The legal sector has a tangible issue with client money (tangible because it relates to very large volumes being transferred). Even an average sized firm will send multiple millions of pounds of client funds electronically, and increasing amounts are being diverted, lost or stolen. Not so long ago, a series of “Friday afternoon frauds” saw the major banks phone lines hacked, with criminals calling law firms and persuading them to send large sums of money down the wire to them. No one will admit to the scale of the problem because it is reputational.
A mid-sized firm might sit on perhaps £30m of client funds during a peak summer conveyancing season. Theoretically, if it is kept in one single account, the entire amount is exposed. A solicitor’s PII policy will protect client money but only up to the limit of indemnity (per claim) that they carry – for many that will be £2m or £3m. There is an obvious gap here in most cases, which is at the risk of the individual law firm.
The move by many firms towards putting their IT services into the cloud undoubtedly assists but is not an entire solution because, for example, we have had recent events of clients sustaining losses due to issues with the cloud service provider suffering an “outage”.
Blockchain tech (I am referring to the ability to safely send funds and sensitive information securely as opposed to crypto currency matters) exists now and there are many firms who have the ability to integrate it here and now into their transaction infrastructure. The land registry is part way through development of their own blockchain system to ensure safe transference of data. It is apparent however that no one is really interested in being an early adopter of the tech in the law firm sector, and many do not even understand how it applies to their firm’s operations.
It is said that in 2021 on average a small firm in the UK was successfully hacked every 19 seconds. The scale of the problem is much bigger than most business leaders appreciate, and there is a (perhaps medium term) solution. Understanding that many will not wish to be early adopters of new tech, in the event that there are gremlins, it is also necessary to avoid being at the back of the queue.
The National Cyber Security Centre (NCSC) has issued a formal warning of a new Russia-linked cyber threat which poses a heightened exposure to the UK’s critical national infrastructure. The NCSC state that hacker groups are set to launch ‘destructive and disruptive attacks’ that have ‘less predictable consequences’ than traditional threats used by cyber attackers. The immediate threat is expected to take the form of Distributed Denial of Service (DDoS) attacks, the spread of misinformation and website defacements, with a likelihood of larger-scale attacks to come to target critical national infrastructure.
Whilst it is difficult to prevent human error-based losses entirely from client money transactions, the critical infrastructure to safeguard what is other people’s money in solicitors’ hands does exist and should form part of the business’ risk register, with a coherent plan around how the firm will adapt to the increasing threats over time. Underlying this, however, is the need for law firms to engage now with tech firms who have the ability to install blockchain tech into their infrastructure.