INTRODUCTION

The Plaintiffs purchased a property in the Waterkloof View Estate. During the conveyancing process, they received an email that appeared to originate from the conveyancing attorney’s secretary’s email address, instructing them to transfer the purchase price into the conveyancing firm’s Nedbank Trust account. Without their knowledge, the parties’ communication was fraudulently intercepted by Mr Nkomane, a third party unconnected to the sale, who substituted the conveyancer’s trust account details with his own banking information.

Following payment, several withdrawals were made from Mr Nkomane’s account before Nedbank intervened and froze the remaining funds. Out of the total amount transferred, only R1 276 600 was recovered by Nedbank. Thereafter, the Plaintiffs instituted proceedings against Nedbank, seeking to recover the unrecovered balance of R1 663 400. They alleged that the bank had acted negligently and breached its legal obligations under the Financial Intelligence Centre Act 38 of 2001 (FICA).

THE PARTIES ARGUMENTS

The Plaintiffs contended that Nedbank failed to monitor and report suspicious activity on Mr Nkomane’s account and should have restricted his transactions given the fact that he was unemployed, not a provisional taxpayer and had no steady source of income. The Plaintiffs argued that Nedbank owed to them, as third parties, a duty of care to prevent fraudulent misuse of its banking systems.

In response, Nedbank argued that its obligations under FICA were public-law duties owed to the state rather than private-law duties owed to individuals. The Defendant cautioned further that recognising a legal duty in such circumstances would expose financial institutions to indeterminate liability towards an unknown class of persons. Nedbank also alleged contributory negligence on the part of the Plaintiffs for failing to verify the account details before effecting payment.

THE COURT’S RULING

The court accepted that the fraudulent payment was induced by a cyberattack in which the hacker had intercepted and altered genuine email correspondence. However, it emphasised that for pure economic loss, wrongfulness is only established when policy considerations justify the imposition of liability. Referring to the case of Country Cloud Trading CC v MEC, Department of Infrastructure Development¹, the court reaffirmed that the expansion of delictual liability should be approached with caution. The court held that the obligations conferred under FICA are aimed at ensuring regulatory compliance, combating money laundering, and protecting the integrity of the financial system. The purpose of FICA is not aimed at providing compensation to victims of fraud. Accordingly, FICA does not create private-law duties owed by banks to non-customers. The court reasoned that recognising such a duty would expose banks to limitless claims arising from fraudulent transactions. The court further observed that the Plaintiffs were best placed to prevent the loss as they could have independently verified the trust account details with the conveyancers.

Finally, the court found that the Plaintiffs had not proved actual loss, as they led no evidence to show whether they ultimately acquired the property or sought recourse against the conveyancers. Thus, the Plaintiffs failed to establish wrongfulness, causation, or loss. Therefore, the claim was accordingly dismissed with costs.

CONCLUSION

This judgment reaffirms that statutory obligations under FICA exist for regulatory and compliance purposes and not for the compensation of individuals. It also illustrates the judiciary’s caution in extending liability for pure economic loss and serves as a timely reminder of the importance of verifying banking details to guard against the growing threat of business email compromise fraud.

Please note: This article is for general public information and use. It is not to be considered or construed as legal advice. Each matter must be dealt with on a case-by-case basis, and you should consult with an attorney before taking any action based on the information provided herein.