The conveyancing process is an attractive area for fraudsters due to the typically high value of the property involved.
Although most house purchases require a deposit of 10%, it is the final 90% payment on completion which is often the target. However, the price of houses has escalated over the last few decades and even 10% of the purchase price can represent a significant figure. Whilst in usual circumstances, the communications between the vendor and his/her solicitors should be private and confidential, the internet has revolutionised the way in which financial transactions, information and inter-business communications take place.
This has exposed many businesses – and the conveyancing industry is a good example – to a whole new range of risks. Despite these risks, which are increasingly being recognised, the ease of doing business online and the ability of persons to carry out financial transactions instantly appear to outweigh the risks involved. Aside from the financial loss to the vendor, the legal sector is exposed to all kinds of reputational and business risks. Banks and legal service providers have always been vulnerable to criminals via cyber-attacks and this imminent threat requires a strong and robust preventive campaign to combat them.
This has been widely recognised by the Law Society and the Solicitors’ Regulation Authority (SRA) who provide warnings and advice on the avoidance of fraud especially in regard to the conveyancing process. Underlying this advice is the need for all solicitors to be reminded of their duty of care to their respective clients; failure to undertake due diligence and to take all reasonable steps to protect their client’s information may lead to claims of negligence or other civil action.
In 2010, public awareness of conveyancing fraud grew after an article was published in the ‘Mail on Sunday’ involving Acorn Solicitors of Rotherham and Orient Solicitors of Leicester. Whilst both had appeared on an approved list of solicitors drawn up by the SRA, it later emerged that the two firms were bogus. This is despite the property vendors believing them to being authentic. The SRA were strongly criticised regarding the fact that reliance was placed on the list and that it took six weeks in the Acorn case for the bogus firm’s name to be removed from the list. Whilst warnings over the authenticity of Orient Solicitors were circulated more quickly, there was still wide concern within the conveyancing industry about the ease with which criminals could set up bogus practices and have them registered on the Law Society’s website.
A case reported in ‘The Guardian’ on 14 January 2017 involved a man who had his £67,000 life savings stolen after fraudsters hacked into emails sent between him and his conveyancing solicitor. The report stated, ‘(This)case will send a shiver down the spine of anyone who is in the process of buying a home, or planning to do so, and comes hard on the heels of a warning from the solicitors’ watchdog that “conveyancing theft” involving hacked emails is now the most common cybercrime in legal circles’.
As the vulnerability of the conveyancing industry to cyber-attacks became more widely recognised, the main point of contention for consumers was trust and the acknowledgement of its vitality in the transaction process. For conveyancers, the focus grew around the ability to identify and prevent against cyber attacks; of course, in order to do so, it is necessary to understand how such attacks take place. Whilst defensive measures are often based on the understanding of known fraud cases, the rate at which criminals are becoming more sophisticated in their methods means that it can be difficult to keep up with the development of preventative tools.
Typically, conveyancing fraud will start with an e-mail purporting to come from the conveyancing solicitor asking for a transfer of funds to be made to a stated bank account. The e-mail is actually a ‘scam’ and the bank details are those of the fraudster and not the solicitor.
Whilst this can be the result of the cybercriminal hacking into the solicitor’s e-mail account, the request could have also come from a remote e-mail account controlled by the fraudster. If the transfer is made into the bogus account without further enquiry, the funds will usually be moved quickly into other accounts, probably abroad, and the chances of recovering the money are remote.
The criminals often rely on the fact that the more expensive property transactions will typically be made by persons who are either middle-aged or elderly; as many of this demographic will be unfamiliar with modern technology, they are therefore less likely to question a suspicious email or identify warning signs. To them, an e-mail which has all the hallmarks of a normal genuine and legitimate communication from their respected solicitor raises little concern or suspicion and they are invariably more easily convinced that the e-mail is a proper request and it is safe to send the money as requested.
What they do not realise is that the cyber-criminal is either representing himself as a legitimate firm (as in the Acorn case) or has created a rogue practice (as in the Orient case). Nor is a fraud restricted to the e-mail alone for in some cases, relevant attachments are from authentic looking headed note-paper which has been cloned and adopted by the fraudsters. In such cases, addresses and telephone numbers are also adopted. Such documents usually require the recipient to sign and authorise disposal of funds to a third party.
