COPYRIGHT AND CITATION CONSIDERATIONS FOR THIS THESIS/ DISSERTATION

o Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.

o NonCommercial — You may not use the material for commercial purposes.

o ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.

How to cite this thesis

Surname, Initial(s). (2012) Title of the thesis or dissertation. PhD. (Chemistry)/ M.Sc. (Physics)/ M.A. (Philosophy)/M.Com. (Finance) etc. [Unpublished]: University of . Retrieved from: https://ujcontent.uj.ac.za/vital/access/manager/Index?site_name=Research%20Output (Accessed: Date). THE DUTY OF A BENEFICIARY TO PREVENT ECONOMIC LOSS TO A NON-CUSTOMER IN THE CONTEXT OF INTERNET BANKING FRAUD

BY

NEROSHA MOODLEY

STUDENT NUMBER

200518629

Submitted in partial fulfilment of the requirements for the degree

MASTER OF LAWS (LLM)

in

BANKING LAW

in the

FACULTY OF LAW

at the

UNIVERSITY OF JOHANNESBURG

SUPERVISOR: PROFESSOR C HUGO

FEBRUARY 2016

Abstract

This dissertation investigates the delictual liability of bank towards a non-customer who suffered financial loss as a result of an electronic funds transfer, specifically fraud perpetrated by a phishing scam.

For the purposes of this dissertation we are concerned with instances where banking customers fall victim to internet banking fraud, specifically phishing scams, and their funds are transferred to an account held with another bank (not their bank). In this instance, there is no contractual relationship between the victim and the beneficiary bank.

Therefore, if the victim, who is a non-customer, wants to claim from the beneficiary bank he must do so by way of an Aquillian action. To establish delictual liability, the following needs to be proven, that there was: a culpable (intentional or negligent), wrongful act which caused harm to another. This dissertation focuses mainly on elements of negligence and wrongfulness.

In a recent decision, Peterson NO and Another v Absa Bank, the court had to consider whether there was a legal duty on the beneficiary bank to prevent pure economic loss to a third party, that is, a non-customer. Essentially the court in the Peterson case, equated the relationship between an originator of a payment order and the beneficiary bank to the relationship between the owner of a and the collecting bank. The court adopted the approach of the court in Indac Electronics v Bank and found that the evidence supported the existence of a legal duty on the part of the bank to prevent pure economic loss to the non-customer by negligently opening and maintaining the bank account.

Mark Henri Pienaar, completed a dissertation in 2014 exploring the legal duty of a bank to prevent pure economic loss to non-customers. Whilst this dissertation is specifically concerned with the legal duty of a beneficiary bank to prevent pure economic loss to a non-customer in the context of phishing, Pienaar’s dissertation proved to be of great assistance in answering the question that this dissertation is concerned with. However, this dissertation after a consideration of the relevant law and policy considerations, comes to a different finding.

This issue of whether a beneficiary bank owes a legal duty to a non-customer was recently the subject of a test case that was referred by the Ombudsman for Banking Services to Judge Malan

for consideration. Due to the confidentiality of the proceedings and the parties involved the judgement is not unpacked in this dissertation, however the arguments raised by the Ombudsman’s office and the bank together with the considerations noted by the judge are contained and evaluated in this dissertation.

It is clear that the question whether a beneficiary bank owes legal duty to a victim of internet banking fraud is a contentious issue that the banking industry is currently faced with.

This dissertation will consider the Peterson case, other case law, academic writing and relevant legislation to explore the existence and extent of a legal duty owed by a beneficiary bank to a non-customer who suffers loss as a result of a credit transfer. If it is accepted that the relationship between an originator of a payment order and the beneficiary bank is comparable to the relationship between the owner of a cheque and the collecting bank, then the inescapable conclusion is that the beneficiary bank, is under a legal duty to prevent a non-customer from suffering loss as a result of an unauthorized credit transfer.

As there are two schools of thought regarding such a legal duty, it is necessary to consider both view-points for a more informed view on the issue. This dissertation compares the decision in the Peterson case with the decision in the Canadian case, Dynasty Furniture Manufacturers Ltd and Others v Toronto Dominion Bank Ltd, specifically the policy considerations that the different courts noted.

Once a legal duty on the part of the beneficiary bank towards a non-customer is established, it is necessary to consider the extent of the liability of the beneficiary bank. After a consideration of how the compromise came about, it becomes apparent that an apportionment of damages may be a fair and equitable finding.

TABLE OF CONTENTS

1 INTRODUCTION 1 - 2

2 FACTUAL BACKGROUND: INTERNET-BANKING FRAUD 3 - 5

3 LEGAL BACKGROUND 6

3.1 Common-law background: principles of the law of delict 6 - 21

3.1.1 Introduction 6 3.1.2 The development of liability for omissions leading to pure economic loss 6 - 11 3.1.3 Wrongfulness, negligence and causation 11 - 14 3.1.4 Apportionment of damages 14 - 16 3.1.5 The delictual liability of the negligent collecting bank 17 - 21

3.2 Statutory background: the Financial Intelligence Centre Act 21 - 25

4 CASE LAW 26

4.1 The cases 26 - 42

4.1.1 Petersen 26 - 31 4.1.2 SARS 31 - 36 4.1.3 Dynasty 36 - 41 4.1.4 Ombudsman’s approach 42

4.2 Critical evaluation 42 - 53

5 CONCLUSION 54 – 55

1 INTRODUCTION

The introduction of the internet revolutionized the banking industry. The widely known characterization of technology as a ‘double-edged sword’ seems to be fully justified in the case of internet banking.1 The revolution caused in the financial sector by the internet has had positive and negative effects. Almost all major offer their clients the option to conduct banking transactions via the internet. Aside from the numerous benefits to both the bank and the customer offered by this type of banking, it has become an opportunity for fraudsters to scam banking customers.

It has been accepted by the members of the South African legal fraternity that banking law is not an autonomous branch of law. It is an area of law where one must make use of the concepts and techniques of the general law of obligations.2 Delict is one of the primary sources of obligations.3

The relationship between a bank and its customer is based on contract.4 In instances where there is no contractual relationship between the beneficiary bank and the victim of internet- banking fraud, the victim who wants to claim from the beneficiary bank must establish delictual liability on the part of the beneficiary bank.5

Advancements in information technology, communications technology and globalization have significantly impacted on the revolution in banking.6

As the nature of banking continuously evolves, so too must the law evolve to keep pace with the changing landscape and to ensure that banking remains a controlled, safe and regulated profession, as this is crucial to our economic development.

1 Giannakoudi “Internet Banking: The Digital Voyage of Banking and Money in Cyberspace” 1999 I&CTL 205. 2 Malan, Pretorius and du Toit Malan on Bills of Exchange and Promissory Notes (2009) 295. 3 Van der Walt and Midgley Principles of Delict (2005) 1. 4 Malan, Pretorius and du Toit (n 2) 295. 5 Lawack and Pretorius “The “Sale” of a Bank Account” 2015 THRHR 104. 6 Schulze “Countermanding an Electronic Funds Transfer: The Supreme Court of Appeal Takes a Second Bite of the Cherry” 2004 SA Merc LJ 667.

The landmark decision of Administrateur, Natal v Trust Bank van Afrika Beperk,7 which recognised delictual liability for pure economic loss under the extended lex Aquilia, laid the foundation for the imposition of liability on a collecting bank.

Subsequently, in the case of Indac Electronics (Pty) Ltd v Volkskas Bank Limited,8 the court recognised that a collecting bank may be held liable under the extended lex Aquilia for negligence to the true owner of a cheque, provided that all the elements required for an Aquilian action are present.9

Our courts, however, have over the years approached claims for pure economic loss founded in delict circumspectly.10

The case of Peterson NO and Another v Absa Bank Limited11 took a bold step forward in recognizing that the time is upon us to adapt our law to our changing circumstances.12

7 1979 3 SA 824 (A). 8 1992 1 SA 783 (A). 9 Malan, Pretorius and du Toit (n 2) 396. 10 Gilbeys Distillers and Vinters (Pty) Ltd v 2001 JDR 0411 (C). See also Telematrix (Pty) Ltd t/a Matrix Vehicle Tracking v Advertising Standards Authority SA 2006 1 SA 416 (SCA). 11 2011 5 SA 484 (GNP). 12 Schulze “The Sources of South African Banking Law – A Twenty First Century Perspective (Part 1)” 2002 SA Merc LJ 454. Schulze states: “The commercial world of the 21st century requires clarity and certainty in law, but most of all, it requires the law to be flexible and adaptable to new and changing circumstances”.

2

2 FACTUAL BACKGROUND: INTERNET BANKING FRAUD

Security features of internet banking

In order to be able to access his internet banking account, a customer must enter his account number, personal identification number (PIN) and password. The pin and the password are chosen by the customer; the bank does not have any knowledge of this information.

In order to be able to complete an internet-banking transaction involving (a) the addition of a new payment beneficiary, (b) amendment of an existing payment beneficiary, and (c) making a once-off payment to a new beneficiary, the account holder would require a reference number which is sent by the bank via SMS or email exclusively to the registered cell-phone number or email address of the account holder.13

In addition to the above, the banks offer an SMS notification service, which notifies customers via their registered cell-phone number of the transactions that occur on their accounts. Consequently, in theory at least, if a customer is notified of a transaction that he did not authorize he can contact the bank timeously and report the fraud.14

Phishing

There are various types of internet-banking fraud.15 For the purposes of this dissertation, however, we are only concerned with phishing. Phishing is currently the most frequent type of online fraud.16

13 Nashua Mobile (Pty) Ltd v GC Pale CC t/a Invasive Plant Solutions (Pty) Ltd 2012 1 SA 615 (GSJ) para 10, Roestoff v Cliffe Dekker Hofmeyr Inc 2013 1 SA 12 (GNP) paras 7 and 8. See Absa Bank’s landing page of its internet banking functionality, available at http:www.absa.co.za (accessed on the 27 July 2015) for a detailed explanation of the security measures employed by the banks. 14 Beukes “Delictual liability of the beneficiary bank in an electronic fund transfer” 2015 ABLU 36. 15 See https://netbank.nedsecure.co.za (accessed on the 27 July 2015) for an explanation of the various types of internet banking scams. 16 Cassim “Addressing the spectre of phishing: are adequate measures in place to protect victims of phishing?” 2014 CILSA 401 403. 3

It has been established that a fraudster can only access an account if he is in possession of the security details of an internet-banking customer. The fraudster obtains this information by means of a scam. Fraudsters often use phishing to trick banking customers into divulging their usernames, passwords and mobile phone numbers.

Phishing occurs when “a user is conned into revealing the access details of his banking account and access password details through the use of sophisticated web pages or emails that resemble or mimic a regular login page of a bank or financial institution website and which usually contain ‘urgent attention’ or similar content that entices and tricks the recipient into divulging their bank user name and password as well as their mobile phone number as provided to the bank.”17

Explained differently, phishing is a type of scam used by identity thieves to obtain personal information (e.g. names, passwords, identity numbers and credit card details) by using fraudulent email messages that appear to originate from a legitimate business. Phishing is a term that originates from the analogy that the fraudster uses emails as bait to fish for profitable personal information from unsuspecting internet banking users.18 As the Financial Intelligence Centre Act19 has made it more difficult to open a bank account, fraudsters have recently devised a new method to carry out their scam successfully: they now “buy” a bank account from an existing customer or persuade someone who is in financial dire straits to open a new account with the bank.20

17 Perlman Legal and Regulatory Aspects of Mobile Financial Services (2012 LLD dissertation SA) 212. See also https://blog.sabric.co.za (accessed on the 28 July 2015) and Cassim (n 16) 406, for an explanation on phishing. 18 Almahroos “Phishing for the answer: Recent Developments in Combating Phishing” 2007 I/S: A Journal of law and policy for the information society 596. 19 38 of 2001. Hereafter referred to as “FICA”. 20 Lawack and Pretorius (n 5) 104. 4

Once the fraudsters have obtained the confidential logon information from the victim, they use it to access the customer’s profile via internet banking. As soon as the account is accessed or a transaction is done, an SMS is sent to the registered cell number for the account. In order to prevent the customer from receiving the SMS and to enable the fraudster to authorize the transactions, in some instances, the fraudster in addition to the phishing attack, does a SIM swap on the victim’s SIM-card in order to intercept the randomly generated once-off passwords.21

SIM-card swapping

SIM-card swapping occurs when the fraudster poses as the bank customer and has a new card illegally assigned to the same cell phone as the original SIM-card, via a SIM-card “swap”.22 Essentially, the one SIM-card is swapped for another SIM-card and the service provider will then transfer the SIM-card identity of that specific client to that of the fraudster. As the original SIM-card is cancelled the banking customer will no longer receive any SMS notifications and therefore will not be aware of the fraud.

