Ross and Another v Nedbank Limited (10029/2020) [2024] ZAGPJHC 1146; 2025 (5) SA 551 (GJ) (8 November 2024)

begin wrapper begin container begin header begin slogan-floater end slogan-floater - About SAFLII About SAFLII - Databases Databases - Search Search - Terms of Use Terms of Use - RSS Feeds RSS Feeds end header begin main begin center # South Africa: South Gauteng High Court, Johannesburg South Africa: South Gauteng High Court, Johannesburg You are here: SAFLII >> Databases >> South Africa: South Gauteng High Court, Johannesburg >> 2024 >> [2024] ZAGPJHC 1146 | Noteup | LawCite sino index ## Ross and Another v Nedbank Limited (10029/2020) [2024] ZAGPJHC 1146; 2025 (5) SA 551 (GJ) (8 November 2024) Ross and Another v Nedbank Limited (10029/2020) [2024] ZAGPJHC 1146; 2025 (5) SA 551 (GJ) (8 November 2024) Download original files PDF format RTF format make_database: source=/home/saflii//raw/ZAGPJHC/Data/2024_1146.html sino date 8 November 2024 SAFLII Note: Certain personal/private details of parties or witnesses have been redacted from this document in compliance with the law and SAFLII Policy FLYNOTES: CIVIL LAW – Delict – Pure economic loss – Business email compromise (BEC) and cybercrime – Payment induced by fraudulent email – Whether obligations under FICA create common law duties – Wrongfulness – Risk of indeterminate liability – Vulnerability to risk – FICA  does not give rise to private law duties owed to third parties – Plaintiffs failed to discharge onus of proving wrongfulness – No evidence led to prove alleged loss suffered – Claim dismissed – Financial Intelligence Centre Act 38 of 2001 . REPUBLIC OF SOUTH AFRICA IN THE HIGH COURT OF SOUTH AFRICA GAUTENG LOCAL DIVISION, JOHANNESBURG Case Number: 10029/2020 (1) REPORTABLE: NO (2) OF INTEREST TO OTHER JUDGES: NO (3) REVISED: YES In the matter between: IAN CRAIG ROSS First Plaintiff ANNELIE ROSS Second Plaintiff and NEDBANK LIMITED Defendant JUDGMENT SUMMARY: Payment induced by fraudulent email - delictual claim for pure economic loss against a bank – do obligations under FICA create common law duties – wrongfulness – risk of indeterminate liability – vulnerability to risk. Introduction [1] In this action, Mr and Ms Ross claimed payment of the amount of R1 663 400 together with interest at the rate of 8.75% per annum from the date of summons to date of payment and costs from Nedbank Limited (“ Nedbank ” ). [2] I am tasked with determining who should bear the loss after emails appeared to have been fabricated and the payment of the purchase price under a sale of immovable property agreement was not made to the sellers of the property nor to the conveyancers tasked with the transfer of the property. Instead, payment was made into the bank account of Bheka Joseph Nkomane, who held a “Pay as You Use” account with Nedbank. [3] The plaintiffs have alleged that given that Mr Nkomane: a. was unemployed; b. not a provisional taxpayer; c. had no steady monthly income or source of wealth; Nedbank owed them legal duties to: i. impose and monitor transactional limits on Mr Nkomane’s bank account; ii. have regarded the large deposits in Mr Nkomane’s account as unusual and/or suspicious; iii. monitor, report and respond expeditiously and appropriately to unusual and/or suspicious large deposits/payments/transfers into the account of Mr Nkomane; and iv. investigate the lawfulness, cause and/or veracity of the payments into Mr Nkomane’s account. [4] In addition, the plaintiffs allege that bearing in mind the legal duties referred to above, Nedbank was aware or ought to have been aware that the account was being used to commit fraud or that there was a reasonable suspicion that the account was being used to commit fraud and owed a duty of care to the plaintiffs, as owners of the funds deposited into the account, not to allow withdrawals from the account. The plaintiffs also allege that Nedbank negligently breached their legal duties and this caused them pure economic loss. [5] In order to succeed with its claim, the plaintiffs must prove that: a. Nedbank acted wrongfully; b. they suffered a loss; c. Nedbank acted negligently; and d. Nedbank’s negligence caused the plaintiffs’ loss [1] . Critical issues [6] The critical issues that require careful consideration are the following: a. were the plaintiffs duped by a fraud into paying someone other than the sellers of the property or their agents; b. have the plaintiffs proved wrongfulness and if so, has Nedbank acted negligently; and c. have the plaintiffs proved that they suffered a loss as a result of Nedbank’s negligent conduct. Relevant facts [7] Mr Nkomane opened a “Pay as You Use” transactional account with Nedbank on 21 November 2018. The account number for this account was 1[…] (“ the account ” ). [8] When Mr Nkomane applied to open the account, he advised Nedbank that: a. he was unemployed; b. he earned no income; c. he