I recently read a case[1] that presents an opportunity to use real-world facts to review some of the fundamentals of proper bookkeeping procedures for law firms.  This law firm lost $43,000 as a result of poor fundamentals that allowed an employee to embezzle funds.  The ultimate holding in the case, that the appellant law firm entered into a contract limiting their window to notify their bank of fraud, is not essential for this discussion.  The relevant facts for this discussion are as follows.

 A partner in a law firm embezzled funds from the firm by endorsing checks made payable to third parties and depositing them into his personal account using ATMs.  This happened approximately twenty-nine times.  In the fall of 2014 (the facts are unclear exactly when), the firm's bookkeeper received an inquiry from a third party about a check.  The bookkeeper discovered that the check, made payable to the third party, was endorsed by a partner with his own name and cashed.  The bookkeeper confronted the partner, who gave her an explanation and wrote two checks to reimburse the firm.  Both checks bounced.  In the next few months, the partner embezzled approximately $43,000 using the same method.  The scheme was discovered in January 2015, and this time the bookkeeper notified the other partners.  The account was audited.  The audit determined that approximately twenty-nine checks totaling approximately $43,000 payable to third parties were endorsed and cashed by the partner.  The firm notified the bank of the potential fraud in March 2015.  The bookkeeper testified that she did not ordinarily scrutinize the check images unless she couldn't balance the account.   

Takeaway 1: The account owner is always the best line of defense against fraud

An account owner, whether it's an individual or a firm, always needs to be the primary auditor of the account.[2]  The owner is in the best position to police the account.  Third parties may have policies or obligations that may help expose fraudulent activity, but they should only be relied on as a supplement to the account owner's vigilance.  The account owner is the only party with access to all of the information that may expose fraud.  Information that may be helpful includes internal bookkeeping records, external financial statements, invoices, and timesheets.  At a minimum, the account owner has data for the entire account.  Contrast that to a title insurance audit that is often limited to examining only transactions that involve the company doing the audit.  

In Globe Motor Car Co. v. First Fidelity Bank, N.A., 641 A.2d 1136 (N.J. Super. Ct. Law. Div. 1993), affirmed, 677 A.2d 794 (N.J. Super. Ct. App. Div. 1996), cert. denied, 686 A.2d 764 (N.J. 1996), the court held that by providing the plaintiff with their financial records the bank gave the plaintiff the tools needed to police their own employee.[3]  

One fact that jumps out in the dissent is the admission by the bank that it is not their policy to check the endorsement on checks of less than $50,000 that are deposited in ATMs.  Amazing.  The bank does not even match the signature on the back of a check with the payee on the front for a check less than $50,000.  This is a basic level of review, and the bank does not do it.  The dissent notes that it is unclear if this is an industry-wide practice.   

Takeaway 2: Office culture needs to emphasize accountability

 Firm culture needs to be an atmosphere of accountability at all levels.  The business owners, in this case, the partners, set the tone for the office.  Employees and other partners notice whether the owners are meticulous or complacent about handling funds and auditing accounts.  If everyone knows the owners are careful about the preparation and auditing of transactions, people are less likely to attempt to embezzle funds.  When they do try to steal funds, the scheme is usually exposed quickly.

A disturbing question is why the bookkeeper didn't notify all of the partners when she discovered the first check in the fall.  We do not know the explanation Mr. Cohen gave the bookkeeper when he was confronted.  We do know that Mr. Cohen, a partner, spoke to the bookkeeper, an employee, and agreed to reimburse the firm.  The bookkeeper made a decision not to notify the other partners.  Mr. Cohen then wrote two checks to reimburse the firm, and both checks bounced. 

A firm should have a policy that all errors and questionable activity must be reported and acted upon immediately.  Any suspicious activity should be brought to the attention of all relevant parties immediately regardless of who is involved in the transaction(s).  In this case, that means all of the partners or a committee made up of multiple partners should have been notified.  An employee (e.g., bookkeeper) is naturally going to be cautious and will often defer to her employer (e.g., a firm partner) when presented with the dilemma of causing a major uproar by "accusing" a partner of theft.  When reporting is required it empowers the bookkeeper to act without fear of repercussions, and it emphasizes to everyone, including partners, that they will be held accountable for their actions.  In this case, the bookkeeper missed at least two opportunities to notify all of the firm partners: in the fall when the first check was discovered and when the reimbursement checks bounced.  Only later, after identifying a series of suspicious transactions, did the bookkeeper feel empowered to report the activity to the other partners.  The delay cost the firm $43,000.[4] 

Takeaway 3: Act fast

An account owner must act fast once a suspicious transaction is identified.  An audit of the entire account must be a high priority.  Eliminate the immediate problem and conduct a complete audit as fast as reasonably possible.