In the world of cyber-crime, it is not surprising that solicitors and other conveyancing professionals now take additional measures in relation to due diligence of the parties involved and also the source of funds being used to purchase property within the United Kingdom or overseas. Money-laundering itself already imposes considerable responsibility on conveyancing professionals, with the growth of cyber-crime having merely extended these responsibilities to new areas.
Two recent cases, however, have come down in favour of solicitors where they have acted honestly and reasonably. In Davisons Solicitors –v- Nationwide Building Society (2012) EWCA Civ.1626, Nationwide Building Society took action against Davisons Solicitors because the latter had paid funds into a fake branch of another firm set up by criminals. Davisons had been instructed by Nationwide to act in respect of the purchase of a property in Sutton Coldfield and a £187,500 mortgage. Davisons sent the money to a fake branch office of a legitimate firm of solicitors – the fake branch was listed on the Law Society’s ‘Find a Solicitor’ website and in Solicitors Regulation Authority records.
Davisons’ position was that they had input the details of the solicitors and found there were two offices – one in the city centre and the branch that they were dealing with. They concluded that they were corresponding with a legitimate firm of solicitors and the transaction proceeded normally.
However, it later came to light that the branch they were dealing with was actually a bogus office of the real solicitors and that the whole transaction had been a fraud from start to finish.
Nationwide Building Society pursued Davisons for the missing money, alleging the firm had not properly checked out the seller’s solicitors. However, Davisons were able to persuade the Court of Appeal that they had done due diligence by checking the credentials of the fake branch with lists held by the Solicitors Regulation Authority and the Law Society. Gary Davison says he and his colleagues would expect such a list to contain only bona fide solicitors.
The Court of Appeal reversed a High Court ruling that said Davisons was liable for Nationwide’s loss. The latter had said Davisons should have obtained an express undertaking to discharge the existing mortgage on completion, as well as confirmation that the bogus firm would follow the Law Society’s code for completion by post. However, the Court of Appeal found that Davisons had acted honestly and reasonably. Giving judgment, Sir Andrew Morritt said: ‘The loss sustained by Nationwide was caused by the fraud of an unconnected third party.
‘Even if Davisons had insisted on answers to requisitions and separate written undertakings, the matter might still have proceeded and the fraudster have taken the money.’
This judgement was followed in the case of Santander UK PLC –v- RA Legal Solicitors (2013) EWHC 1380 (QB) where Mr. Justice Andrew Smith followed the appeal court’s ruling that a law firm can be relieved of consequential liability for breach of trust if it acts honestly and reasonably. Despite this ruling, there is little doubt that the onus is still on the solicitors concerned to prove that they acted honestly and reasonably.
Since these cases, there has been a swift response by the Law Society and the SRA to ensure its members are fully updated with current developments in conveyancing fraud, with an emphasis on preventative action and additional training for staff involved. A particular focus has been placed on the active lists of practising and regulated solicitors so that reliance can be placed on legitimate firms without hindering the conveyancing process. Where prevention is concerned, many solicitors have taken steps to revise their policies and procedures to minimise the risk of fraud. This includes implementing firm-wide risk prevention tools and techniques to ensure staff are able to identify and prevent fraud, as well as encouraging a culture where employees at all levels are alert to cyber threats.
The SRA has also been active to ensure that where client money is held, the systems and controls within solicitors’ firms are in line with their Account Rules. Their advice includes:
- Proper management and audit of accounts;
- Appropriate vetting, training and supervision of staff;
- Appropriate control of client accounts including authority to access;
- Awareness of e-mail fraud and how to combat it; including exchanging of details with other parties at the outset, verifying bank information and protecting client information.
Despite these recommended measures, it would be naïve to think that the conveyancing industry can ever be free of fraud. Increased public awareness of the potential risks is important but as Rob Hailstone, the CEO of Bold Legal Group has commented, ‘Fraud is not going to go away; as the sector develops solutions, criminals find new ways to defraud clients and/or conveyancers. Too many firms are still not adopting even the simplest of solutions to protect themselves making the legal profession vulnerable. Ultimately, unless the profession as a whole adopts the highest levels of anti-fraud protection, conveyancers will always be targets.’