Business Email Compromise and Wire Fraud Liability: Prevention, Response, and Professional Responsibility for Legal Practitioners

John Bandler, Founder | Bandler Law Firm PLLC

John Bandler is an attorney, consultant, author, educator, and speaker whose practice sits at the intersection of cybersecurity and the law. Through Bandler Law Firm PLLC and Bandler Group LLC in New York City, he advises organizations and individuals on cybersecurity, cybercrime prevention and investigation, privacy, information governance, and regulatory compliance, bringing more than two decades of public-sector enforcement experience to the private sector.

• Education & Credentials

Mr. Bandler earned his J.D. from Pace University School of Law in 2002, attending through the evening program while serving as a New York State Trooper. He holds a B.A. from Hamilton College, where he majored in Physics with a minor in Computer Science and was elected to Phi Beta Kappa. He received his U.S. Army commission through R.O.T.C. He is admitted to practice law in New York, Connecticut, and the District of Columbia. His active professional certifications include Certified Information Systems Security Professional (CISSP); GIAC Certified Incident Handler (GCIH), Certified Penetration Tester (GPEN), and Critical Controls Certification (GCCC); Certified Information Privacy Professional (CIPP/US); Certified Fraud Examiner (CFE); and CompTIA Project+, Security+, Network+, and A+.

• Recognition & Leadership

Mr. Bandler is the founder of Bandler Law Firm PLLC and Bandler Group LLC, which he established in 2015 to bring his legal and consulting expertise to the private sector. As an Assistant District Attorney, he investigated and prosecuted the landmark matter People v. Western Express International, Inc., et al., a case that exposed the global trafficking of hacked data, digital-currency money laundering, and identity theft, resulting in guilty verdicts at trial in 2013. He is the author of four books, including Cyberlaw: Law for Digital Spaces and Information Systems (2025), Policies and Procedures for Your Organization (2024), Cybercrime Investigations (2020), and Cybersecurity for the Home and Office (2017), with a forthcoming Introduction to Law.

• Professional Involvement

Mr. Bandler serves on several boards in both advisory and fiduciary capacities. He is an Adjunct Professor of Law at Pace University’s Elisabeth Haub School of Law and an Adjunct Associate Professor at John Jay College of Criminal Justice (CUNY). He is a frequent speaker and media resource on cybersecurity, privacy, cybercrime, criminal justice, and governance, and has developed online courses on Udemy covering cybersecurity, cyberlaw, policy development, privacy and the CIPP/US certification, and foundational legal topics. He maintains an active professional presence through articles, YouTube lectures, and commentary published on Substack, LinkedIn, Medium, and Reuters.

• Experience

Mr. Bandler’s career spans more than three decades of public service and private practice. He began his law enforcement career in 1994 after graduating from the New York State Police Academy, serving eight years as a State Trooper at one of the state’s busiest stations. In 2002 he was hired by Robert M. Morgenthau as an Assistant District Attorney at the New York County District Attorney’s Office, where for thirteen years he prosecuted a wide range of matters, from global cybercrime and financial crime to violent street crime. He also served in the New York Army National Guard and U.S. Army Reserves in Infantry and Military Intelligence units. Since entering private practice in 2015, his work has focused on helping organizations of all sizes build robust cybersecurity programs, develop sound policies and procedures, prevent and respond to cybercrime, and meet their legal and regulatory obligations in an increasingly complex digital environment.

Shelli J. Clarkston, Of Counsel | Spencer Fane LLP

Shelli J. Clarkston is Of Counsel in the Kansas City office of Spencer Fane LLP, where she advises clients in financial services, FinTech, and technology sectors on the regulatory, transactional, and technology-driven issues that shape their businesses. She combines deep familiarity with a rapidly evolving regulatory landscape with practical, business-minded counsel, serving as a strategic advisor to banks, credit unions, lenders, and technology companies seeking to innovate and grow while minimizing legal and compliance risk.

• Education & Credentials

Ms. Clarkston earned both her Juris Doctor and her Master of Laws (LL.M.) from the University of Missouri–Kansas City School of Law in 2012. She also holds a Master of Arts from Doane University (2009) and a Bachelor of Science from the University of Nebraska–Lincoln (2005). She is admitted to practice law in Missouri and Kansas and before the U.S. District Court for the District of Kansas.

• Recognition & Leadership

Ms. Clarkston was named a 2026 Women’s Justice Award honoree by Missouri Lawyers Media in the Innovation & Technology category, recognizing her leadership at the intersection of legal practice and emerging technology. She is a frequent thought leader on artificial intelligence in banking and FinTech, including co-authoring the widely circulated January 2026 analysis “AI-Powered M&A: What Bankers Need to Know Now” and being featured in Law360’s coverage of AI-powered M&A. She is regularly sought out by national legal and financial press, including Inside Mortgage Finance, American Banker, and Independent Banker Magazine, for commentary on regulatory enforcement and financial institution matters.

• Professional Involvement

Ms. Clarkston is an active speaker and author whose platforms span national industry conferences, trade associations, and continuing legal education programs. Recent speaking engagements include the American Bankers Association Conference for Community Bankers, the Missouri Independent Banker Association Annual Convention & Expo, the Cornerstone League, myLawCLE, and West LegalEdcenter, as well as Spencer Fane’s own webinar series on regulatory developments and AI-powered dealmaking. Her published work has appeared in Ingram’s Magazine, Show-Me Banker Magazine, In Touch Magazine, Independent Banker Magazine, and American Banker, addressing topics including wire transfer fraud, electronic fraud prevention, AI in lending decisioning, data privacy litigation, and financial institution compliance.

• Experience

Ms. Clarkston’s practice focuses on regulatory compliance, corporate governance, and strategic transactions. In the financial institutions and FinTech space, she counsels clients on licensing, lending, payments, and consumer protection laws — including the Bank Holding Company Act, GLBA, TILA, and ECOA — and helps FinTech companies structure bank partnerships, compliance management systems, and vendor programs aligned with FDIC, OCC, NCUA, CFPB, and state regulator expectations. Her corporate practice spans entity formation, governance, shareholder arrangements, and M&A and strategic investments, which she manages from due diligence through closing. Ms. Clarkston also advises on privacy and cybersecurity compliance under GLBA, GDPR, and CCPA and the NIST and CISA frameworks, negotiates data processing agreements, incident response plans, and vendor security provisions, and counsels clients on cross-border data transfers, AI decisioning compliance, cloud services contracting, and technology agreements involving software licensing, SaaS, and emerging technologies.

Blair Dawson, Member | McDonald Hopkins LLC

Blair Dawson is a Member of McDonald Hopkins’ Data Privacy and Cybersecurity Practice Group, where she guides private companies and public entities through the full arc of a cyber incident — from preparation and policy development to breach response, regulatory engagement, and litigation defense. She pairs that incident-response expertise with more than two decades of insurance coverage experience, having previously served as General Counsel and Senior Vice President of Insurance Management for one of the largest international insurance brokers in the world, giving her a uniquely comprehensive perspective on cyber risk, coverage, and claims.

• Education & Credentials

Ms. Dawson holds a Master of Science in Cybersecurity from the University of Wisconsin–Whitewater, a Juris Doctor from Chicago-Kent College of Law, and an undergraduate degree from Marquette University. She is admitted to practice in the State of Illinois and before the U.S. District Court for the Northern District of Illinois. Her professional accreditations include the International Association of Privacy Professionals’ Fellowship of Information Privacy (FIP), Certified Information Privacy Professional/United States (CIPP/US), Certified Information Privacy Professional/Europe (CIPP/E), and Certified Information Privacy Manager (CIPM).

• Recognition & Leadership

Ms. Dawson has been recognized by Crain’s Chicago Business as a 2024 Notable Woman in Law and named to the Security Industry Association’s 2025 Women in Security Forum Power 100. She is a distinguished member of the IAPP Fellowship of Information Privacy, a designation reserved for seasoned privacy professionals who hold multiple IAPP certifications and have demonstrated a significant contribution to the field. She serves as a Board Member of the Chicago Chapter of Women in Security & Privacy (WISP), Co-Vice President of the Executive Board of the Illinois ACLU Next Generation Society, and was a founding Advisory Board Member for The Cyber Helpline (US).

• Professional Involvement

Ms. Dawson is a sought-after speaker, educator, and media commentator on cybersecurity and data privacy. She serves as an adjunct professor at DePaul University College of Law, teaching a practical course on data privacy and incident response. Her professional affiliations include the International Association of Privacy Professionals, the Professional Liability Underwriting Society, Women in Cybersecurity (as a former Mentor), the International Women Cyber Alliance, the ChannelPro Advisory Group, and the Golden Key International Honour Society. She has presented for organizations including CompTIA ChannelCon, ChannelPro, WISP, WiCyS, and The Knowledge Group on topics ranging from ransomware response and incident readiness to cybersecurity legal risk for MSPs, and her commentary has appeared in ChannelPro Network and McDonald Hopkins’ thought leadership on evolving data privacy developments.

• Experience

Ms. Dawson’s practice centers on data privacy and cybersecurity, incident response, pre-breach services, privacy litigation, regulatory defense, and insurance and suretyship. She represents private companies and public entities affected by ransomware attacks and business email compromise, coordinating with forensic investigators, law enforcement, and ransomware negotiators to contain incidents, minimize disruption, and reduce exposure to litigation and regulatory investigations. On the pre-breach side, she develops cyber incident response policies and protocols and advises on compliance with state, federal, and international requirements. Drawing on her prior in-house insurance leadership experience, she also provides coverage advice on complex domestic and international general, professional liability, and cyber claims, assists clients with risk management and coverage renewals, and counsels carriers, coverholders, and brokers on policy language — a combination that allows her to advise on cyber risk as an integrated legal, operational, and insurance challenge.

William “Pat” Huttenback, Shareholder | Crain Caton & James, P.C

William “Pat” Huttenbach is a Shareholder at Crain Caton & James and one of Texas’s most experienced banking litigators and UCC authorities. He has successfully defended financial institutions in lawsuits collectively exceeding $100 million, answered more than 210 lawsuits involving UCC Articles 3, 4, and 4A, and personally responded to over 2,000 garnishment actions. His depth of experience on Articles 3, 4, and 4A issues has made him a frequent expert witness and a sought-after author and speaker on check fraud, wire transfer fraud, and emerging bank fraud trends.

• Education & Credentials

Mr. Huttenbach earned his J.D., magna cum laude, from the University of Houston Law Center and his B.A. from Rice University. He previously attended South Texas College of Law from 1993 to 1994, where he ranked number one in his section and received five American Jurisprudence awards. He is licensed to practice in the State of Texas and is admitted before the U.S. District Courts for the Southern, Western, Northern, and Eastern Districts of Texas, the U.S. Court of Appeals for the Fifth Circuit, and the Supreme Court of the United States. He holds an AV rating from Martindale-Hubbell and an AVVO rating of 10.

• Recognition & Leadership

Mr. Huttenbach has been recognized by Best Lawyers in America for Commercial Litigation (2024–2026) and named a Texas Super Lawyer in Banking Law by Thomson Reuters (2020–2025). He was previously honored as a Top Lawyer in Business Law by Houstonian Magazine (2013 and 2015). He served as President of the Southwest Association of Bank Counsel (2020–2021), Past Chair of the Texas Bankers Association Legal Conference, and a member of the Board of Directors of the Texas Association of Bank Counsel (2016–2020). Among his most notable appellate achievements, he successfully argued and won a seminal Texas Supreme Court banking decision, Compass Bank v. Calleja-Ahedo, 569 S.W.3d 104 (Tex. 2018). Early honors include being named the Sons of the American Revolution National Eagle Scout of the Year (1988) and receiving the Rice University Builder’s Award.

• Professional Involvement

Mr. Huttenbach is a prolific speaker and author on banking law, UCC developments, check fraud, wire fraud, and financial institution risk. He is a member of the State Bar of Texas Business Section’s UCC Comments Committee and presents regularly for organizations including the Southwest Association of Bank Counsel, Texas Bankers Association, Louisiana Bankers Association, Texas Association of Bank Counsel, Independent Community Bankers of America, ePayResources, and the Fraud Investigators Association of Texas. Recent presentations include “How Banks Should Deal with Sovereign Citizens?” (2026), “UCC Update and Check Fraud Update” (2026), and “Wire Transfer Litigation: UCC Article 4A and Legal Liability” (2025), alongside an ongoing Bank Fraud Update series delivered to banks and compliance groups across Texas and Louisiana. He is active in his community through the Houston Livestock Show and Rodeo Speakers’ Committee, the Association of Rice Alumni, and Scouting.

• Experience

Mr. Huttenbach’s practice centers on defending banks and financial institutions in complex litigation and regulatory matters, including UCC Article 3, 4, and 4A disputes, lender liability claims, FCRA and FDCPA claims, Texas Finance Code claims, wrongful debt collection actions, and construction lending litigation. His broader commercial litigation experience spans tortious interference, insurance coverage and fidelity/surety claims, DTPA actions, injunctions, employment, landlord-tenant, probate, real estate tax, breach of contract, business torts, construction law, and defamation matters. He has represented clients in state and federal courts, mediations, and arbitrations, and before agencies including the OCC and EEOC, and has briefed and argued matters before the Texas Courts of Appeals. A notable career highlight includes his successful defense of the United States Chess Federation against a $25 million lawsuit, and clients regularly engage him to guide financial institutions through the rising tide of check fraud, wire fraud, and business email compromise losses that define today’s banking risk landscape.

SESSION 1 – BEC Threats and Cybersecurity Prevention Strategies for Law Firms | 1:00pm – 1:30pm

Examine how BEC attacks target law firms, why legal practices are vulnerable, and AI-enhanced impersonation risks. Attorneys gain actionable cybersecurity safeguards to assess firm exposure, reduce risk, and protect client funds.

SESSION 2 – Legal Liability and Professional Responsibility: Who Bears the Loss | 1:30pm – 2:00pm

Analyze competing frameworks courts apply to allocate BEC losses, including UCC Articles 3 and 4A, comparative fault, and ABA Model Rules 1.1, 1.6, 1.15, 5.1, and 5.3. Identify malpractice exposure and insurance coverage gaps.

BREAK | 2:00pm – 2:10pm

SESSION 3 – Prevention, Incident Response, and the First 72 Hours | 2:10pm – 2:40pm

Master technical controls, email authentication, and wire verification protocols. Execute the FBI Financial Fraud Kill Chain and structured incident response under ABA Formal Opinion 483, addressing client notification duties and cyber insurance coverage gaps.

SESSION 4 – Practice-Area Vulnerability Analysis Across Four Legal Specialties | 2:40pm – 3:10pm

Identify how BEC attack vectors exploit workflow patterns across real estate closings, litigation settlements, estate administration, and transactional M&A practice. Attendees leave with a practice-specific vulnerability map applicable to intake, matter management, and wire protocols