As the fraudster receives all the SMS messages sent from the bank, he is able to create beneficiaries and transfer funds to other accounts. Sometimes the beneficiaries of the funds have accounts held with the victim’s bank, but often the accounts are held with other banks, (beneficiary banks).

As this dissertation is primarily concerned with the delictual liability of a beneficiary bank to a non-customer in respect of the opening and monitoring of the fraudulent beneficiary accounts, an in-depth analysis of the science of phishing is not undertaken in this dissertation.23 It is important to note that access to an internet banking account can only be gained with the correct PIN and password which is only known by the account holder.

21 See http://www.obssa.co.za (accessed on the 28 July 2015). 22 Van der Bijl “SIM-card Swapping, Mobile Phone Banking Fraud and Rica 70 of 2002” 2009 21 SA Merc LJ 159 160. 23 Almahroos (n 18) 595. 5

3 LEGAL BACKGROUND

3.1. Common-law background: principles of the law of delict

3.1.1 Introduction

The three pillars of delictual liability in are the actio legis Aquiliae, the actio iniuriarum and the action for pain and suffering. The essential elements that must be present in order for delictual liability to attach, irrespective of the pillar that it falls under, are the following: the plaintiff must have suffered harm, the conduct of the defendant must have been wrongful; there must be a causal nexus between the defendant’s conduct and the detrimental consequences suffered by the plaintiff; and, finally, fault must be attributed to the wrongdoer.24 All these elements must be established in order for a claim in delict to be successful.

The first principle of the law of delict is that losses should lie where they fall.25 This principle states that a person who suffers a loss due to his own conduct or omission, is solely liable for the loss suffered. However, the loss shifts to a third party by means of liability if he culpably infringed the rights of the victim.26 The principle that there can be no liability without fault is of fundamental importance to South African law; a defendant will only be liable for his wrongful conduct if he was at fault.27 The fault requirement ensures that liability in the South African law of delict is kept within reasonable limits.

3.1.2 The development of liability for omissions leading to pure economic loss

The Aquilian action which has its origins in Roman law was developed extensively under Roman-Dutch law.28 In earlier cases, in order to found Aquilian liability, physical injury to person or property was a requirement. However, today it is established law that compensation for so-called ‘pure’ economic loss may be claimed under the Aquilian action.29

24 Van der Walt and Midgley (n 3) 43, 67, 155, 196. 25 Telematrix (Pty) Ltd t/a Matrix Vehicle Tracing v Advertising Standards Authority SA (n 10) par 12. See also AB Ventures Ltd v Siemans Ltd 2011 4 SA (SCA) par 11. 26 Van der Walt and Midgley (n 3) 31. 27 Ibid. 28 Neethling, Potgieter and Visser Law of Delict (7th ed) 10. 29 Van der Walt and Midgley (n 3) 11. 6

Booysen J in Coronation Brick (Pty) Ltd v Strachan Construction Co (Pty) Ltd30 stated:

“The legal basis of the plaintiff’s claim is the lex Aquilia. In essence the Aquilian action lies for patrimonial loss caused wrongfully (or unlawfully) and culpably. Although the contrary view had long been held by many authorities, it seems clear that the fact that the patrimonial loss suffered did not result from physical injury to the corporeal property or person of the plaintiff, but was purely economic, is not a bar to the Aquilian action.”

This view was endorsed by our courts in numerous subsequent decisions.31 As a result of the development of the Aquilian action over the years, the modern South African law of delict extends to an instance where a person negligently causes physical harm to another’s person or property by an omission rather than a positive act and to an instances where a person negligently causes another to suffer patrimonial loss, but not because he has caused physical harm to his person or property.32

Historically, our courts were of the view that an omission could only found liability in instances where there had been prior conduct, for only then would the conduct requirement for delictual liability be satisfied.33 Today, it is accepted that an omission amounts to conduct no less than a positive act does for the purposes of delictual liability.34 However it must be pointed out our law is not prepared to hold an omission to be wrongful as easily as it does a positive act.

30 1982 4 SA 371 (D) 377. 31 This view was confirmed by the then Appellate Division in Administrateur, Natal v Trust Bank van Afrika Beperk (n 7); also see Lillicrap, Wassenaar and Partners v Pilkington Brothers (SA) (Pty) Ltd 1985 1 SA 475 498 (A) where Grosskopf AJA held: “It is clear that in our law Aquilian liability has long outgrown its earlier limitation to damages arising from physical damages or personal injury.”. 32 Fagan “Aquilian liability for negligently caused pure economic loss – its history and doctrinal accommodation” 2014 SALJ 288 289. 33 Cape Town Municipality v Clohessy 1922 4 AD 7. 34 Boberg The Law of Delict (1981) 211; Minister van Polisie v Ewels 1975 3 SA 590 (A) 597. See also Pienaar The legal duty of a bank to prevent pure economic loss to non-customers: When the conflation of wrongfulness and negligence leads to an unjust conclusion (2014 dissertation UJ) 19. 7

An omission is not considered wrongful unless there was a duty to act positively. Essentially, it means that where a defendant’s conduct takes the form of an omission, such conduct is prima facie lawful.35 Only if the omission was wrongful, will liability follow and this will occur only if a legal duty rested on the defendant to act positively to prevent harm and he failed to comply with that duty. What constitutes a “legal duty” will depend on the legal convictions of the community.36

As stated by the then Appellate Division in Minister of Law and Order v Kadir:37

“It needs to be emphasised that such a duty arises…when the circumstances are such, not only that the omission evokes moral indignation, but that the legal convictions of the community demand that it be regarded as wrongful and that the loss should be compensated by the person who failed to act positively”

Our courts have cautioned that what constitutes a legal duty is not determined by merely transcribing societal attitudes into legal policy.38 The question that one needs to ask is always whether the defendant ought to have reasonably and practically prevented harm to the plaintiff, in other words, is it reasonable to have expected of the defendant to take positive measures to prevent the harm?39 It is further contended that the test cannot be subject to any general rule, it will depend on the facts of the particular case.40

35 Van der Walt and Midgley (n 3) 84. 36 Minister van Polisie v Ewels (n 34) where the court held that a negligent omission will amount to unlawful conduct when the circumstances of the case are of such a nature that the omission not only evokes moral indignation but the “legal convictions of the community” demand that the conduct be regarded an unlawful. 37 1945 1 SA 303 (A). See also Minister van Polisie v Ewels (n 34) 596 and Van Eeden v Minister of Safety and Security 2003 1 SA 389 (SCA) para 9: “The court determines whether it is reasonable to have expected of the defendant to have done so by making a value judgment, based inter alia upon its perception of the legal convictions of the community and on considerations of policy. The question whether a legal duty exists in a particular case is thus a conclusion of law depending on a consideration of all the circumstances of the case and on the interplay of the many factors which have to be considered.” 38 Van Eeden v Minister of Safety and Security (n 37) par 10. 39 Van der Walt and Midgley (n 3) 85. 40 Cape Town Municipality v Bakkerud 2000 3 SA 1049 par 14 (SCA). 8

It has been suggested by our academics that when determining whether a legal duty exists, the courts have to consider and balance the followings aspects: “the foreseeability and possible extent of the harm; the degree of risk that the harm will materialise, the interests of the defendant and the community; any constitutional obligations; who has control over the situation; the availability of practical preventative measures, and the chances of success; whether the cost of preventing the harm is reasonably proportional to the harm, and whether or not other practical effective remedies are available.”41

In addition to the above considerations, judicial precedent and a body of academic writing on what constitutes the standard for the legal convictions of the community support a consideration of the following factors: prior positive conduct; control of a dangerous object; a special relationship between the parties; occupation of a particular office; and contractual undertaking of the safety of a third party.42

An application of the legal convictions of the community test entails a value judgment, indicative of what society deems fair and just in a particular context and at a particular time.43 According to our courts, the test cannot establish principles of law which are generally applicable; they will depend on the facts of each case.44

Pure economic loss refers to an instance where the plaintiff’s financial loss does not flow from physical damage to the person or property.45 It is loss that is not associated with physical injury to the plaintiff’s person or property.46

41 Van der Walt and Midgley (n 3) 85. 42 Ibid. See also Neethling, Potgieter and Visser (n 28) 56-72. 43 Van der Walt and Midgley (n 3) 85. See also Minister of Safety and Security v Van Duivenboden 2002 3 SA 431 (SCA) 44 Cape Town Municipality v Bakkerud (n 40) par 14. 45 Boberg (n 34) 103. 46 Van der Walt and Midgley (n 3) 93; Zimbabwe Banking Corporation Ltd v Pyramid Motor Corporation (Pvt) Ltd 1985 4 SA 553 (ZS) and Greenfield Engineering Works (Pty) Ltd v NKR Construction (Pty) Ltd 1978 4 SA 901 (N). 9

Historically, our courts were divided on whether a claim for pure economic loss could be recovered under the extended lex Aquilia.47 However, the landmark decision of Administrateur Natal v Trust Bank48 recognised aquilian liability for having negligently caused pure economic loss and set the precedent for subsequent judgments.49

Whilst our law does not deny liability for pure economic loss, it approaches such claims with caution.50 The reluctance of our courts to allow claims for pure economic loss readily arises from the fear of creating indeterminate liability.51 Our courts are concerned that an acknowledgment of such liability would place too onerous a burden on society. The primary concern, therefore, is limiting liability for pure economic loss to reasonably predicable limits.52

In order to be successful in a claim for pure economic loss, all the elements of delictual liability must be met.53 However the element of wrongfulness is the in-built mechanism in the South African law of delict that keeps liability within socially acceptable limits. The causation of pure economic loss is prima facie lawful, unlike loss caused to person or property.54 It is this distinction that makes the element of wrongfulness problematic in cases involving pure economic loss. In instances where the conduct complained of takes the form of an omission or statement, policy considerations become important. To be successful in a claim for delictual liability in South African law it does not suffice to show that the harm was caused intentionally or negligently. In addition to those two requirements the cause of the harm must have been wrongful.55

47 Perlman v Zoutendyk 1934 CPD and Greenfield Engineering Works (Pty) Ltd v NKR Construction (Pty) Ltd (n 46). Recognition of the extension was denied in Combrinck Chiropraktiese Kliniek (Edms) Bpk v Datsun Motor Vehicle Distributors (Pty) Ltd 1972 4 SA 185 and Trustees Two Oceans Aquarium Trust v Kantey and Templer (Pty) Ltd 2006 3 SA 138 (SCA). 48 Administrateur, Natal v Trust Bank van Afrika Beperk (n 7). 49 Zimbabwe Banking Ltd v Pyramid Motor Corporation (Pvt) Ltd (n 46); Tobacco Finance (Pvt) v Zimmat Insurance Co Ltd 1982 3 SA 55 (Z), Indac Electronics (Pty) Ltd v Volkskas Bank Limited (n 8) and Lillicrap, Wassenaar and Partners v Pilkington Brothers (SA) (Pty) Ltd (n 31). 50 Country Cloud Trading CC v MEC, Department of Infrastructure Development 2015 1 SA (CC) par 23. 51 Van der Walt and Midgley (n 3) 94 and Boberg (n 34) 104. See also Fourway Haulage SA (Pty) Ltd v SA National Roads Agency Ltd 2009 2 SA 150 (SCA) par 24 and Country Cloud Trading CC v MEC, Department of Infrastructure Development (n 50) par 20; 21; 22. 52 Van der Walt and Midgley (n 3) 95. 53 Lillicrap, Wassenaar and Partners v Pilkington Brothers (SA) (Pty) Ltd (n 31) 496. 54 Ibid. See also Fourway Haulage SA (Pty) Ltd v SA National Roads Agency Ltd (n 51) par 12. 55 Fagan “Rethinking wrongfulness in the law of delict” 2005 SALJ 90. 10

Negligently caused pure economic loss has proved to be problematic and the cause of much confusion in the South African law of delict. It has been submitted that this can be attributed largely to the confusion between the test for negligence and wrongfulness.56

3.1.3 Wrongfulness, negligence and causation

Wrongfulness

The element of wrongfulness is a separate requirement for delictual liability, meaning it is not part of the requirement that the defendant’s conduct must be intentional or negligent.57 Wrongfulness is viewed ex post facto, objectively from the point of view of an independent and interested bystander, after having considered all relevant circumstances and factors favouring the plaintiff, the defendant and the interests of society.58

As stated by Boberg:59 “The net of liability would be cast too widely if all harm caused culpably were shifted to the shoulders of him who caused it: social policy requires that some remain where it falls.” As already mentioned above, the device that the law uses to keep liability within socially acceptable bounds is the requirement of wrongfulness.

