In this article, we will walk you through a recent legal case that left a small legal practice in serious trouble and could happen to most professionals who deal with client funds.
Picture this; you’re an independent solicitor working in a large market town, you’ve had several years of sustained growth but you’ve hit a glass ceiling so you’re looking for a partner or investor to take you to the next level.
You approach several people you know, ask for recommendations and word starts to spread around the business community. After several different discussions with possible investors and partners, you think you’ve found someone who fits the bill. They aren’t a lawyer but they are a successful businessman and they are keen to invest in a law firm. You get on well with him and you think that he will bring some real benefit to the business and you’ve had confirmed of funds.
All good so far? What happens next?
Your new business partner investment £45,000 into your practice and a new company are set up with the two of you as the only shareholders. You go through all the necessary regulatory requirements, you contact the Solicitors Regulation Authority (or a different depending on your profession) and your Alternative Business structures application is approved and your new partner is official.
One month after the new partnership is official, they open an office in a large city in the next county which they will manage. Everything is going to plan and you know have two offices thanks to your new partner's investment. Unbeknownst to you though, they’ve also opened a number of new accounts for this office, including a client account, with a different bank that you are currently using, and he is the sole signatory for these accounts.
Your new partner has also hired two people to work in the new city office, without evolving in part of the recruitment process but has ensured you that one of them was a solicitor is a qualified solicitor.
A couple of months later, you start receiving a number of queries from other solicitors about delayed completions in the city office and become concerned as to potentially suspicious activity. After making some enquiries, you uncover a large-scale fraud, involving six-figure sums, as the three people in the city office have, over a period of three months, been misappropriating lender funds, deposit monies and sale proceeds from the firm’s client accounts, moving client funds between your original Bank account and the new one they had created, which made it harder to track.
Whilst this may sound hard to believe, it is based on a real situation and while doesn’t get much publicity it’s a real risk for businesses looking for investors.
What could have been done?
So what could you have done to protect yourself and your clients against this nightmare scenario from happening? Whilst hindsight is a wonderful thing, there are basic steps that could have been taken, and questions that should have been considered, including:
Why would someone want to invest £45,000 in your business? What’s in it for them?
None of us would want to turn down the prospect of funding, but consideration needs to be given to the benefits for, and requirements of, the investor. Do the reasons for investment given by the businessman stack up? If you’re looking for investors, you’ll get a lot of promises but many won’t deliver when it gets to it. This can make it easy to overlook proper process when an offer seems genuine and the cash is on the table. £45,000 is a lot of money and raises questions. Yes, they could prove they had the funds but if a client was depositing such a large amount, you would undertake anti-money laundering checks and investigate the source of funds as standard.
What, if any, due diligence was undertaken prior to the monies being accepted?
In this case, the original owner had relied too heavily on their accredited body to bring out any skeletons in their new partner’s closet. Whilst the SRA approved the investor as a manager in relation to the alternative business structure, the money had already been accepted and the limited company set up, and in any event, the SRA checks alone cannot be relied upon as they are based on information provided and DBS checks, which only reflect previous convictions etc.
Was there a written agreement in place regarding the ‘investment’?
You should always insist on there being a formalised agreement when making such a big decision, preferably checked by an independent person, about the future running of the business, termination terms, managing structure etc. It is possible that the fraudster may have taken his money elsewhere if posed with too many questions he couldn’t answer.
Whose decision was it to form a limited company and appoint the investor as a director?
In this scenario the original business owner could have protected himself by making the investor only a shareholder (but not a director), leaving them to continue to run the business. If that was not an option, why wasn’t it? What objections were raised?
By making the investor a director, they were helping to build his credibility and allowing him to take steps on behalf of the company.
How was Director 2 able to an account with Bank B without your approval/knowledge?
As a new limited company, there was no historical financial information and limited public records. Corporate governance requirements put the onus on the honesty and integrity of Directors when transacting with 3rd parties. Whilst Banks must comply with many regulatory obligations including AML, POCA and FCA requirements, they are not and cannot be expected to be gate-keepers for poor internal company controls. The Bank acts on instruction from those company officials authorised by Bank Mandate. All limited company mandates include the Board resolution which an officer of the company signs confirming that a Board meeting has taken place and the bank signing authority agreed by the Directors. In this case, Director 2 went ahead signing the mandate without the necessary authority and confirming himself as the sole signatory.
Bank B, when opening the accounts would have carried out various checks, the extent of the probing being dictated by the size and activities of the business. In the case of a small law firm, such as this, these would include: searches at Companies House on both the company & its directors; confirmation of the identification of the directors, often electronically, which only requires basic details, and checking ‘Find a solicitor’ on the Law Society website to confirm the existence of the ABS and the status of the managers. There would have also been questions asked of Director 2, such as expected turnover in next 12 months; type of work was being undertaken; the value of cash and electronic transactions; the source of the current investment in the business. If it had been an established business the Bank would have required historic information and copies of the last 6 months bank statements.
Whilst Banks are continually improving their ability to spot unusual transactional activity through accounts and acting quickly, this is accomplished, in the main, by sophisticated algorithms or other IT-based filtering. It would be unlikely to spot anything unusual in this case of “internal” fraud. It is also unrealistic to expect a local branch manager, when opening a bank account for a law firm represented by a Director of that company, to spot anything wrong.
Questions to consider regarding the city office:
What was the business reason for opening the city office? Whose decision was it? What discussions were held between the directors?
What work was to be carried out there, and was it the same work as the other offices? If it was a new area of specialisation, who would carry out the work? What was the source of the work?
On what basis was a non-lawyer in a position to ascertain the knowledge, expertise and suitability of solicitor candidates? Why were simple checks not made in relation to future employees (or new employees), such as checking ‘Find a solicitor’, confirming details in CVs, taking up references?
As COLP, what processes and procedures were in place? For example, all staff, at whatever level, are bound by the Code, so what training was given in relation to their obligations under the Code? How was the office to be supervised?
What processes were in place in relation to SRA Accounts Rules compliance?
Whilst the fraudulent transactions were discovered within a relatively short period, had bank reconciliations been carried out as they should have been, they would have been picked up much quicker. With the availability of inexpensive online bookkeeping products or use of outsourced cashiering, client accounts can be checked daily and should be checked weekly as a minimum, particularly with the use of online banking which makes the required information available almost instantaneously. Firms continuing to carry out reconciliations manually are placing themselves, and their clients, at risk.
The list above, whilst extensive, is not exhaustive but should provide food for thought, and urge caution before acceptance of funding and admission of individuals into a business. It is, of course, written with the benefit of hindsight, but it is clear that basic considerations were not given to the ‘new venture’. Unfortunately, sole practitioners and small firms are vulnerable to opportunists, and it does appear that in these circumstances the sole practitioner was targeted by an individual with a well thought out plan, with assistance in place, and was able to accumulate large sums of money fraudulently in a relatively short space of time.
What we’ve learnt
Growing your business offers a lot of reward as well as risks. Don’t let this story put you off looking for investment though just learn from it. A lot of the specifics may not apply to non-legal firms but due diligence and risk management process can be applied across the board.
This “lessons to learn” article has been written in partnership with Michelle Garlick and Andrea Cohen of the Compli team at Weightmans.