What ultimately cost the firm is that their actions were too slow.  The bookkeeper acted too slowly in notifying the other partners, which allowed the scheme to continue.  Based on the circumstances, I think the bookkeeper’s actions are understandable.  The partners compounded this mistake when they acted too slowly after they were informed about the checks that were endorsed by Mr. Cohen.  The partners should have immediately limited Mr. Cohen's access to the account and made auditing the account and notifying the bank a high priority.  While we do not know the details of the audit, we do know it took nearly three months to complete and notify the bank.  At that point, it was too late. 

A proper audit would immediately address the known problem, which was Mr. Cohen endorsing checks made payable to third parties.[5]   Regardless of the volume in the account, an initial review of the endorsements should have taken no more than a few days.  The bank could have been notified within a week of the improperly endorsed checks while a more extensive audit continued.  In this case, the partners were told in January, but the audit was not finished, and the bank notified until March.[6]

Takeaway 4: Know the warning signs of embezzlement

Everybody with responsibility for an account must know the warning signs of embezzlement and take action when they are recognized.[7]  Signs of embezzlement are often easily explained individually but become serious warning signs that demand action when they exist in combination.  Some warning signs are personal such as financial problems, showing up late for work, erratic behavior, drug abuse, alcohol abuse, and gambling.  Other warning signs are professional such as an employee that is overly possessive of their work and doesn’t take vacations.  When multiple warning signs exist concurrently, action must be taken.

One of the most significant warning signs: personal financial problems.  Mr. Cohen's initial theft is a sign of personal financial problems.  This scheme wasn’t even creative.  Whatever the explanation Mr. Cohen gave the bookkeeper[8], his need to write two separate reimbursement checks and then both checks bouncing are obvious signs of personal financial problems.  Bookkeepers and partners all need to know the warning signs of embezzlement.

This case is a good reminder that a lack of fundamentals can lead to financial losses.  The firm could have saved thousands of dollars in costs and business disruption as well as the $43,000 by policing the account properly.[9]  Every lawyer and title insurance agent is encouraged to audit their own firm's procedures before a triggering event. 

[1] Levy Baldante Finney & Rubenstein, P.C., v. Wells Fargo Bank, N.A. and TD Bank, N.A. Superior Court of Pennsylvania No. 3241 EDA 2016  (https://law.justia.com/cases/pennsylvania/superior-court/2018/3241-eda-2016.html)

[2] Think about the costs and business disruption that could have been avoided, even if the firm won this lawsuit, by policing the account properly. 

[3] The plaintiff company sued their bank for failing to catch one of their own employees from stealing over a million dollars.  The court stated, "In considering the relationship of the parties and the nature of risks involved, there is no question that depositors such as (plaintiff) are better suited than their lending bank to manage their own affairs, hire and supervise their own employees, keep their own records, hire their own auditors and detect and deal with corporate theft.  The bank's monthly reports to its creditors permits the depositor to determine if any deposits are missing or if checks are drawn without authority.  A prompt examination of those records should have disclosed to the (plaintiff) that its office manager was a thief." 

[4] I do note that, although it is unclear from the appellate opinion, the bookkeeper may have been extra vigilant after she discovered the first check.  For that reason, she may have examined the checks closely as she did whenever the account wouldn't balance.  If that is the case, it is possible that Mr. Cohen refrained from embezzling additional funds for a short period until he thought the situation had "blown over" and it was safe to steal again.  Once he started again, the bookkeeper easily discovered the fraud and, with the additional proof, felt empowered to bring it to the attention of the other partners without the fear of accusing a partner without evidence.  We do not know if a policy that the other partners would be notified would have prevented Mr. Cohen from attempting this scheme but it is highly likely it would have ended in the fall after the first check was discovered.

[5] As the court noted, this is significantly different from forging someone else's signature, which would take considerably more time and, even then, may not identify all of the checks.  The court also noted that it will be a question of fact in a future case if the victim should be able to detect a forged signature.

[6] A complete audit of the account should have started immediately.  Embezzlement takes many forms and the auditor should not assume the only method used by Mr. Cohen is the one that was already discovered or that Mr. Cohen was the only person involved.

[7] For a more thorough discussion of warning signs, please see my article entitled: Identifying and Limiting Employee Theft in Solo and Small Law Firms.

[8] I am curious what the explanation was and if it was another warning sign.   

[9] Most small firms cannot absorb a $43,000 loss. 

Employee theft is a problem that can be limited by awareness and preparation. Many small firm lawyers and title insurance agents, preoccupied with legal and title work, make themselves a target for embezzlement by not paying enough attention to office operations. This is especially true in real estate focused firms where hundreds of thousands of dollars pass through their escrow account each month. This article will discuss some ways to prevent, detect, and limit embezzlement of trust funds in these small law firms and title insurance companies. 

A lawyer is a business owner and, like all business owners that are victims of embezzlement will have to deal with the consequences of missing funds, including the possibility of going out of business. A lawyer that holds funds in a trust account[1] (e.g. IOLTA account) does so in the role of a fiduciary entrusted with someone else’s money. As a result, a lawyer has more issues to deal with than the average business owner when funds are embezzled from a lawyer's trust account. When an employee embezzles funds from a lawyer’s trust account, the potential repercussions include the need to replace stolen funds, loss of agent status with the title insurance company, an investigation by the state bar, and violations of the rules of professional conduct. 

The definition of embezzle is to appropriate something, such as property entrusted to one’s care, fraudulently to one’s own use[2]. The reason that embezzlement often goes on undetected for a long time is that the embezzler is someone with a position of trust. In small firms, that person is often the office manager, paralegal, or bookkeeper. While the definition may be simple, ways to embezzle funds are limited only by the imagination of the thief[3]. While nothing can guarantee never becoming a victim of embezzlement, internal controls, and independent audits can reduce the odds and limit the losses.

Most cases of embezzlement have a few common characteristics. A supervisor’s trust, the ability to authorize disbursements, a “test” transaction[4], and a lack of checks and balances are a few. The lack of checks and balances is the framework that allows the success of the scheme to continue until an outside event triggers discovery. In most cases, a lack of checks and balances means the employee both processes transactions and reconciles the account. 

Discussed below are some suggested minimum controls to prevent, detect, and limit embezzlement. 

The lawyer needs to set up an atmosphere of accountability. The lawyer, as the business owner, sets the tone for the office. Employees notice whether a lawyer is complacent or meticulous about handling trust funds and auditing accounts. If the employees know that the lawyer is actively involved in the preparation and auditing of transactions they are less likely to attempt to embezzle funds. When accounts are audited regularly, embezzlement schemes are exposed quickly. 

One overlooked internal control is a personal, not professional, skill. A supervisor must know their employees to the extent that they are able to detect signs of personal problems. Employees are people with life issues. Any person may develop financial difficulties, drug and alcohol dependencies, gambling, or other problems. These are the people that are more likely to attempt to embezzle funds. Signs that people have an addiction may include “frequent tardiness, inconsistent on-the-job performance, a lack of concern over personal appearance, and lower levels of productivity in the morning.”[5] A supervisor that spots changes in an employee may help prevent or limit embezzlement and get the employee help.

A lawyer must be involved in the preparation of all transactions. In a high volume office, transaction paperwork is often prepared by administrative staff. At a minimum, however, the lawyer should personally verify all transaction paperwork, sign all checks, and authorize electronic transactions. Most embezzlement schemes involving real estate transactions require checks to be signed. In many embezzlement cases the lawyer does not thoroughly review the paperwork and checks before signing them or, more frequently, the employee has access to a signature stamp[6]. 

A lawyer must personally check the bank statements against the transactions in the records. The lawyer should open all bank statements personally and thoroughly match the bank records to the bookkeeping records. Employees can edit the bookkeeping records, but they cannot edit the bank records. If the bookkeeping records do not match the bank records, the bookkeeping records need to be thoroughly audited. Consider this scheme: an employee enters all transactions into the bookkeeping records as they are listed on the transaction paperwork then voids selected checks and re-writes them payable to another party in the same dollar amounts. This scheme will continue if the lawyer does not match all of the payees on the bank statement to the payees on the transaction paperwork. Only by matching the bank records to the transaction paperwork can this scheme be stopped. 

It is important that the lawyer randomly audit complete transactions[7].  When a transaction is subject to being fully audited at any time, the atmosphere of accountability is reinforced. The full transaction must be audited because, only by matching the complete list of deposits and disbursements and accounting for every penny, can a transaction be confirmed as correct. Small offices often process a large volume of transactions with a limited staff. In these instances, it may not be practical for the lawyer to audit every transaction, but it is vital that employees know that any transaction may be subject to a random audit. 

