| Oregon State Bar Bulletin — JANUARY 2010 |
|
|
To Catch a Thief:
How a Partner or Employee Can Steal from Your Firm
By Beverly Michaelis
 |
At a hearing on April 20, 2009, Gene Cauley, a 41 year-old plaintiff’s security lawyer from Arkansas, admitted that he misappropriated $9.3 million in client settlement funds. Cauley told the judge, “I always made a good deal of money in my law practice. When I had some extra money coming in, I took a shortcut.” Cauley allegedly used the funds to pay overhead and make business investments.
James Perdigao of New Orleans was more sophisticated in his approach. From 1991 through 2004, he stole $30 million from his firm and his clients using a variety of methods: doing actual work for clients, but not reporting it to the firm; sending fictitious bills to clients with self-addressed envelopes directed to his attention; and creating phony vendor invoices issued by companies he set up and controlled. Ironically, he spent little, if any, of the money and was a top biller for his firm. Perdigao’s scheme unraveled when he took a vacation day and a client’s billing inquiry was transferred to the firm’s accounting department. In December 2008, he pled guilty to 30 federal felony charges.
Oregon law firms may not have suffered losses in the millions, but they aren’t impervious to theft. In the last four years alone, three prominent cases have drawn headlines. In each instance, the losses were the result of embezzlement by a trusted staff member who took $100,000 (or more) from the employer/firm:
In 2009, a receptionist/secretary of eight years was sentenced for embezzling more than $109,000 from a law firm in the Columbia River Gorge.
In 2007, a Hillsboro office manager/investigator of 15 years was charged with embezzling $132,000 by using credit cards taken out in the lawyer’s name to pay for groceries, haircuts, tanning, cosmetics and trips to Mexico and Las Vegas.
In 2005, a “long-time, loyal, and trusted employee” of a two-partner firm in the Portland metro area embezzled approximately $100,000. The firm had borrowed $50,000 from its credit line to compensate for what the partners thought were uncollected accounts receivable before the embezzlement was uncovered.
Each year the Professional Liability Fund (PLF) receives calls about embezzlement, misappropriation of funds and office theft. Trusted law office staff, attorneys, janitorial help and even clients have been suspect in past incidents. What can you do to protect yourself? The truth is that nothing will stop a thief who is absolutely determined to steal. Although protection from outside risk is beyond the scope of this article, here are a number of precautions virtually every firm can take to minimize the risk of loss internally and to protect clients.
30 Ways to Prevent Financial Loss to You or Your Clients
Checks/Cash
1. Lock up all checks and deposit slips. Store trust account checks and deposit slips separately from your operating account. Not only will this make the thief’s job more difficult, it will lessen the chance of mistakenly writing a check on or making a deposit to the wrong account.
2. Limit the number of blank checks on hand at any one time. If your trust account activity is nominal, an order of several hundred checks is an unnecessary liability. The same is true for your operating account. Determine what is reasonable for your office and make the appropriate adjustment in your next check order. If you are concerned about the amount of checks you have on hand now, shred the excess.
3. Never allow checks to be written from your trust account to cash. Pay yourself by writing a check payable to your operating account. Pay costs on behalf of the client directly to the entity in question, i.e., the court, county recorder, sheriff, process server, etc.
4. Always require supporting documentation (invoices or detailed check request forms) when signing checks or authorizing transactions. Question check requests for any vendor whose name you don’t recognize.
5. Follow check-writing procedures. Scrutinize everything, including requests for “rush” signatures to meet accounting or court deadlines. Never sign a blank check.
6. Cancel all invoices by writing the date paid, the amount paid, and check number on the bill. A legal secretary/assistant in Oregon successfully embezzled funds by double-paying vendors and cashing the refund checks. Because each invoice appeared legitimate, the lawyer faithfully signed the checks. Canceling invoices takes a bit more time but prevents the same invoice from being presented twice.
7. Limit the amount of petty cash on hand. Establish procedures for reimbursement, require original detailed receipts, and use standardized forms.