lived with relatives; and d. his source of income was allowances/family assistance. [9] Prior to the large deposits that will be referred to shortly, in a period of about 3½ months (from November 2018 to 10 February 2019) an aggregate amount of R350 had been deposited into the account. [10] On 5 February 2019, the plaintiffs concluded an agreement to purchase immovable property situated at Waterkloof View Estate from Mr Michael and Ms Lee Dodds (“ the sellers ” ) for R2 940 000. [11] Ms Adele Smith of Ross & Jacobs Attorneys was appointed to attend to the transfer of the property. Ms Smith is the daughter of the plaintiffs and she was at the time employed by Ross & Jacobs Attorneys. [12] Ms Smith provided the plaintiffs with Ross & Jacobs’ trust account details, which account is held at First National Bank. [13] Ms Smith instructed Ms Alida van Vreden, a secretary at Ross & Jacobs Attorneys to open a file. [14] On 8 February 2019, at 12:04pm, Ms van Vreden using her email address ( d[…] ) emailed a “weekly report” to the estate agents and she copied Ms Dodds and Ms Ross. [15] On 8 February 2019 at 12:12pm, Ms Ross responded to the email referred to in paragraph 14 above. The content of this email read as follows: “ Afternoon Alida, Thank you very much. The full amount will be transferred on Monday into the trust account. We had to transfer funds from 2 different accounts, to rather do 1 transfer, I’m just waiting for the last amount to reflect, which should be by tomorrow. Regards Annelie” [16] On 8 February 2019 at 12:43pm, an email which purports to have been sent by Ms van Vreden to Ms Ross, read as follows: “ Good Day Annelie Thank you for the feedback. Accounts have informed me that payment of the full purchase price should be paid into my firm Nedbank Trust account so funds can be invested in an interest bearing account. Let me know if I should send the banking details to transfer the funds? Kind regards ALIDA VAN VREDEN” [17] On 8 February 2019 at 12:49pm, an email from Ms Ross was sent to d[…] and this email read as follows: “ Hi Alida, I received banking details for FNB, please forward me the Nedbank account details and also the reference number I must use. Regards Annelie ” [18] There was then a further email on 8 February 2019 at 1:32pm which appeared to emanate from Ms van Vreden to Ms Ross, which read as follows: “ Good day Annelie Our Nedbank Banking details are: NDBV INC N[…] ACCOUNT NUMBER: 1[…] ACB CODE: 1[…] REFERENCE: M[…] Kindly acknowledge receipt and please let me have proof of payment once payment has been done. Kind Regards ALIDA VAN VREDEN” [19] Ms Ross and Ms van Vreden testified that Ross & Jacobs Attorneys and NDBV Inc. were related entities. [20] Ms van Vreden also testified that she did not receive the email that Ms Ross had sent to her at 12:12pm on 8 February 2019 (that is, the email referred to in paragraph 15 above). Further, she did not send the email referred to in paragraph 16 above, nor did she receive the email referred to in paragraph 17 above. Ms van Vreden also disputed that she sent the email referred to in paragraph 18 above. [21] On 11 February 2019, Ms Ross transferred an amount of R2,8 million into the bank account referred to in the email quoted in paragraph 18 above, but the account in question was not the trust account of NDBV Inc. or Ross & Jacobs Attorneys. Instead, the account that received the R2,8 million was that of Mr Nkomane. [22] On 12 February 2019, Ms Ross transferred a further amount of R140 000 into the account. [23] Subsequently, Ms Ross was advised by her daughter that the NDBV Inc. account did not receive the payments of R2,8 million and R140 000. [24] Ms Ross then got in touch with her bank (Standard Bank) and on 12 February 2019 at 15:01, Standard Bank notified Nedbank that the payments into the account were pursuant to a fraud that had been perpetrated. [25] Nedbank then froze Mr Nkomane’s account. [26] There were various point of sale transactions that were effected against the debit of Mr Nkomane’s account before Nedbank was notified of the alleged fraud and after the point of sale transactions were honoured by Nedbank. [27] Nedbank managed to recover an amount of R843 000 and this was paid over to the plaintiffs in February 2019. [28] Capitec also paid the plaintiffs the amount of R433 600, which it managed to recover after it was notified of the alleged fraud. [29] The aggregate of the amounts of R843 000 and R433 600 is R1 276 600. When this is deducted from the total amount of R2 940 000, one gets to R1 663 400, which is the capital amount claimed by the plaintiffs in this action. Fraud [30] Nedbank disputes that the payment of the amount of R2 940 000 into the account was induced by a fraudulent email. [31] Nedbank’s counsel made much about the fact that the correct email address for Ms van Vreden was used when the emails referred to in