Safeguarding Legal Transactions: The Vital Role of Call, Check and Confirm

In an increasingly digital world, where emails fly back and forth at lightning speed, fraudsters are unfortunately becoming more sophisticated at targeting solicitors.

As a regulator dedicated to upholding the highest standards in the legal profession, the Law Society of Northern Ireland is committed to equipping practitioners with tools to protect their clients, firm, and reputation. One such essential protocol is ‘Call, Check, and Confirm’- a straightforward three-step process designed to verify critical information before any financial transaction. This approach isn’t just best practice; it is a crucial defence against the rising tide of cyber fraud. By publicising and promoting this method, we aim to mitigate the devastating impacts of fraud, ensuring solicitors can operate with confidence and integrity.

At its core, Call, Check, and Confirm is a simple yet powerful verification framework.

Step one, the - ‘Call’ - involves contacting the client or relevant party directly using a phone number already verified and on file, never one supplied in an email or unsolicited message. This guards against impersonation tactics when fraudsters hijack communications.

Step two - ‘Check’ - requires scrutinising the details of the instruction, such as bank account information, transaction amounts, and assessing the overall legitimacy of the request. Does it align with previous interactions? Are there red flags like urgency or unusual changes?

Finally, step three - ‘Confirm’ - demands documenting the verification in writing and obtaining explicit approval before proceeding. An attendance note of any conversation is essential. This protocol acts as a robust firewall, preventing fraud, miscommunication, and errors that could otherwise lead to catastrophic outcomes.

Why does this matter so profoundly for solicitors?

Legal professionals routinely handle high-value transactions, from conveyancing deals involving property sales and purchases to settlement payments in litigation, and divorce proceedings. These are prime targets for fraudsters, who exploit the substantial sums involved. Recently, homebuyers and sellers have been hit hard by transfer scams, where deposits or proceeds are intercepted and diverted. For instance, a fraudster might pose as a client or solicitor, sending last-minute emails with ‘updated’ bank details that funnel funds straight to their accounts. Fraudsters don’t stop at one victim; they often target multiple clients simultaneously, amplifying the damage.

According to our data, email impersonation remains the top threat. Fraudsters hijack legitimate email threads between solicitors and clients, inserting fraudulent instructions that mimic familiar tones and reference confidential details gleaned from prior exchanges. The consequences of falling for such deceptions are severe. Solicitors owe a duty of care to act in their clients’ best interests, and failing to verify instructions can breach this ethical obligation.

Under Regulation 5.1 of the Solicitors’ Accounts Regulations 2014, any breach must be remedied promptly, including replacing misdirected funds from the firm’s own resources. Beyond monetary loss, there’s the spectre of professional negligence claims, investigations by the Information Commissioner’s Office for data breaches, and irreparable harm to a firm’s reputation. In short, the stakes are too high to rely on trust alone.

Implementing Call, Check, and Confirm doesn’t require overhauling a firm’s entire operation, it’s about smart integration. Start by updating processes to make it mandatory for all financial transactions; that there will be no authorisation without completion of the checks.

Engage clients early by outlining the procedure in retainer letters, email footers, and even enclosing our Call, Check, and Confirm leaflet. Establish clear methods for sharing and receiving bank details, emphasising they will not change unexpectedly. Train your full team comprehensively, from paralegals to partners, with regular sessions to reinforce vigilance. Leverage technology securely, store verified contacts in protected systems and enable two-factor authentication. Above all, document every step of the calls, checks, and confirmations, as evidence of due diligence.

Sceptics might view this as an added burden in a hectic workday, but the alternative is far costlier - untangling fraud can consume weeks or months, not minutes.

In essence, Call, Check, and Confirm is more than a checklist – it is a mindset of caution and professionalism amid escalating threats. By adopting this approach, solicitors not only comply with regulatory expectations but also safeguard the public interest. Let’s make it standard practice, for the protection of all.

More information on cybercrime awareness, including our Call, Check, and Confirm leaflet, can be found on our website: https://lawsoc-ni.org/ members/practice-careers/practice-information-support/cyber-crime-awareness

Caroline Glover, Professional Conduct Manager, Law Society of Northern Ireland