8. Start protecting client money the moment you receive it. Take steps to avoid misplacing or misfiling client funds. Immediately endorse and photocopy all incoming checks, money orders, drafts or other instruments using a “for deposit only” endorsement stamp. To protect yourself and your clients, make deposits daily. Remember, the sooner you deposit client funds in trust, the more quickly the funds will clear and be available for disbursement. If you have client money on the premises and cannot get to the bank, you must make other secure, appropriate arrangements to protect the funds.
9. If you receive a cash payment, issue a written receipt and deposit the cash immediately. Ideally, staff should not receive cash, but it may be unavoidable in some circumstances. If possible, have a second person in the office witness the receipt. It is also a good idea to have the client sign the receipt acknowledging the amount paid. Whatever you do, do not attempt to establish a better paper trail by pocketing the cash and substituting your own personal check for deposit into your account.
10. If you need to move funds from one account to another, write a check payable to the specific account you wish to transfer funds to and not to your bank. Checks made payable to your bank can be deposited into a thief’s personal account.
Credit Cards/ATM Cards
11. If you accept Visa or MasterCard, protect your clients’ credit card numbers from being used inappropriately or released inadvertently to unauthorized persons. Limit access to credit information, and retain transaction slips and related records in a secure location.
12. If you received an ATM card when you opened your trust account, cancel your PIN code immediately, cut up the ATM card, and do whatever else is necessary to prevent ATM access to your trust account. Consider doing the same for your operating account.
The Paper Trail: Bank Statements, Financial Statements, Audits and Protecting Confidentiality
13. When the bank statement arrives, do the following:
Reconcile the account. (The trust account bank statement should reconcile to the check register and client ledgers.)
Examine transactions for any irregularities. Verify that deposits were made timely and that no deposits were reduced by cash returned to the person making the deposit.
Examine canceled checks (including endorsements) for forgeries.
Keep an eye out for counterfeit checks.
Make note of any missing checks or breaks in check sequence and investigate.
In a larger firm, an administrator may be responsible for some or all of these duties; however, some mechanism should exist for appropriate review and supervision by the managing partner.
14. Even small offices should have the capability to generate financial statements — an overall picture of the financial health of the firm. Review financial statements, or their equivalent, at least quarterly for any radical changes in expenditures. Look long and hard at categories such as payroll or office expense. In larger offices, embezzlers have been known to create fictitious employees or pay personal bills using the office expense account as a means of siphoning off money.
15. Conduct periodic audits. If you uncover missing or altered documents or “past due” notices for bills that should have been paid, investigate. Amounts credited to clients on billing statements should match funds collected. Following the paper trail is often the only way to catch a thief.
16. If you destroy or recycle financial records, protect client confidentiality. Take appropriate precautions and dispose of materials securely. ORPC 1.15-1(a) requires that complete records of trust account funds and other property be kept for a period of five years after termination of the representation.
Electronic Protections: Online
Banking, Accounting Programs, Security, Fraud Detection
17. Some banks have stopped offering online access to lawyer trust accounts. If your bank offers online banking, think twice before proceeding. This is one more portal to your account you must protect. The convenience may not be worth the potential risk.
18. Know your accounting and check writing programs. Many a lawyer has been lulled into complacency thinking nothing will go wrong because a process is “computerized.” Anyone who has ever experienced data corruption, a virus or a computer crash understands the danger of this attitude. In some instances, computerization can make a firm more vulnerable to theft. If you don’t understand how your program works, you can’t supervise others who are performing accounting duties with it. A solo practitioner learned this lesson the hard way when an employee with a gambling problem successfully embezzled $40,000 from his accounts. He didn’t understand how to use his accounting software.
19. Protect laptops and desktop computers. Use security measures such as mandatory logins, encryption, or biometrics, which require user authentication through use of fingerprints or other means. Pass phrases (“I like my Gleneden Beach bungalow”) or strong passwords ($TeriTLawyer67#9) are best and should be changed periodically. Once your hardware is secure, take additional steps to specifically limit access to financial data. (For additional resources on data security, See Robert Ambrogi, “Do-it-Yourself Security: Help Keeping Your Data Safe, OSB Bulletin (February/March 2009).
20. Back up all data on your computer, especially financial information, on a regular basis and test the integrity of your backups. Always keep a copy of your backup off site. If a thief destroys electronic (or paper) records in an effort to cover his or her trail, data can be restored from the off-site backup. See the resources available on the PLF website, www.osbplf.org. Select Practice Aids and Forms, then Technology.