paragraphs 14 to 18 above were sent or received. [32] This, however, overlooks the fact that Ms van Vreden testified that she did not know Mr Nkomane and she had not dealt with him before. Ms Ross also did not know Mr Nkomane and neither did she deal with him before. [33] As set out above, Ms van Vreden also confirmed in her testimony that she did not send the emails referred to in paragraphs 16 and 18 above and she did not receive the emails that are referred to in paragraph 15 and 17 above. [34] Ms Ross testified that an investigation that was done by Ross & Jacobs did not detect any interception on the plaintiffs’ side and Ross & Jacobs’ side. [35] It was strange that the plaintiffs did not see fit to lead evidence from the investigator and any further evidence about the findings of the investigator. [36] Despite this, I have no reason to disbelieve Ms van Vreden and it appears to me that even though on the face of it the emails referred to in paragraphs 16 and 18 above, appear to emanate from Ms van Vreden, the emails were not in fact sent by her. [37] Bearing in mind that the plaintiffs and Ms van Vreden had not dealt with Mr Nkomane before and did not know him, I find that the emails referred to in paragraphs 16 and 18 above were emails that must have been intercepted and sent by a fraudster to Ms Ross. Ms Ross therefore was induced by a fraudulent misrepresentation to pay the aggregate sum into the account. Wrongfulness [38] The Constitutional Court described the function of wrongfulness in relation to delictual claims in Country Cloud Trading CC v MEC, Department of Infrastructure Development, Gauteng [2] as follows: “ [Wrongfulness] functions to determine whether the infliction of culpably caused harm demands the imposition of liability or, conversely whether ‘the social, economic and other costs are just too high to justify the use of the law of delict for the resolution of the particular issue’. Wrongfulness typically acts as a brake on liability, particularly in areas of the law of delict where it is undesirable or overly burdensome to impose liability. ” [39] Wrongfulness would be proved if the plaintiffs can satisfy me of the existence of a legal duty. Conduct causing pure economic loss (which is the case in this matter) is only regarded as wrongful if public or legal policy considerations require that such conduct, if negligent, should attract legal liability for the resulting damages [3] . There is no general right not to be caused pure economic loss and generally in cases of pure economic loss, the loss should lie where it falls [4] . [40] The Constitutional Court has also held that “ our law is generally reluctant to recognise pure economic loss claims, especially where it would constitute an extension of the law of delict” [5] . [41] The plaintiffs’ counsel relied heavily on the case of Commissioner, South African Revenue Services and Another v ABSA Bank Limited and Another [6] . In particular, he quoted parts of paragraph 46 and the whole of paragraph 47 of the judgment: “ I turn now to the policy decision and value judgment necessary to decide whether a legal duty, both in relation to the opening and the conduct of the account, is established. I consider the following considerations relevant to the exercise: The extent of the knowledge attributed to the second defendant in the pleadings. The plaintiffs plead that Dean (acting within the course and scope of his employment with the second defendant) knew that the Zamzar account was essentially funded by VAT payments, knew that virtually every VAT refund was followed within days by large cash withdrawals and large cheques in favour of Cord-Less, two such cheques were issued to Sferopoulos and knew that the Zamzar account showed no payments or movements in respect of transactions which necessarily must have taken place if Zamzar genuinely bought and sold goods. Dean and Fourie (still representing the second defendant), assisted Zamzar to obtain the large sums of cash from the account. Then there is a reference to an enquiry indicating potential irregularities by Zamzar in Zambia which came to Dean’s attention which he raised with Sabra. This complaint is too tersely pleaded to provide any real assistance. There is no indication that the subject matter of the ‘potential irregularities’ was material to the fraud alleged. Knowledge, of its own, would not necessarily create a legal duty in the case of an omissio. A man who sees his neighbour’s toddler about to fall into his neighbour’s swimming pool still does not have a legal duty to act even if he knows that the toddler cannot swim and knows that the child will drown. The plaintiffs would not know that the fraud is being committed on them whilst the second defendant (so it is pleaded) knows that the account is funded almost exclusively by VAT refunds in excess of R48,5 million over some 16 months, whilst