Attorneys, know your client (and beneficiaries)

by John Bandler

Attorneys need to know their clients.

Attorneys also need to know who the beneficiaries are regarding funds and funds transfer instructions.

So we can break this down into four points:

  • Know your client
  • Know who is paying funds
  • Know who is receiving funds
  • Know about the funds

What are the threats and risks?

There are a number of threats. They include the following types of victims:

  • The attorney will be victimized and defrauded
  • The attorney's client will be victimized and defrauded
  • A third party (neither the attorney nor a client) will be victimized and defrauded
  • A criminal (a client or anonymous individual) will use the attorney as a tool to commit a crime, including theft, fraud, or money laundering.

The threats also involve the following types of schemes and scenarios:

  • Email based funds transfer frauds, also known as business email compromise (BEC) or CEO fraud.
  • Other frauds, using the attorney and the unique powers that an attorney has to facilitate the theft.
  • Money laundering. Using the attorney and their unique capabilities to launder funds and evade detection.

Know your client

Banks and financial institutions have a legal requirement to "know your customer" (KYC) and also to conduct customer due diligence (CDD). This is because of the threat of money laundering and a bank's anti-money laundering (AML) duties.

Attorneys need to know their client as well. This is for a multitude of reasons, including:

  • Attorneys who know their client will serve their client better.
  • Attorneys who do not know their client might be serving a criminal, money launderer, nation state proxy, or even terrorist
  • Attorneys who do not know their client might be serving an anonymous cybercriminal who might attempt to defraud the attorney or a third party
  • Attorneys who do not know their client will not recognize warning signs when a cybercriminal inserts themselves to defraud that client.

Know the beneficiary of a financial transaction as well

Sometimes the client is the beneficiary of a financial transaction, as funds need to be wired to that client. Sometimes, the client needs to pay a third party, who would be the beneficiary of that transaction. Attorneys need to know who that is as well, for the reasons above, lest they make a theft too easy for the cybercriminal or assist in a suspicious, unsavory, or even criminal transaction.

The powers of attorneys

Attorneys have considerable powers. They can hold and transmit funds on behalf of their client, they can execute legally binding transactions on behalf of a client. As a result, history has shown that some attorneys have become criminal accomplices, others have become unwitting facilitators, or simply victims.

The criminal outreach

The criminal outreach to an attorney will vary. Consider these scenarios and varying levels of subtlety.

  • I'm a Nigerian prince, help me get this money out of the country.
  • I'm a foreign minister with a lot of unexplainable money, help me find suitable methods to hold and move that money (see Global Witness references at bottom).
  • I'm a criminal needing help laundering funds.
  • I'm a client with an easy settlement or deal, you will be paid handsomely, you just need to receive and hold some funds
    • For example, I regularly am solicited to handle transactions involving matters no reasonable person would ask me to handle, including the sale of an oil rig. Were I to accept that engagement, I would find myself in the middle of a fraud.
  • Wire funds here in connection with our existing engagement and transaction

Attorneys compared to banks

Obviously attorneys are not banks, they don't have a duty to necessarily identify suspicious activity, and definitely do not have a duty to report suspicious or even criminal activity. In fact, attorneys have a duty of confidentiality which they will need to weigh very carefully. But attorneys cannot commit crimes, and they cannot help anyone else (including clients) commit crimes.

The prescription

Here's what attorneys need to do.

  • Fulfil legal duties regarding cybersecurity (just like every other organization does)
  • Have good cybercrime awareness and cybersecurity
  • Do not assist clients in the commission of fraud or crimes
  • Know your client
  • Know where funds are coming from or going to
  • Protect clients from fraud
  • Prevent a crime
  • Prevent a malpractice claim

References include

Externally published articles by John about cybersecurity, law, and lawyers

External resources

Global Witness undercover investigation. In this Global Witness investigation, no attorneys were actually retained and they did not perform any actions on behalf of any client, they were merely conducting pre-engagement interviews to discuss client needs. But the implications are clear.

Attorney Saul Goodman conspires to facilitate and commit money laundering,

  • Breaking Bad clip on YouTube at
  • YouTube title: Breaking Bad, Saul explains money laundering – subtitle
  • Breaking Bad, Season 3, Episode 9, “Kafkaesque,” High Bridge Entertainment/Grand Via Productions/Sony Pictures Television, 2010.

Allegations suggest an attorney played an unwitting role to facilitate a theft regarding real estate:

John's CLEs for attorneys on cybersecurity and cybercrime prevention

In 2017 my first book was published, Cybersecurity for the Home and Office, The Lawyer's Guide to Taking Charge of Your Own Information Security, from the American Bar Association (ABA).

I have written many articles for lawyers about law, technology, and cybersecurity.

And I have been providing continuing legal education (CLE) to attorneys about securing their information assets, having good cybersecurity, and protecting from cybercrime.

Contact me if you are interested in such a CLE.

This page is hosted at, copyright John Bandler all rights reserved.

Posted 8/2/2023. Updated 11/16/2023.