56 Pienaar (n 34) 24. 57 Van der Walt and Midgley (n 3) 67. 58 Ibid. 59 Boberg (n 34) 30. 11

The criterion applied by our courts in order to determine the meaning of wrongfulness is one of reasonableness.60 Conduct is regarded as wrongful or unlawful if it is unreasonable, that is, if in light of all the circumstances, the defendant is expected to behave in a manner which would not harm the plaintiff.61 The enquiry into wrongfulness reflects society’s prevailing conceptions of what is reasonable and proper at that given time, often referred to as the boni mores of society or the legal convictions of the community.62

The enquiry into the question of wrongfulness may be seen from the perspective of an infringement of a right or from the perspective of a legal duty, which requires a value judgment and policy considerations.63 Our courts and our academia have recognized various factors which are considered when determining whether policy is in favour of founding liability in specific cases, amongst others: whether the loss is finite; whether the potential plaintiffs are limited and identifiable; the foreseeability of the harm and the likelihood of its occurrence; the ability of the plaintiff to protect himself / herself; the relationship between the parties; the consequences to society if liability is imposed; the need for legal certainty; and whether there are considerations of equity, fairness and policy which favour a denial of a remedy.64

60 Fagan (n 55) 91: “The standard academic view of the nature or meaning of wrongfulness in the South African law of delict is encapsulated by the following proposition: a harm-causing act was wrongful if, and only if, it was unreasonable...” 61 Van der Walt and Midgley (n 3) 67. 62 Minister van Polisie v Ewels (n 34); and see Van Eeden v Minister of Safety and Security (n 37) par 10. 63 Van der Walt and Midgley (n 3) 94. Fourway Haulage SA (Pty) Ltd v SA National Roads Agency Ltd (n 51) par 12 the court stated: “that negligent conduct which manifests itself in the form of a positive act causing physical damage to the property or person of another is prima facie wrongful. By contrast, negligent causation of pure economic loss is not regarded as prima facie wrongful. Its wrongfulness depends on the existence of a legal duty. The imposition of this legal duty is a matter for judicial determination involving criteria of public or legal policy consistent with constitutional norms.” 64 Van der Walt and Midgley (n 3) 94; Burchell “The odyssey of pure economic loss” 2000 Acta Juridica 99 129: and Pienaar (n 34) 22. See also Fourway Haulage SA (Pty) Ltd v SA National Roads Agency Ltd (n 51); Indac Electronics (Pty) Ltd v Volkskas Bank Limited (n 8) and Telematrix (Pty) Ltd t/a Matrix Vehicle Tracing v Advertising Standards Authority SA (n 10) par 15 and 16. 12

Negligence

The test for the determination of negligence was formulated in the case of Kruger v Coetzee.65 According to this test, negligence will be established if a diligens paterfamilias in the position of the defendant:

1. would have reasonably foreseen the possibility of his conduct causing harm to the person or property of the plaintiff or causing the plaintiff patrimonial loss; 2. would have taken reasonable steps to guard against such conduct, and 3. failed to take such steps.

Negligence is determined by looking at the case not from the point of view of an interested bystander, but by looking at it objectively from the point of view of a person in the position of the defendant; the interests of the plaintiff or society is not considered.66

Causation

An essential element of delictual liability is causation. In order to be successful in a claim founded in delict, there must be a causal nexus between the defendant’s conduct and the detrimental consequences sustained by the plaintiff. Hence, in respect of the question we are concerned with in this dissertation, it must be noted that even if wrongfulness on the part of the (negligent) beneficiary bank is proved, the question of causation will also have to be answered before a finding on liability can be made.

65 1966 2 SA 428 (A) 430 E-G. See also Loureiro and others v Imvula Quality Protection (Pty) Ltd 2014 3 SA 394 (CC) par 58 which confirmed the test. 66 Van der Walt and Midgley (n 3) 67. 13

The test for causation was enunciated in the case of Minister of Police v Skosana.67 The test for causation comprises of two fundamental enquiries. The first is a factual enquiry and relates to the question whether the negligent act or omission caused or materially contributed to the harm sustained by the plaintiff. If it did not then no liability can follow. If, however, it did, then the second enquiry is whether the negligent act or omission is linked to the harm sufficiently closely or directly for legal liability to ensue, or conversely, whether the loss is too remote for liability to be founded. The second enquiry is often referred to as the remoteness of damage or legal causation.68

Legal causation is not a logical concept69 and has no foundation in reality70. It concerns society’s moral reaction to the issue which entails making a value judgement. The test for causation bears a resemblance to wrongfulness. Legal causation like wrongfulness is determined by policy considerations. Legal causation has been described by the court in Country Cloud Trading CC v MEC, Department of Infrastructure Development as “a mechanism of control in pure economic loss that can work in tandem with wrongfulness.”.71

Due to the fact that both wrongfulness and legal causation involve policy considerations, it is inevitable that there will be some overlapping.72 However, wrongfulness and causation involve two different enquiries. The enquiry into wrongfulness focuses on whether the plaintiff’s interest is entitled to protection from the defendant’s conduct. The legal causation enquiry focuses on the limitation of loss resulting from the wrongful conduct. Both the elements function as a control mechanism, with its own characteristics and contents, in order to limit liability. It aims to get the balance right between the defendant’s and the plaintiff’s interests.73 In Nashua Mobile (Pty) Ltd v GC Pale CC t/a Invasive Plant Solutions74 the court held:

67 1977 1 SA 31 (A). 68 Ibid. See also International Shipping Co (Pty) Ltd v Bentley 1990 1 SA 680 (A). 69 Van der Walt and Midgley (n 3) 202. 70 Boberg (n 34) 440. 71 (n 50) par 25. 72 Cape Empowerment Trust Ltd v Fisher Hoffman Sithole 2013 5 SA 183 (SCA) par 35. 73 Ibid. The court stated that: “wrongfulness and remoteness are not the same in all respects. They involve two different elements of the law of delict, each with its own characteristics and content. Even where negligent conduct resulting from pure economic loss is for reasons of policy found to be wrongful, the loss may therefore, for other reasons of policy, be found to be too remote and therefore not recoverable.” See also Van der Walt and Midgley (n 3) 204. 74 (n 13) par 32. 14

“If, as Albertyn and Kuyler testified, no access can be gained to the plaintiff’s account via the internet through SIM card alone, then it seems to me that the defendant’s negligent omission cannot reasonably be said to be the proximate cause of the plaintiff’s loss.”

It follows, therefore, that even if one can prove that the conduct in question was wrongful, negligent and the factual cause of the plaintiff’s loss, if the conduct is not found to be the legal cause of the loss suffered by the plaintiff, liability cannot follow.75

3.1.4 Apportionment of damages

Once wrongfulness, negligence on the part of the beneficiary bank and causation have been established, contributory negligence on the part of the victim and the apportionment of damages in terms of Apportionment of Damages Act76 must also be considered. As discussed above, a fraudster cannot gain access to an internet banking account without the customer’s security details, details which are only known by the customer. Hence the bank may be able to show on a balance of probabilities that the customer was negligent as he or she compromised his or her confidential security details.

Section 1 of the Apportionment of Damages Act77 provides:

“Where any person suffers damage which is caused partly by his own fault and partly by fault of any other person, a claim in respect of that damage shall not be defeated by reason of the fault of the claimant but the damages recoverable in respect thereof shall be reduced by the court to such an extent as the court may deem just and equitable having regard to the degree in which the claimant was at fault in relation to the damage.”

Section 1 of the Act is relevant to instances where a plaintiff suffers harm partly as a consequence of his or her own fault and partly as a consequence of the fault of the defendant.78 In order to apportion liability a comparative evaluation of the parties’ respective degrees of fault and a proportionate reduction of the losses recoverable by the plaintiff are required.79

75 See also International Shipping Co (Pty) Ltd v Bentley (n 68). 76 Act 34 of 1956. 77 (n 76) 78 Van der Walt and Midgley (n 3) 240. 79 Van der Walt and Midgley (n 3) 240. 15

In the matter of Roestoff v Cliffe Dekker Hofmeyr Inc,80 the defendant was found not to have been negligent so a consideration of the contributory negligence on the part of the victim was not necessary. The court, however, did comment on the conduct of the victim. The court remarked that the victim’s failure (by his own admission) to read the security warnings on the bank’s internet banking site was negligent. The court said that the victim had disclosed his security details which are required in order to be able to access his internet banking account to the fraudster. It was thus found that the victim’s negligence had contributed to his loss.81

In light of the above, it appears that even if it is established that the beneficiary bank acted wrongfully, negligently and was the factual and legal cause of the loss suffered by the victim of phishing, as a fraudster can only gain access to a victims internet banking account by securing the confidential security details (which the bank can show is obtained from the victim), contributory negligence on the part of the victim and the apportionment of damages in terms of Apportionment of Damages Act82 will have to be considered.

There is a possibility that the negligence of the victim is greater than that of the beneficiary bank, or the possibility that the deception by the fraudster is so skilful and convincing that the victim’s negligence is minimal when compared to the beneficiary bank. The degree of apportionment that should be attributed to each party, will be determined after all the material facts of the particular case are considered.

Joint wrongdoers

Subsection 2(1) of the Apportionment of Damages Act states:83

“Where it is alleged that two or more persons are jointly or severally liable in delict to a third person (hereinafter referred to as the plaintiff) for the same damage, such persons (hereinafter referred to as joint wrongdoers) may be sued in the same action.”

80 (n 13). 81 (n 13). 82 (n 76). 83 (n 76). 16

In a phishing scam the beneficiary bank, the fraudsters themselves and possibly the account holders who sold their accounts to the fraudsters are referred to as the joint wrongdoers in terms of subsection 2(1) of the Apportionment of Damages Act. More often than not, by the time the fraud is detected the money is all gone, so the victims are left with no recourse against the perpetrators. The victims then tend to turn to the beneficiary bank or possibly to the mobile phone service provider for recourse as their solvency is greater than the perpetrator.84

For the purpose of this paper it is not necessary to consider the issues of the apportionment of damages and joint wrongdoers at length, it suffices to take note of same and the role that it may play.

3.1.5 The delictual liability of the negligent collecting bank

The first case that brought the duty of the collecting bank under the scrutiny of our courts is Indac Electronics (Pty) Ltd v Volkskas Bank Ltd.85 In concluding that there is “no reason in principle why a collecting banker should not be held liable under the extended lex Aquilia for negligence to the true owner of a cheque, provided that all the elements or requirements of Aquilian liability have been met” the court provided the following guidelines:86

. The objection of indeterminate liability is not a concern as the potential loss is finite (the face value of the cheque), the potential claimants are easily predicable and limited to the drawer or the payee and each potential claim will arise separately. . There is a constant risk that an unlawful possessor may obtain payment of the cheque with relative ease. Hence there is a need for the true owner to be protected, especially because he relies on the collecting bank to look at the named payee on the face of the cheque. . The collecting bank renders professional services. It professes to have special skill and competence in the field. It ought to appreciate the significance of the instructions on the cheque. The collecting bank should therefore be able to reduce or avoid loss to the true owner by exercising reasonable care in the collection of .

84 Hall “Something Borrowed: A sensible Definition of a Bank’s Duty in Tort to Non- Customers” 2012 BFLJ 505 506; Beukes (n 14) 55. 85 (n 8). 86 Indac Electronics (Pty) Ltd v Volkskas Bank Ltd (n 8). Malan and Pretorius “Negligence and the Collecting Bank: Liability at Last?” 1993 SA Merc LJ 206. 17

. The business of banking has changed over the years, and these changes have changed the banker-customer relationship. However the collecting bank is still the only party able to know whether the cheque is being collected by the person entitled to receive payment. . The true owner of the cheque is unable to take any steps to protect himself from the loss he will incur if the collecting bank negligently collects payment by a person not entitled to it.

Indac did not proceed to trial on the merits. Subsequently, in KwaMashu Bakery Ltd v of South Africa Ltd,87 the question whether there was a legal duty on the part of the collecting bank not to act negligently was considered for the first time in trial proceedings. The defendant brought the matter before court as a test case to prove that the duty envisaged by the court in the Indac case was too onerous.

The case concerned two cheques. On their faces they were payable to “KwaMashu Bakery Limited only”. The cheques were marked “not transferable”. The bank collected payment on these cheques for two fraudsters who had opened an account under the name of “KwaMashu Bakery Limited Soccer Club”. The plaintiff alleged that the defendant was negligent in the collection of the cheques. The defendant presented evidence which demonstrated that in light of the present one-day clearing system; current bank procedure and the volumes of cheques handled daily, it was impossible for a collecting bank to discharge the duty sought to be imposed in favour of the true owner of a cheque.