also knowing that the account shows no payments or movements in transactions which necessarily must have taken place if Zamzar genuinely bought and sold goods. The plaintiffs are presented with fraudulent F.178 documents (not on the part of the second defendant) alleged to emanate from a bank (the first defendant). On the facts pleaded by the plaintiffs, they were not to blame by making payment of VAT refunds pursuant to documents which, on their face, emanated from a bank and presented no suspicion. This, at least, is a reasonable interpretation which the pleadings may bear, being the test I am enjoined to adopt at the exception stage. On the facts pleaded, the second defendant is not in the position of someone who sees his neighbour’s child about to drown in his neighbour’s pool. It is more akin to the man who knows that the neighbour’s toddler has entered his garden and is about to fall into his pool, whilst knowing his poolnet is not covering the pool. Just as he permits access to and use of his pool by a child who he knows cannot swim, he permits use of his bank account by a person to receive VAT refunds and immediately withdraw large amounts of money, (including large cash sums), whilst knowing that the accounts reflects no genuine trading transactions.” “ I propose to adopt the approach in the Indac case to the issue of a legal duty. A consideration of all the factors I have referred to, in my view supports the existence of a legal duty on the part of the second defendant to avoid causing the plaintiff’s pure economic loss by negligently opening and maintaining the Zamzar account. However, the exception stage is not the time for a final balancing and evaluation of all relevant policy considerations. As stated by Viviers JA in Indac: ‘ It is sufficient for present purposes to say, firstly, that the lex Aquilia does provide a basis upon which a collecting banker may be held liable in negligence to the true owner of a lost or stolen cheque, and, secondly, that there are considerations of policy and convenience in the present case which prima facie indicate the existence of a legal duty on the part of the collecting banker to prevent loss by negligently dealing with the cheque in question. This prima facie indication may be rebutted by the evidence which the defendant might lead at the trial, duly tested and evaluated in the light of any countervailing evidence which might be led by the plaintiff. It cannot, therefore, at this stage be found that the defendant’s conduct was not unlawful. ” [42] Van der Nest AJ also stated in the Commissioner, SARS case [7] , that crime is highly prevalent in South Africa and: “ In my view, society’s notion of justice demands that the bank should not turn a blind eye to the possibility that a customer may be using an account concluded with it for criminal purposes. Where large VAT refunds are received and large cash amounts drawn immediately, whilst, to the knowledge of the second defendant, no genuine trading transactions take place on the account, society would not expect that the bank can stand back with impunity. The pattern of receipt of VAT refunds and their almost immediate withdrawal, including cash withdrawals, is a warning light that the funds are being received and dealt with in a criminal manner. ” [8] [43] It is therefore clear that a bank can have a duty of care towards third parties such as the plaintiffs in this matter, but the plaintiffs’ counsel (correctly, in my view), conceded that if a duty of care is recognised in this case, it would be an extension of duties of care previously recognised by our courts. [44] In the Country Cloud judgment [9] , the court emphasised that in cases of pure economic loss, our courts are reluctant to recognise claims which would constitute an extension of delictual claims. This is especially so if there is the risk of “ liability in an indeterminate amount for an indeterminate time to an indeterminate class.” [10] [45] The Constitutional Court in Country Cloud [11] also stated the following: “ So the element of wrongfulness provides the necessary check on liability in these circumstances. It functions in this context to curb liability and, in doing so, to ensure that unmanageably wide or indeterminate liability does not eventuate and that liability is not inappropriately allocated.” [46] The plaintiffs’ counsel argued that the following should be taken into account in determining whether there exists a legal duty on the part of Nedbank: “ 17.1  The Defendant is aware of the prevalence of email interception fraud (this is common cause). 