21. Consider using Positive Pay, an automated fraud detection tool offered by most banks. In its simplest form, Positive Pay matches the account number, check number and dollar amount of each check presented for payment against a list of checks previously authorized and issued by your firm. All three components of the check must match exactly or the check will not be paid.
The Human Factor: Check
References, Establish Relationships and Policies, Separate Accounting Duties
22. Know your people. Don’t enter into a partnership or office share or hire a bookkeeping service or staff person on blind faith. Run background checks and call references. Once in practice, keep an eye out for unexplained changes in lifestyle, spending habits, or other behavior that might tip you off that something is wrong. Be wary of the partner who never seems to take a vacation, the paralegal who comes in early, stays late, and refuses to delegate anything, or the secretary who repeatedly asks for loans or pay advances. If staff report something unusual or out
of the ordinary, listen. Re-read the
embezzlement stories at the beginning of this article.
23. Know the people where you bank. Obviously, this won’t stop all fraud, but it may help. Talk to the branch manager about your normal banking needs, as well as activity that would be unusual for your type of practice. Ask the bank to notify you of any suspicious teller transactions, such as withdrawing cash from the lawyer trust account or requesting a teller check payable to a mortgage company on a client’s conservatorship account. (Both happened to Oregon firms.)
24. Make sure partners and associates are not paid directly by clients. Audit billing statements periodically to make sure they match the actual work done by the partner/associate.
25. Establish clear written policies for employee expense reimbursement. Use standardized reimbursement forms and require detailed original receipts.
26. Separate and rotate accounting duties (accounts receivable, accounts payable, billing, etc.) if staff size allows. Centralized accounting responsibilities make it more difficult to detect theft or other problems. Payroll in particular should be scrutinized by someone other than the person responsible for cutting the payroll checks. One option is to hire a reputable payroll or bookkeeping service. Consult a CPA firm for help with setting up proper controls and accounting procedures.
27. If accounting duties have been delegated to staff, it is critical that a partner take responsibility for reviewing all notices, correspondence or statements received from the firm’s bank(s). Instruct staff to date-stamp and deliver bank mail unopened to the partner in charge of this review. If you are a sole practitioner with staff, have bank mail sent to your home address. Opening the mail may seem innocuous, but it gives a thief the chance to steal and the opportunity to cover it up. A legal secretary in Oregon successfully embezzled over $20,000 from a conservatorship account partly because of her mail handling responsibilities. She opened the conservatorship bank statements, scanned them in, then hid her theft by editing the PDFs of the scanned statements — not easy to do, but clearly possible.
Other Tips
28. During a three-year period in the 1990s, a legal assistant in North Carolina successfully used a lawyer’s signature stamp (and other means) to misappropriate over $250,000 in client funds. An Oregon paralegal used a signature stamp to file legal documents in court without the lawyer’s knowledge. Lock up (or don’t use) signature stamps. This convenience poses a substantial risk for you and your clients.
29. Beware of telephone transfers. The lack of a paper trail can cause major headaches at reconciliation time. If you transfer fees for work you have done but not yet billed, you may forget to post the transfer to your records. At the end of the month, it is easy to take the money again, mistakenly believing the fees are still owed to you. This can lead to a trust account overdraft and bar complaint. Authorizing telephone access to your accounts also makes it easier for thieves to steal from your firm and your clients.
30. Purchase adequate insurance coverage: money and securities; valuable papers; business interruption; liability; theft, disappearance, and destruction — for both on and off the premises to protect against third-party loss. Consider fidelity bonds for employees. (Available by name, position or on a blanket basis.) Find out whether your janitorial service is bonded. To cover partners or shareholders or protect against credit card forgeries, purchase separate endorsements. For the best possible protection, combine bonding with the other forms of insurance described above — bonds alone are insufficient unless you can prove the loss was sustained as a result of employee dishonesty.
Above all, use your common sense. The size of your firm will suggest what you can best do to protect yourself and your clients. Adapt the ideas that make sense for your particular setting.
ABOUT THE AUTHOR
The author is a lawyer and practice management adviser with the Professional Liability Fund.
© 2010 Beverly Michaelis