Be prepared

In early December, the Solicitors Regulation Authority (SRA) reported that £1bn was lost to business from online crime in 2015/16, while in just the first quarter of 2016, £1.57m was paid by businesses in ransoms (IT Security: keeping information and money safe). In introducing the report, Paul Philip, chief executive of the SRA, explained that ‘cyber security is an ever growing risk – and cybercrime is now in fact the most prevalent crime in the UK… In the last year we have had reports of around £7m of client money being lost to it… while antivirus systems are important, well trained and well informed staff are even more so’.

The challenge we all face is to provide practical training which minimises the risk to our businesses, while also finding the right balance between ensuring that our IT systems are as secure as possible without limiting their effectiveness by making them too cumbersome to use effectively.

Meanwhile, as our focus is now fully directed towards cybercrime, there is a risk that we forget some of the warning signs with which we had become familiar in respect of more traditional fraud. The massive increase in cybercrime does not suggest that the threat from fraud in its many other guises has in any way decreased. In fact, the opposite is probably true. No sooner do we put one set of measures in place to prevent fraud than the criminals find ways round them.

I used to think that the lowest risk in terms of both anti-money laundering and fraud were the situations where you met the client in the office. This may still be true with established clients, for whom you have acted previously and who you know. But recent cases have suggested that the apparent comfort of meeting the client personally may, in reality, provide little protection.

You now need to ask yourself three questions.

1. Does the person for whom I think I’m acting actually exist?

2. Does the person actually own the property which they are purporting to sell?

3. Is that person the individual to whom I am now talking?

The days of obtaining a copy of the person’s passport and a utility bill and ticking the client due diligence box have long since disappeared, while a failure to carry out appropriate anti-money laundering checks may render any attempt at seeking relief under section 61 of the Trustee Act 1925 futile.

Should you be suspicious if the client has a relatively new passport? If the passport has been issued in the last year, should you ask to see the previous one if they still have it? If they don’t, should you consider this to be a warning sign? Did they possibly execute a change of name deed and obtain a passport in that new name, simply for the purpose of carrying out a fraud?

If you don’t already do so, should you now consider obtaining third-party electronic verification for every client as a matter of course, even if they come into your office?

Obtaining documentation to tie a client to a particular property is becoming increasingly difficult. As utility bills, bank statements and even insurance policies all go online, obtaining an ‘original’ document becomes challenging. Downloaded documentation is easily changed, and PDFs can be amended.

Brexit might see a number of clients who have lived abroad for some years, now returning to this country. Equally, others may move abroad, taking temporary accommodation and then selling their English property from overseas. Both situations make the conveyancer’s job more complicated.

It has always been good practice to risk-assess every transaction before it begins. It is now absolutely essential to do so and to ensure that staff are able to identify those transactions which are higher risk than normal, and know what additional steps to take to minimise those risks.

Have you updated your fraud prevention and cybercrime policies in the last six months? New risks are constantly appearing. Procedures which were adequate at the beginning of the year may be inadequate by Christmas or even sooner.

Does the decision in Purrunsing v A’Court & Co [2016] EWHC 789 (Ch) mean that we need to change our client due diligence and even check that the conveyancer on the other side has done theirs properly?

Does the decision in P&P Property Ltd v (1) Owen White & Catlin (2) Crownvent Ltd t/a Winkworth (the appeal has not yet been heard) provide any comfort for conveyancers?

Where do we go now after the most recent fraud case, involving Mishcon de Reya?

What is clear is that the challenges we face from fraud in all its guises is only going to grow – and we need to be prepared.