17.2    The Defendant is under a common law duty and statutory duty under the FICA Act [12] , to monitor accounts/transactions, and to identify peculiarities/ irregularities on an account; 17.3    The Defendant is aware of the guidance notes applicable to the reporting of suspicious and unusual transactions and activities to the FIC which provides specific guidelines to assist the Defendant in identifying suspicious and unusual transactions; 17.4    By virtue of the already existing statutory duty to report suspicious activity/transactions to the FIC, preventative measures must already be in place; 17.5    The measures implemented to monitor accounts of clients are done systematically. It does not require an unsustainable number of employees to monitor accounts, nor does it seem to involve substantial additional costs; 17.6    The Defendant can readily prevent loss to members of the public, if the correct monitoring measures are put in place, even if that obligation is imposed under FICA. (It must be stated here that the Defendant, despite being invited by the court, refused to give evidence on this aspect and it will be submitted that the only inference to (sic) this Honourable Court ought to draw is that the measures currently in place are either non-existent, wholly insufficient or does not comply with the prescripts of FICA); 17.7    The Defendant has in the region of 5 000 000 of the Pay as You Use accounts without any deposit or transactional limits, posing an existential risk that the loss might be suffered to (sic) members of the public as a result of the commission of fraud, money laundering …; 17.8    The Defendant clearly accepted the extent of the risks aforesaid. ” [47] The mere fact that Nedbank is aware of the prevalence of email interception fraud is not sufficient, in my view, to impose a legal duty on Nedbank. [48] The bulk of the considerations referred to in paragraph 46 above, relate to statutory duties imposed under FICA. The critical question therefore is whether the statutory duties under FICA also give rise to private law duties on the part of a bank to parties that are not its customers. [49] The breach of a statutory duty, without more, does not give rise to a legal duty [13] . [50] Our courts have, however, recognised that a breach of a statutory duty could give rise to a legal duty if: a. on a proper construction of the statutory provision, its breach imposes an obligation to pay damages for the loss caused by the breach; or b. when the statutory provision provides a basis for inferring, considered together with all the relevant facts and salient constitutional norms, that a common law duty, actionable in delict, exists. [51] In the case of Olitzky Property Holdings v State Tender Board and Another [14] , the court stated the following: “ Where the legal duty the plaintiff invokes derives from breach of a statutory provision, the jurisprudence of this Court has developed a supple test. The focal question remains one of statutory interpretation, since the statute may on a proper construction by implication itself confer a right of action, or alternatively provide the basis for inferring that a legal duty exists at common law. The process in either case requires a consideration of the statute as a whole, its objects and provisions, the circumstances in which it was enacted, and the kind of mischief it was designed to prevent. But where common-law duty is at issue, the answer now depends less on the application of formulaic approaches to statutory construction than on a broad assessment by the court whether it is ‘just and reasonable’ that a civil claim for damages should be accorded. The conduct is wrongful, not because of the breach of the statutory duty per se, but because it is reasonable in the circumstances to compensate the plaintiff for the infringement of his legal right. The determination of reasonableness here in turn depends on whether affording the plaintiff a remedy is congruent with the court’s appreciation of the sense of justice of the community. This appreciation must unavoidably include the application of broad considerations of public policy determined also in the light of the Constitution and the impact upon them that the grant or refusal of the remedy the plaintiff seeks will entail. ” [52] It is therefore clear that FICA has to be interpreted in context and after taking into account the purposes of FICA. [53] The purpose of FICA is: “ To establish a Financial Intelligence Centre in order to combat money laundering activities and the financing of terrorist and related activities; to impose certain duties on institutions and other persons who might be used for money laundering purposes and the financing of terrorist and related activities; to provide for customer due diligence measures including with respect to beneficial ownership and persons in prominent positions; to provide for a risk based approach to client identification and verification; to provide for the implementation of financial sanctions and to administer measures pursuant to resolutions adopted by the Security Council of the United Nations; to clarify the application of the Act in relation to other laws; to