Rebukes for partners whose firm was tricked by fraudsters into paying away client’s money

Print This Post

10 February 2017


SRA: informed by the client, not the lawyers

Three partners of a law firm that was tricked by fraudsters into paying the proceeds of a property sale into the wrong bank account – and did not carry out sufficient checks before doing so – have accepted rebukes from the Solicitors Regulation Authority (SRA).

The case is a rare disciplinary action arising from the major issue of cyber-crime that many solicitors are now dealing with.

James Michael Ashton, Paul Christopher Grimwood and David Mark Roberts are all directors of Hull firm Sandersons Solicitors. Mr Roberts is also the COLP and Mr Grimwood the COFA.

Regulatory settlement agreements published today explained how, in 2014, the firm was instructed to act for a client in a probate matter and the associated sale of a property, and corresponded with the client by email.

On 14 October 2014, the client sent an e-mail to the firm giving a set of bank details. The following day the firm successfully transferred money to the client using those details.

Six weeks later, the firm received an e-mail purportedly from the client which requested that funds arising from the sale of the property be transferred to a specified bank account.

The bank account details were different to those which the client had provided in October. The account was in the name of an electrical company that had no connection to the client.

Later that day and again the following day, the firm received further e-mails repeating the request and setting out the same bank details. The three e-mails appeared to come from the client’s email address.

The fee-earner transferred £140,000 to the account specified in those e-mails. The firm had not contacted the client by alternative form of communication to check the instructions, and did not carry out any checks in relation to the electrical company.

A week later, the client contacted the firm regarding payment of the money, at that point the fraud was uncovered; the bank account specified in the three e-mails did not belong to the client and is believed to have been controlled by fraudsters.

The fee-earner brought the matter to the directors’ attention, who reported it to the police and their insurers, but not the SRA. The client reported the fraud to the SRA instead, some months later.

The agreement said Sandersons made a partial recovery of some monies which were repaid to their client on in April 2015, and fully accounted to the client for the money wrongly paid to the fraudsters in October 2015.

The three solicitors admitted breaches of the SRA principles and the accounts rules, and of the rule that required them to report the matter to the regulator.

In mitigation, the trio said they did not make any personal financial gain from the misconduct and had co-operated with the SRA’s investigation.

The SRA said that the rebukes and fine of £500 each were “proportionate in the public interest”. It said: “The outcome recognises both the significant loss and inconvenience to the client caused by the conduct of the directors.”

They also agreed each to pay £337.50 in costs.

The agreements mean that the three will not be referred to the Solicitors Disciplinary Tribunal.



Leave a comment

* Denotes required field

All comments will be moderated before posting. Please see our Terms and Conditions

Legal Futures Blog

How to protect your firm from ransomware

Adam Curtis Hoowla

One news item has dominated the headlines over the last week – cyber-attacks and, in particular, the WannaCry ransomware. It is a well-known and well-documented fact that the legal industry, and conveyancing in particular, can be a vulnerable and high value target. This ranges from property hijacking – where fraudsters pose as legitimate owners of a property and sell it on without the real owner’s knowledge – to ‘Friday afternoon fraud’, with criminals contacting a busy law firm to ‘update’ their bank details to redirect funds.

May 22nd, 2017