For legal practitioners, time is of the essence. There are often multiple deadlines to meet in meeting timelines imposed by legislation (including prescription dates) and the rules of court, ensuring efficient service to clients and, after all, what legal practitioners sell is their professional expertise and time. Balancing all the interests thus calls for improved time management. Many firms are currently operating with a reduced number of personnel and the way operations are taking place during the COVID-19 pandemic, requires the firm to ‘always be switched on’ (in modern parlance). This operating environment becomes fertile ground for errors to go undetected and for internal controls to be waived or even ignored in an attempt to produce quick turn-around times. Adherence to the proverb ‘more haste, less speed’ will be prudent for risk management.
This article aims to demonstrate that taking time to ensure that all the basics have been properly attended to will go a long way in mitigating several risks. I use the examples of three areas of operation, namely –
Take full and detailed instructions as early as possible in the matter. Also request that the client furnishes you with all the relevant information, documents and banking details with the proper proof of the latter. The verification of the identity of the client and the other verifications required in terms of the Financial Intelligence Centre Act 38 of 2001 must also be completed at the commencement of the relationship with the client. Banking details and documentary proof thereof must also be provided by the client. If the initial instruction is taken at a physical meeting between the parties, it is prudent that the client is requested to bring original stamped banking documents. In the event that a meeting is held using one of the electronic systems that are now available, ensure that all the parties log on using a secure link, that you have both visual (the video feature is on) and audio contact with the client, and that the meeting is recorded. The recording should then be downloaded and securely stored. In an electronic meeting, it will also go a long way in mitigating the risk of payment into an incorrect bank account if you ask the client to verbally confirm their banking details for the record and to confirm that those are identical to the information provided to you. Provide a written record of your firm’s banking details and read them out to the client. Explain the cyber risks associated with business e-mail compromise and how all parties are potentially vulnerable to the risk. Record at the early stage of the engagement with the client that neither party’s banking details will be changed by way of e-mail will mitigate cyber risks. Remember that cyber criminals target all payments, no matter who the payment is from or who the intended recipient thereof is. Your client and other intended recipients of funds are also vulnerable to cyber risks.
If the firm will act on a contingency basis, the terms of the contingency fee agreement must be explained to the client. A contingency fee agreement that complies with the Contingency Fees Act 66 of 1997 must be drawn up and signed by all the parties.
Take detailed notes of the discussion and ask for clarification if anything is not clear. It is best to spend time clarifying a point so that you know exactly what the client’s expectations are, and the client can confirm whether there is a common understanding of the scope of the instructions, estimated timelines for the completion of the instruction, the fee and billing terms, the servicing team, obligations of the parties and any other relevant terms. If counsel or another external expert will be required, this should also be discussed, agreed on, and recorded.
Detailed, legible file notes will also go a long way in protecting your respective interests. If necessary, get another person in the firm to take the detailed notes. Make a list of all the documents that have been handed to you, as well as a list of all outstanding documents and information that you have requested the client to provide and the date by which the information is to be provided. If the client is instructing you in a representative capacity, request documents to prove the authority to engage your services and to pursue the matter.
Potential conflict of interests should also be checked at the initial instruction or during the early stages of the instruction. You can also explain your professional duties to the client in respect of the instruction and then place on record that these cannot be compromised.
The instruction can then be recorded in a letter of engagement, which sets out the agreed terms. The letter of engagement must be signed by all the parties and a copy must be handed to the client. If the firm cannot accept the instruction for any reason, it is also good practice to record this in the correspondence to the client so that there are no disputes at a later stage regarding whether you accepted the instruction or not.
Each firm should be able to produce a checklist of matters to be discussed and agreed with the client at the initial consultation, the information and documents required and any other information relevant to the type of work the firm renders and the requirements of its standard operating procedures.
In some circumstances, settlement negotiations can move quickly. In litigation matters there is an added risk that settlement negotiations can take place just before the commencement of a hearing in a matter or even during the litigation itself. Always take time to consult with the client (even telephonically) to explain all the terms of the proposed settlement and, if necessary, give your recommendations. Do not rely on the power of attorney (if one has been signed by the client) and manage the client’s expectations. Similarly, with taking the initial instructions, make detailed notes of the discussion and record the time and duration of the telephone call. In some instances, these negotiations happen when the legal practitioner is out of the office (often at court), but the discussion and instruction can be confirmed by an e-mail sent to the client later that day. In this technological age, the portable electronic devices used by many legal practitioners enable a remarkable amount of work to be conducted remotely and e-mails can be dispatched from anywhere that a network connection can be established. Various technological solutions on the portable devices even allow for voice recordings to be made that you can send to your client (or even your office to be typed).
