Who Are The Biggest Fraud Threats To Your Law Firm? Beware The Enemy Within, Warns Baker Tilly Partner
With the growing cyber fraud threat, law firms can’t afford to be complacent when it comes to protecting the sensitive data and financials that make them attractive prey to so many. According to a survey by the Association of Certified Fraud Examiners, organizations across the globe lose around 5% of their revenue every year to fraud.
What can a firm do to protect itself from threats, especially when it doesn't know what the threats are in the first place? We spoke with John—who leads the firm’s professional services practice and has extensive experience assisting law firms achieve their financial goals—about the threats facing law firms today and how to avoid them.
The Devil You Know
John says the biggest threats don’t originate from fake checks and billing scams. Instead, he echoes Baker Tilly senior manager Mike Cullen in his insistence the biggest threats come from a firm’s own staff. With tons of cash receipts and disbursements going around, he tells Bisnow, these firms will constantly wrestle with the risk of a misappropriation of assets.
Technology hasn’t exactly helped matters. John says tech has provided guards against fraud with better access controls or multiple levels of authentication. But the ability to access data from multiple sources increases the risk, and requires more diligent controls, especially since many believe the technology is safe.
To understand how to solve this, one needs to remember the three different processes of a law firm. First, you have basic business—such as receipts and operating expenses—that requires controls. Second, you have escrow or trust accounts, which many law firms hold on behalf of their clients and have specific rules for the lawyers managing those accounts. Finally, you have client advances, where law firms expend money for the client to pay for expert witnesses, document production and other expenses.
Solving The Problem
John’s solutions are organizational and people-centric, in the belief a culture of accountability must be started at the top of the firm. The partners and management must clearly communicate the ethical responsibilities of everyone in the firm. They must make known that, if there’s a breach, there are repercussions. By having a fraud hotline, a lockbox for your bank receipts, and your bank reconciliations accurate and on time, your employees will be less apt to commit fraud.
John also points to the segregation of duties as a tried-and-true method of combating the risk of fraud. Instead of having only one person handling cash receipts and looking at bank records—which many small to midsized firms do—these responsibilities need to be spread to two or more people who can hold each other accountable, in order to prevent a single worker from having the opportunity and temptation to commit fraud.
If small firms can’t afford to segregate much of the work, these companies can certainly implement some complementary controls to help them, he says.
John says most firms do a good job of paying attention to fraud, but there’s still the tendency to trust their employees, and that’s not really a control. If someone has an opportunity and some kind of rationalization and financial need, then fraud can occur, he says. Fraud protection should be a high priority, because the potential damage that could occur—including possible disbarment of attorneys—could be more expensive that any precaution taken.
To learn more about our Bisnow partner, click here.