Fraud against law firms can take many forms. In this regard, law practices are no different than any other business. White-collar crime affects businesses of all sizes and while some attorneys may believe that fraud cannot happen to them, more and more firms are developing policies to reduce the chances of becoming a victim.
Consider the case of a Nigerian national who, according to court documents, oversaw a $70 million fraud targeting law firms. The firms were contacted by alleged creditors seeking to collect on business accounts throughout the United States. The firms that took the bait would reach out to the debtors seeking payment. The debtors agreed to send a check to the law firms to be deposited in their trust accounts. Instructions were provided to deduct attorney fees from the amounts deposited with the balance being sent to the firms’ client in Asia. When the victims called the phone numbers listed on the checks, they would reach another conspirator who would falsely verify the checks. The checks turned out to be fraudulent and the trust accounts were compromised.
The ringleader pled guilty in federal court, and was sentenced to over eight years in prison and ordered to pay $11 million in restitution.
According to the Association of Fraud Examiners, more than 22 percent of fraud cases result in losses of at least $1 million. The median loss amounted to $145,000 and the frauds lasted a median of 18 months before being detected. The smallest organizations tend to suffer disproportionately large losses.
In New York, a construction contractor pled guilty to defrauding law firm clients in connection with office construction projects. The company arranged for electrical, plumbing, drywall and other subcontractors to falsely inflate their bills, adding millions of dollars to the cost of building office space. Incredibly, the contractor had been previously convicted in a similar scandal, pleading guilty to felony charges and paying $10 million related to its role in a $2 billion bid-rigging and bribery scheme. The victimized firms had never checked the records.
Most white-collar crime against law firms stem from employee theft , and firms are increasingly establishing internal policies to combat that risk, including performing background investigations on all employees. But as the above examples illustrate, performing due diligence in third-party relationships is also critically important. These relationships can include prospective clients, suppliers and service providers.
Some firms may be required to verify the background of clients and third-party business partners under laws such as the Sarbanes-Oxley Act and Foreign Corrupt Practices Act. Other obligations may arise from insurance agreements or ethical rules. In any case, a firm should conduct a level of due diligence commensurate with the level of risk associated with the relationship.
The starting point for third-party due diligence is to verify the existence of the business, confirm its operations and then identify the key players. Once identified, address history reports should be obtained to establish that the business and principals can be tied to a location or locations. These searches will typically reveal how long the business has been operating at that location, other individuals and businesses associated with that address and whether the business is in a commercial or residential location. Reliance upon a certificate of good standing from the secretary of state is not enough. An aspiring criminal can usually set up a corporation for a modest fee. These shell entities are then used for a short time to perpetrate the fraud.
A recent case we performed illustrates the problem. Several individuals incorporated companies with names that were similar to legitimate businesses. Leases were executed in locations where the legitimate companies had previously done business. The scammers provided certificates of good standing and the address histories checked out albeit under a slightly different business name.
However, the short operating history for the business and our inability to confirm positive identities for the principals raised serious red flags. Further digging revealed that the principals were convicted felons operating under assumed names. Our client aborted the deal.
Once the company and principals have been positively identified, criminal searches should be conducted as well as databases that reveal whether the business is on a government sanction or watch list. Depending on the type of relationship being contemplated, records from licensing boards or regulatory agencies may become relevant as well. These searches will reveal whether the company complies with laws and regulations affecting its business.
But often equally important, is the financial health of a company. While some major financial databases may provide an overview of a business at a high level, much of the information is self-reported for nonpublic companies and is not typically verified by the database company. A more complete picture is provided by searching civil records, bankruptcy filings and tax liens. These can reveal breach of contract actions for failure to perform or pay bills. A recent history of lawsuits and tax liens will oft en reveal that a firm is on the brink of collapse. Third-party due diligence is best performed prior to a relationship going sour. Law firms are attractive targets for fraud, especially those that lack full-time administrative professionals. Firm leaders should not be lulled into a mentality of “it can’t happen to us.” Kevin P. Prendergast