The defendant contended: a) that to impose a duty on the bank would place an undue burden on the person responsible to discharge it; b) that the costs involved would be too high; and c) that the banking system will be severely disrupted and the same-day clearance system rendered inoperable.

87 KwaMashu Bakery Ltd v Standard Bank of South Africa Ltd 1995 1 SA 377 (D). 18

The court, however, was not convinced by the evidence submitted by the defendant to depart from the finding in the Indac case. The court after hearing the evidence presented by the defendant, highlighted further considerations that supported the recognition of a duty to the owner of a lost or stolen cheque. The following considerations were noted:88

. The banking public was aware of the value of non-transferable cheques and needs the protection against the loss suffered for the negligent collection of this type of cheque. . Prior to the decision in Indac, banks developed a system of checking that the proceeds of a non-transferable cheque went to the actual payee. . There was evidence that the banks had adopted a resolution to the effect that non- transferable cheques may only be accepted for the credit of an account bearing the identical name to that of the payee named on the cheque. . The costs implications were not disproportionate to the harm guarded against. . Telephonic enquiries to the drawee bank could be avoided by minor adjustments to the computer software. . One argument is unanswerable: if there is no duty owed by a collecting banker, the banks need not bother even to look at cheques which are deposited for collection to determine whether the depositor is the named payee. . Finally in the words of the court, it offends against one’s sense of fairness and reasonableness for bankers who by statute are the only institution who are entitled to take and collect negotiable instruments and are regarded by society as professional persons and institutions competent in dealing with money matters to on the one hand procure custom by inviting the public to bank with them and representing that they will collect cheques on behalf of their customers and on the other hand saying ‘there is a risk that when we collect a cheque it may not be for the true owner but although we are aware of this risk it is going to cost us too much to guard against and therefore we are going to take no steps to protect the true owner.

88 KwaMashu Bakery Ltd v Standard Bank of South Africa Ltd (n 87). See further Malan and Pretorius (n 86) 222. 19

Thus the court found that there was a legal duty on the collecting bank to the owner of a lost or stolen cheque to prevent causing loss by negligently dealing with the cheque. This satisfied the requirement of wrongfulness.

The court however pointed out that the recognition of this legal duty did not mean that the collecting bank was automatically liable in delict. All the elements of delict have to be present in order for liability to ensue. The court then considered the element of negligence.

The court stated that the question was “what reasonable, practical and affordable measures would the reasonable prudent banker have taken in order to have prevented the harm which resulted”. The court found that a reasonable, prudent banker would first:

“not only satisfy himself of the identity of a new client but also gather sufficient information in regard to such client to enable him to establish whether the person is the person or entity he, she or it purports to be. Checks could be made on places of employment, address given, whereabouts of next of kin etc. before accepting a person as a customer. This could no way impact on the backing system or involve an unreasonable amount of time or cost”

Subsequent to the KwaMashu judgment, a number of cases were brought against collecting bankers. We will, however, for the purpose of our enquiry, only discuss the two most important judgments which specifically dealt with the bank’s duty when opening an account for a prospective customer, namely Energy Measurements (Pty) Ltd v First National Bank of South Africa Ltd89 and Columbus Joint Venture v Absa Bank Ltd.90

89 2001 3 SA 132 (W) 90 2002 (1) 90 (SCA). 20

Energy Measurements dealt with duties of the collecting bank when opening a new account for a prospective customer. The case concerned a fraudster who deposited two cheques which were payable to “Energy Measurements” into an account that he opened in the name of “Tradefast 8 (Pty) Ltd trading as Energy Measurements”. The court found that bank ought to have noticed the discrepancies in the documents that he used to open the account and this should have alerted the bank to the possibility of fraud. The court identified the following important guidelines for the imposition of the duty of care on a collecting bank when it opens a new account for a prospective customer:91

. The risk that an account may be opened for fraudulent purposes to serve as a conduit for stolen cheques is clear and recognized. Once an account has been opened, channelling a stolen cheque through such an account becomes relatively easy. . Opening an account is a necessary prerequisite to obtain payment in respect of stolen cheques which are drawn in favour of a specific payee and marked non-transferable. The absence of an account which can serve as a conduit for such cheques would make it extremely difficult to obtain the proceeds of their theft. . A bank is free to accept or decline the custom of a client and in opening an account and making the facilities of the bank available to the customer, it creates a potential risk to the public, especially to owners of cheques, if that account is later misused for fraudulent purposes. . Contrary to the time constraints under which collecting banks have to operate when they process high volumes of cheques, they do no operate under such constraints or pressure when they have to decide whether or not to open a new account. . No significant additional costs or time would be spent if care is taken in considering whether or not an account should be opened and it would clearly not impact on the banking system. . The decision whether an account should be opened presents the best opportunity to prevent fraud from being perpetrated.

91 Energy Measurements (Pty) Ltd v First National Bank of South Africa Ltd (n 89). See also Pretorius (n 93). 21

Columbus dealt with the opening of a new account for an exciting customer. This case is important because is stipulates that a bank may differentiate between the opening of an account for an existing customer and a new customer because, in respect of an existing customer:

“The pre-eminent consequence is heightened accountability, which substantially diminishes the possibility of the account being used with impunity for fraud. There exists then a significant disincentive to fraudulent use of the account, which is absent in the case of a new customer whose identity and location and other details have not been verified. It is this that bears upon the bank’s duty in opening an account”.92

3.2 Statutory background: The Financial Intelligence Centre Act (FICA)

Purpose of FICA

The purpose of FICA is to combat money laundering activities and the financing of terrorist and related activities by establishing a Financial Intelligence Centre (“FIC”) and by imposing certain duties on institutions and other persons that might be used for money-laundering activities.

A detailed analysis of the duties imposed by FICA is not necessary for the purpose of this dissertation. Therefore the discussion in respect of FICA is a general overview of the duties imposed on the bank as an accountable institution in respect of the identification of clients, the reporting of suspicious or unusual transactions and the implementation of internal rules and training of employees.

Duties and Obligations imposed by the Act

Section 21(1) of FICA prohibits an “accountable institution”, such as the bank, from establishing a business relationship or concluding a single transaction with a customer unless the accountable institution has taken the prescribed steps:

. to establish and verify the identity of the client; . if the client is acting on behalf of another person to establish and verify:

92 Columbus Joint Venture v Absa Bank Ltd (n 90) par 9. 22

- the identity of that other person; and - the client’s authority to establish the business relationship or to conclude the single transaction on behalf of that other person; and . if another person is acting on behalf of the client, to establish and verify: - the identity of that other person; and - that the person’s authority to act on behalf of the client.

If an accountable institution has established a business relationship with a client before the act came into effect, section 21(2) of FICA stipulates that the institution may not conclude a transaction in the course of that relationship unless the prescribed client identification and verification measures have been taken.

Section 21 of FICA creates the general obligation to identify a client and verify certain particulars. The Money Laundering and Terrorist Control Regulations contain detailed prescriptions in respect of the identification and verification of a client’s particulars.93 The regulations detail the information that should be obtained and verified. It further sets out the required verification procedures in respect of:

. South African citizens and residents; . Foreign nationals; . Close corporations and South African companies; . Foreign companies; . Other legal persons; . Partnerships; and . Trusts.

Section 42(1) of FICA provides that an accountable institution must formulate and implement internal rules concerning the establishment and verification of the identity of clients in terms of section 21.

93 The regulations were published under GN R1595 in GG 24176 of 20 December 2002. 23

In addition to these regulations, the FIC may issue formal guidance notes in respect of the verification of identities and other obligations under FICA.94 The FIC issued FIC Guidance Note 3 for Banks on Customer Identification and Verification95 and FIC Guidance Note 3A Guidance for Accountable Institutions on Client Identification and Verification and Related Matters. Both these notes state that they are intended to assist institutions and the relevant supervisory bodies with the practical application of certain client-identification and verification requirements of the FIC Act.

The duty to report suspicious or unusual transactions

Section 29 of FICA imposes an obligation on accountable institutions, their employees and their representatives to report suspicious or unusual transactions to the FIC. The act requires this of persons who knows or ought reasonably to have known or suspect that:

 the business has received or is about to receive the proceeds of unlawful activities or property connected to an offence related to the financing of terrorist and related activities;96  a transaction or series of transactions to which the business is a party: facilitated or may facilitate the transfer of the proceeds of unlawful activities or property connected to an offence relating to terrorist financing and related activities; has no apparent business or lawful purpose; was done for the purpose of avoiding an obligation imposed by FICA; is connected to the investigation of an evasion or attempted invasion of a duty to pay any tax, levies or duties imposed by legislation; or is connected to an offence related to financing of terrorist and related activities;97 and  the business has or is about to be used for the purpose of money laundering or to facilitate the commission of financing of terrorist or related activities.98

94 Guidance notes are published by the FIC in terms of s 4 (c) of the Act. 95 Government Gazette 27803 (18 July 2005). 96 s 29 (1) (a). 97 s 29 (b) (i) – (v). 98 s 29 (c). 24

The FIC issued Guidance note 4 On Suspicious Transaction Reporting99 which provides guidance on when reporting should become necessary under section 29. From the wording of section 29, it is clear, that the duty to report arises in two circumstances: firstly it is when the person mention in section 29 has actual knowledge of a transaction that is mentioned above; and secondly when the person does not have actual knowledge of the transaction but ought reasonably to have known or suspected that the transaction or series of transactions were unusual or suspicious.

Penalties imposed for non-compliance

The penalties imposed for non-compliance are dealt with in Chapter 4 of the act. Non- compliance with the obligations imposed by the act results in administrative and/or criminal sanctions. For the purpose of this paper, it is not necessary to unpack in detail the penalties imposed by the act.100

99 Government Gazette 30873 (14 March 2008). 100 For a detailed analysis of the penalties imposed, see Pienaar (n 34) 58. 25

4 CASE LAW

4.1 The cases

4.1.1 Peterson

The facts

A company called Ovation Services administered funds that were entrusted to it by or on behalf of investors. These funds were paid to and held by a company called Ovation Nominees as trust property on behalf of and for the benefit of the investors. The property entrusted to Ovation Nominees remained the property of the investors.

Ovation Global Investment Nominees (Pty) Ltd (“Ovation Nominees”),101 was a wholly owned subsidiary company of Ovation Services, who conducted the business of nominee company and was established for the purpose of keeping property belonging to investors separate from the assets of Ovation Services.

Ovation Nominees entered into an agreement with a financial service provider named Common Cents Portfolio Strategist (Pty) Ltd (“Common cents”) and in terms of that agreement Ovation Nominees would transfer cash amounts into a banking account designated by Common Cents and or a certain Angus Cruickshank to invest the funds in cash portfolios.

101 Ovation Nominees was a “nominee company” as defined in the Financial Institutions (Protection of Funds) Act 28 of 2001. 26

Angus Cruickshank was a sole shareholder of Cornerstone Transaction Financing (Pty) Ltd which in turn held all issued shares in Ovation Services and Common Cents. He was not employed by either Ovation Services, Ovation Nominees or Common Cents but purporting to act on behalf of Ovation Services and Common Cents caused money to be transferred by Ovation Nominees into accounts held at ABSA Bank in the name of Ovation Global and Common Cents and misappropriated a total sum of R169 199 117.81. The plaintiffs recovered the amount of R8 757 742.17. The plaintiffs acting in their capacities as curators of the Ovation companies, then instituted action against ABSA Bank and sought to recover the loss of R129 469 648.71 from ABSA Bank.

The claim

The plaintiff’s claim was founded on two grounds: firstly the plaintiffs alleged that the bank negligently opened the accounts and secondly the bank failed to maintain and monitor the accounts which caused the principals to suffer pure economic loss.

