Scamming vulnerable and unsuspecting victims seems to be a lucrative, and ever growing, side-hustle for many dubious characters across the globe. A victim is enticed to pay funds into the fraudster’s bank account, who disappears effortlessly, leaving only a digital footprint of sorts. Is there a way to hold the bank liable where the fraudster had a bank account which was used to commit the fraud?
In terms of the Financial Intelligence Centre Act, 38 of 2001 (FICA), all accountable institutions, which include banks, are obliged to establish and verify the identity of their account holders. Furthermore, accountable institutions are obliged to report any unusual or suspicious transactions to the Financial Intelligence Centre. An interesting question is then, if a criminal opens a bank account and uses it to defraud a victim, can the victim hold the bank liable if the bank failed to comply with FICA?
In the matter of Ross and Another v Nedbank Limited (10029/2020) [2024] ZAGPJHC 1146 the High Court of Johannesburg found that the bank was not liable for the damages suffered by the victim in such an instance.
The victim in this instance bought an immovable property and erroneously paid the purchase price into the fraudster’s bank account after the fraudster sent an email with the wrong banking details. The fraudster withdrew the money from the account and disappeared after the victim deposited the funds. The victim, seeking recovery of his damages, sued the bank.
The victim argued that since the bank has a statutory duty to comply with FICA, it likewise owes a legal duty to the public to comply with FICA. Consequently, the bank’s failure to properly monitor the fraudster’s bank account as required by FICA, also meant that the bank failed to meet the legal duty owed towards the general public. The victim argued that the bank should be liable for the resulting damages suffered by him. The court did not agree with the victim’s argument.
The court held that, the existence of a statutory duty to do something, in this case the bank’s statutory duty to monitor the transactions of its client, does not automatically create a similar legal duty in favor of the public. As such and even if it was accepted that the bank failed to comply with its FICA obligations, it did not automatically mean that the bank likewise failed to comply with a legal duty owed towards the general public.
If the court found that such a legal duty did indeed exist, it would have opened the door to all fraud victims to recover damages from a bank, in cases where the proceeds of fraud were paid into a bank account at some stage. Such a decision would clearly lead to indeterminate liability.
The court reiterated the duty of the public to ensure that the correct bank details are used when making a payment. There are more and more similar judgements that underline the role of the public in preventing cyberfraud.
If you fall victim to cyberfraud, we would advise that you consult your attorney to determine who is liable for the damages you suffered as a result thereof.
Janus Olivier