provide for the sharing of information by the Centre and supervisory bodies; to provide for risk management and compliance programmes, governance and training relating to anti-money laundering and counter terrorist financing; to provide for the issuance of directives by the Centre and supervisory bodies; to provide for the registration of accountable and reporting institutions; to provide for the roles and responsibilities of supervisory bodies; to provide for written arrangements relating to the respective roles and responsibilities of the Centre and supervisory bodies; to provide the Centre and supervisory bodies with powers to conduct inspections; to regulate certain applications to Court; to provide for administrative sanctions that may be imposed by the Centre and supervisory bodies; to establish an appeal board to hear appeals against decisions of the Centre or supervisory bodies; to provide for arrangements or consultation with stakeholders; to amend the Prevention of Organised Crime Act, 1998 , and the Promotion of Access to Information Act, 2000 ; and to provide for matters connected therewith. ” [54] FICA does not expressly recognise a delictual claim for civil damages. [55] In a case such as this, where FICA does not expressly recognise a claim for damages, other policy considerations need to be taken into account. These include: a. the chilling effect of imposing liability on the performance of statutory duties; b. the risk of indeterminate liability; c. the plaintiffs’ vulnerability to risk; and d. the extent to which the plaintiffs were the authors of their own misfortune. [56] In the Da Silva case [15] , the court held that the requisites for a right to claim delictual damages for breach of a statutory duty are: a. the statute was intended to give a right of action; b. he was one of the persons for whose benefit the duty was imposed; c. the damage was of the kind contemplated by the statute; d. the defendant’s conduct constituted a breach of the duty; and e. the breach caused or materially contributed to the damage. [57] In the Commissioner case, when dealing with section 31 of the now repealed Proceeds of Crime Act (the wording for which is similar to section 29 of FICA), the court, as set out in paragraph 63, held that: “ The Act cannot be construed so as to indicate an intention to burden those who have to report with a burden of a duty of care enabling a third party to sue in a civil suit. No rights are created for the victims and no duties are created in favour of victims. ” [58] Section 44 of FICA allows the Financial Intelligence Centre (“ FIC ” ) to take steps against any party that has contravened or failed to comply with any provision in FICA. The Centre also has the right to refer a matter to a relevant investigating authority or a supervisory body. [16] [59] Section 45C(1)(a) empowers the FIC or a supervisory body to impose administrative sanctions on a party that has failed to comply with the provisions of FICA or any order, determination or directive made in terms of FICA. [60] In my view, FICA was intended for the public good and to deal with the combatting of money laundering activities and the financing of terrorist and related activities. It creates obligations in favour of the State. It does not give rise to private law duties owed to third parties. This view is supported by a number of cases in which our courts have refused to recognise a common law claim for breach of fiduciary duty. [17] [61] In case I am wrong in this regard, I have also taken into account the following in concluding that the plaintiffs did not discharge the onus resting on them of proving wrongfulness: a. if a duty is recognised on these facts, it could lead to indeterminate liability as any party that is defrauded could then pursue a claim for damages and creditors of such a party may also do so, if they are by virtue of the fraud, unable to recover what is due to them from the victim of the fraud. The evidence in this case was that Nedbank deals with over 8 000 000 accounts, of which at least 5 000 000 are Pay as You Use accounts.  Ms Palani, an executive of financial management employed by Nedbank, testified that Nedbank deals with approximately 10 million transactions a day. It is therefore impossible for Nedbank to manually monitor the accounts of each account holder. This is conceded by the plaintiffs; b. while the plaintiffs led “expert evidence” from Dr Holtzhausen who clearly had experience in banking services, he was last employed in the banking industry in 2011. His real expertise was in general banking services, credit risk assessment and management and restructuring. He was not familiar with the systems that the bank uses and the rules that dictate which transactions the system identifies as suspicious or concerning. The plaintiffs’ counsel argued that Nedbank did not lead any evidence on the