A firm of attorneys involved in a property transaction paid R1 744 599.45 into the bank account of a hacker in response to emailed instructions. It was held that the attorneys were liable to the true client to pay this amount for failing to perform their mandate in regard to the trust money with sufficient care and attention.

If the attorneys had confirmed or verified the new bank details provided by the hacker with their client, the fraud would not have occurred. No verification process was followed and the firm therefore had to carry the loss.

When a person holding trust money draws an amount from the trust account they do so as a principal and not as a representative of the owner of the money (the client in this case). Trust money must be used for no other purpose than the purpose instructed by the client. The contract between the attorney and the client imposed fiduciary obligations on the attorney and a breach of those obligations created liability.

This case will be applicable to anyone who holds money in trust on behalf of another person.

A broker who collects premiums and holds the funds in trust on behalf of an insurer will have no defence against a claim by the insurer for lost funds on the basis that a hacker misled them into paying the money into the wrong account. This obligation is enhanced if the money is trust money where all the obligations of a trustee under common law will come into place.  The trustee must, with regard to the funds, observe the utmost good faith and exercise the care, diligence and skill expected of a person who manages the affairs of another.

The case is Fourie v van der Spy and de Jongh Inc.