The plaintiffs alleged that the bank owed Ovation Services and Ovation Nominees a duty of care and it was therefore obliged to:

. establish and verify the identity of Ovation Services and Ovation Nominees as well as their respective head offices or principal place of business;102 . to establish that Ovation Nominees had entered into an irrevocable agreement with Ovation Services in accordance with subsection (d) of the definition of “nominee” in section of the Protection of Funds Act;103 . to establish whether Cruickshank had the necessary authority to establish the intended business relationships;104 . ensure that the account application forms were properly completed and that it was accompanied by the necessary supporting documentation;105 and

102 par 19.1. 103 par 19.2. 104 par 19.3. 105 par 19.4. 27

. peruse the application forms and the supporting documentation for the required accounts and compare them to the information in the application documentation relating to the accounts.106

It was contended by the plaintiffs that the bank had a duty to comply with the its statutory obligations in terms of FICA and to follow its own internal rules, regulations and protocols in respect of the opening of the new accounts for existing clients.107 The plaintiffs alleged that the bank was represented by its employee, a certain Mr Prinsloo who acted in the course and scope of his employment with the bank when he wrongfully and negligently opened the accounts in question.108

Firstly, the plaintiffs contended that had the bank complied with its obligations and duty of care when opening the account it would have established that Cruickshank was not authorized to open an account in the name of Ovation Global Investment Holdings and that in fact Cruickshank was not authorized to act on behalf of Ovation Nominees.109

Secondly, they contended that had the bank complied with its obligation in respect of the proper management and monitoring of the accounts it would have established that that activity on the account should have flagged internal risk procedures due to the high value and volume of the transactions. The high value and high volumes of transactions would have prompted an enquiry into Ovation Services and reporting in terms of FICA.110

Essentially the curators’ cause of action was founded on their contention that the bank owed the principals a legal duty in terms of the common law to open the accounts properly and to manage and monitor these accounts. Since they failed to do so, they breached this duty. It was contended that as a result Ovation Services and Ovation Nominees were not alerted to the fraud and was not in a position to take steps to prevent the fraud or to recover any funds that had already been misappropriated.111

106 par 19.5. 107 par 19. 108 par 17. 109 par 21. 110 par 23. 111 par 26. 28

The exception

The bank raised an exception to the plaintiffs’ particulars of claim on the following grounds:112

. that the particulars of claim lack allegations necessary to sustain a cause of action; and . that the particulars of claim were vague and embarrassing.

In respect of the objection relating to the absence of a cause of action, the defendant contended that one of the essential elements of such a claim, namely wrongfulness or the “breach of a legal duty” was not present. In support of the defendant’s contention that the particulars of claim were vague and embarrassing, the defendant contended that there was confusion as to the identity of the party to whom the alleged legal duty is owed.113 The defendant argued that it did not owe the companies or the principal the duties as alleged and therefore liability could not follow.

The application before court was one for leave to amend the particulars of claim. The bank objected to the amendment contending that even if the amendment was allowed, the particulars of claim would still be excipiable.

The judgment

The only issue the court was concerned with in the exception proceedings was whether the facts pleaded by the plaintiffs were sufficient to sustain the element of wrongfulness as a distinct requirement for a delictual claim.

It was pointed out by Makgoba J early in the judgment when he made reference to the Adminstrateur, Natal v Trust Bank case, that the legal principle regarding liability for an act or omission causing pure economic loss is a recognized and settled principle in our law, within the scope of the extended lex Aquilia.

112 par 30.1 and 30.2. 113 par 30. 29

The court considered the legal principles established in Indac Electronics (Pty) v Volkskas wherein a prima facie legal duty on the part of collecting bank was established to prevent loss to a true owner of the cheque. Makgoba acknowledged that whilst “the legal duty of a banker towards the true owner of a lost or stolen cheque is clear and settled in law…they do not provide a complete answer to the present case which relate to the opening of a bank account and subsequent failure to monitor same”.114

The court stated that the enquiry into whether a legal duty on the part of the bank exists in relation to the opening and conduct of banking accounts entails considerations of policy and a value judgment.115

The courts value judgment

The court regarded the following considerations relevant to the action before it:

 During the period in which the fraud was perpetrated the bank was under a statutory obligation in terms of FICA to report suspicious activity. The transfer of large sums of money on a frequent basis by Cruickshank amounted to improper activity. The bank therefore should have reported the transactions to the Financial Intelligence Centre and further should have made enquiries to Ovation Services and Ovation Nominees.116  Considering the high value of the transactions that frequently went in and out of the accounts, the accounts should have been handled by ABSA Corporate instead of a private/business account at the local branch level.117  The account opening application forms were not properly completed and accompanied by the necessary documentation in accordance with the bank’s policies and procedures. This according to the judge should have raised a suspicion on the part of the bank and prompted it to investigate the legitimacy of the accounts and transactions.118

114 par 38. 115 par 39. 116 par 45.1. 117 par 45.2. 118 par 45.3. 30

 In light of the prevalence of crime in South Africa, particularly money laundering, society’s notion of justice demands that a bank should not turn a blind eye to the possibility that a customer may be using an account for fraudulent purposes.119

The court stated that when considering the existence of a legal duty on the part of a bank, evidence will need to be presented in order to fully appreciate considerations of policy. The court stated that it was unable to make a finding at the stage of an exception, as the court does not have evidential or factual material to assist it to reach a decision on how great a burden the recognition of a legal duty on the party of the bank will place on banks. It was further contended that it was inappropriate to decide the issue of wrongfulness at the exception stage as such an enquiry is a factual one and therefore more suited for the trial proceedings.

4.1.2 The SARS case

Commissioner, South African Revenue Service and Another v Absa Bank120 is an important decision as it was the first time that it was suggested by our courts that there may be a further duty on the collecting bank to “monitor” the banking activities of its client.121 This case is relevant to the present discussion as it has been suggested, that apart from the opening of accounts a beneficiary bank may be liable for loss arising from phishing due to its failure to monitor the accounts. The matter was heard at exception proceedings.

119 par 45.4. 120 2003 2 SA 96 (W). 121 Lawack and Pretorius (n 5) 111. 31

The facts

A group of foreign nationals devised a fraudulent scheme by means of which they fraudulently claimed more than R48, 53 million in value added tax, input tax refunds for a number of fictitious transactions.122

Zamzar Trading (Pty) Ltd (‘Zamzar’) which was a company registered in South Africa and had a sole director, a certain Kapuya who was a Congolese national. In terms of its memorandum of association, Zamzar’s main business was general trading, importation and exportation of goods. An already existing company, Cord-Less-Fones Ltd (‘Cord-Less’) and later on in the fraudulent scheme a close corporation, Jude Electronics CC (‘Jude’), pretended to ‘supply certain high value but non-existent goods to Zamzar. Zamzar would pretend to export the non- existent goods.

The aim of the fraudulent scheme was to claim a refund of VAT, input tax in respect of the alleged supplies to Zamzar of the (non-existent) goods by Cord-Less and Jude on the grounds that Zamzar was allegedly exporting such goods and thus was entitled to zero-rate the transactions in terms of s 11 of the Value-Added Tax Act. No goods were sold and no real transactions took place and accordingly there were no supplies in respect of which VAT was paid or payable in order for VAT input tax to be reclaimed.

In order to be successful in this scheme, the fraudsters required the co-operation of the banks. Firstly they required a current account into which the moneys received from SARS could be deposited. Secondly they required “proof” in the form of documentary evidence from the bank that foreign currency had been brought into the Republic in respect of the alleged “exports”. A certain “Jacobs” who an employee of Absa Bank issued the confirmation documents knowing that the facts therein were false. A certain “Dean” and “Fourie” employees of Standard Bank assisted Zamzar to open a current account. The commissioner based on the misrepresentations of Jacobs paid large amounts of VAT payments to Zamzar. Dean and Fourie then assisted

122 (n 120) par 6 – 8. 32

Zamzar to obtain the large sums from the Zamzar account, where the cash withdrawals were made shortly after the VAT refunds. The claim

The court in this judgement clearly set out the established legal principles of delictual liability for omissions and pure economic loss. For the purposes of this dissertation, we will focus on the considerations noted by the court when it arrived at its conclusion that there was a legal duty on the part of the defendants to prevent the commissioner from suffering a loss. The plaintiffs claim against Standard Bank was founded on the following grounds:123 The plaintiffs contended that Standard Bank owed the public and the plaintiffs a duty to:

 lay down rules and/or regulations or alternatively give appropriate training to staff and various branches;  ensure that its staff abide by the laid down rules and regulations; and/or  introduce a system that prevented unlawfully acquired money from being paid out;  make enquiries as to the origins and cause of large sums of money coming into an account which is solely paid from tax refunds and which are withdrawn in large sums shortly after payment;  notice that no transactions took place in an account where tax refunds are being credited, which transactions should have occurred if the account holder was a legitimate trader;  report the fact that large sums of money that were paid by the SARS were withdrawn in cash in the circumstances of this matter to the head office or to internal audit division of the second defendant, alternatively to the inspectors of SARS  on becoming aware that very large sums were withdrawn in cash, it should have investigated Zamzar’s business activities.

123 (n 119) par 12. 33

The exception

Standard Bank raised an exception to the plaintiffs’ particulars of claim on a number of grounds, under the heading of wrongfulness and omissio the court noted the following:124

 The plaintiffs allege that Standard Bank owed the public at large and the plaintiffs specifically the duties referred to in para 29 of the particulars of claim;125  The duties that were alleged are bad in law and that Standard Bank did not or does not owe any of the listed duties to the plaintiff;  That the duty of care contended for in the particulars of claim is an impressible extension of the aquilian action to the present case for pure economic loss.  In response to the plaintiff’s allegation that Standard Bank had a duty to act positively and, inter alia, to report the matter to head office or the internal audit department or to the South African Police, Standard Bank contended that it was not burdened with that alleged duty.

The courts value judgment

The court noted the following policy considerations relating to the opening and conduct of the account, which supported the existence of a legal duty on the part of Standard Bank:

 The court noted that whilst our law adopts a conservative approach to the extension of remedies under the lex Aquillia, there is no bar to the extension of liability in novel situations. The court stated that the challenge remains to “exercise a value judgment embracing all the facts and relevant policy considerations”;126  The court stated that knowledge on its own does not create a legal duty in the case of omissions. However, considering the pleading in respect of Dean and Fourie’s knowledge that Zamzar’s account was mainly funded by VAT payments, that every VAT refund was followed by large cash withdrawals and that Zamzar’s account showed no payment movements in respect of transactions which should have reflected if

124 See (n 119) par 19 and 20. 125 See (n 119) par 12 for duties alleged. 126 (n 119) par 34. 34

Zamzar legitimately bought and sold goods,127 and that the plaintiffs acted on the fraudulent documentation provided by the bank, the legal convictions of the community favours the imposition of a legal duty on the part of the bank. The court stated that the bank’s position is akin to that of a man who knows that the neighbour’s toddler has entered his garden and is about to fall into his pool, whilst knowing that his pool net is not covering the pool and allows access to the pool by a child who he knows cannot swim;128  In respect of the issue of indeterminate liability, the court stated that this issue was not of concern in this instance as the extent of the loss was finite (limited to the aggregate of the VAT refunds) and the potential claimants were predictable (limited to the plaintiff’s);  The court further considered the argument that the bank in terms of the Proceeds of Crime Act129 was under a duty to report a suspicion.130 The court noted that the knowledge on the part of the defendant as pleaded by the plaintiffs, may place an obligation on the defendant to report to a person designated by the Minister. The court, however noted that the statutory obligation is no more than a consideration that carries some weight but does not carry the same weight as the statutory duty on the part of the policeman to prevent an attack as noted in the case of Minister van Polisie v Ewels;131  In respect of the defendants contention that the plaintiffs are in a position which was totally different from an ordinary member of society and cannot be expected to be protected by private banks or private individuals, the court stated that it was not persuaded by this argument and that the plaintiffs can be victims of fraud and are in no different position that any other private person. The court noted that it cannot be concluded that the plaintiffs were in a position of such strength that they did not deserve protection;132  The court noted that crime was highly prevalent in South Africa and therefore society’s notion of justice demands that a bank should not turn a blind eye to the possibility that a customer may be using an account for criminal purposes;

127 (n 119) par 46.1. 128 (n 119) par 46.2. 129 Act 76 of 1996. 130 (n 119) par 46.4 131 (n 34). 132 (n 119) par 45.6. 35

 In response to the argument that banker-customer relationship was marked by banking secrecy and therefore a legal duty could not be imposed on the bank, the court stated that banking secrecy was not inviolate and disclosure of confidential information in appropriate circumstances is required. The court noted that it did not consider banking secrecy to obstruct the existence of the legal duty sought to be imposed.133

The court dismissed the defendant’s exception under the heading of “wrongfulness”. The court adopted the approach in the Indac case to the issue of a legal duty. The court stated that after a consideration of all the factors, it was of the view that Standard Bank did have a legal duty to avoid causing the plaintiffs pure economic loss by negligently opening and maintaining the Zamzar bank accounts.134

4.1.3 Dynasty Furniture Manufacturing and Others v Toronto Dominion Bank

In the case of Dynasty Furniture Manufacturing and Others v Toronto Dominion Bank,135 the facts of which are closely analogous to the Peterson case, the Ontario Supreme Court was required to decide whether to impose liability on a bank for pure economic loss suffered by non-customers as result of fraud perpetrated by one of its customers.