measures it takes to prevent loss to members of the public and therefore the inference should be drawn that the measures that Nedbank currently have in place are non-existent or does not comply with FICA. This argument appears to me, to put the cart before the horse. It is only if I had concluded that the obligations under FICA also creates a common law right to claim damages, that the Nedbank would have been obliged to lead evidence about the steps it took to prevent loss to members of the public. In addition, the plaintiffs led no evidence about the systems that the banks use and their expert was not helpful in providing details of the systems that were used. There was therefore no evidence to rebut in regard to the suitability of Nedbank’s systems; c. the plaintiffs could have taken steps to prevent the loss by: i. checking with their daughter whether or not the email that purported to emanate from Ms van Vreden with the Nedbank account details was authentic; ii. checking with their daughter whether NDBV Inc held a trust account with Nedbank (if she did, her daughter would have certainly advised her that NDBV Inc does not hold a trust account at Nedbank); iii. they could have called Ms van Vreden or an accountant at NDBV Inc to verify the Nedbank account details; and iv. they could have used the functionality on internet banking to verify that the bank account details were the details of NDBV Inc’s trust account. d. the plaintiffs tried to justify their failure to follow any of the options referred to in paragraph 61c above by contending that at the time of the interception of the email, Ms Ross was unaware of the prevalence of email fraud. Bearing in mind that Mr and Ms Ross conduct business as importers and exporters of flowers, I find it hard to believe that they were not aware of the risk of email interception fraud, despite the fact that this occurred in 2019. See, for example, the joint publication by the Attorneys’ Fidelity Fund and the Attorneys’ Insurance Indemnity Fund NPC, which has between August 2010 and July 2017 published 16 articles about risks associated with cybercrime and cyber scams [18] . [62] I therefore find that the plaintiffs were best placed to prevent the risk of payment into the bank account of someone other than NDBV Inc and they are the architects of their own misfortune. [19] [63] In these circumstances, the plaintiffs have failed to discharge the onus of proving wrongfulness and for this reason, the plaintiffs’ claim falls to be dismissed. Proof of loss [64] The plaintiffs’ counsel suggested that it is not disputed that the plaintiffs suffered economic loss. I do not agree with this. The plaintiffs pleaded in paragraph 19 of the particulars of claim as follows: “ As a consequence of the defendant’s breach of the duty of care owed to the plaintiffs, the plaintiffs suffered damages in an amount of R1,663,400.00, being the amount of R2,940,000 minus the amounts received from the defendant and Capitec bank. ” [65] Nedbank responded as follows to paragraph 19 of the particulars of claim: “ The contents of this paragraph are denied for the reasons set out above. ” [66] The plaintiffs’ counsel submitted that this meant that Nedbank did not deny that no loss was suffered, but rather Nedbank was contending that it was not responsible for the loss, as it did not have any duty of care, alternatively that Ross & Jacobs Attorneys owed the plaintiffs a duty of care. I do not agree with this submission. If Nedbank was admitting the loss, it would have responded to paragraph 19 along the following lines: “ Nedbank admits that the plaintiffs suffered a loss, but denies for reasons set out above, that it owed the plaintiffs a duty of care. ” [67] The plaintiffs led no evidence to prove their loss and I do not know whether or not the property that was the subject matter of the sale agreement concluded between Mr and Ms Ross on the one hand and Mr and Ms Dodds on the other hand, had been transferred to Mr and Ms Ross and whether it was necessary for them to raise separately R2,940,000 to make payment into the correct NDBV Inc trust account. [68] There was also no evidence from the plaintiffs that they did not hold Ross & Jacobs Attorneys liable for their loss, despite the fact that the contentious emails in this matter appeared to have emanated from Ms van Vreden’s correct email address. [69] Therefore, even if I am incorrect in regard to my conclusions in regard to wrongfulness, the plaintiffs failed to prove that they suffered a loss as a result of the payments into the account. For this reason too, the claim ought to fail. Costs [70] Subject to what I say below, I am of the view that the costs should follow the result. [71] In March 2024, Nedbank launched an application in terms of Rule 33(4) and sought the separation of the issues set out below: a. whether fraud was perpetrated against the plaintiffs as