At Global Mac IT, we are committed to helping law firms operate at the highest efficiency possible, while prioritizing security in all aspects of their business. Today, we're featuring a guest post from our friends at Headnote who know the ins and outs of payments and accounts receivable, along with the security risks that lie in payments.
How to Stay Compliant While Accepting Credit Cards
Law firms have a long list of requirements in accepting payments. Most obviously, these come up with accepting trust account payments. As you work to create efficiency in the flow of cash in your law firm, you need to make sure you’re following all best practices in trust accounting and accepting trust payments.
Payments Come with Risk
State Bar Associations and the ABA have specific guidelines for handling money. If you are accepting credit card payments, you need to understand these guidelines or risk major consequences.
In the case of trust accounting, lawyers and law firms are at the risk of disbarment when flagged for a trust accounting issue. Typically, these issues arise when money is deposited into the trust account in a manner that is not compliant (ie the use of a non-legal specific online payment platform like PayPal, Square, etc.) or in cases where the firm’s trust account is underfunded due to error or less often, intent. More on the best practices later. The main thing to take away from this article thus far: you have to take these compliance duties seriously. Even if you have good intentions and make a mistake with client money, you are exposing your firm to major risk.
The reason this is so important is because when you accept a trust payment you are storing money in your bank account that is technically not yours, similar to an escrow account. This money earns interest, which is paid out and overseen by each state’s IOLTA program. Therefore, it’s very important the money in trust stays in trust until it’s earned by the law firm and with a bill documenting the work performed or until the money is transferred to the client (settlement funds) or the intended recipient (3rd party cost center).
Apart from the compliance duties your firm has to its state bar, the ABA and IOLTA, firms also need to stay compliant with the PCI Compliance rules promulgated and regulated by the Payment Card Industry Security Standards Council. These rules regulate how you must properly store and manage sensitive payment information including credit card numbers. PCI compliance is something that bar associations and the ABA take very seriously (breaking the PCI rules could result in disciplinary action) but more importantly, it’s something the Payment Card Industry Security Standards Council enforces and fines for not being PCI compliant can be as high as $100,000 per month until the noncompliance is resolved.
IOLTA and PCI Compliance
When you look at how to improve your firm’s billing and AR processes, you shouldn’t need to make a hard choice or take shortcuts. The payment process for your client should be easy and give them a good payment experience. Your firm should be able to efficiently and reliably receive payments and predict consistent cash flow.
Follow these three simple rules and you’ll have peace of mind that you’re acting compliantly without risk of violation:
1. Keep Trust and Operating Accounts Separate
The first step in maintaining compliance is to designate and maintain separate trust and operating accounts for your firm. This means when you accept a payment from a client that’s meant for trust, it needs to deposit directly into trust.
Depending on the rules of your state bar, you may be allowed to deposit trust funds into your operating account if funds are promptly moved to trust and documented as such. However, doing so comes with the additional risk of error or forgetting to move the trust funds.
Make sure you understand the rules made by your state bar about which types of funds should be designated as trust versus operating, as well as rules about when and how trust funds can be transferred to operating and vice versa. Each state has nuances and if you’re confused it’s best to go to the source and contact your bar to make sure you know how to stay compliant.
2. Document Everything
Getting the money into trust is the first step. Then you need to document every transfer and movement of that cash. In accounting terms, this is a reconciliation. You need to track every transfer and provide a summary of where the money is and show that everything balances.
These statements are required to show the client how much of their money has been earned, and also provide a check and balance for law firms to know they are handling funds appropriately. Again, check with your state bar to make sure you understand the rules regarding trust accounting and documentation in your jurisdiction then make sure to act accordingly.
3. ABA, State Bar, IOLTA & PCI Compliance
It should come as no surprise that as a law firm you’ve got certain immutable duties to your clients, and this includes how you properly accept payment of trust funds. If you’re doing so online, do not use a non-legal specific payment platform (they are not set up to comply with the rules regarding the transmission and deposit of trust funds and many actually prohibit lawyer’s trust accounts from being used on their platforms). Instead, use a platform made specifically for your industry to keep you compliant with the ABA, IOLTA and your state bar for how funds should be transmitted, commingled, deposited and protected.
Next, take seriously the rules regarding PCI compliance. Most importantly, do not store credit card information in a written or electronic file unless the information is properly encrypted and tokenized for storage. It may be tempting to write down a client’s credit card for easy future use, but this is exactly the type of practice that is outlawed under the PCI compliance rules set forth by the Payment Card Industry Security Standards Council.
If you want to ensure you eliminate the risk of all non-compliance in how law firms accept online payment, use Headnote to manage and track your firm’s AR department and processes. By using Headnote, all of this is handled for you. You are essentially offloading this responsibility and can focus on getting your bills out while Headnote focuses on getting your payments in. Headnote’s payment processing is 100% compliant with all 50 state bars, the ABA, IOLTA and PCI compliance standards set forth by Payment Card Industry Security Standards Council.
At Headnote, we understand completely the challenges law firms face in collecting money. It’s hard enough as it is to complete legal work, get bills out and chase down payments. Then you add on the compliance requirements involved, and it’s understandable why the AR process is such a challenge for many firms.
With Headnote the entire process becomes simple. Headnote gives your firm 100% confidence in how funds are handled and a dashboard to track where everything stands. You don’t have to worry about ethical violations due to compliance when accepting online payments to trust or operating accounts via credit card or eCheck so you can focus on your law firm and serving clients well.
Headnote is setting the standard for law firm receivables and payments. To learn more about they make the entire AR process for law firms simple, schedule a demo here.