Edward Nathan Sonnenberg Inc v Hawarden (421/2023) [2024] ZASCA 90 (10 June 2024)

THE SUPREME COURT OF APPEAL OF SOUTH AFRICA

JUDGMENT

 

Not Reportable

Case no: 421/2023

 

In the matter between:

EDWARD NATHAN SONNENBERG INC. APPELLANT

and

JUDITH MARY HAWARDEN RESPONDENT

 

 

Neutral citation: Edward Nathan Sonnenberg Inc v Hawarden (Case no 421/23) [2024] ZASCA 90 (10 June 2024)

Coram: Ponnan, Dambuza and Goosen JJA and Tlaletsi and Dawood AJJA

 

Heard: 8 May 2024

Delivered: This judgment was handed down electronically by circulation to the parties’ representatives by email; publication on the Supreme Court of Appeal website and released to SAFLII. The time and date for hand-down is deemed to be 11h00 on 10 June 2024.

 

Summary: Delictual claim – claim for pure economic loss caused by omission – wrongfulness – risk of indeterminate liability – vulnerability to risk – plaintiff could reasonably have taken steps to protect against the risk.

 

 

ORDER

On appeal from: Gauteng Division of the High Court, Johannesburg (Mudau J, sitting as court of first instance):

1 The appeal is upheld with costs, such costs to include the costs of two counsel where so employed.

2 The order of the high court is set aside and substituted with the following order:

‘The Plaintiff’s claim is dismissed with costs, such costs to include the costs of two counsel where so employed.’

 

 

JUDGMENT

Dawood AJA (Ponnan, Dambuza and Goosen JJA and Tlaletsi AJA concurring):

 

[1] The appellant, Edward Nathan Sonnenberg Inc. (ENS), appeals against the whole judgment and order of the Gauteng Division of the High Court, Johannesburg, per Mudau J (the high court). The high court allowed the delictual claim for pure economic loss by the respondent, Ms Hawarden, in the sum of R5.5 million against ENS, based on an omission. The appeal is with the leave of the high court.

 

Background

[2] Ms Hawarden purchased a property from the Davidge Pitts Family Trust (the trust) for the sum of R6 million on 23 May 2019. Pam Golding Properties (Pty) Ltd (PGP), the estate agent mandated by the seller to market the property, sent Ms Hawarden an email on 23 May 2019 at 09h15, congratulating her on the purchase and asking her to deposit R500 000 into its trust account. The email contained a notice that warned Ms Hawarden of the ever-present risk of cybercrime, and advised her to call Mr Lukhele of the agency to verify their banking details. Further warnings pertaining to email hacking, phishing and cyber scams appeared in the attached letter containing the banking details of PGP, which was dated 6 September 2016.

 

[3] Ms Hawarden effected payment of the deposit into the trust account of PGP on 23 May 2019. Prior to doing so, she verified the banking details of PGP telephonically, with Mr Prince Lukhele of PGP, on the same day at 09h15. On 24 May 2019, PGP emailed ENS, the Trust’s appointed conveyancers, in which Ms Hawarden was copied. It confirmed receipt of the deposit and attached a copy of the signed agreement. ENS advised PGP, in response, that Ms Ambaram would attend to preparing the documentation for submission to the deeds office, to effect the transfer and registration of the property into the name of Ms Hawarden. Once again Ms Hawarden was copied.

 

[4] On 20 August 2019 at 13h24, an email was sent by Eftyhia Maninakis (Ms Maninakis), a secretary in the property division of ENS, to Ms Hawarden with an attached letter setting out the necessary guarantee requirements (actual letter containing the correct banking details of ENS). Unbeknown to both Ms Maninakis and Ms Hawarden that letter was intercepted by a cyber criminal, who had, some days prior thereto, gained access to Ms Hawarden’s email account. On 21 August 2019 at 09h02, Ms Hawarden received an email purporting to be from Ms Maninakis with email address emaninakis@ensafrica.com, inter alia setting out the guarantee requirements and furnishing Ms Hawarden with ENS’ banking details (fraudulent letter containing banking details of the fraudsters). In response to this letter, Ms Hawarden telephoned Ms Maninakis on 21 August 2019, to discuss the letter and asked whether, if the bank was unable to furnish the guarantees by 3 September 2019, she could elect to transfer the outstanding amount directly to ENS. Ms Maninakis confirmed that this could be done and stated that she would email two more documents to Ms Hawarden, namely a letter to Standard Bank with guarantee requirements and a document from FNB providing the bank account details of ENS for purposes of a direct transfer of the balance of the purchase price to ENS.