The facts

A certain Sir Allen Stanford owned a private bank known as Stanford International Bank (“SIB”) which was domiciled in Antigua. SIB had sold high-yield certificates of deposits to investors around the world. In February 2009 it came to light that SIB was engaged in a ponzi scheme. Toronto Dominion Bank (“TD”) acted as the correspondent bank for SIB on a global basis. It maintained fourteen accounts for SIB into which investor’s funds were deposited.136 An American court issued an international freeze order and the activity of SIB came to a halt, investors reportedly suffering losses in excess of $17 million.137

133 (n 119) par 46.7. 134 (n 119) par 47. 135 Dynasty Furniture Manufacturing Ltd and Others v Toronto Dominion Bank Ltd 2010 ONSC 436. Hereafter referred to as “Dynasty Furniture”. 136 par 3. 137 Dynasty Furniture Manufacturing Ltd and Others v Toronto Dominion Bank (n 135) par 2. 36

The claim

Five Canadian Investors in SIB who realised that their prospects of recovering anything from SIB were slim, instituted action against the bank. The plaintiffs contended that a bank may be held liable to a third party for pure economic loss if the bank knows or ought to have known that its customer was engaged in fraudulent activities and fails to take action to stop such activities.138 The plaintiffs alleged that the bank was negligent on the following grounds:139

1) TD failed to investigate properly certain activities of SIB, which activities were categorized as being suspicious by the plaintiffs. The correlative of this allegation is that the bank had an obligation to investigate suspicious transactions or transactions that were indicative of fraudulent use of the banking accounts.140 2) TD failed to make the appropriate inquiries in order to establish the legitimacy of SIB’s business operations at the time of opening of the accounts. Further TB failed to ensure on an on-going basis that the bank’s facilities were not being used for fraudulent purposes. The correlative of this allegation is firstly, that the bank was obliged to investigate the legitimacy of the customer’s activities at the time that the accounts were opened, and secondly, that the bank was obliged to monitor the customer’s use of the banking facilities to ensure that it was not being used for fraudulent purposes. 141 3) TD failed to comply with its own internal policies and procedures as well as customary and/or standard banking practices.142 4) TD failed to comply with its obligations under the Proceeds of Crime Act which resulted in TD failing to detect and report the fraudulent transactions.

TD brought an application, similar to our exception procedure, to strike the plaintiff’s claim for negligence, as they contended that the plaintiff’s pleading failed to disclose a reasonable cause of action.143 The bank argued that its duty to a third party arises only when the bank has

138 Hall (n 84) 507. 139 par 22.1 – 22.2 140 par 22.1. 141 par 22.2. 142 par 23. 143 par 1. 37

actual knowledge, including wilful blindness and recklessness that its customer is engaged in fraudulent activities.144 The judgment

The court applied the two-stage Anns145 test to the facts before it and made a finding against the plaintiffs on both legs of the test. In respect of the first leg of the test the court found that a consideration of the facts of the case did not disclose reasonably foreseeable harm and proximity sufficient to establish a prima facie duty of care. The court stated that at the time of opening of the account TD could not reasonably have expected to contemplate that the plaintiffs would suffer loss except as a member of the indeterminate class of third parties who might have had dealings with SIB at that time or in the future. The court stated that there was no indication that TD knew or reasonably ought to have known that the plaintiffs would rely on any enquiries that TD would have made to SIB at that time of opening the accounts. The court further found that the internal policies and procedures of TD did not establish proximity for the purpose of the alleged duty of care and that whilst the policies had a number of purposes such as compliance with regulatory obligations, it was not aimed at protecting third parties who had dealings with customers of the bank.146

The court further came to the finding that, even if a prima facie duty of care was established under the first leg of the Anns test, the second leg of the test which entailed policy considerations would still militate against the imposition of such a duty of care.147 The court noted the following policy considerations:

1) The recognition of such a duty of care would create the possibility of indeterminate liability to an undetermined class. It was pointed out that if TD were to be held liable, then any party who conducted transactions with SIB in which money was invested would be able to hold TD liable for their losses.148

144 Hall (n 84) 508. 145 Anns and Others v London Borough of Merton 1977 2 All ER 492 (HL).

146 par 63 – 71. 147 par 72. 148 par 73. 38

2) The Canadian federal and provincial governments created a highly developed, interrelated supervisory regime which involves banking securities and insurance regulators. The responsibility for establishing rules to prevent fraud within the Canadian financial system rests with the regulatory authorities. If the alleged duty of care is recognised it would impose a significant responsibility on banks that is unnecessary in light of the existing regulatory regime. If a decision is taken to impose an obligation on banks it will effectively establish a second investigatory regime which requires deliberation by parliament.149 3) If a duty of care was recognised, in order to protect themselves, banks would be required to establish internal policies and procedures to detect fraudulent activities, an enterprise of which the bank does not have experience or competence. Further the cost of compliance would be too onerous given the volume and complexity of the transactions; so ultimately the cost will be borne by customers and shareholders of the bank.150 4) A consideration of the facts of the case reveal that the imposition of the proposed duty of care on a national bank would be ineffective in preventing fraudulent schemes perpetrated by trans-national entities, as it requires active cooperation of regulators and other governmental authorities in multiple jurisdictions. A Canadian bank is not in a position to obtain such cooperation nor does it have the extensive investigatory powers available to governmental agencies even within Canada to undertake such an investigation.151 5) The proposed duty of care would effectively transform a chartered bank into an insurer of parties, who invested in, or with, the bank’s customers.152 6) Recognition of a duty to ensure on an on-going basis that the bank’s facilities are not used for fraudulent purposes would prove to be problematic. There is no evidence that that the bank has systems in place to monitor transactions and to detect fraudulent transactions. Whilst the Proceeds of Crime Act requires banks to implement measures to detect and report transactions that are indicative of money-laundering and terrorist financing activities, there is nothing to support a contention that compliance with such

149 par 74. 150 par 75. 151 par 76. 152 par 77. 39

obligations would identify fraudulent investment schemes like the one perpetrated by SIB.153 7) It was contended that even if the duty of care imposed was limited to situations in which a bank had knowledge of the suspicious circumstances, the potential exposure to guarantor liability would still be problematic as the standard of what qualifies as “suspicious circumstances” in the context of a banking relationship cannot be determined easily. Consequently the only way in which a bank could minimize the exposure to litigation that the recognition of such a duty of care would bring, is to establish a standard of “suspicious circumstances” that is so low that even the mere possibility of fraud would be investigated which may result in a waste of time and resources.154 8) Whilst it may be true that the bank was in a position to investigate the fraud, it was not the only party that was in a position to do so. There is no reason to impose guarantor liability on a chartered bank in circumstances where it was only one of many parties, governmental and non-governmental, which was in a position to investigate the affairs of SIB.155 9) In response to the plaintiff’s contention that the obligations under the Proceeds of Crime Act may be used to establish a standard of care, the court stated that the plaintiffs did not refer to any particular provisions of the Act; it is therefore impossible to identify any particular provision dealing with the detection and reporting of transactions under the Act that could establish a meaningful standard of care.156 10) One cannot bring a private action for breach of a statutory duty. The absence of a private law remedy for a breach of an obligation imposed by the Proceeds of Crime Act is indicative of the legislature’s intention that the enforcement of the obligations imposed on banks by the statue is to be a matter of regulatory enforcement rather than private.

153 par 78. 154 par 79. 155 par 80. 156 par 86 and 88. 40

In light of the above policy considerations portions of the plaintiff’s statement of claim which alleged constructive knowledge were struck off on the basis that the facts of the case did not establish a relationship of sufficient proximity to found a duty of care. This order was upheld on appeal.157 The Appeal Court however noted:158 “…we do not find it necessary to decide whether a bank may ever be found to have a duty to a non-customer in circumstances where it does not have actual knowledge (wilful blindness or recklessness) of the fraudulent activities being conducted through an account of its customer. We will leave the question of whether such a duty exists and if so, in what circumstances, to another day.”

Subsequent applications before the court

In 2014 the plaintiffs successfully brought an application to amend its statement of claim to reintroduce allegations based on constructive knowledge.159 The court found that the amended pleading particularized the allegation based on information that was neither known nor reasonably knowable in 2009/2010. The judge also noted that the previous order did not close the door on the possibility that a duty could be owed to a non-customer, but that sufficient facts had not been pleaded to establish the grounds of the duty. In 2015 TD appealed the order of Penny J which granted the plaintiffs leave to amend its statement of claim. The court, however, refused leave to appeal from that order.160

157 2010 ONCA 514 158 (ibid) par 9. 159 2014 ONSC 4833. 160 2015 ONCA 137 41

4.1.4 Ombudsman’s approach

This issue whether a beneficiary bank owes a legal duty to a non-customer was recently the subject of a test case that was referred by the Ombudsman for Banking Services to Judge Malan for consideration. Beneficiary Bank A disputed the Ombudsman recommendation to compensate the non-customer for loss that he suffered as a result of the bank’s alleged failure to open the account properly on the basis that there was no contract between the non-customer and the beneficiary bank. Due to insufficient evidence the judge was unable to make a finding against the beneficiary bank. However one of his recommendations in the report was that the Ombudsman should recommend to its shareholders the institution of a test case to court to determine whether a duty rests on a beneficiary bank towards the victim of a phishing or other fraud to receive payments with reasonable care and what reasonable care in the circumstances entails.

Due to the confidentiality of the proceedings and the parties involved the judgement is not unpacked in this dissertation. However the arguments raised by the Ombudsman’s office and the bank together with the considerations noted by the judge are contained and evaluated in this dissertation.

4.2 Critical evaluation

Review of the Peterson judgment

The court, in Peterson, correctly noted that a claim for pure economic loss, like the matter before the court, cannot be framed within established categories of liability. Therefore a judicial value judgment of policy considerations was necessary in order to establish the element of wrongfulness.

The judgment was criticized for conflating elements of wrongfulness and negligence.161

161 Pienaar (n 34) 39. 42

It was contended by Pienaar that the court’s finding that the nature, frequency and large amounts of the transactions should have raised the bank’s suspicions prompting it to warn Ovation companies, was indicative of the foreseeability of loss.162 It was contended that these considerations were relevant to the test for negligence namely whether a reasonable person would have foreseen the loss and if so, would have taken steps to prevent it. It was further stated that only two of the considerations listed by the court were relevant to wrongfulness, namely the statutory duties imposed by FICA and the prevalence of crime in South Africa.163

In order to consider the validity of the criticism noted above, it is necessary to revisit the test for wrongfulness. It has been established in an earlier chapter that the enquiry into the question of wrongfulness may be seen from an infringement of right perspective or from the perspective of a legal duty, which requires a value judgment and policy considerations. One of the factors identified by our courts and academics which may be considered when determining whether policy is in favour of founding liability is the foreseeability of the harm and the likelihood of its occurrence.

Wrongfulness is determined by the criterion of reasonableness and conduct is regarded as wrongful or unlawful if it is unreasonable; that is, in light of the all the circumstances, the defendant is expected to behave in a manner which would not cause harm to the plaintiff. The bank in this instance, was offering a professional service; it was therefore at least expected to exercise reasonable care and skill in a manner that would not have caused harm to the plaintiffs.164 It is therefore submitted, with respect to Pienaar, that factors identified by the court were indeed policy considerations which centred on the criterion of reasonableness.

The court’s finding that the nature, large volumes and frequency of the transactions should have raised the bank’s suspicions and prompted it to warn Ovation companies was not an enquiry into negligence but one of the factors identified by our courts that can be considered when determining whether policy considerations favour the imposition of liability, which forms part of the enquiry into wrongfulness. Although FICA was not enacted to provide a

162 Ibid. 163 Ibid. 164 Malan, Pretorius and du Toit (n 2) par 214. 43

private- law remedy, banks are certainly guided by its FICA obligations as to what is deemed reasonable. In light of the unusual transactional pattern, large volumes and frequency, it would have been reasonable for the bank to flag the account and make further enquiries with the account holder and Ovation companies, especially with the prevalence of fraud in the banking environment. The court was correct in noting that it was unreasonable for the bank not to have done so in this instance.

The court was also correct in noting that the account should have been dealt with by the bank’s corporate department due to the high volumes and frequency of the transactions. The bank’s corporate department would have been in a better position to detect and report the unusual transactional patterns. This indicates that there was a gap in the bank’s internal processes. It is reasonable to have expected the bank to have measures in place that ensure accounts with frequent high volume transactions are dealt with by the department which is equipped to monitor these accounts, especially in light of its FICA obligations to report suspicious transactions.

It was further noted by the court that the incomplete application forms should have prompted the bank to make further enquiries. It is submitted that the incomplete application forms surely should have alerted the bank to the fact that its internal process and procedures were not complied with. There is reason why the bank requested the specific information detailed in the application forms. Clearly accounts should not be open unless all the required information was provided by the applicant. What would be the point of requesting the information if accounts could be opened with incomplete forms?

The legal convictions of the community, in light of the prevalence of crime in South Africa would deem it unreasonable for the bank to turn a blind eye to the possibility that its accounts are being used for fraudulent purposes. The bank is in a position to combat and detect fraud, and in instances where the bank unreasonably fails to do this, and all the other elements of delict are met, the legal convictions of the community will find it reasonable to impose liability on the bank.

