Your law firm’s security has been breached, and you see that a scammer is trying to steal client funds. It may be wire fraud, a phishing attack or something totally different. But you know that the firm’s security is being tested against a bad actor. You must take action. What should you do, and what are your ethical obligations?
I reached out to Deanna Brocker of the Brocker Law Firm in Raleigh, and she shared some practical advice for anyone who finds themselves in this situation. The Brocker Law Firm concentrates in professional and occupational licensing, ethics and disciplinary matters. The firm also advises and represents professional clients in various related areas, including prospective ethics counseling, private ethics opinions, expert witness testimony, firm disputes, North Carolina State Bar grievance defense and attorney discipline defense.
I first asked Deanna what a law firm should do if a scam is successful.
“Contact the police, the FBI, your liability carrier, and the State Bar. You have an obligation to contact the State Bar where money is transferred or taken from an account illegally.” She goes on to note that because there is an actual loss, you have an affirmative duty to report the crime to the State Bar.
When reporting to the State Bar, be clear about how the attack happened, and what safeguards you had in place that failed. This information will help the State Bar investigate how the attack occurred, and how sophisticated the attack may be.
I also asked Deanna what a firm should do if they stopped or caught an unsuccessful attack.
Deanna stated that if there is no successful fraud, “there is no affirmative duty to report.” You should, however, report the scam to the authorities, and to your liability carrier. In every case, follow the instructions of your liability carrier to limit additional risk.