Authored By: Oratile Khumo Lekalakala
University of South Africa
Case title and Citation:
Fourie v Van der Spuy and De Jongh Inc. and Others (65609/2019) [2019] ZAGPPHC 449; 2020 (1) SA 560 (GP) (30 August 2019)
Court name and Bench:
High Court of South Africa (Gauteng Division, Pretoria) and the Judge was Acting Judge (AJ) Matthew Klein.
Date of Judgment
30 August 2019
Parties Involved
Applicant/Petitioner: Johan Andre Fourie who was the client of the 2nd respondent, he wants to claim R1 744 599.45 from the respondents jointly and severally because that money was held in the trust account in which the 2nd respondent was the principal.
Respondents: Van der Spuy & De Jongh Inc., Nicola van der Spuy, and Ludwig de Jongh. The first respondent is the law firm that is owned and handled by the 2nd and 3rd respondents. The 2nd respondent is the attorney of the applicant who did not exercise her duty of care regarding the amount that was held in the trust account. The 3rd respondent is the business partner of the 2nd respondent, because the 3rd and 2nd respondent both own the law firm, they are both held liable because their duties are tied to the firm.
Facts of the case
The case is a matter concerning a cybercrime. The 2nd respondent (Nicola van der Spuy) is the attorney to the applicant (Johan Andre Fourie) and the attorney/second respondent transferred R1 744 599.45 to several accounts. The problem is that the applicant told the attorney not to transfer money previously and to keep it in the trust account until the applicant gave her instructions. The second respondent says that she received emails from “the applicant” notifying her of the new banking details and she was requested to transfer the money into several bank accounts. Essentially the second respondent got hacked and the fraudulent banking details were sent to the second respondent so that she can transfer the money into the hackers’ accounts. The attorney as principal to the trust account is responsible for the trust account, meaning she has a fiduciary duty to her clients and must exercise a duty of care and attention towards her clients and how she conducts her business.
Issues Raised
– Whether the respondents could be held to be delictually liable for the hackers intercepting the email of the applicant for financial gain
– Would the financial loss have occurred if the second respondent took reasonable steps to confirm the banking details of the applicant?
– Did the second respondent act in a reasonable manner considering the climate of the rise in cybercrimes?
– Seeing that there is a duty of care and attention required of the attorneys, is there legislation that requires the attorneys to take precautionary steps to verify their clients’ details before acting on instructions?
Arguments of the Parties
Contentions by the Applicant (Johan Andre Fourie)
– The applicant believed that there was a higher standard of care required by the second respondent as an attorney and a professional handling a trust account, therefore there was the existence of a legal duty to act.
– Another contention that lines up with the above one was that if it was not for the negligence of the attorney/second respondent, there would have not been any financial loss suffered at the hands of the applicant. The sine qua non test / but-for test can apply here because if we use the test which speaks on the factors for causation, we can say that but-for the attorney’s negligence, there would not have been any financial loss suffered by the applicant.
– Another contention that lines up with the above is that a simple verification such as a phone call or a face-to-face verification would have sufficed and would have prevented the act of fraud, therefore there was a failure to act reasonably by the second respondent.
– This contention hits more on an emotional level because there is a level of trust that is had between an attorney and their client and as a client you would not be wrong to put your full trust in your attorney because as a client you know that they are in that position of being attorney because they must protect and safeguard your interests at all times. Therefore, the second respondent breached that trust that exists between her and the applicant.
Contentions by the Respondents (Van der Spuy & De Jongh Inc., Nicola van der Spuy and Ludwig de Jongh)
– The attorneys argue that they were obliged to act according to their client’s instructions that they received via email and that they had no duty to go beyond what they were instructed to do.
– The attorneys further argue that the hack committed by the criminals was a novus actus interviens which should not be attributed to them because a novus actus interviens is factor that can break the chain of causation regarding liability, therefore they should be held accountable, but the hackers are the ones responsible for the financial loss suffered by their client.
– The attorneys argued that the hack was not reasonably foreseeable at the time and thus it would be unreasonable for the court to expect attorneys all over South Africa to anticipate some sort of cybercrime for every transaction made.
– The biggest take away for me as a reader was this contention made by the respondents. They argued that they always relied on instructions or confirmations being made via email by their clients and that this was a standard/common practice in the firm. They further argued that because this was standard/common practice for other firms as well, it is not fair for them to be labelled as being negligent in that regard.
– They further argued that because they hack happened on their client’s end (the applicant) then they cannot be the only ones responsible for the loss since they are not the ones who got hacked.
Judgment / Final Decision
The court ordered that the respondents to jointly and severally pay the full amount being R1 744 599.45 to the applicant. The interest on the amount is said to be at a 10% per annum tempore morae to the final payment date. Therefore, the court was in the applicant’s favour.
Legal Reasoning / Ratio Decidendi
In the courts reasoning, the court argued that perhaps it should be time for the attorneys to add that they will not accept any changing of banking details from their clients due to this occurrence. The court also used a Risk Alert from 2017 that warned all legal practitioners to guard themselves against cyber related crimes as they are on the rise and as such, they must mitigate such risks and put measures in place to avoid falling victim to this. The court further spoke on how cyber related crimes have gone unheeded in many cases and how cybercrime claims have exceeded R85 million, and this figure only represents that claims that were reported to the Legal Practitioners Indemnity Insurance Fund (LPIIF).
The court held as follows, “the 2nd Respondent was negligent and failed to exercise the requisite skill, knowledge and diligence expected of an average practising attorney and thus failed to discharge her fiduciary duty to the Applicant by transacting via e-mail whilst full well knowing that fraud is prevalent in her profession and not employing any measures to ensure that neither she, nor the Applicant will fall victim to fraud.”1
The court went on to further argue to say the fact that the occurrence of the fraud releases her from her obligation cannot be used as a defence because her duty as the attorney and her duty as the principal of the trust account makes her more responsible because she is the one in charge of handling the trust account, and thus failed to exercise the fiduciary duty expected of her. The court went on to further argue that just because it was common for the applicant to send emails similar to hack does not excuse them from their liability and this point was seen to be irrelevant.
This next point lies in the ratio decidendi of the case, and it is stated as follows, “An attorney bears a legal duty to deal with the money in her trust account without negligence. It is a term of the mandate that the attorney will exercise the skill, adequate knowledge and diligence expected of an average practising attorney and an attorney may be held liable for negligence even where she committed an error of judgment on matters of discretion if she failed to exercise the required skill, knowledge and diligence.”2
Reference(S):
1 Fourie v Van der Spuy and De Jongh Inc. and Others (65609/2019) [2019] ZAGPPHC 449; 2020 (1) SA 560 (GP) (30 August 2019) (para. 30).
2 Fourie v Van der Spuy and De Jongh Inc. and Others (65609/2019) [2019] ZAGPPHC 449; 2020 (1) SA 560 (GP) (30 August 2019) (para. 20).