Office structure must separate the payments and investigation functions.  Most embezzlement schemes are exposed by the intervention of an outside party[8] questioning a transaction. The embezzler knows that the thefts will be discovered if another person examines the financial records.  For this reason, the thief is often extremely “helpful” and volunteers to look into any matter that is questioned by an outside party. Later the thief will report that the matter has been corrected. If the same person is allowed to process the payments and investigate inquiries, it is only when an extraordinary outside event occurs, or a large volume of calls comes into the office that any suspicion is aroused. By that time the embezzlement has gone on for months or years and yielded thousands of dollars. If a phone call comes into the office inquiring about a payment, regardless of how small, it must be investigated by someone that did not handle the transaction. 

A lawyer should have an independent auditor examine the records periodically. An independent auditor is an outside party that has no loyalties within the office that can look at the records objectively. This is also another way to reinforce the atmosphere of accountability. Instructions to employees need to be clear that the auditor has access to review all records and they need to cooperate with requests for records. 

While nothing can guarantee that a lawyer is never the victim of employee theft, internal controls and independent audits can help prevent or expose the scheme before large amounts of money are stolen. 

[1] Trust account means any account in which funds are held in trust for a third party, such as an IOLTA account and/or real estate escrow account.

[2] https://www.merriam-webster.com/dictionary/embezzlement

[3] One of the earliest examples I came across (in the mid 80’s) of a third party exposing a scheme was a bartender that was embezzling funds by selling his own alcohol for years. He was printing his cash register tapes at home, which he switched with the actual tapes at the end of a shift and turned in to management. He brought his own alcohol, which he used for drinks so the stock numbers aligned with sales. This person was involved in a serious car accident and was hospitalized, unconscious, for several weeks. In the meantime, his spouse found the real register tapes in his trunk and brought them in to his employer because she thought they might be important. If a bartender can embezzle funds in such a creative scheme, imagine what a trained bookkeeper can do. 

[4] The “test” transaction is the initial theft, usually small and easily explained as a mistake that the employee uses to see if anyone is paying attention. If the test transaction goes undetected, the employee increases the frequency and amounts of fraudulent transactions. In many cases, if the transaction is discovered, the scheme ends. 

[5] https://www.promises.com/articles/addiction-intervention/employees-substance-abuse-problems/ see also http://nyproblemgambling.org/resources/warning-signs/. (One resource for helping families of problem gamblers can be found here: https://www.creditcards.com/credit-card-news/financial-strategies-for-loved-ones-of-problem-gamblers.php)

[6] Signature stamps are involved in a high percentage of employee theft cases. While this may seem like a good idea to save time, it is highly recommended to never get a signature stamp. If you trust an employee enough to give them access to a signature stamp, you need to be extra diligent checking the accounts and make sure you bring in an outside auditor periodically.

[7] Rules of professional conduct for lawyers and ALTA best practices require an individual ledger listing every deposit and disbursement of funds for each client matter / transaction. This is not a complete audit of the transaction, but it does help eliminate legitimate mistakes and indicate if the dollar amounts listed in the records are correct. 

[8] See the example of the bartender, above. Also note that embezzlers are known for taking very little vacation because they are paranoid that someone else in the office will handle an inquiry and discover their scheme. For this reason, many financial companies have rules that require employees to take off a minimum number of days in succession at least once a year.  

The most important part of the main account register is the client id for each transaction. IOLTA accounts and real estate escrow accounts are used to hold funds for several different client matters at the same time. State bar rules and ALTA best practices require that the main account register is kept as well as a separate ledger for each client matter. The client id is the foundation on which proper trust account records are created.

If records are kept manually, the client id helps ensure a clean audit trail. Transactions can be cross-referenced by matching both the main register and the individual client ledger. 

The importance of the client identifier is magnified if the lawyer uses a bookkeeping program. One of the main benefits of a bookkeeping program is that information only needs to be entered once to create both the main register and the individual client ledgers. All programs accomplish this in one of two ways: (1) a transaction is entered into the main register and sorted into individual ledgers, or (2) a transaction is entered in the individual client ledger and merged into the main register. In both cases, the program uses the client id to create the individual ledgers.  

If a client id is not entered at all the transaction will go unidentified. If a transaction is entered with no client id the program will funnel those transactions into a single unidentified category. If a client id is entered incorrectly then at least two client ledgers will be incorrect. One client ledger will have a "false positive" balance - a higher balance that it should. One client ledger will have a "false negative" balance - a lower balance than it should.  

A proper reconciliation report will identify any transactions with an incorrect or no client id. Once those transactions are identified they need to be corrected as soon as possible.    

