Hello everyone and welcome to this Ethics Alert which will discuss the recent North Carolina Ethics Opinion which explains a lawyer’s duties and obligations regarding replacement of trust funds which are stolen as a result of hacking and other means. The ethics opinion is 2015 Formal Ethics Opinion 6 (October 23, 2015), and is here: https://www.ncbar.com/ethics/ethics.asp?page=2&from=10/2015&to=10/2015
A recent ethics opinion by the North Carolina State Bar discusses various scenarios regarding a lawyer’s ethical responsibility to replace stolen trust account funds. The opinion states that a lawyer who takes reasonable computer security precautions has no ethical responsibility to replace stolen trust funds when a hacker breaks into the network and steals the trust funds. This was one of seven scenarios involving stolen trust funds addressed in the ethics opinion. The opinion states that lawyers who do not take reasonable precautions may have an ethical responsibility to replace stolen client funds if the failure is the proximate cause of trust account theft.
In a different scenario in the opinion, a hacker gains information about a real estate transaction by hacking the e-mail of the lawyer or other parties such as the realtor or the seller and crates a “spoof” e-mail address that is similar to that of the realtor or seller. The spoof e-mail instructs the lawyer to wire funds to an identified account, despite previous instructions to mail the check. The lawyer then wires the money without first contacting the seller by telephone.
According to the opinion, under that scenario, a lawyer has an ethical responsibility to replace the funds because the lawyer failed to take reasonable measures, such as contacting the seller or confirming the seller’s email address; however, the lawyer might be reimbursed if the bank is found to be legally responsible or insurance covers the stolen funds.
The opinion states that, under all circumstances, the lawyer owes duties to clients and third parties whose funds may have been stolen, including notifying the clients and third parties of the theft and identify ways to cover the losses. The opinion concludes that “when funds are stolen from a lawyer’s trust account by a third party who is not employed or supervised by the lawyer, and the lawyer was managing the trust account in compliance with the Rules of Professional Conduct, the lawyer is not professionally responsible for replacing the funds stolen from the account.”
A prior North Carolina ethics opinion addressed a lawyer’s duties to maintain computer security and stated that lawyers must educate themselves about the security risks of online banking, implement safety practices such as using strong password, use encryption and security software, hire a technology consultant for advice, and ensure that non-lawyer staff assisting with trust-account management receive training and comply with security measures.
Bottom line: This ethics opinion provides a good overview of the lawyer’s duties and responsibilities regarding taking reasonable measures to safeguard trust funds under various hacking scenarios and states that if the lawyer fails to take those measures, he or she may or will be required to replace the stolen funds. As a reminder, state Bar ethics opinions are not binding and are for guidance only.
Be careful out there.
Disclaimer: this e-mail is not an advertisement, does not contain any legal advice, and does not create an attorney/client relationship and the comments herein should not be relied upon by anyone who reads it.
Joseph A. Corsmeier, Esquire
Law Office of Joseph A. Corsmeier, P.A.
2454 McMullen Booth Road, Suite 431
Clearwater, Florida 33759
Office (727) 799-1688
Fax (727) 799-1670