Attorneys, know your client

Attorneys, know your client (and beneficiaries)

by John Bandler

Attorneys need to know their clients.

Attorneys also need to know who the beneficiaries are regarding funds and funds transfer instructions.

So we can break this down into four points:

• Know your client
• Know who is paying funds
• Know who is receiving funds
• Know about the funds

What are the threats and risks?

There are a number of threats. They include the following types of victims:

• The attorney will be victimized and defrauded
• The attorney's client will be victimized and defrauded
• A third party (neither the attorney nor a client) will be victimized and defrauded
• A criminal (a client or anonymous individual) will use the attorney as a tool to commit a crime, including theft, fraud, or money laundering.

The threats also involve the following types of schemes and scenarios:

• Email based funds transfer frauds, also known as business email compromise (BEC) or CEO fraud.
• Other frauds, using the attorney and the unique powers that an attorney has to facilitate the theft.
• Money laundering. Using the attorney and their unique capabilities to launder funds and evade detection.

Know your client

Banks and financial institutions have a legal requirement to "know your customer" (KYC) and also to conduct customer due diligence (CDD). This is because of the threat of money laundering and a bank's anti-money laundering (AML) duties.

Attorneys need to know their client as well. This is for a multitude of reasons, including:

• Attorneys who know their client will serve their client better.
• Attorneys who do not know their client might be serving a criminal, money launderer, nation state proxy, or even terrorist
• Attorneys who do not know their client might be serving an anonymous cybercriminal who might attempt to defraud the attorney or a third party
• Attorneys who do not know their client will not recognize warning signs when a cybercriminal inserts themselves to defraud that client.

Know the beneficiary of a financial transaction as well

Sometimes the client is the beneficiary of a financial transaction, as funds need to be wired to that client. Sometimes, the client needs to pay a third party, who would be the beneficiary of that transaction. Attorneys need to know who that is as well, for the reasons above, lest they make a theft too easy for the cybercriminal or assist in a suspicious, unsavory, or even criminal transaction.

The powers of attorneys

Attorneys have considerable powers. They can hold and transmit funds on behalf of their client, they can execute legally binding transactions on behalf of a client. As a result, history has shown that some attorneys have become criminal accomplices, others have become unwitting facilitators, or simply victims.

The criminal outreach

The criminal outreach to an attorney will vary. Consider these scenarios and varying levels of subtlety.

• I'm a Nigerian prince, help me get this money out of the country.
• I'm a foreign minister with a lot of unexplainable money, help me find suitable methods to hold and move that money (see Global Witness references at bottom).
• I'm a criminal needing help laundering funds.
• I'm a client with an easy settlement or deal, you will be paid handsomely, you just need to receive and hold some funds
  • For example, I regularly am solicited to handle transactions involving matters no reasonable person would ask me to handle, including the sale of an oil rig. Were I to accept that engagement, I would find myself in the middle of a fraud.
• Wire funds here in connection with our existing engagement and transaction

Attorneys compared to banks

Obviously attorneys are not banks, they don't have a duty to necessarily identify suspicious activity, and definitely do not have a duty to report suspicious or even criminal activity. In fact, attorneys have a duty of confidentiality which they will need to weigh very carefully. But attorneys cannot commit crimes, and they cannot help anyone else (including clients) commit crimes.

The prescription

Here's what attorneys need to do.

• Fulfil legal duties regarding cybersecurity (just like every other organization does)
• Have good cybercrime awareness and cybersecurity
• Do not assist clients in the commission of fraud or crimes
• Know your client
• Know where funds are coming from or going to
• Protect clients from fraud
• Prevent a crime
• Prevent a malpractice claim

References include

• Email Based Funds Transfer Frauds
• Cybercrime
• Identity theft
• Five Components for Policy Work
• Cybersecurity book overview page
• Cybercrime Investigations book overview page
• Cybersecurity and Cybercrime Prevention (a comprehensive course outline, with extensive linked resources)
• Attorneys should know their client (and beneficiary) (this article)
• Cybersecurity for attorneys (my main article on cybersecurity for lawyers)

