Friday afternoon fraud
What do such scams mean for professional indemnity insurers and their insureds, asks Janet Brook
Instances of so-called 'Friday afternoon fraud' are of huge to concern to solicitors and their insurers. The Solicitors Regulation Authority (SRA) is said to be receiving three to four reports of such scams taking place each month. The frauds typically take place on a Friday afternoon when the scammers know client accounts are likely to hold large amounts of money in readiness for house completions. With the average house price nearing the £300,000 mark, it is easy to see why such frauds have such a potential impact on a firm's claims' record.
Will a firm be covered?
Before considering coverage issues surrounding Friday afternoon frauds, it is useful to have a reminder of what the SRA minimum terms and conditions of professional indemnity insurance (MTCs) state in relation to shortages on client account.
The MTCs state there must be an indemnity in respect of any 'claim'; however, the MTCs themselves do not provide a definition for 'claim'. This is instead found in the glossary to the SRA Handbook, where it is said to be 'a demand for, or an assertion of a right to, civil compensation or civil damages or an intimation of an intention to seek such compensation or damages. For these purposes, an obligation on an insured firm and/or any insured to remedy a breach of the Solicitors' Accounts Rules 1998 or any rules (including, without limitation, the SRA Accounts Rules)'.
Rule 7.1 of the SRA Accounts Rules 2011 states: 'Any breach of the rules must be remedied promptly upon discovery. This includes the replacement of any money improperly withheld or withdrawn from a client account.'
It therefore follows that for a solicitor's professional indemnity insurance policy to respond, there does not necessarily have to be a claim in negligence by a client whose monies have been directed elsewhere, but simply a shortage on the firm's client account, which the firm is under a duty to replace.
The MTCs do exclude liability where that liability arises from dishonesty or fraud condoned or committed by an insured. Of course, innocent partners are still covered by the policy, so the exclusion is of limited application to sole practitioners, or where all partners in the firm were dishonest or fraudulent or condoned the fraud or dishonest act.
Examples of Friday afternoon fraud
The frauds can take several forms, and the outcome for the solicitor and their insurer very much depends on the circumstances. Below are some examples of the possible frauds and the factors that need to be taken into consideration:
• A fraudster may hack into a client's email account and direct a solicitor to transfer proceeds from their sale to a different bank account;
• A solicitor may receive a telephone call, purportedly from the bank's anti-fraud team, asking for account details and passwords or, in extreme cases, advising them to transfer the contents of the account elsewhere on the bank's instructions; and
• A solicitor's own email account may be hacked or impersonated so clients are directed to send monies to accounts other than the solicitor's client account.
On first reading of the scenarios described above, it would appear that such behaviour is neither fraudulent nor dishonest. It is arguable, however, that in some circumstances a solicitor should realise they may be the victim of a scam and should be taking steps accordingly. For example, solicitors are generally warned to be on the alert for unusual instructions from clients or instructions that change at short notice. Instructions to pay monies across to different accounts at short notice could fall into this category. Similarly, taking a telephone call from a bank at face value, and acting upon their instructions without telephoning the bank to verify the identity of the caller is also questionable. Clearly, whether such behaviour amounts to condoning fraud or dishonesty turns on the facts of each case, and the relevant insurer's approach to it.
As technology advances, so too does the technical ability of the fraudsters. Firms therefore need to be alive to several potential threats: unusual instructions sent by clients; attacks on their own IT systems; and unusual communications purporting to be from their banks. Constant awareness and up-to-date training in respect of the threat of frauds targeting client money is needed, and not just on Friday afternoons.
Janet Brook is a solicitor at Kennedys
@KennedysLaw