44

The judgment was further criticized for failing to apply itself properly to a number of factors which would militate against the imposition of liability.165 These factors were: the identification of public policy considerations,166 contractual relational economic loss and locus standi of the plaintiffs,167 the vulnerability of the plaintiffs,168 the relationship between the parties169 and the floodgates of indeterminate loss.170

It is contended that it was not necessary for the court to consider these factors at length in this judgment. This case was decided on exception, and therefore the only issue was whether the bank’s conduct would be wrongful, in other words whether a legal duty could possibly rest on the bank. It is contended that the enquiry that was done by the court and the reasons advanced by the court were sufficient to support a finding that the bank’s actions could possibly be seen as wrongful and hence the plaintiffs may possibly have made out a case that requires the bank to answer to.

The trial court would have been tasked to do an in depth value judgment of policy considerations if the matter came under its scrutiny. As pointed out above, it was acknowledged by the judge that he was unable to make a finding at the exception stage as the court would need to hear evidence in order to decide how great a burden the recognition of a legal duty on the part of the bank would place on banks. He further pointed out that it was inappropriate to make a finding on the issue of wrongfulness at exception stage as that enquiry was a factual one that was more suited to the trial court.

Does FICA help the victim of internet banking fraud?

It was further contended by Pienaar that the court in Peterson also erred in placing reliance on the duties imposed by FICA in reaching its finding of wrongfulness, as the breach of a statutory duty does not necessary establish wrongfulness for the purpose of delictual liability.171

165 Pienaar (n 34) 40. 166 Ibid. 167 Ibid. 168 Pienaar (n 34) 45. 169 Pienaar (n 34) 50. 170 Ibid. 171 Pienaar (n 34) 60. 45

It is acknowledged that FICA was not enacted to provide private law remedies and that a breach of a statutory duty is not necessarily wrongful. In an instance where the plaintiff relies on the breach of a statutory duty, like the duty imposed by FICA, as a basis for a delictual claim it is necessary for him to prove that he has a direct interest in the matter and not one that extends to all citizens.172 Such a breach is only one of the factors to consider when deciding whether the defendant’s conduct was wrongful for the purposes of delictual liability. It is noted therefore that a breach of the provisions imposed by FICA is not necessarily wrongful for the purposes of Aquilian liability.

“A breach of a statutory duty which causes harm to a person is not prima facie wrongful for delictual purposes. Wrongfulness lies in the infringement of a prima facie right and the conduct is wrongful, not because of the breach of the statutory duty per se, but because it is reasonable in the circumstances to compensate the plaintiff for the infringement of his or her legal right.”173

Whilst it is noted that a beneficiary bank cannot be held liable in terms of FICA, it is contended that the statutory duties imposed by FICA can be used as a yardstick in practice as one of the factors to consider when determining what is reasonable in the circumstances. As already mentioned, wrongfulness is determined by the criterion of reasonableness.

172 See Patz v Green and Company 1907 TS 427 433; Olitzki Property Holdings v State Tender Board 2001 3 SA 1247 (SCA) par 12 and Steenkamp NO v The Provincial Tender Board of the Eastern Cape 2007 3 SA 121 (CC) par 38. 173 Van der Walt and Midgley (n 3) 105. 46

In respect of the issue of negligence, it has been contended that “if the collecting bank that opened a new bank account did not follow the requirements of the common law and the Financial Intelligence Centre Act 38 of 2001 it should, in principle, be visited with liability towards the former “owner” of the stolen funds.”.174 Whilst it is acknowledged that the question of whether the beneficiary bank acted negligently must be judged by common-law standards and not by statutory prescriptions which are intended for different purposes, it is submitted that a failure on the part of a beneficiary bank to follow its own internal procedures and the obligations imposed on it by FICA may be an indication of negligence. The statutory requirements provide some guidance on what is required in the circumstances when answering the question of “what reasonable, practical and affordable measures would the reasonable prudent [beneficiary bank] have taken in order to have prevented the harm which resulted to the plaintiff.”.175

It is submitted that the value judgment of policy considerations that was done by the court in the Peterson case was sufficient in establishing that the bank’s actions could possibly be seen as wrongful, which was all that was required of the court in these proceedings. It is therefore contended that the court was correct in dismissing the exception raised by the bank.

Review of the SARS case

It was contended by Pienaar that the SARS case is distinguishable from the facts of Peterson. Firstly, in the SARS case actual subjective knowledge of the fraudulent nature of the transactions in the Zamzar account was attributed to Dean and Fourie and no such allegation was brought against Prinsloo. Secondly, in the SARS case it was alleged that Dean and Fourie, due to their subjective knowledge of the fraud assisted the fraudsters in obtaining the proceeds of their fraud. This allegation was not brought against Prinsloo in the Peterson case. Thirdly, in the SARS case the Commissioner relied on the certificates received by it from the first defendant and in that reliance it was in the vulnerable position of not knowing that is was a victim of fraud. Pienaar therefore contended that the positions of the plaintiffs in the two cases were essentially different.

174 Lawack and Pretorius (n 5) 110. 175 KwaMashu Bakery Ltd v Standard Bank of South Africa Ltd (n 87). “Beneficiary Bank” was added. 47

Whilst it is acknowledged, that the facts in the SARS case differ from those of Peterson, it is contended that the policy considerations noted by the court in the SARS case are equally applicable to the Peterson case.

Review of the Dynasty judgment

It is submitted that the policy considerations deliberated by the court were relevant and important considerations. It is further submitted that the policy considerations noted by the court are equally applicable in a South African legal landscape when considering the element of wrongfulness. It is that contended many of the policy considerations noted by the court if applied to the South African context, would favour a finding of a duty on the part of the beneficiary bank. For instance, in respect of the duty that this paper seeks to impose on a beneficiary bank, indeterminate liability is not a concern as the potential loss is finite (limited to the actual amount that was stolen), the potential claimants are easily predictable (limited to the victims of internet banking fraud) and each claim will be brought separately. It was also noted by the Canadian court that as the plaintiffs did not refer to any particular provisions of the Proceeds of Crime Act, it was impossible to identify any particular provision dealing with the detection and reporting of transactions under the Act that could establish a meaningful standard of care. In the South African context, as discussed at length in an earlier chapter, the specific provisions of FICA establishes a meaningful standard of care that banks are expected to adhere to in respect of opening and monitoring of accounts, and whilst FICA does not cater for private-law remedies it does provide a yardstick as to what is reasonable.

It must be noted that the reason that the court came to the finding that it did in the initial judgment is due to the fact the plaintiffs did not plead sufficient facts to establish the basis of the legal duty that it sought. Whilst it was believed after the initial judgment that the court had closed the door on a bank’s liability for negligence in the absence of actual knowledge of fraudulent activities perpetrated on its customers account, it appears from the subsequent judgements that the door is still very much open as to whether a bank can be held liable for circumstances less then acknowledge knowledge of fraud. It is contended that the trial court after considering the new facts placed before the court and noting the policy considerations, may come to a finding that such a duty exists on the part of the bank.

48

Academic support for the analogy of the beneficiary bank to the collecting bank

There is academic support for the proposition that a beneficiary bank may be held liable for the loss suffered by a victim as a result of phishing due to its failure to open the account in accordance with its common law duty and legislative guidelines. It has been suggested by Malan, Pretorius, Du Toit and Lawack that the duty of the beneficiary bank is analogous to that of the duty of the collecting bank in the collection of cheques.176

As noted in this dissertation, there have been a number of important judgements that considered the nature and the extent of the legal duty of a bank in the opening of accounts.177 It is important to note that these judgments dealt exclusively with the duty of a collecting bank to prevent loss suffered by a true owner of a lost or stolen cheque. After a consideration of the insights and guidelines provided by our courts in establishing a legal duty on the part of the collecting bank to the owner of a lost or stolen cheque, it is submitted that these insights and guidelines can be applied to establish a similar legal duty on the part of the beneficiary bank to the victim of a fraudulent electronic fund transfer.

It is further submitted that policy considerations in the respective cases which favoured the extension of delictual liability for pure economic loss under the extended lex Aquilia on the part of the collecting bank, is relevant to the enquiry into an extension of liability in respect of the beneficiary bank.

It has been stated that in respect of transfer of funds by means of a computer transfer, point of sale electronic transfer and debit transfers “although the techniques involved in making payment with these instruments may differ from those employed when a cheque is used, their legal constructions are not necessarily different”178 It is submitted that there is merit to this statement.

176 Malan, Pretorius and du Toit (n 2) par 214 and par 211. See also Lawack and Pretorius (n 5) 110: “It is submitted that a collecting bank has a general legal duty to prevent harm (pure economic loss) as it was set out in Energy Measurements. If a collecting bank that opened a new account did not follow the requirements of the common law and the Financial Intelligence Centre Act 38 of 2001 it should, in principle, be visited with liability towards the former “owner” of the stolen funds”. 177 Indac Electronics (Pty) Ltd v Volkskas Bank Ltd (n 8); KwaMashu Bakery Ltd v Standard Bank of South Africa Ltd (n 87); Energy Measurements (Pty) Ltd v First National Bank of SA Ltd (n 89) and Columbus Joint Venture v ABSA Bank Ltd (n 90). 178 Malan and Pretorius “Credit Transfers in South African law” 2006 THRHR 594 597 49

Beukes’s contentions

Beukes contends that due to the difference between the two methods of payment, the principles established in the cheque cases to satisfy the element of wrongfulness do not apply to the opening of new accounts by beneficiary banks in the context of electronic funds transfer.179

It has been contended by Beukes that the fundamental factual consideration present in cheque cases is absent in the case of phishing.180 In cheque cases fraud can only be perpetrated if the fraudsters opened accounts under the names which more or less matched the named payees on the cheques. In order to deposit a stolen cheque, a fraudster must assume a false identity or misrepresent his entitlement to the cheque or alter the cheque or combine all of these tactics. Positive conduct on the part of the bank employee is required to credit the proceeds of the cheque to an account. Beukes states that, in contrast, as there is no physical payment instrument like in cheque cases, a beneficiary bank has no means of establishing whether the holder of the beneficiary account is entitled to payment made by means of an electronic funds transfer. It is therefore contended that the success of the fraud does not depend on the misrepresentation by the holder of the beneficiary account of his identity but on account and account information abuse.181

Beukes contends that the identity of the account holders is irrelevant, as it is unlikely that fraudsters open accounts in their own names. She states that they gain control of accounts which have been opened by someone else. She further contends that successful phishing fraud is therefore possible – and occurs – by using beneficiary accounts that have been opened in accordance with both the guidelines provided by the cheque cases and FICA. She states that it therefore cannot be said that “the decision on whether an account should be opened or not provides the best opportunity to prevent fraud from being perpetrated”.182

179 Beukes (n 14) 47. 180 Ibid. 181 Ibid. 182 Energy Measurements (Pty) Ltd v First National Bank of SA Ltd (n 89). 50

It must be noted that the issue under consideration in this dissertation is whether a beneficiary bank who failed to open an account in accordance with its common-law duty, can be held liable by a non-customer who falls victim to internet banking fraud? We are concerned with the instances where the beneficiary bank is unable to provide proof that it complied with the provisions of FICA and the principles established in the cheque cases. It is submitted that in this context, where a bank is unable to provide proof that it complied with the obligations imposed by FICA (as FICA provides a yardstick of what is deemed reasonable) or proof that it complied with the principles established in the cheque cases, the policy considerations noted in the cheque cases can be applied as the beneficiary bank in that instance is in the best position to prevent fraud from being perpetrated.

It is further contended by Beukes that even if a beneficiary bank who fails to adhere to its obligations in terms of FICA and the principles that were established in the cheque cases when opening an account, is found to have acted negligently, the question of whether its actions were wrongful will still need to be answered. She states that as phishing could occur even if the most rigorous account opening procedures were followed, it will be difficult to satisfy the element of wrongfulness.183 Whilst it is noted that phishing can occur even if the most rigorous account opening procedures were followed (especially with the new trend of fraudsters using existing bank accounts) in instances where the beneficiary bank is unable to show that it opened the account properly, it is contended that it should be met with liability. It is further contended that the Apportionment of Damages Act may become applicable in such an instance, depending on the particular facts of the matter.

183 Ibid. 51

Beukes also raises the issue of indeterminate liability. The issue of limitless liability was dealt with in the Indac case184 and the court stated that the potential loss was finite, in that it was limited to the face value of the cheque. The potential claimants could easily be predicated and limited to the drawer or the payee (or someone who holds title under him). Further each potential claim would arise separately from each other and would be related to a specific act on the part of the collecting bank. It is contended that the same argument can be applied in the present instance; the potential liability of the beneficiary bank is limited to the amount that was “stolen” from the victim’s account and there is only one potential plaintiff, namely the victim of the phishing scam. The fact that the amount could possibly amount to millions does not mean that the claim is “limitless”. There will always be some limit.