Externally published articles by John about cybersecurity, law, and lawyers

• Attorneys on alert for cybersecurity threats: New York's new CLE training requirement, John Bandler, Reuters Legal News, July 19, 2023, hosted here and available at Reuters at https://www.reuters.com/legal/legalindustry/attorneys-alert-cybersecurity-threats-new-yorks-new-cle-training-requirement-2023-07-19/
• A Day in the Life of an Attorney: The Cybersecurity, Technology, and Crime Risks We Face, John Bandler, New York State Bar Association Journal, July/August 2018, Vol 29 No 6, https://johnbandler.com/a-day-in-the-life-of-an-attorney-cybersecurity-technology-crime-risks/
• Cybercrime and Fraud Protection for your Home, Office, and Clients, John Bandler. American Bar Association GP SOLO magazine, Volume 34, Number 5, September/October 2017, https://johnbandler.com/bandler-john-cybercrime-fraud-prevention-aba-gp-solo-septoct-2017/
• Prepare for and Plan Against a Cyberattack, John Bandler, American Bar Association Journal, July 2018, http://www.abajournal.com/magazine/article/prepare_plan_against_cyberattack
• Network Cybersecurity in Your Home and Office, John Bandler, American Bar Association GP SOLO Magazine, March/April 2018, Vol 35 No. 2, https://johnbandler.com/network-cybersecurity-home-office/
• Lawyers, Drugs and Money: AML in Popular Media, John Bandler, ACAMS Today, March 20, 2018, Vol 17 No. 2, https://www.acamstoday.org/lawyers-drugs-and-money-aml-in-popular-media/
• The Cybercrime Scheme That Attacks Email Accounts and Your Bank Accounts, John Bandler, Huffington Post, August 3, 2017, https://www.huffpost.com/entry/the-cybercrime-scheme-that-attacks-email-accounts-and_b_59834649e4b03d0624b0aca6, hosted here too.

External resources

Global Witness undercover investigation. In this Global Witness investigation, no attorneys were actually retained and they did not perform any actions on behalf of any client, they were merely conducting pre-engagement interviews to discuss client needs. But the implications are clear.

• Global Witness, Undercover investigation of American lawyers reveals role of Overseas Territories in moving suspect money into the United States, 2/12/2026, https://www.globalwitness.org/en/press-releases/undercover-investigation-american-lawyers-reveals-role-overseas-territories-moving-suspect-money-united-states/
• Undercover in New York - full length videos, https://www.globalwitness.org/en/reports/undercover-new-york-full-length-videos/
• Lowering the Bar, https://www.globalwitness.org/en/reports/loweringthebar/
• Undercover in New York, GlobalWitness via YouTube, https://www.youtube.com/watch?v=kC2DDNLvFg8

Attorney Saul Goodman conspires to facilitate and commit money laundering,

• Breaking Bad clip on YouTube at https://www.youtube.com/watch?v=ez6xH-su2xI
• YouTube title: Breaking Bad, Saul explains money laundering – subtitle
• Breaking Bad, Season 3, Episode 9, “Kafkaesque,” High Bridge Entertainment/Grand Via Productions/Sony Pictures Television, 2010.

Allegations suggest an attorney played an unwitting role to facilitate a theft regarding real estate:

• The Real Deal, Owner of vacant CT land discovers $1.5M home built on it,
  https://therealdeal.com/new-york/tristate/2023/07/30/owner-of-vacant-ct-land-discovers-1-5m-home-built-on-it/
• CT Insider, Fairfield neighbors shocked to see $1.5M house built on land that sat vacant for decades, https://www.ctinsider.com/fairfield/article/51-skytop-terrace-fairfield-kenigsberg-18269708.php
• Washington Post, He returned to his family’s lot. A $1.4M home was being built there, https://www.washingtonpost.com/nation/2023/08/02/connecticut-land-stolen-house-lawsuit/

John's CLEs for attorneys on cybersecurity and cybercrime prevention

In 2017 my first book was published, Cybersecurity for the Home and Office, The Lawyer's Guide to Taking Charge of Your Own Information Security, from the American Bar Association (ABA).

I have written many articles for lawyers about law, technology, and cybersecurity.

And I have been providing continuing legal education (CLE) to attorneys about securing their information assets, having good cybersecurity, and protecting from cybercrime.

Contact me if you are interested in such a CLE.

This page is hosted at https://johnbandler.com/attorneys-know-your-client, copyright John Bandler all rights reserved.

Posted 8/2/2023. Updated 11/16/2023.