The first: last week, Bruce Matson, former General Counsel of LeClair Ryan, reportedly (subscription required) admitted embezzling $2.5 million dollars from a client trust account.
The second situation relates to a client — a relatively small firm located on the West coast. In this instance my client discovered that an employee has misappropriated more than $300,000 over a period of several years. The now former-employee was also unfortunately a gambling addict. Consequently, virtually none of the funds are recoverable and a criminal prosecution is providing little relief.
I am shocked at the number of times I’ve seen this happen inside a law firm. No firm is immune, and there is no set pattern. The size of the firm doesn’t matter. The villain might be a partner or a staff member. And it may be theft from a client trust fund or an operating account.
But in virtually any situation the abuse of trust could have been prevented.
Most lawyers (therefore, most law firm management teams) have not been trained to design basic internal control processes that safeguard firm resources. As a result, many law firms provide numerous opportunities for financial abuse.
None of us enjoy considering the possibility that colleagues might actually steal from the firm. But while leadership strives to inspire trust, an awareness of some of the typical methods used to embezzle funds can result in firms establishing processes that serve to prevent a brand of theft that might occur.
A short and incomplete list of ways in which funds are misappropriated include:
- “Shadow” vendors are established, complete with a company name and address, in order to receive payments that wind up in the hands of the individual committing the fraud. This is a common approach; the payments (checks or electronic transfers) typically start small and increase in frequency and amount over time.
- False expense reports are submitted for reimbursement. Again, these tend to grow as the thief is successful. In some cases, the firm is the direct victim in others the fraudulent charges are passed through to clients who unwittingly absorb the loss.
- In larger firms, fictitious employees are sometimes set up in the firm’s payroll system.
- Some law firm allow an individual to have sole control over authorizing and issuing and accounting for payments. In some instances the perpetrator has made direct payment to themselves, family members or personal creditors.
- In other cases, firms allow the same person to receive and deposit client payments while, at the same time, having the authority to “write-off” client receivable balances. This can lead to an employee endorsing a client payment to their own benefit and then eliminating the client receivable with no one the wiser.
These are just a few of the countless ways in which law firm and law firm client funds are misappropriated.
The question is what should one do to decrease the probability of such a loss. The short answer is to engage a local accounting firm to review your firm’s procedures and design an internal control process. As your firm grows the process should be re-evaluated by an external accounting firm. Ideally, as the firm grows have the firm’s books and records audited.
In addition, there are a host of things that can be done to decrease the probability of loss. Here are seven ideas that represent easy protective measures:
- Have background checks conducted on all new employees
- Make sure a person independent of handling cash deposits has authority to “write-off” client receivables
- Separate the responsibilities of making disbursements and reconciling bank accounts
- Require two signatures for larger payments
- Separate payroll review from payroll preparation
- Have all requests for reimbursement signed by another person
- Maintain an annual budget for all types of expenditures and receipts and diligently review variances to that budget
In addition to the above, a firm of any size should consider fraud insurance. This won’t provide protection from the event, but can limit economic exposure.
In thinking about this blog post I did a simple google search on law firm embezzlement during the last year and was discouraged by the tremendous number of reported incidents.
How long has it been since your firm’s internal controls have been evaluated?