Authored By: Asiphe Mqamane
University of South Africa
The Facts of the case
Ms. Hawarden purchased a property for R6 million and paid a R500,000 deposit to the estate agent (PGP) after telephonically verifying their banking details as per a warning in their correspondence. For the balance of R5.5 million, she dealt with Edward Nathan Sonnenberg Inc (ENS), the seller’s appointed conveyancers.
Without the parties’ knowledge, a cybercriminal accessed Ms. Hawarden’s email account. The perpetrator intercepted correspondence from ENS and issued a spoofed email (modifying the domain from “africa” to “afirca”) that included fraudulent banking details. While visiting her bank, Ms. Hawarden elected to make an electronic fund transfer (EFT) rather than secure a bank guarantee. She relied on the fraudulent information to transfer R5.5 million into the criminal’s account. Notably, Ms. Hawarden did not verify the ENS account details telephonically prior to the transaction, even though ENS personnel were available by phone for other matters during her bank visit. The High Court found ENS liable for the loss, which prompted this appeal.
Legal Question
The primary issue before the court was whether Ms. Hawarden had established the element of wrongfulness necessary for a delictual claim arising from an omission that resulted in pure economic loss. The court was tasked with assessing whether ENS owed Ms. Hawarden a legal duty to advise her about the risks associated with business email compromise (BEC) and to implement appropriate security measures to safeguard her against such fraudulent activity.
Ratio Decidendi/ Court’s reasoning
Pure Economic Loss and Omissions: Conduct causing pure economic loss or involving an omission is not prima facie wrongful. Liability only arises if public and legal policy considerations dictate that a legal duty exists. With reference to Hawekwa,3, paragraph 19 of the case,
Brand JA stated as follows:
‘The principle regarding wrongful omissions have been formulated by this court on several occasions in the recent past. These principles proceed from the premise that negligent conduct which manifests itself in the form of a positive act causing physical harm to the property or person of another is prima facie wrongful. By contrast, negligent conduct in the form of an omission is not regarded as prima facie wrongful. Its wrongfulness depends on the existence of a legal duty. The imposition of this legal duty is a matter for judicial determination, involving criteria of public and legal policy consistent with constitutional norms.
Vulnerability to Risk: A prerequisite for imposing a legal duty in pure economic loss cases is the plaintiff’s “vulnerability to risk”. A plaintiff is not legally vulnerable if they could have reasonably taken steps to protect themselves from the loss. The court held in Two Oceans,7 that the criteria of vulnerability to risk will ordinarily only be satisfied ‘where the plaintiff could not reasonably have avoided the risk by other means. . . ‘. The court then argued that it is evident in this case that Ms Hawarden could reasonably have avoided the risk by either asking Mr Carrim or Ms Maninakis to verify the account details of ENS. Ms Hawarden had previously been made aware by PGP of the need to verify banking details and the risks of BEC fraud. She could also have had her bank verify the banking details of ENS. She enlisted the help of her bank to make the payment. She did so at the desk and on the computer of Ms Shabalala. It would have been easy in those circumstances to have had her assist in verifying the bank details of ENS. There was thus more than sufficient protection available to Ms Hawarden (paragraph 25). Additionally, in paragraph 26, the court argued that sight must not be lost as well of the fact that after weighing up her options she elected, whilst at the bank, to forego a bank guarantee for a cash transfer. As she had ample means available to her, she must in the circumstances take responsibility for her failure to protect herself against a known risk.
Indeterminate Liability: Recognizing a legal duty for all creditors to protect debtors from the risk of their own email accounts being hacked would create a “real danger of indeterminate liability”, liability in an indeterminate amount to an indeterminate class. In paragraph 22, the court argued that with reference to Country Cloud, 4 the Constitutional Court recognised the risk of indeterminate liability as the main policy consideration that militates against the recognition and liability for pure economic loss: ‘In addition, if claims for pure economic loss are too-freely recognised, there is the risk of” liability in an indeterminate amount for an indeterminate time to an indeterminate class.”
Application to Facts: Ms. Hawarden was not a client of ENS, and her loss was caused by the compromise of her own email account. She was aware of the risks of BEC from previous warnings and had successfully used telephonic verification before. Because she had ample means to protect herself (such as a simple phone call to verify details while at her bank), she was not “vulnerable” in the legal sense.
The Findings
The Supreme Court of Appeal allowed the appeal, awarding costs to the appellant. The court overturned the High Court’s decision and replaced it with an order dismissing Ms. Hawarden’s claim. The court determined that ENS’s omission to warn did not constitute a wrongful act, as Ms. Hawarden could have reasonably avoided the risk. Furthermore, imposing such a duty would lead to untenable consequences for all creditors.
Key Takeaway
The key takeaway from the Supreme Court of Appeal (SCA) decision in Edward Nathan Sonnenberg Inc v Hawarden is that a plaintiff cannot hold a defendant liable for pure economic loss caused by an omission (such as a failure to warn) if the plaintiff had ample means to protect themselves from the risk but failed to do so. The judgment serves as a stern warning to the public to exercise due diligence in electronic transactions, while protecting professionals and creditors from being held liable for the security failures of those they interact with.