It is acknowledged that the submissions made by Beukes are noteworthy, specifically her contention that unlike cheque deposits, in respect of electronic funds transfer there in no physical document. It is acknowledged that for this reason, the analogy between a cheque deposited for collection to an electronic funds transfer cannot be taken too far.

However, it is submitted that despite the difference between the two methods of payments, the other policy considerations recognising a legal duty on a collecting bank also exists in the case of the beneficiary banks. It has been noted in this dissertation that only if an omission was wrongful, will liability follow and that this will only occur if a legal duty on the part of the defendant to act positively is established. What constitutes a legal duty depends on the legal convictions of the community. The legal convictions of the community test entails a value judgment indicative of what society deems fair and just in a particular context and at a particular time. Banks proclaim to provide a professional service to their customers. It must be noted that they are dealing with the public’s money, so the public expect the bank to act as professionals when dealing with their funds. This consideration played a pivotal role in the recognition of legal duty on the part of the collecting bank. It is contended that there is a legal duty on the part of the beneficiary bank to act positively by adhering to the provisions of FICA and the principles established in the cheque cases when it opens an account. The legal convictions of the community will deem it fair and just to impose liability on a beneficiary bank in instances where it fails to do so, especially with the prevalence of crime in South Africa.

184 (n 8). 52

Beukes further contends, in respect of legal causation, that as access to the account cannot be gained without the security details any wrongful and negligent conduct on the part of the beneficiary bank in opening the account cannot reasonably be the proximate cause of the customer’s loss.185 Legal causation, like wrongfulness is determined by policy considerations. With the prevalence of internet banking fraud, it is contended that the beneficiary bank should foresee that there is a definite risk of loss that some third party could take control of an account that has not been subjected to the provisions of the FICA. It is not necessary for the beneficiary bank to have foreseen the specific loss that the claimant suffered; it suffices for the beneficiary bank to have foreseen that should it fail to open the account properly it could cause loss in general to some third party. It is contended that for these reasons, policy considerations in respect of legal causation will favour a finding that the beneficiary bank be held accountable for the loss suffered. To what extent will once again depend on the facts of the matter. The Apportionment of Damages Act may be of assistance in loss allocation in this instance.

185 Beukes (n 14) 52.

53

5. CONCLUSION

Our law is generally reluctant to recognise claims for pure economic loss, especially where it requires an extension of the law of delict. There are valid reasons as to why claims of this nature need to be approached circumspectly. One of the main reasons is that there is the risk of “liability in an indeterminate amount for an indeterminate time to an indeterminate class”. As discussed at length in this dissertation, wrongfulness provides the necessary check on liability in these circumstances.

The court in Loureira & others v Imvula Quality Protection articulated the wrongfulness enquiry as follows:

“The wrongfulness enquiry focuses on the conduct and goes to whether the policy and legal convictions of the community, constitutionally understood, regard it as acceptable. It is based on the duty not to cause harm – indeed to respect rights – and questions the reasonableness of imposing liability.”186

Whilst it is acknowledged that the wrongfulness enquiry is important to keep liability within socially acceptable bounds, one cannot lose sight of the fact that law is a social institution that must evolve with changing circumstance, values and perceptions in the society which it serves so that it can retain its validity, legitimacy and effectiveness.187 It is contended that the policy considerations under the wrongfulness enquiry which favoured a finding of liability on the part of the collecting bank also favours a finding of liability on the part of the beneficiary bank.188

The business of banking is consistently evolving which is due to changes in technology which brings with it; opportunities for fraudsters to scam unsuspecting victims. Our law needs to evolve and keep pace with the changing face of banking. Banks are offering a professional service; they have a key role to play in the prevention and combatting of fraud. The fact that all of the big four banks currently have some sort of fraud detection system in place, is an indication that they are fully aware of the role that they can play in fraud prevention and

186 (n 65) par 53. 187 Van Aswegen “Policy consideration in the law of delict” 1993 THRHR 171 188 See the policy considerations noted by the court in Indac Electronics (Pty) Ltd v Volkskas Ltd (n 8) and KwaMashu Bakery Ltd v Standard Bank of South Africa Ltd (n 87). 54

acknowledge the legal duty that they owe not only to their customer but also to third parties when opening a bank account to ensure that it is not used for fraudulent purposes. As stated by Innes CJ in 1908:189

“There come times in the growth of every living system of law when old practice and ancient formulae must be modified in order to keep in touch with the expansion of legal ideas, and to keep pace with the requirements of changing conditions.”

The time has come for our law to acknowledge the duty that a beneficiary bank has to prevent economic loss to a non-customer in the context of internet banking fraud. The policy and legal convictions of the community do not find it acceptable for the bank to turn a blind eye to the possibility that an account can be opened for fraudulent purposes. The beneficiary bank is in the best position to ensure that an account is opened and maintained for a lawful purpose. If a bank fails to open a bank account in accordance with its own internal procedures and in accordance with the yardstick of what is deemed to reasonable as detailed in the FICA, the legal convictions of the community will deem it reasonable to impose liability on the bank for losses suffered.

189 Blower v Van Noorden 1909 TS 890 905 55

BIBLIOGRAPHY

1 Primary Sources

1.1 Legislation and Regulations

Apportionment of Damages Act 34 of 1956 Financial Intelligence Centre Act 38 of 2001 Proceeds of Crime (Money Laundering) and Terrorist Financing Act S.C. 2000 (Canada)

1.2 Case Law

1.2.1 Canada

Dynasty Furniture Manufacturing Ltd and Others v Toronto Dominion Bank Ltd 2010 ONSC 436

1.2.2 England

Anns and Others v London Borough of Merton 1977 2 All ER 492 (HL)

1.2.3 South Africa

AB Ventures Ltd v Siemens Ltd 2011 4 SA 614 (SCA) Administrateur, Natal v Trust Bank van Afrika Beperk 1979 3 SA 824 (A) Cape Town Municipality v Bukkerud 2000 3 SA 1049 (SCA) Cape Town Municipality v Clohessy 1922 4 AD Cape Empowerment Trust Ltd v Fisher Hoffman Sithole 2013 5 SA 183 (SCA) Columbus Joint Venture v ABSA Bank Ltd 2002 (1) 90 (SCA) Combrinck Chiropraktiese Kliniek (Edms) Bpk v Datsun Motor Vehicle Distributors (Pty) Ltd 1972 4 SA 185 (T) Commissioner, South African Revenue Service and Another v ABSA Bank Ltd and Another 2003 2 SA 96 (W) Coronation Brick (Pty) Ltd v Strachan Construction Co (Pty) Ltd 1982 4 SA 371 (D)

Country Cloud Trading CC v MEC, Department of Infrastructure Development 2015 1 SA (CC Energy Measurements Pty Ltd v First National Bank of SA Ltd 2001 3 SA 138(W) Fourway Haulage (Pty) Ltd v SA National Roads Agency Ltd 2009 2 SA 150 (SCA) Gilbeys Distillers and Vinters (Pty) Ltd v Absa Bank Limited 2001 JDR 0411 (C) Greenfield Engineering Works (Pty) Ltd v NKR Construction (Pty) Ltd 1978 (4) SA 901 (N) Indac Electronics (Pty) Ltd v Vokskas Bank Ltd 1992 1 SA783 (A) International Shipping Co (Pty) Ltd v Bentley 1990 1 SA680 (A) KwaMashu Bakery Ltd v Standard Bank of South Africa Ltd 1995 1 SA 377 (D) Kruger v Coetzee 1966 2 SA 428 (A) Lillicrap, Wassenaar and Partners v Pilkington Brothers (SA) (Pty) Ltd 1985 1 SA 475 (A) Loureiro and others v Imvula Quality Protection (Pty) Ltd 2014 3 SA 394 (CC) Minister of Law and Order v Kadir 1995 1 SA 303 (A) Minister van Polisie v Ewels 1975 3 SA 590 (A) Minister of Police v Skosana 1977 1 SA 31 (A). Minister of Safety and Security and Another v Carmichele 2004 (3) SA 305 (SCA) Minister of Safety and Security v Van Duivenboden 2002 6 SA 431 (SCA) Nashua Mobile (Pty) Ltd v GC Pale CC t/a Invasive Plant Solutions (Pty) Ltd 2012 1 SA 615 (GSJ) Olitzki Property Holdings v State Tender Board And Another 2001 (3) SA 1247 (SCA) Patz v Green and Company 1907 TS 427 433 Perlman v Zoutendyk 1934 CPD 151 Peterson and Another NNO v ABSA Bank Ltd 2011 5 SA 484 (GNP) Roestoff v Cliffe Dekker Hofmeyr Inc 2013 1 SA 12 (GPN) Steenkamp NO v Provincial Tender Baord Eastern Cape 2007 3 SA121 (CC) Tobacco Finance (Pvt) Ltd v Zimnat Insurance Co Ltd 1982 3 SA 55 (ZH) Telematrix (PTY) Ltd t/a Matrix Vehicle Tracking v Advertising Standards Authority SA 2006 1 SA 416 (SCA) Trustees Two Oceans Aquarium Trust v Kantey & Templer (Pty) Ltd 2006 3 SA 138 (SCA) Van Eeden v Minister of Safety and Security 2003 1 SA 389 (SCA). Zimbabwe Banking Corporation Ltd v Pyramid Motor Corporation (Pvt) Ltd 1985 4 SA 553 (ZS)

2. Secondary Sources

2.1 Books

2.1.1 South Africa

Boberg PQR The Law of Delict (1984) Malan FR, Pretorius JT and Du Toit SF Malan on Bills of Exchange, Cheques and Promissory Notes (2009) Neethling J, Potgieter JM and Visser PJ Law of Delict (7th Edition) Van Der Walt JC and Midgley JR Principles of Delict (2005)

2.2 Articles

Almahroos R “Phishing for the answer: Recent Developments in Combating Phishing” 2007 I/S: A Journal of Law and Policy for the Information Society 596 Burchell J “The odyssey of pure economic loss” 2000 Acta Juridica 99 Beukes D “Delictual liability of the beneficiary bank in an electronic fund transfer” 2015 ABLU 36 Cassim F “Addressing the spectre of phishing: are adequate measures in place to protect victims of phishing?” 2014 Comparative and International Law Journal of South Africa 401 Fagan A “Rethinking Wrongfulness in the Law of Delict” 2005 SALJ 90 Fagan A “Aquilian liability for negligently caused pure economic loss – its history and doctrinal accommodation” 2014 SALJ 288 Giannakoudi S “Internet Banking: The Digital Voyage of Banking and Money in Cyberspace” Information and Communications Technology Law Vol. 8 No3 1999 Hall GR “Something Borrowed: A Sensible Definition of a Bank’s Duty in Tort to Non- Customers” 2012 BFLJ 505 Lawack VA and Pretorius JT “The “Sale” of a Bank Account” 2015 (78) THRHR 104. Malan FR and Pretorius JT “Negligence and the Collecting Bank: Liability at Last?” 1993 SA Merc LJ 206

Malan FR and Pretorius JT “Liability of the Collecting Bank: More Clarity?” 1994 SA Merc LJ 218 Malan FR and Pretorius JT “Credit Transfers in South African law” 2006 THRHR 594 Malan FR and Pretorius JT “Credit Transfers in South African Law” 2007 THRHR 1 Pretorius JT “More Guidelines on the Negligence of the Collecting Bank” 2000 SA Merc LJ 359 Schulze WG “Countermanding an Electronic Funds Transfer: the Supreme Court of Appeal Takes a Second Bite at the Cherry” 2004 SA Merc LJ 667 Schulze WG “The Sources of South African Banking Law – A Twenty First Century Perspective (Part 1)” 2002 SA Merc LJ 438 Van Aswegen A “Policy Considerations in the Law of Delict” 1993 56 THRHR 171 Van der Bijl C “SIM-card Swapping, Mobile Phone Banking Fraud and Rica 70 of 2002” 2009 21 SA Merc LJ 159

3. Theses and Dissertations

Perlman LJ Legal and Regulatory Aspects of Mobile Financial Services (2012 LLD dissertation SA) Pienaar MH The legal duty of a bank to prevent pure economic loss to non-customers: When the conflation of wrongfulness and negligence leads to an unjust conclusion (2014 LLM dissertation UJ)

4. Website Information and Links http:www.absa.co.za https://netbank.nedsecure.co.za Financial Intelligence Centre www.fic.gov.za https://blog.sabric.co.za http://www.obssa.co.za