Conveyancing Fraud – Practical Steps for Prevention
On 12 November 2022, the House of Lords Fraud Act 2006 and Digital Fraud Committee published its report “Fighting Fraud: Breaking the Chain”. This included a number of key recommendations in relation to the government’s response to digital and online fraud, which indicate that losses over the last year had reached £4 billion.
This made several recommendations, including a new corporate offence of failure to prevent fraud, with significant financial penalties attached. This is not only a wakeup call for the government but also a number of sectors, including the legal and financial services sectors, as well as their clients, which are increasingly targets of digital and online fraud.
Note: The ILFM’s blog might be of interest in this regard too. Is your Law Firm protected from Cyber Attacks and Cyber Crime?
Monies on Client Account Target
One of the biggest issues facing law firms is conveyancing fraud, which involves targeting property transactions with the aim of getting either the client or law firm to transfer large sums, such as deposits and completion monies, into bank accounts controlled by the fraudsters, which can occur through a number of methods.
Payment Diversion Fraud
This involves fraudsters impersonating others and editing payment details or invoices in order to achieve the above objective.
Business Email Compromise
Fraudsters can send convincing looking emails to trick either external clients or internal employees into transferring funds or revealing sensitive information. Emails can contain viruses in links/attachments or different payment details than that of the actual firm. These are much more crafted and harder to spot compared to standard phishing emails.
Payment Service Regulations 2017
The Payment Services Regulations 2017, which apply to banks, are detailed regulations but have the effect of limiting the amount a victim should have to pay towards fraud, with the payment service provider expected to compensate the victim for the rest, unless they have reasonable grounds the victim acted fraudulently. However, this applies only to unauthorised transactions, which are likely to occur where customer’s bank details are lost or stolen.
Many instances which law firms, and their clients face, involve situations of authorised bank transactions where the sender has been deceived as to the true recipient of a transaction, as illustrated above. In this situation, a bank is less likely to offer a refund because the victim has authorised the payment, albeit to the wrong party.
Voluntary Code of Practice for Authorised Push Payments
There is additional protection in place for blameless victims of these scams for customers of banks who are signed up to the voluntary code of practice for authorised push payments (APP).
This was published by the APP Scams Steering Group with the aim of seeking to reimburse blameless victims for losses incurred by APP fraud. The code is however subject to the victim ensuring they have acted reasonably in paying attention to the warnings given by their banks. In addition, they must take care and have a reasonable basis for believing that the person they paid was the person they were expecting to pay and that the business they intended to pay was legitimate, as well as it being for genuine goods or services. However, because completion monies do not fall within the requirement of goods and services, this is likely to be of limited assistance to a client and firm in the situations described above. Therefore, it is clearly important to take practical steps to prevent fraud, rather than rely on the bank reimbursing any loss.
Solicitors’ Responsibilities
There is also recent case law relevant to the above risk that demonstrates the solicitor’s responsibility to their client and any likely relief granted under section 61 of the Trustee Act 1925. The cases of Lloyds TSB Bank PLc v Markandan & Uddin and Nationwide Building Society v Davisons Solicitors illustrate relief is only likely to be granted (as was in the case of the latter but not the former case), where a firm has conducted a transaction by the book and acted honestly and reasonably in relation to the entire transaction. As the fraud becomes more sophisticated, it is likely that more will be expected of law firms to inform their clients of the risks and develop policies to reduce them as far as possible. Further, the case of Dreamvar (UK) Ltd v Mishcon de Reya acts to further sound the alarm bells of law firms. Here an appeal was dismissed and it was held that the judge at first instance was correct to refuse relief to the law firm, under the reasoning that although they had acted honestly and reasonably throughout the transaction, it was not true that they ought fairly to be excused from liability because they were much larger than their client and had insurance and were therefore, better placed to take the loss.
Practical Steps to Take
Our advice would be to:
- Get bank details in person or confirm them over the phone.
- Always question a change in bank details – and phone to check using a regular contact number or one published online – not on any email demanding payment.
- Utilise tech – strong anti-virus software, strong and separate passwords – don’t reuse passwords or use weak ones.
- Keep a sale or purchase secret – don’t advertise it which could make you a target.
- Avoid making transfers or access email accounts or banking apps over public or unprotected Wi-Fi.
- When making first time payments, transfer a small amount to begin with and confirm receipt.
- Always check the email address itself, don’t rely on a name attached to it – look at the address to see if it is genuine – be careful about extra small changes.
- Be careful with emails that ask you to act urgently.
- Get in contact with your bank/firm as the banking facility might have some sort of holding house for large transfers.
- Be wary of relying heavily on confirmation of payee, as although useful, it is not a full proof safeguard.
This article is intended to summarise the issues and practical steps regarding the title subject but is not intended as legal advice and specific advice should be sought regarding any issues referred to above.
Robert Clark and Matthew Bennett
Laytons ETL
Nb. Laytons are a member firm of the ILFM and we are grateful for their support.
Comments