easy to collect by simply sending a demand letter.
  1. Fast payment: Shortly thereafter, the foreign entity typically reports the debtor has agreed to pay the debt and the firm will be receiving a cashier’s check. The law firm receives the check and deposits it in its own account and waits until bank says the check is “cleared” before wiring funds to the foreigner.

Unfortunately, you’ve been “punked.” The fact that funds have “cleared” doesn’t mean they have been collected from the bank issuing the cashier’s check; it only means the lawyer’s bank has provided “provisional” credit.

The law firm’s bank will reverse the transaction if the cashier’s check ultimately is dishonored. However, by that time, your wire transfer (which takes effect almost instantaneously), cannot be recalled.

Unfortunately, it’s difficult to find any insurance coverage for this type of loss, either under crime policies or lawyers’ professional liability policies.  As a result, it’s critical to strengthen your own internal controls to protect your firm from these potential exposures.

The following steps may help you avoid falling victim to this type of scam:

  1. Confirm the client’s existence. Demand address, multiple phone numbers, email address, etc.
  2. Verify the information. Many scammers go to great lengths to create a “real” presence. Check email address (.com/ vs .net/) and be sure to ask for and check references.
  3. Don’t feel rushed. If the client doesn’t have the time for the verification process, then let them go to another firm.
  4. Train your staff on possible fraud scenarios and have stringent client intake procedures.
  5. Know your bank’s requirements for cleared checks and wire transfers. Rules of professional conduct require that you do not disburse funds that aren’t yet collected.

Law Firms Need to be Proactive in Managing Crime Risks

Losses associated with internal and external crimes represent significant potential exposures for law firms. By taking a proactive approach to identify your firm’s potential vulnerabilities to these exposures, establishing appropriate controls, building a culture that emphasizes and reinforces ethical behavior, and implementing sound risk management, your firm can dramatically reduce the likelihood of an incident and minimize its losses from an occurrence. At the same time, by working with a knowledgeable insurance broker, you can structure your insurance coverage to help address these risks.

About the Author

Eileen Garczynski is a senior vice president and equity partner of Ames & Gough, a specialty insurance brokerage and risk management consulting firm. She can be reached at 703.827.2277 or

Send this to a friend