alleged in their particulars of claim; and if not b. whether Nedbank can in law be held liable for the loss allegedly suffered by the plaintiffs when the alleged fraud had not been proven. [72] At the hearing of this matter, Nedbank elected not to persist with this separation application and consequently, the plaintiffs contend that Nedbank should be ordered to pay the costs of the separation application. [73] Part of the reason for Nedbank adopting the approach it adopted, is that the document that was attached as annexure POC1 to the particulars of claim, was the incorrect email. [74] On 25 August 2023, Nedbank requested a true copy of annexure POC1 to the particulars of claim. The plaintiffs responded on 5 September 2023. [75] On 6 October 2023, the plaintiffs in a letter conceded that the wrong document was attached as annexure POC1. That document was an email dated 12 February 2019. Instead, the plaintiffs intended to attach the email of 8 February 2019 referred to in paragraph 18 above. [76] Despite this, the plaintiffs took no steps to amend its particulars of claim by replacing the incorrect annexure with the correct annexure. [77] In these circumstances, I do not believe that the plaintiffs should be awarded the costs of the separation application. Bearing in mind that Nedbank did not persist with the separation application, it too is not entitled to the costs of the separation application. Order [78] I accordingly make the following order: a. The plaintiffs’ claim is dismissed with costs on Scale B, but these costs will not include the costs of Nedbank’s separation application dated 12 March 2024; and b. Each of the parties will bear their own costs in relation to the 12 March 2024 separation application. MOOSAJEE, AJ ACTING JUDGE OF THE HIGH COURT JOHANNESBURG For the Plaintiffs: TJ Jooste instructed by WWB Botha Attorneys (W van Heerden) c/o Mark-Anthony Beyl Attorneys For the Defendant: M Phalane instructed by Cliffe Dekker Hofmeyr Attorneys (N Mabena) DATE OF HEARING: DATE OF JUDGMENT: 14 TO 18 OCTOBER 2024 8 NOVEMBER 2024 [1] Freddy Hirsch Group (Pty) Limited v Chickenland (Pty) Limited 2011 (4) SA (276) SCA. [2] 2015 (1) SA 1 (CC) at paragraph 20 [3] Minister of Safety and Security v Van Duivenboden 2002 (6) SA 431 at paragraphs 12 and 22 [4] Case referred to in Footnote 3 at para 12 and Telematrix v Advertising Standards Authority 2006 (1) SA 461at paragraph 12 and De Bruyn v Steinhoff International Holdings N.V and Others 2022 (1) SA 442 (GJ) at paragraph 150 [5] Case referred to in Footnote 2 at paragraph 24 and also see Old Mutual Unit Trust Managers Limited v Living Hands (Pty) Limited and Others [2024] ZASCA 75 at paragraph 47 [6] 2003 (2) SA 96 (W) [7] See Footnote 6 [8] See Footnote 6 at paragraph 46.6 [9] See Footnote 2 [10] See Footnote 2, paragraph 24 of the Country Cloud judgment [11] See Footnote 2 [12] This is a reference to the Financial Intelligence Centre Act, 2001 [13] Steenkamp NO v Provincial Tender Board of the Eastern Cape 2007 (3) BCLR 300 (CC) at paragraph 37; Esorfranki Pipelines (Pty) Limited v Mopani District Municipality 2023 (2) SA 31 (CC) at paragraph 30 [14] 2001 (3) SA 1247 (SCA) at paragraph 12 [15] Da Silva and Another v Coutinho 1971 (3) SA 123 (A) at page 140. [16] Section 44(a) and (b) of the Financial Intelligence Centre Act, 2001 [17] See Knop v Johannesburg City Council 1995 (2) SA 1 (AD); Premier, Western Cape v Faircape Property Developers 2003 (6) SA 13 (SCA); Steenkamp (referred to in Footnote 13); Home Talk Developments (Pty) Limited and Others v Ekurhuleni Metropolitan Municipality 2018 (1) SA 391 (SCA); Old Mutual Unit Trust Managers Limited (referred to in Footnote 5) [18] Publication is called RiskAlert and the relevant RiskAlerts are August 2010, May 2012, August 2012, February 2013, May 2013, November 2014, July 2015, August 2015, November 2015, February 2016, May 2016, July 2016, August 2016, November 2016, February 2017 and July 2017. See 1 September 2018 article in De Rebus titled “Business email compromise: Attorney’s liability”. The FBI estimated that attacks in the form of a spoofed email address which can look exceptionally like the email address of the real party resulted in $5 billion worth of losses in the period 2013 to 2016 and 96% of companies had encountered business email compromise attempts at an average of 46 attempted attacks per company (see 27 February 2018 article by Shaun Allen, an employee of a technology company at www.tripwire.com/state-of-security/business-email-compromise-threat) [19] See the case of Edward Nathan Sonnenbergs Inc v Hawarden 2024 (5) SA 9 (SCA), in which the court rejected a claim for pure economic loss by omission because of the risk of indeterminate liability and because the plaintiff could reasonably have taken steps to protect against the risk (paragraphs 21 to 26). sino noindex make_database footer start