Lawyer’s Professional Responsibility When Third Party Steals Funds from Trust Account
Adopted: October 23, 2015
Opinion rules that when funds are stolen from a lawyer’s trust account by a third party who is not employed or supervised by the lawyer, and the lawyer was managing the trust account in compliance with the Rules of Professional Conduct, the lawyer is not professionally responsible for replacing the funds stolen from the account.
NOTE: This opinion is limited to a lawyer’s professional responsibilities and is not intended to opine on a lawyer’s legal liability.
Inquiry #1:
John Doe, a third party unaffiliated with Lawyer, created counterfeit checks that were identical to Lawyer’s trust account checks. John Doe made the counterfeit checks, purportedly drawn on Lawyer’s trust account, payable to himself and presented the counterfeit checks for payment at Bank. Bank honored some of the counterfeit checks. As a consequence, client funds held by Lawyer in his trust account were utilized for an unauthorized purpose. Lawyer properly supervised all nonlawyer staff participating in the record keeping for the trust account. Lawyer also maintained the trust account records and reconciled the trust account as required by Rule 1.15-3. Lawyer had no knowledge of the fraud and had no opportunity to prevent the theft.
Does Lawyer have a professional responsibility to replace the stolen funds?
Opinion #1:
No.
A lawyer who receives funds that belong to a client assumes the responsibilities of a fiduciary to safeguard those funds and to preserve the identity of the funds by depositing them into a designated trust account. Rule 1.15-2, RPC 191, and 97 FEO 9. The responsibilities of a fiduciary include the duty to ensure that the funds of a particular client are used only to satisfy the obligations of that client. RPC 191 and 97 FEO 9. Rule 1.15-3 requires a lawyer to keep accurate records of the trust account and to reconcile the trust account. A lawyer has an obligation to ensure that any nonlawyer assistant with access to the trust account is aware of the lawyer’s professional obligations regarding entrusted funds and is properly supervised. Rule 5.3.
If Lawyer has managed the trust account in substantial compliance with the requirements of the Rules of Professional Conduct (see Rules 1.15-2, 1.15-3, and 5.3) but, nevertheless, is victimized by a third party theft, Lawyer is not required to replace the stolen funds. If, however, Lawyer failed to follow the Rules of Professional Conduct on trust accounting and supervision of staff, and the failure is a proximate cause of theft from the trust account, Lawyer may be professionally obligated to replace the stolen funds. Compare RPC 191 (if a lawyer disburses against provisionally credited funds, the lawyer is responsible for reimbursing the trust account for any losses caused by disbursing before the funds are irrevocably credited).
Under all circumstances, Lawyer must promptly investigate the matter and take steps to prevent further thefts of entrusted funds. Lawyer must seek out every available option to remedy the situation including researching the law to determine if Bank is liable;1 communicating with Bank to discuss Bank’s liability; asking Bank to determine if there is insurance to cover the loss; considering whether it is appropriate to close the trust account and transfer the funds to a new trust account; and working with law enforcement to recover the funds.
Inquiry #2:
Prior to learning of the fraud and theft from the trust account, Lawyer issued several trust account checks to clients and/or third parties for the benefit of a client. Despite the theft, there are sufficient total funds in the trust account to satisfy the outstanding checks. However, because of the theft, funds belonging to other clients will be used if the outstanding checks are cashed.
What is Lawyer’s duty to safeguard the remaining funds in the trust account?
Opinion #2:
Lawyer must take reasonable measures to ensure that funds belonging to one client are not used to satisfy obligations to another client. Such reasonable measures include, but are not limited to, requesting that Bank issue stop payments on outstanding trust account checks; providing Bank with a list of outstanding checks and requesting that Bank contact Lawyer before honoring any outstanding checks; and determining if Bank is liable and, if so, demanding the outstanding checks be covered by Bank. If Lawyer determines Bank is not liable or liability is unclear, Lawyer must maintain the status quo and prevent further loss by not issuing new trust account checks. If payment will be stopped on the outstanding checks, Lawyer must contact the payees and alert them to the problem.
Inquiry #3:
Assume the same facts in Inquiry #2 except there are insufficient funds in the trust account to satisfy the outstanding checks. Must Lawyer deposit funds into the trust account to ensure that the outstanding checks are not presented against an account with insufficient funds?
Opinion #3:
No. In addition to the remedial measures listed in Opinion #2, Lawyer should notify the payees if Lawyer knows that the checks will not clear.
Inquiry #4:
Hacker gains illegal access to Lawyer’s computer network and electronically transfers the balance of the funds in Lawyer’s trust account to a separate account that is controlled by Hacker. Lawyer’s trust account now has a zero balance. Lawyer has written several trust account checks to clients and/or third parties for the benefit of clients. Because of the theft, there are insufficient funds in the trust account to satisfy the outstanding checks.
Does Lawyer have a professional responsibility to replace the stolen funds?
Opinion #4:
No, Lawyer is not obligated to replace the stolen funds provided he has taken reasonable care to minimize the risks to client funds by implementing reasonable security measures in compliance with the requirements of Rule 1.15.