As recently as a decade ago, most lawyers accepted only cash or payment methods processed through a bank such as a check, wire, or EFT. In the past two decades, the methods by which people have become accustomed to paying for goods and services have expanded exponentially. For example, PayPal grew from a boutique product created to pay for items purchased via a specific online auction website into a common method of transferring funds to pay for goods and services, donate to a charitable cause, and even just send money to a friend. Apple, Inc. has introduced its own payment system and many other companies, such as Venmo, have become regular way to conduct business. Technology is always developing and the future common payment methods are only limited by imagination, reliability, and consumer confidence.

The rules of professional conduct do not prohibit accepting credit card, PayPal, or other non-traditional payment methods into an IOLTA account. The method by which a lawyer elects to be paid is a business decision to be made by the lawyer. The two main principles of the rules of professional conduct regarding all trust funds are (1) the protection of client funds and (2) maintaining proper trust account records.

A lawyer that makes the business decision to accept a non-traditional form of payment, such as a credit card, must address the chargeback issue. Under the traditional payment model, a fee dispute is handled through the traditional fee arbitration process. When a lawyer accepts a credit card payment, however, she/he subjects herself/himself to the credit card chargeback policy. Consider this scenario: a lawyer accepts a $5,000.00 retainer via credit card. The lawyer does $5,000.00 worth of work and withdraws the earned fee. Months later, the client disputes the fee directly with the credit card company. The credit card company, authorized by the credit card agreement, withdraws the $5,000.00 directly from the IOLTA account. As a result of this action, one of two things has happened: (1) the lawyer’s IOLTA account balance went negative or (2) the lawyer has misused another client’s funds to cover the chargeback. The solution to this problem is ensuring that the credit card agreement authorizes the company to withdraw chargebacks ONLY from the lawyer’s operating account.  A lawyer should NEVER authorize another party to withdraw funds from his/her IOLTA account without his/her knowledge for any reason.  

The most common characteristic in employee embezzlement cases is a lack of checks and balances.  A lack of checks and balances is the framework within which embezzlement is allowed to thrive until an outside event triggers a discovery.  Checks and balances should occur before a transaction to prevent errors and after a transaction to verify it was handled properly.  Checks and balances means that the person that processes a transaction should not reconcile or verify the accuracy of that transaction.   

In one example, a paralegal would prepare paperwork and checks (including using a signature stamp) for real estate transactions.  The lawyer would verify the paperwork and checks before the transaction.  After the transaction, the lawyer would give the file, including checks that needed to be mailed out, to the paralegal.  The paralegal would then void a couple of smaller checks and re-write herself checks in the exact same dollar amount.  The paralegal reconciled every file.  The paralegal reconciled the account monthly.  The paralegal opened the bank statements.  On the rare occasion that the lawyer checked the bank records, he only looked at the dollar amounts.  If a call came into the office questioning a payment, the paralegal would take the call, "research the issue", and respond.  In this environment, the embezzlement thrived for almost a year.  

Every office must have a system of checks and balances both before and after a transaction.  In this scenario, the last check by the lawyer was before the transaction.  The person that processes a transaction should not be responsible for reconciling the account.  In no situation should a person that handles a transaction be allowed to research a complaint about that transaction.  

Key concepts: separate clients matters are separate "accounts" within a trust account.  An IOLTA account is, by definition, a pooled trust account where a lawyer holds funds for multiple client matters.  The lawyer is required to keep track of funds for each client matter separately within the account.

A lawyer may be holding funds for several different client matters at the same time, but the lawyer should always be able to tell every single client how much of their money is in the account.  One example of a client matter is a real estate refinance.  A lawyer may handle half a dozen refinances in a month, some originating from the same lender.  Each refinance is a separate client matter for which the lawyer must maintain individual trust account records.

If a lawyer is keeping records in compliance with the rules of professional conduct and ALTA best practices, the lawyer will have a main register listing all transactions in the account and an individual client ledger for each client matter listing all transactions for that specific client.     

A client id for every transaction is one of the most important parts of proper IOLTA / escrow account bookkeeping.  Without a client id for every transaction, it will be impossible to perform a correct three-way reconciliation of the account.  A proper three-way reconciliation requires: (1) the main register balance, (2) the total of all individual client ledgers, and (3) the adjusted bank statement balance.  

All bookkeeping programs work one of two ways.  Transactions are either entered into a main register and sorted into individual client ledgers or transactions are entered into an individual client ledger and merged to create a main register.  If transactions are entered into the main register, the client id is used to sort and create the individual client ledgers.  If transactions are entered into the individual client ledger, the client id is used to access the proper ledger to enter the transaction.  

IOLTA / escrow funds are NOT fungible.  They can only be used for the client matter for which they were deposited.