Save content
Have you found this content useful? Use the button above to save it to your profile.
A photo of unauthorised activity | AccountingWEB | Accountant banned after taking former firm’s client data
istock_sestovic_unauthorised-activity

Accountant banned after taking former firm’s client data

by

A chartered accountant has been excluded from the Institute of Chartered Accountants in England and Wales and fined £7,000 after she downloaded client information before leaving her former employer.

8th Jul 2024
Save content
Have you found this content useful? Use the button above to save it to your profile.

Julia Manley was found by an Institute of Chartered Accountants in England and Wales (ICAEW) disciplinary tribunal to have deliberately transferred data from her former firm’s systems to her personal laptop, resulting in the accountancy practice breaching its GDPR (General Data Protection Regulation) obligations. 

Manley also faced another disciplinary infringement after she suggested a bookkeeper provided false information to Companies House in order to get off a late filing penalty. 

Misuse of client information

As detailed in July’s disciplinary orders Manley downloaded information on 62 clients, with 46 ending up becoming clients of hers when she started her own firm. She did this despite the terms of employment prohibiting her from contacting clients of the practice for six months following the termination of her contract.  

The Dorset-based accountant admitted that she had taken copies of client files from her former firm’s network before leaving to start her own firm, explaining that she did not know why she had done so because she already had the information she needed. 

Manley was rumbled in 2019 for misuse of client information after a forensic analysis of her laptop as part of a civil litigation discovered folders for around 33 clients had been copied onto her laptop. 

The information included company accounts, payroll reports, VAT returns, personal tax returns, correspondence with HMRC, and copies of passports, death certificates and grants of probate.

Manley said in a letter to ICAEW’s conduct department shortly after leaving the company in 2020 that she was ashamed of her behaviour and she couldn’t explain why she did it. She had already visited the premises of a lot of the clients she took on while working at her former employer, so didn’t need the information for money laundering checks and she could find the clients’ addresses online. 

Manley did not only breach professional standards by taking the information in the first place but by transferring the information to an unsecured device, she put the information at risk and created GDPR issues for her former employer.  

Bookkeeper advised to fib

This wasn’t the only breach in professional behaviour Manley committed in the final months of her employment at her former firm. 

In January 2019, Manley advised a client’s bookkeeper to provide false information to Companies House to avoid a late filing penalty. 

The bookkeeper informed Manley over email that they had received a reminder from Companies House about their client’s overdue accounts.

Manley replied saying LLP accounts cannot be filed online and have to be posted with a “live signature”. She added: “It may be worth phoning Companies House and fibbing that they were sent in the post pre-Christmas (ie on 20/12/2018) and you are surprised they haven’t arrived yet.

“This may buy you some time to get the accounts posted off to them and get you off the late filing penalty.” 

ICAEW’s conduct department highlighted this as Manley suggesting the client’s bookkeeper provides false information. However, the firm didn’t follow Manley’s advice and ended up with a late filing penalty of £150. 

Manley didn’t recall sending the email but accepted that she must have done and her behaviour was unacceptable. 

Breach of trust

Weighing up the evidence, the tribunal found that Manley as a senior manager was in a position of trust, but by misusing client information, she not only breached this trust but also her former firm’s GDPR obligations. 

The tribunal viewed this behaviour as deliberate and saw the sheer amount of data taken as an aggravating factor when deciding her punishment. 

Manley would have received a severe reprimand based on telling her client’s bookkeeper to provide false information alone, but the misuse of client information tipped her misconduct into the upper end of the scale of seriousness. 

The disciplinary tribunal excluded Manley from membership of ICAEW. The starting point for a fine was £10,000, but the tribunal discounted the amount in light of her early admissions. The penalty was reduced to £7,000. Manley was also ordered to pay costs of £7,000. 

Replies (12)

Please login or register to join the discussion.

avatar
By Justin Bryant
08th Jul 2024 14:51

She was obviously a fool. CH pretty much never waive late filing penalties and certainly wouldn't with that lame excuse.

Thanks (7)
Replying to Justin Bryant:
avatar
By Paul Crowley
08th Jul 2024 15:05

She needs to learn.
Emails are for ever, not just Christmas.

Thanks (13)
avatar
By FactChecker
08th Jul 2024 16:16

Using a 'breach of her former firm's GDPR obligations' as a stick is rather pathetic ... in the same box as charging Capone for tax evasion instead of multiple homicides and more.

But anyone deliberately breaking the terms of their Contract in such a manner is demonstrating a random mix of stupidity and immorality ... with the former winning out eventually based on retention of the damning evidence (despite apparently "not needing it")!

The only shocking aspect is the remarkably minimal financial penalties levied - in comparison to far less heinous 'crimes' (of a broadly admin nature) of others.

Thanks (3)
Replying to FactChecker:
avatar
By Truthsayer
08th Jul 2024 23:39

Bear in mind that this is merely the ICAEW penalty. I wonder what the settlement will be with her former employer after their inevitable civil action (or threat thereof)?

Thanks (0)
VAT
By Jason Croke
09th Jul 2024 08:30

If a client wants to leave and follow a departing Partner/Director, then that is just business (and non-compete clauses not worth the paper they are written on), but to also take the client files was just stupid. Any clients that do move to you, just request records from the "old" Accountant, not worth breaching GDPR or ethical standards.

Thanks (10)
Replying to Jason Croke:
Should Be Working ... not playing with the car
By should_be_working
09th Jul 2024 10:05

Quite, and given that the clause only operated for six months it was hardly worth giving her former employer that sort of ammunition against her.

Thanks (2)
By Duggimon
09th Jul 2024 10:00

Data is a tradable commodity with value, this was theft in every moral and ethical sense, though I'm not sure if the legal system is able to treat it as such. I really don't see how this is any different to her nicking the computer and office furniture on her last day in the office and ought to be criminally prosecutable, if there's no scope for the police to charge her with a crime then our laws have some catching up to do.

Thanks (0)
avatar
By Casterbridge Hardy LLP
09th Jul 2024 10:03

Oh dear!

Thanks (0)
avatar
By Paul Crowley
09th Jul 2024 11:19

At long last
A report where I have absolutely zero sympathy.

Thanks (0)
avatar
By AS44NG
09th Jul 2024 14:39

14k for 42 clients? The cynic in me says "worth it" though I do not know the fee level of course.

I am not condoning the behaviour but that is the reality. Given the ICAEW exclusion I wonder if she continued to act on behalf of the clients after all.

Thanks (0)
Replying to AS44NG:
avatar
By FactChecker
09th Jul 2024 16:10

Me And My Shadow ... it's not just a song, you know!

Thanks (1)
Replying to AS44NG:
avatar
By NIGEL SCOTTTTTTT
10th Jul 2024 12:38

AS44NG wrote:

14k for 42 clients? The cynic in me says "worth it" though I do not know the fee level of course.

I am not condoning the behaviour but that is the reality. Given the ICAEW exclusion I wonder if she continued to act on behalf of the clients after all.

Well there was a company in her name incorporated on 28.08.19 and dissolved in April this year, so it looks like she did

Thanks (0)