Trust accounts are fundamental to many professions where funds are held on behalf of clients or third parties. Lawyers, accountants, real estate and property agents, motor dealers, debt collection agents and owners’ corporations all commonly operate trust accounts as part of their day‑to‑day businesses. While these accounts are designed to protect client monies, they can also present a significant opportunity for fraud and misappropriation.
What Is a Trust Account?
A trust account is an account used to hold money on behalf of another party, where the account holder owes a fiduciary obligation to deal with those funds strictly in accordance with the relevant law and the client’s instructions. The funds are not the property of the business or practitioner and must not be used for any other purpose.
Trust accounts are usually subject to some level of regulation including requirements for detailed record‑keeping and independent external audits. Despite these safeguards, high‑profile cases demonstrate that regulation alone does not eliminate risk.
Why trust accounts are vulnerable
Trust accounts have several characteristics that create opportunity where controls are weak or can be circumvented:
1. Ability to conceal misappropriation
High transaction volumes and complex ledgers can enable unauthorised transactions to be disguised—particularly where reconciliations are delayed or not independently reviewed.
2. Value of funds available
Balances can be significant—often in the millions—particularly in legal conveyancing, investment structures and strata schemes.
3. Distance between client and account activity
Clients (i.e. the ultimate owners of the money) are removed from day‑to‑day oversight, instead relying on professionals, strata managers or trustees to administer funds appropriately.
Media examples of trust money misappropriation
Recent and well‑publicised cases highlight how these risks manifest in practice.
- Legal trust accounts (2026)
A Sydney solicitor has been charged with allegedly misappropriating almost $15 million from client trust and business accounts, with funds diverted over time to support personal gambling activities1. - Strata / owners’ corporation funds (2026)
A former strata manager on the NSW Mid North Coast has been charged with over 400 fraud offences, allegedly transferring more than $2 million from multiple strata trust accounts into personal accounts2. - Real estate trust accounts (QLD)
A Brisbane real estate agent was jailed after misappropriating more than $1.4 million of client funds from trust accounts, including forged cheques and falsified records used to conceal the conduct3.
While these cases differ in scale and structure, they share common features: trusted access to client funds, weak or overridden controls and delayed detection.

Common fraud methodologies
In our experience, misappropriation of trust funds typically occurs through:
Employee theft – Internal fraud remains the most common cause of trust fund losses. Employees with legitimate access may abuse their position by diverting funds, falsifying records or exploiting control weaknesses.
Social engineering (including AI enabled) – External actors may exploit trust accounts through social engineering techniques such as impersonating clients, suppliers or senior staff. Fraudulent emails, falsified payment instructions or compromised identities can lead to unauthorised transfers.
Forgery – Forgery of signatures, payment authorities or supporting documentation can be used to legitimise otherwise unauthorised transactions. This may occur in both paper‑based and electronic systems.
Collusion – Collusion between employees or between internal staff and external parties presents a heightened risk. When two or more individuals work together to override controls or conceal misconduct, misappropriation can continue for extended periods and result in substantial losses.
For businesses operating trust funds, understanding where vulnerabilities exist is key:
ACCESS: Access is the entry point. It is embedded in normal operations — which makes it easy to underestimate.
- Access risk is often invisible — it sits inside legitimate roles: payment authority, system logins, administrative privileges.
- Weak segregation of duties allows one person to initiate, approve and record transactions without independent oversight.
- Familiarity with processes increases risk — over time, individuals identify control gaps and learn to navigate around them.
Fraud often begins small — low-value transactions that blend into normal activity. As confidence builds, frequency and scale increase without a trigger to stop it.
OPPORTUNITY: Trust accounts create opportunity by design — high value, high volume, and clients who are not watching.
- High transaction volumes make it easier to conceal irregularities within normal patterns.
- Organisational culture can often prioritise efficiency over control which can widen the opportunity window.
- Reliance on a single individual to manage trust account operations or authorise transactions is aconcentrated vulnerability.
- Clients often only receive historical, periodic summaries and rely on (outsource) professionals to administer funds correctly. i.e. clients are not watching day-to-day — creating an extended window where irregularities can go unnoticed.
DETECTION: Detection delay is the multiplier. The longer fraud runs, the larger the loss.
- We know that most typical fraud schemes last 12 months before they are detected4.
- In the trust account frauds we have investigated, periodic audits alone are often insufficient to detect the fraud as the fraud is designed to blend into routine activity.
- We see that weak reporting structures leave employees uncertain how to escalate — or they may be afraid to do so, given the seniority of the perpetrator.
- The longer fraud persists, the greater the financial impact and the more complex the recovery.
Recovery of losses:
Recent statistics tell us that in the Asia-Pacific region, some 66% of fraud cases resulted in no recovery of losses at all5.
Even where recovery is possible, it is often partial, delayed and expensive. Legal costs, insolvency proceedings and asset tracing rarely deliver a full return of funds lost.
Once fraud occurs, the loss is largely permanent.
Prevention is better than detection!
Businesses can consider how they might counteract any identified vulnerabilities with any number of fraud risk controls. These might include, but are not limited to:
- Appropriate segregation of duties, regularly reviewed and tested;
- Practical yet strict authority levels, regularly reviewed;
- Processes for staff to follow re. verification for new/changes to suppliers;
- Appropriate and up to date policies for IT security;
- Policies and reviews requiring employees to regularly take leave;
- Regular internal and ongoing sample testing of trust transactions;
- Regular, detailed trust account statements issued to clients;
- Assessment of workplace culture and speak out support; and
- Availability of tip-off/whistleblower program.
The importance of investigation
Investigating suspected misappropriation of trust funds requires a detailed understanding of trust account mechanics, regulatory obligations and fraud methodologies. Investigations typically involve forensic analysis of bank statements, trust ledgers, reconciliations, audit trails and electronic communications, often across extended periods.
Early detection and prompt action are critical to minimising losses, preserving evidence, and meeting regulatory and reporting obligations.
If you would like to discuss risks relating to the misappropriation of trust funds—or strengthen your trust account control environment—please get in touch.
- https://www.abc.net.au/news/2026-02-27/nsw-solicitor-steals-almost-15m-from-clients/106395324 ↩︎
- https://www.abc.net.au/news/2026-06-26/former-strata-manager-jessica-marrie-carah-fraud-charges/106847426 ↩︎
- https://www.justice.qld.gov.au/community-engagement/news/2024/brisbane-real-estate-agent-jailed-for-fraud ↩︎
- Occupational Fraud 2026: A Report to the Nations, ACFE ↩︎
- Occupational Fraud 2026: A Report to the Nations, ACFE ↩︎
