Is a Lawyer Ethically Responsible for Trust Account Theft Caused by Hacking?

hackingNo, if the lawyer has otherwise taken reasonable efforts to safeguard client and third-party funds in the lawyer’s trust account. See N.C. Bar Assoc. Formal Op. No. 6 (Oct. 23, 2015).

“Reasonable efforts” with regard to safeguarding client funds are different in the Internet Age. Now, a lawyer must:

  1. understand the “security risks of online banking”;
  2. “actively maintain end-user security at the law firm through safety practices such as strong password policies and procedures, the use of encryption and security software, and the hiring of an information technology consultant to advise the lawyer or firm employees”; and,
  3. “insure that all staff members who assist with the management of the trust account receive training on and abide by the security measures adopted by the firm.” See id.

Furthermore, a lawyer must strictly limit and carefully monitor staff access to trust accounts. Assuming that the lawyer undertakes these “reasonable efforts,” the lawyer is not strictly liable for hacking losses:

If Lawyer has taken reasonable care to minimize the risks to client funds, Lawyer is not ethically obligated to replace the stolen funds. If, however, Lawyer failed to use reasonable care in following the Rules of Professional Conduct on trust accounting and supervision of staff, and the failure is a proximate cause of theft from the trust account, Lawyer may be professionally obligated to replace the stolen funds.


Please follow and like us: