Business Email Compromise and Wire Fraud Liability: Prevention, Response, and Professional Responsibility for Legal Practitioners

John Bandler, Founder | Bandler Law Firm PLLC

John Bandler is an attorney, consultant, author, educator, and speaker whose practice sits at the intersection of cybersecurity and the law. Through Bandler Law Firm PLLC and Bandler Group LLC in New York City, he advises organizations and individuals on cybersecurity, cybercrime prevention and investigation, privacy, information governance, and regulatory compliance, bringing more than two decades of public-sector enforcement experience to the private sector.

• Education & Credentials

Mr. Bandler earned his J.D. from Pace University School of Law in 2002, attending through the evening program while serving as a New York State Trooper. He holds a B.A. from Hamilton College, where he majored in Physics with a minor in Computer Science and was elected to Phi Beta Kappa. He received his U.S. Army commission through R.O.T.C. He is admitted to practice law in New York, Connecticut, and the District of Columbia. His active professional certifications include Certified Information Systems Security Professional (CISSP); GIAC Certified Incident Handler (GCIH), Certified Penetration Tester (GPEN), and Critical Controls Certification (GCCC); Certified Information Privacy Professional (CIPP/US); Certified Fraud Examiner (CFE); and CompTIA Project+, Security+, Network+, and A+.

• Recognition & Leadership

Mr. Bandler is the founder of Bandler Law Firm PLLC and Bandler Group LLC, which he established in 2015 to bring his legal and consulting expertise to the private sector. As an Assistant District Attorney, he investigated and prosecuted the landmark matter People v. Western Express International, Inc., et al., a case that exposed the global trafficking of hacked data, digital-currency money laundering, and identity theft, resulting in guilty verdicts at trial in 2013. He is the author of four books, including Cyberlaw: Law for Digital Spaces and Information Systems (2025), Policies and Procedures for Your Organization (2024), Cybercrime Investigations (2020), and Cybersecurity for the Home and Office (2017), with a forthcoming Introduction to Law.

• Professional Involvement

Mr. Bandler serves on several boards in both advisory and fiduciary capacities. He is an Adjunct Professor of Law at Pace University’s Elisabeth Haub School of Law and an Adjunct Associate Professor at John Jay College of Criminal Justice (CUNY). He is a frequent speaker and media resource on cybersecurity, privacy, cybercrime, criminal justice, and governance, and has developed online courses on Udemy covering cybersecurity, cyberlaw, policy development, privacy and the CIPP/US certification, and foundational legal topics. He maintains an active professional presence through articles, YouTube lectures, and commentary published on Substack, LinkedIn, Medium, and Reuters.

• Experience

Mr. Bandler’s career spans more than three decades of public service and private practice. He began his law enforcement career in 1994 after graduating from the New York State Police Academy, serving eight years as a State Trooper at one of the state’s busiest stations. In 2002 he was hired by Robert M. Morgenthau as an Assistant District Attorney at the New York County District Attorney’s Office, where for thirteen years he prosecuted a wide range of matters, from global cybercrime and financial crime to violent street crime. He also served in the New York Army National Guard and U.S. Army Reserves in Infantry and Military Intelligence units. Since entering private practice in 2015, his work has focused on helping organizations of all sizes build robust cybersecurity programs, develop sound policies and procedures, prevent and respond to cybercrime, and meet their legal and regulatory obligations in an increasingly complex digital environment.

Shelli J. Clarkston, Of Counsel | Spencer Fane LLP

Shelli J. Clarkston is Of Counsel in the Kansas City office of Spencer Fane LLP, where she advises clients in financial services, FinTech, and technology sectors on the regulatory, transactional, and technology-driven issues that shape their businesses. She combines deep familiarity with a rapidly evolving regulatory landscape with practical, business-minded counsel, serving as a strategic advisor to banks, credit unions, lenders, and technology companies seeking to innovate and grow while minimizing legal and compliance risk.

• Education & Credentials

Ms. Clarkston earned both her Juris Doctor and her Master of Laws (LL.M.) from the University of Missouri–Kansas City School of Law in 2012. She also holds a Master of Arts from Doane University (2009) and a Bachelor of Science from the University of Nebraska–Lincoln (2005). She is admitted to practice law in Missouri and Kansas and before the U.S. District Court for the District of Kansas.

• Recognition & Leadership

Ms. Clarkston was named a 2026 Women’s Justice Award honoree by Missouri Lawyers Media in the Innovation & Technology category, recognizing her leadership at the intersection of legal practice and emerging technology. She is a frequent thought leader on artificial intelligence in banking and FinTech, including co-authoring the widely circulated January 2026 analysis “AI-Powered M&A: What Bankers Need to Know Now” and being featured in Law360′s coverage of AI-powered M&A. She is regularly sought out by national legal and financial press, including Inside Mortgage Finance, American Banker, and Independent Banker Magazine, for commentary on regulatory enforcement and financial institution matters.

• Professional Involvement

Ms. Clarkston is an active speaker and author whose platforms span national industry conferences, trade associations, and continuing legal education programs. Recent speaking engagements include the American Bankers Association Conference for Community Bankers, the Missouri Independent Banker Association Annual Convention & Expo, the Cornerstone League, myLawCLE, and West LegalEdcenter, as well as Spencer Fane’s own webinar series on regulatory developments and AI-powered dealmaking. Her published work has appeared in Ingram’s Magazine, Show-Me Banker Magazine, In Touch Magazine, Independent Banker Magazine, and American Banker, addressing topics including wire transfer fraud, electronic fraud prevention, AI in lending decisioning, data privacy litigation, and financial institution compliance.

• Experience

Ms. Clarkston’s practice focuses on regulatory compliance, corporate governance, and strategic transactions. In the financial institutions and FinTech space, she counsels clients on licensing, lending, payments, and consumer protection laws — including the Bank Holding Company Act, GLBA, TILA, and ECOA — and helps FinTech companies structure bank partnerships, compliance management systems, and vendor programs aligned with FDIC, OCC, NCUA, CFPB, and state regulator expectations. Her corporate practice spans entity formation, governance, shareholder arrangements, and M&A and strategic investments, which she manages from due diligence through closing. Ms. Clarkston also advises on privacy and cybersecurity compliance under GLBA, GDPR, and CCPA and the NIST and CISA frameworks, negotiates data processing agreements, incident response plans, and vendor security provisions, and counsels clients on cross-border data transfers, AI decisioning compliance, cloud services contracting, and technology agreements involving software licensing, SaaS, and emerging technologies.

Blair Dawson, Member | McDonald Hopkins LLC

Blair Dawson is a Member of McDonald Hopkins’ Data Privacy and Cybersecurity Practice Group, where she guides private companies and public entities through the full arc of a cyber incident — from preparation and policy development to breach response, regulatory engagement, and litigation defense. She pairs that incident-response expertise with more than two decades of insurance coverage experience, having previously served as General Counsel and Senior Vice President of Insurance Management for one of the largest international insurance brokers in the world, giving her a uniquely comprehensive perspective on cyber risk, coverage, and claims.

• Education & Credentials

Ms. Dawson holds a Master of Science in Cybersecurity from the University of Wisconsin–Whitewater, a Juris Doctor from Chicago-Kent College of Law, and an undergraduate degree from Marquette University. She is admitted to practice in the State of Illinois and before the U.S. District Court for the Northern District of Illinois. Her professional accreditations include the International Association of Privacy Professionals’ Fellowship of Information Privacy (FIP), Certified Information Privacy Professional/United States (CIPP/US), Certified Information Privacy Professional/Europe (CIPP/E), and Certified Information Privacy Manager (CIPM).

• Recognition & Leadership

Ms. Dawson has been recognized by Crain’s Chicago Business as a 2024 Notable Woman in Law and named to the Security Industry Association’s 2025 Women in Security Forum Power 100. She is a distinguished member of the IAPP Fellowship of Information Privacy, a designation reserved for seasoned privacy professionals who hold multiple IAPP certifications and have demonstrated a significant contribution to the field. She serves as a Board Member of the Chicago Chapter of Women in Security & Privacy (WISP), Co-Vice President of the Executive Board of the Illinois ACLU Next Generation Society, and was a founding Advisory Board Member for The Cyber Helpline (US).

• Professional Involvement

Ms. Dawson is a sought-after speaker, educator, and media commentator on cybersecurity and data privacy. She serves as an adjunct professor at DePaul University College of Law, teaching a practical course on data privacy and incident response. Her professional affiliations include the International Association of Privacy Professionals, the Professional Liability Underwriting Society, Women in Cybersecurity (as a former Mentor), the International Women Cyber Alliance, the ChannelPro Advisory Group, and the Golden Key International Honour Society. She has presented for organizations including CompTIA ChannelCon, ChannelPro, WISP, WiCyS, and The Knowledge Group on topics ranging from ransomware response and incident readiness to cybersecurity legal risk for MSPs, and her commentary has appeared in ChannelPro Network and McDonald Hopkins’ thought leadership on evolving data privacy developments.

• Experience

Ms. Dawson’s practice centers on data privacy and cybersecurity, incident response, pre-breach services, privacy litigation, regulatory defense, and insurance and suretyship. She represents private companies and public entities affected by ransomware attacks and business email compromise, coordinating with forensic investigators, law enforcement, and ransomware negotiators to contain incidents, minimize disruption, and reduce exposure to litigation and regulatory investigations. On the pre-breach side, she develops cyber incident response policies and protocols and advises on compliance with state, federal, and international requirements. Drawing on her prior in-house insurance leadership experience, she also provides coverage advice on complex domestic and international general, professional liability, and cyber claims, assists clients with risk management and coverage renewals, and counsels carriers, coverholders, and brokers on policy language — a combination that allows her to advise on cyber risk as an integrated legal, operational, and insurance challenge.

Thomas Cronkright, Co-Founder & Executive Chairman | Certifid

Thomas W. Cronkright II is a Grand Rapids, Michigan-based attorney, entrepreneur, and nationally recognized expert on real estate transactions, cybersecurity, and wire fraud. He serves as Co-Founder and Executive Chairman of CertifID, a technology platform designed to safeguard electronic payments from fraud, and as Co-Founder and CEO of Sun Title, one of the largest commercial and residential title agencies in Michigan. After his title company fell victim to a $180,000 wire fraud in April 2015, Cronkright led a two-year recovery effort that resulted in his testimony before the U.S. Department of Justice and contributed to dismantling the North American chapter of the Nigerian crime syndicate known as “Black Axe.” That experience directly inspired the creation of CertifID, which he and his business partner began building in early 2017 to address the rising threat of wire fraud in real estate transactions.

• Education & Credentials

Cronkright earned an Associate’s Degree in Liberal Arts and Sciences from Grand Rapids Community College (1993–1995), followed by a Bachelor of Business Administration in Finance from Western Michigan University (1995–1997), and a Doctor of Law (JD) from Wayne State University Law School (1997–2000). He was admitted to the State Bar of Michigan in November 2000 and became a Licensed Title Producer through the Michigan Department of Insurance and Financial Services in July 2004. He is also a licensed real estate broker and holds a Private Pilot certification from the Federal Aviation Administration, earned in July 1996.

• Recognition & Leadership

Cronkright was named to Crain’s Grand Rapids 200 list in 2023, recognizing his standing as a leader in the Grand Rapids business community. He holds executive leadership roles as Executive Chairman of CertifID and CEO of Sun Title, and is recognized nationally as a subject matter expert on real estate transactions, cybersecurity, and wire fraud.

• Professional Involvement

Cronkright hosts CertifID’s monthly “To Catch a Fraudster” webinar series and is a frequent speaker, podcast guest, and writer on the topics of wire fraud and cybersecurity in real estate. His professional testimony before the U.S. Department of Justice further reflects his active engagement with national efforts to address cyber-enabled financial crime.

• Experience

Cronkright began his professional career in corporate law in 2000 at Warner Norcross & Judd LLP, where he handled matters related to mergers, acquisitions, intellectual property, and securities laws, in addition to conducting litigation research, preparing briefs, and participating in trials. In 2005, he co-founded Sun Title in Grand Rapids, Michigan, with a law school classmate, focusing on bringing change to the title industry and growing the firm into one of the largest commercial and residential title agencies in the state. Following the 2015 wire fraud incident at Sun Title and subsequent recovery efforts, he co-founded CertifID in 2017 alongside his business partner Lawrence Duthler, and later worked with Tyler Adams to scale the platform into an enterprise SaaS product serving title companies, law firms, and underwriters nationwide. He continues to serve concurrently as CEO of Sun Title and Executive Chairman of CertifID.

SESSION 1 – BEC Threats and Cybersecurity Prevention Strategies for Law Firms | 1:00pm – 1:30pm

Examine how BEC attacks target law firms, why legal practices are vulnerable, and AI-enhanced impersonation risks. Attorneys gain actionable cybersecurity safeguards to assess firm exposure, reduce risk, and protect client funds.

SESSION 2 – Legal Liability and Professional Responsibility: Who Bears the Loss | 1:30pm – 2:00pm

Analyze competing frameworks courts apply to allocate BEC losses, including UCC Articles 3 and 4A, comparative fault, and ABA Model Rules 1.1, 1.6, 1.15, 5.1, and 5.3. Identify malpractice exposure and insurance coverage gaps.

BREAK | 2:00pm – 2:10pm

SESSION 3 – Prevention, Incident Response, and the First 72 Hours | 2:10pm – 2:40pm

Master technical controls, email authentication, and wire verification protocols. Execute the FBI Financial Fraud Kill Chain and structured incident response under ABA Formal Opinion 483, addressing client notification duties and cyber insurance coverage gaps.

SESSION 4 – Practice-Area Vulnerability Analysis Across Four Legal Specialties | 2:40pm – 3:10pm

Identify how BEC attack vectors exploit workflow patterns across real estate closings, litigation settlements, estate administration, and transactional M&A practice. Attendees leave with a practice-specific vulnerability map applicable to intake, matter management, and wire protocols.