Do not concede to pressure from your opponents to accept an offer that is detrimental to your client’s interests or one on which you have not received clear instructions.
The suggested measures will go a long way in mitigating the risk of under-settlement of matters (if you are acting for the plaintiff) or any other claim on the basis that the settlement reached was not in line with the instructions.
Take time to verify the reason for all payments and ensure that you have the relevant audit trail available. It is particularly important to check that the banking details of the payee are correct and accord with the records on file. Remember that cybercrime has become more prevalent and that cyber criminals constantly refine their modus operandi in the hope that some of their attempts will slip through the proverbial ‘cracks’ resulting in a payment to them rather than the intended recipient of the funds. Take extra caution when making payments and remember that you have an obligation to verify banking details before making any payments.
The rules issued in terms of the Legal Practice Act 28 of 2014 prescribe as follows:
‘Payment to clients
54.13 A firm shall, unless otherwise instructed, pay any amount due to a client within a reasonable time. Prior to making any such payment the firm shall take adequate steps to verify the bank account details provided to it by the client for the payment of amounts due. Any subsequent changes to the bank account details must be similarly verified.’
Though this rule applies to payments from the trust account to the client, the principle can be applied to any payment whether from the trust or business account. Verification requires action on the part of the firm to establish whether the bank account details are indeed those of the intended recipient. There are a number of steps that can be taken to verify the banking details of the client (or any purported change) and suggestions for the steps that can be taken to mitigate cyber risks are listed on p 6 to 7 of the August 2019 edition of the Risk Alert Bulletin (https://lpiif.co.za, accessed 4-12-201).
The case of Jurgens and Another v Volschenk (ECP) (unreported case no 4067/18, 27-6-2019) (Tokota J) focusses on the circumstances where an attorney fell victim to the business e-mail compromise scam and paid funds to an incorrect party. The court noted (at para 26) that the furnishing of what purported to be new banking details to the attorney within a short space of time should have raised red flags for the attorney. The court highlighted some of the contents of the documents provided that should have raised the red flags for the attorney and stated that:
‘A diligent, reasonable attorney would have taken steps to verify the information from [the client]. The respondent failed to do so. It is no defence to pass the buck to her secretary and state that the account was dictated to her by her secretary. She owed a duty to her clients to act in their interests and safeguard their money. In my view, a reasonable attorney in her position would have exercised more care under the circumstances … . She failed to do so and the applicants suffered loss as a result of her negligence.’
The law firm in Fourie v Van der Spuy & De Jongh Inc and Others 2020 (1) SA 560 (GP) was similarly held liable for losses resulting from payment to an incorrect party.
Legal practitioners must insist on the verification of the banking details of the intended recipient of the funds and not accept e-mails purporting to be from their clients on face value or pressure from parties (inside or outside of the law firm) to make the payment as soon as possible and suggesting that the verification must be dispensed with because of some or other urgency. At the end of the day the liability for losses suffered will lie with you, the legal practitioner.
Cybercrime related claims are excluded from the Master Policy issued by the Legal Practitioners Indemnity Insurance Fund NPC (LPIIF). The cybercrime exclusion is in clause 16(o) of the Master Policy, a copy of which can be accessed on the LPIIF website (www.lpiif.co.za). If the firm has purchased insurance cover for this risk in the commercial market, regard must be had to the specific terms on which the insurer has agreed to indemnify such losses and the risk management measures that the insurer has required be put in place. The various commercial insurers prescribe different measures that must be put in place in order to trigger the indemnity provided.
Do not lose sight of the fact that theft can, unfortunately, also be perpetrated by parties inside your firm. Apply an equal amount of scrutiny to all payments, no matter the value or the intended recipient.
The risk associated with the human factor in any legal practice can never be completely discounted. The risk of something falling through the proverbial cracks will always be present and is exacerbated by the pressures of servicing clients efficiently and the associated efforts to narrow the turn-around times. Those efforts should not, however, increase the risks faced by the practice.
Thomas Harban BA LLB (Wits) is the General Manager of the Legal Practitioners’ Indemnity Insurance Fund NPC in Centurion.
This article was first published in De Rebus in 2022 (Jan/Feb) DR 7.