Rule 1.15 requires a lawyer to preserve client property, to deposit client funds entrusted to the lawyer in a separate trust account, and to manage that trust account according to strict recordkeeping and procedural requirements. To fulfill the fiduciary obligations in Rule 1.15, a lawyer managing a trust account must use reasonable care to minimize the risks to client funds on deposit in the trust account. 2011 FEO 7.
In 2011 FEO 7 the Ethics Committee opined that a lawyer has affirmative duties to educate himself regularly as to the security risks of online banking; to actively maintain end-user security at the law firm through safety practices such as strong password policies and procedures, the use of encryption and security software, and the hiring of an information technology consultant to advise the lawyer or firm employees; and to insure that all staff members who assist with the management of the trust account receive training on and abide by the security measures adopted by the firm.
If Lawyer has taken reasonable care to minimize the risks to client funds, Lawyer is not ethically obligated to replace the stolen funds. If, however, Lawyer failed to use reasonable care in following the Rules of Professional Conduct on trust accounting and supervision of staff, and the failure is a proximate cause of theft from the trust account, Lawyer may be professionally obligated to replace the stolen funds.
Inquiry #5:
Lawyer is retained to close a real estate transaction. Prior to the closing, Lawyer obtains information relevant to the closing, including the seller’s name and mailing address. Lawyer also receives into his trust account the funds necessary for the closing. Lawyer’s normal practice after the closing is to record the deed and disburse the funds. Lawyer then mails a trust account check to the seller in the amount of the seller proceeds.
Hacker gains access to information relating to the real estate transaction by hacking the email of one of the parties (lawyer, realtor, or seller). Hacker then creates a “spoof” email address that is similar to realtor’s or seller’s email address (only one letter is different). Hacker emails Lawyer with disbursement instructions directing Lawyer to wire funds to the account identified in the email instead of mailing a check to seller at the address included in Lawyer’s file as previously instructed.2 Lawyer follows the instructions in the email without first implementing security measures such as contacting the seller by phone at the phone number included in Lawyer’s file to confirm the wiring instructions. After the closing and disbursement, the true seller calls Lawyer and demands his funds. Lawyer goes to Bank to request reversal of the wire. Bank refuses to reverse the wire and will not cooperate or communicate with Lawyer without a subpoena.
While pursuing other legal remedies, does Lawyer have a professional responsibility to replace the stolen funds?
Opinion #5:
Yes. Lawyers must use reasonable care to prevent third parties from gaining access to client funds held in the trust account. As stated in Opinion #4, Lawyer has a duty to implement reasonable security measures. Lawyer did not verify the disbursement change by calling seller at the phone number listed in Lawyer’s file or confirming seller’s email address. These were reasonable security measures that, if implemented, could have prevented the theft. Lawyer is, therefore, professionally responsible and must replace the funds stolen by Hacker. If it is later determined that Bank is legally responsible, or insurance covers the stolen funds, Lawyer may be reimbursed.
Inquiry #6:
While pursuing the remedies described in Opinion #2, may Lawyer deposit his own funds into the trust account?
Opinion #6:
Yes.
Generally, no funds belonging to a lawyer shall be deposited in a trust account or fiduciary account of the lawyer. Rule 1.15-2(f). The exceptions to the rule permit the lawyer to deposit funds sufficient to open or maintain an account, pay any bank service charges, or pay any tax levied on the account. Id. The exceptions were expanded in 1997 FEO 9 to include the deposit of lawyer funds when a bank would not route credit card chargeback debits to the lawyer’s operating account. These exceptions to the prohibition on commingling enable lawyers to fulfill the fiduciary duty to safeguard entrusted funds.
Therefore, notwithstanding the prohibition on commingling, Lawyer may deposit his own funds into the trust account to replace the stolen funds until it is determined whether the Bank is liable for the loss, insurance is available to cover the loss, or the funds are otherwise recovered. If Lawyer decides to deposit his own funds, he must ensure that the trust accounting records accurately reflect the source of the funds, the reason for the deposit, the date of the deposit, and the client name(s) and matter(s) for which the funds were deposited.
Inquiry #7:
With regard to all of the situations described in this opinion, what duties does Lawyer owe to the clients whose funds were stolen?
Opinion #7:
Lawyer must notify the clients of the theft and advise the clients of the consequences for representation; help the clients to identify any source of funds, such as bank liability and insurance, to cover their losses; defer a client’s matter (by seeking a continuance, for example) if necessary to protect the client’s interest; and explain to third parties or opposing parties as necessary to protect the client’s interests. If stop payments are issued against outstanding checks, Lawyer must take the remedial measures outlined in Opinions #1 and #2 to protect the client’s interest. Finally, Lawyer must report the theft to the North Carolina State Bar’s Trust Accounting Compliance Counsel.
Endnotes
- See e.g. N.C. Gen. Stat. §25-4-406.
- The inquiry assumes that Lawyer believed that, by wiring the funds to the account designated in the email, he was disbursing the funds to the seller as required by the settlement statement. This opinion does not address the issues of professional responsibility raised when a lawyer knowingly makes disbursements contrary to a settlement statement.