This blog was co-authored by Yuveshen Naidoo, Candidate Attorney.
In November 2024, the High Court considered whether a bank was delictually liable for financial loss caused by a fraudulent email scheme perpetrated by their customer on a third party. The court dismissed the claim and held that the bank’s obligations under the Financial Intelligence Centre Act (FICA) did not create a private law duty. The claimants could not prove that the bank’s conduct was wrongful, negligent nor causally linked to their loss. The loss was attributable to the claimants’ own failure to take the necessary precautions.
The claimants entered into a sale agreement for the purchase of immovable property. Following interception of email correspondence between the claimants and their attorney, the claimants made payment of the purchase price into a bank account with the defendant bank which was not the trust account of the claimants’ attorneys. The claimants claimed damages from the bank of R1 663 400.
The claimants alleged that the bank had a common law duty and statutory duty in terms of the FICA to be cognisant of accounts or transactions of their customers, and to identify peculiar or irregular transactions on an account given the current widespread issues of business email compromise.
The claimants argued that the bank ought to have had adequate preventative measures in place to prevent and detect fraudulent activities by their customers. In their submission, the bank failed to do so and consequently facilitated the fraud.
The claimants, relying on FICA, asserted that the bank’s statutory duties to combat financial crime extend to protecting third parties from such losses. The court considered whether FICA obligations could give rise to private law duties. It reiterated that FICA’s purpose is to safeguard public interests by combating money laundering and related crimes. This obligation favours the state and does not provide actionable rights for individuals against banks. The court emphasised that imposing a legal duty on banks to third parties would lead to an indeterminate scope of liability emanating from financial loss caused by fraud.
Having regard to the factual evidence, the court considered that despite the apparent legitimacy of the fraudulent emails, the claimants could have taken basic steps such as verifying the authenticity of the email or contacting the relevant parties. The court found this failure significant, noting that the claimants could have taken steps to prevent the loss and were the architects of their own misfortune.
The court concluded that FICA does not create delictual liability. Even if that finding were wrong, there was still no wrongfulness and the claimants did not prove their loss. This judgment deals with key principles relating to bank liability to third parties in cases of fraud.
Ross and Another v Nedbank Limited (10029/2020) [2024] ZAGPJHC 1146 (8 November 2024)