Amidst South Africa’s flourishing security services industry, a high court judgment in November 2024 serves as a reminder about the potential liabilities that can arise from security lapses.
The claimant suffered substantial losses after a robbery at premises it sub-leased from a logistics company. The premises were guarded by the second defendant under a written contract with the sub-lessor, who also occupied the premises.
The claimant sued the defendant in delict for its losses caused by the robbery.
Despite there being no security services contract between the claimant and second defendant, the court found that the second defendant owed the claimant a duty of care because it knew that the claimant traded from the premises which it had been contracted to guard.
The second defendant’s conduct in not adhering to the security protocols outlined in the contract, such as controlled entry gates, vehicle searches and proper documentation was found to be grossly negligent. This allowed the robbers to gain easy access to the premises and perpetrate the robbery. The court also frowned upon the security guards not being called to testify (from which it drew a negative inference), the poor record keeping of the second defendant, and the partisan testimony of its regional branch manager.
In the event of being found liable, the second defendant sought an indemnity from the sub-lessor, relying upon an indemnity clause in the security services contract stating that the sub-lessor would indemnify it for any loss suffered by any third party on the premises. Though it could not supply the applicable contract at the time of the incident, the sub-lessor seemingly accepted that the indemnity clause was part of the contract. The sub-lessor presented no evidence at court and submitted heads of argument in which it argued that the indemnity clause should not apply if the second defendant had acted with gross negligence. The court upheld this argument but did not elaborate on its reasoning.
Curiously, there is no mention of sub-regulation 9(3)(d) of the Code of Conduct for Security Services Providers in the judgment, which:
- prohibits contractual terms which exclude or limit, or try to exclude or limit, the liability of security services providers towards their clients for their or their employees’ grossly negligent, reckless, intentional, malicious or fraudulent conduct; and
- prohibits indemnity provisions in terms of which a client must indemnify a security services provider for any such conduct by a person for whose conduct the client is not independently responsible in law. Note that there is no such prohibition in relation to ordinary negligent conduct.
There are useful lessons for security companies (and their insurers in proposing risk mitigation measures or assessing claims):
- Security measures agreed in security contracts (which should be in writing) must be adhered to. Regular risk assessments should be conducted to identify potential vulnerabilities and address them proactively.
- Proper documentation and record-keeping are essential.
- Security personnel must be adequately trained and supervised to ensure they understand and follow the required security measures.
- Clear communication between the security service provider and their clients is important. Any changes to security protocols or measures should be documented and communicated effectively. The contract itself may require any changes to be in writing.
- Contracts should be clear on the circumstances in which any limitations of liability, and indemnities, will apply whilst ensuring that they do not conflict with the Code of Conduct for Security Services Providers.