(Wavebreak Media LTD)

A year or so after leaving a firm, then named Newman Schlau, P.C., where I was the administrator, I was shocked to read in the New York Law Journal that my replacement had been arrested for theft of significant funds from the firm. That was a long time ago, but recently, in the process of unravelling and documenting a similar theft for a law firm client, I was surprised to learn from bank officers and insurance claim agents that theft (a.k.a., embezzlement) at law firms (and other entities) was a fairly common happenstance.

I was even more surprised to learn that such thefts most frequently were by long-term trusted employees, and even by relatives of partners, owners or officers. I guess you need to be a trusted employee to be placed in a position that allows you to steal.

Theft of funds is perhaps more easily accomplished at law firms, and there are a variety of techniques for so doing; and steps for avoiding or minimizing them. Law firms are easier targets because many firms have two separate computer accounting systems; one that handles the firm’s operations (receipts of client monies, payment of vendor expenses, taxes, etc.) and another to process, record and track client billings and payments. Often these two systems are not integrated; they do not feed information to one another.

One firm theft technique involves posting a client payment accurately into the client billing system, but recording it as something else in the operating system. For example, a trusted bookkeeper can create her own entity, ABC Co., and issue a check to that entity for $3,000, and thereafter deposit in that same operating account the receipt of $3,000 of client funds, but post it as a credit (e.g., a refund) from ABC Co (not as the receipt of client funds) That same employee, or even an honest other bookkeeper, would then post that same $3,000 client amount accurately into the client billing system. The expenditures to ABC Co. would not readily show up and be flagged as an expense, since they were zeroed out by the faked credits, and the clients’ accounts would be accurate.

While the total of client receipts in the client system would not match the total of client receipts in the operations financial system, very few firms attempt to match up or ascertain a discrepancy in those numbers between those two systems. That is a check that should be done, but by someone other than the person who enters or processes those receipts.

In the above example, the fraudulent payments to ABC Co. could either have the authorized signature forged (easily doable), or the dishonest employee might be an authorized signer (frequently only up to a specified limit), or a busy partner or honest administrator never questioned the bona fide of the fake vendor; or the employee may be authorized to make some firm payments electronically.

An even “better” method is for the dishonest employee to make use of an escrow account. When client funds come in, the check(s) could be deposited into an escrow account (instead of the operating account), without recording any posting of those funds into the escrow check register, but, as in the above, making a correct posting into the client system.

The dishonest employee then just writes out a check (or electronically transfers the amount) to the fake vendor (or, if braver, to themselves or a relative), and does not record that check any place. Unlike with the operating system theft described above, there would be no record of the fraudulent payment or the faked entry of the client funds. The only way to discover these payments would be to look at the cancelled checks or electronic transfers as they appear in the monthly bank statements, or to set up an elaborate reconciliation procedure of monies in and out of the account. This is almost never done, but should be, but not by that trusted employee.

Some firms need and use escrow account checks for out of the office closings, and often some of those blank checks are pre-signed, to be filled in at the closing with an amount that could not be specified earlier. If a pre-signed blank check in not needed at the closing, then its return to a dishonest bookkeeper permits its fraudulent use without the need for a forged signature. The employee simple makes the check payable to the bogus entity or illegitimate person, in the exact amount of one or more checks received from one or more clients and deposited without notation into that escrow account (but posted correctly as a fee received in the client billing system). Attorneys returning from closings with pre-signed blank checks should be instructed to tear off the signature portion before handing them in.

Banks’ liability for forged checks generally are limited to those negotiated in the 30 to 60 day period prior to their receiving notification of a forgery. Firms may choose to include employee theft coverage in their general office insurance policy, and that coverage typically will have a specified upper maximum limit, and a separate sum is usually specified as available for professional fees spent to unravel and document the theft.

If a firm does receive insurance reimbursement, it will need to assign to the insurance company its rights to recover funds from the person who stole them. It was surprising to learn that many such insurance policies do not require that the theft be reported to the police for the claim to be honored, and even more surprising to learn from an insurance claims person that only about 50 percent of firms or other entities actually file criminal charges or seek to recover any stolen funds or stolen amount above any insurance recovery. (The insurance company may determine that the person who stole the funds has insufficient assets for them to attempt a recovery.)

Even if an employee is fired for clearly documentable theft, the firm will still need to provide that employee with all the legally required employee termination notices. For example, failure to provide the employee the Cobra notice that he/she can continue medical insurance coverage by paying for it would subject the firm to liability for that terminated employee’s medical bills.

You would think that the firm’s CPA would readily uncover such thefts in their monthly, quarterly or annual reviews, but that is not often the case. However, the firm should ask its CPA what steps, procedures and/or systems should be put into place or modified to prevent or minimize this risk.