https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / All Legal Briefs RSS ← Back
Business|Financial|Service|Services|Systems
Business|Financial|Service|Services|Systems
business|financial|service|services|systems
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

Baker McKenzie successfully represents pro bono client in precedent-setting case regarding Financial Service Providers’ duty of care to protect clients from cybercrime


Close

Embed Video

Baker McKenzie successfully represents pro bono client in precedent-setting case regarding Financial Service Providers’ duty of care to protect clients from cybercrime

Baker McKenzie

20th November 2023

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

A Dispute Resolution team from Baker McKenzie in Johannesburg, including Darryl Bernstein, Kylie Slambert, Cameron Jeffrey and Landise Banzana, successfully represented the Rosebank Rotary Club (RRC) on a pro bono basis in a precedent-setting case relating to the conduct of financial service providers (FSPs) and their duty of care to safeguard their clients' finances and protect them against cybercrime. The case involved an ongoing dispute involving the RRC and a financial investment firm, Brough Capital (Brough), and its director, Chris Botha (Botha). The decision, which was delivered in the Commercial Court, has implications for all accountable financial institutions.

Botha is a director, Representative and Key Individual of Brough as defined by the Financial Advisory and Intermediary Services Act (FAIS). According to the FAIS Act, Key Individuals have a fiduciary responsibility to ensure that they perform their duties with the necessary care, skill and diligence. FAIS, as well as the General Code of Conduct for Authorised FSPs, requires that FSPs have appropriate technological systems in place that eliminate, as far as reasonably possible, the risk that clients and other FSPs will suffer through, amongst other things, fraud, negligence, or professional misconduct.

Advertisement

The dispute arose out of the misappropriation of funds, totalling ZAR 3.1-million, invested by the RRC via Brough and Botha. The funds were misappropriated as a result of a business email compromise in the form of fraudulent emails sent by unknown hackers purporting to be withdrawal instructions from RRC, to Brough. The Court, in considering the matter, found that Brough did not take adequate measures to prevent the misappropriation from occurring, nor did Botha, both being bound by the legislation and guidelines governing the conduct of intermediary service providers. It was decided that the defendants failed to comply with the duties of an FSP and were guilty of gross negligence, flowing from the manner in which they dealt with the withdrawal instructions from the unknown hackers. Of particular relevance was the fact that the defendants:

Ignored errors on the change of bank account letters, including that RRC’s name was not written in full and that the logo of the respective bank was missing from the letter; and

Advertisement

Ignored the unusual nature of the withdrawals, which were large sums of money drawn in short succession and without notice.

The Court considered the fact that had Botha paid careful attention to the purported letter from the bank, it would have revealed that it was not the plaintiff’s bank account but that of a “Rotary Club” with no name. Further, the Court noted that Botha should have considered the history of the withdrawals from his client and taken time to understand their business insofar as enquiring what the funds were for. The judgment noted that the defendants had failed to exercise the necessary skills, care and diligence, as well as their contractual obligation to be vigilant. The Court found that they had been grossly negligent.

The defendants were found jointly liable to pay the plaintiff ZAR 3.1-million at 10.5% interest per annum, plus costs.

Darryl Bernstein, Partner and Head of the Dispute Resolution Practice in Johannesburg, noted, “This judgment highlights the importance of the responsibility placed on FSPs, as well as those individuals under the supervision of the respective FSPs, to be extra vigilant in an era where cybercrime is rife. It further places great importance on functioning internal controls, such as two-step verification processes, to avoid, as far as possible, the promulgation of cybercrimes and to prevent gross negligence. The judgment is also a reminder to intermediary service providers that, even in instances where the funds are administered by a third party, the proverbial buck stops with the FSP with whom the client has a contractual relationship.”

 

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za