 

[5] Ms Maninakis sent to Ms Hawarden an email at 16h18 on 21 August 2019 with attachments including the guarantee requirements and the banking details of ENS on an FNB letterhead as well as a letter from FNB warning of the dangers of cyber crime and fraud. This email was not received by Ms Hawarden. Instead, later that day at 16h39, Ms Hawarden received an email from emaninakis@ensafirca.com that appeared to be a follow-up to her conversation with Ms Maninakis earlier that day. Ms Hawarden failed to notice that the word africa in Ms Maninakis’ email had been changed to afirca. She was unaware at that stage, and only subsequently learnt, that the email purporting to have issued from Ms Maninakis had been manipulated, the banking details of ENS altered and the warning letter from FNB had been removed.

 

[6] On 22 August 2019, at 09h57, Ms Hawarden sent an email to Ms Maninakis indicating that she would be going to her bank, Standard Bank, for assistance, which she did later that day. She was assigned to Ms Sinethemba Shabalala (Ms Shabalala) an employee of Standard Bank. Ms Hawarden discussed with her the option of furnishing a guarantee versus an electronic transfer to ENS. Ms Shabalala informed Ms Hawarden that it would take 14 working days to furnish a guarantee. Whilst at Standard Bank, Ms Hawarden called Ms Maninakis to discuss the issue of interest that she would earn on any deposit made into ENS’ trust account. Ms Maninakis was not available. In response to her call, she was telephoned by Mr Arshad Carrim, a senior associate in the ENS real estate department, who advised her that the interest offered by ENS was less than that offered by Standard Bank’s money market.

 

[7] Subsequently, and whilst she was still at the bank, Ms Maninakis called Ms Hawarden. Ms Hawarden confirmed that she had the emails sent to her reflecting the banking details of ENS. She subsequently effected a transfer into what she believed was the ENS bank account. She did this with the help of Ms Shabalala, using the latter’s computer. In effecting the payment, she used the banking details provided in the fraudulent email and transferred the monies into the fraudster’s FNB bank account, in the belief that she was making a payment into the banking account of ENS. She did not make telephonic contact with ENS, after making her election to pay by way of an electronic fund transfer (EFT), and prior to transferring the funds.

 

[8] Ms Hawarden thereafter on 22 August 2019 at 12h55 sent Ms Maninakis proof of payment. This email as well was intercepted and altered. Instead, at 17h57 an email purporting to have issued from Ms Hawarden was sent to Ms Maninakis enclosing proof of payment into ENS’ bank account and stating that the payment should reflect between 24 to 48 hours. This was a fraudulent email.

 

[9] Ms Hawarden was sent an email by Ms Maninakis on 23 August 2019 at 14h52, which thanked her for the deposit and attached an investment mandate that contained several warnings about business email compromise (BEC) and the precautions to be taken against BEC. Ms Hawarden had already made payment by this time, but the fraud had not yet been discovered, and this letter was not received by her on that day. She received instead an investment letter on 26 August 2019 from the fraudster in which the words ‘I will advise when the same is reflected in our trust account’ had been removed. Ms Hawarden’s money was withdrawn in the period between the payment by EFT and her becoming aware of the fraud. The beneficiary bank, namely FNB, was unable to retrieve the misappropriated funds.

 

[10] On 26 August 2019 at 11h12, Ms Maninakis received a letter purportedly from Ms Hawarden stating inter alia that the monies had not left the account and required authorisation, which she was going to go to the bank to sort out. This letter was not sent by Ms Hawarden but by the fraudster. On 26 August 2019 at 13h27, an email was sent by Ms Hawarden to Ms Maninakis using the @afirca email address with the signed mandate letter which was also not received by Ms Maninakis.

 

[11] On 28 August 2019 at 12h38, Ms Maninakis sent an email to Ms Hawarden advising that ENS has not received payment. Ms Maninakis received an email on 28 August 2019 at 16h26 purportedly from Ms Hawarden claiming that the previous transfer had been returned to her account and that she would have to redo the transfer. This was also a fraudulent email designed to delay the detection of the fraud and allow sufficient time for the withdrawal of the funds. The fraud was only discovered on 29 August 2019.

 

Pleadings

[12] Ms Hawarden instituted action against ENS for the recovery of the R5.5 million. She claimed inter alia that ENS and its authorised employees or representatives, who interacted with her during August 2019 in regard to the property transaction, owed her a legal duty to:

(a) Exercise that degree of skill and care by a reasonable conveyancer, who specialised in the preparation of deeds documents, to advise her that it was safer to secure the balance of the purchase price by way of a bank guarantee issued in favour of the seller in accordance with the offer to purchase. Ms Hawarden also pleaded that ENS had a legal duty to warn her of the danger of BEC and the increase in BEC type fraud.

(b) Alert Ms Hawarden to the fact that criminal syndicates may attempt to induce her to make payments due to ENS into bank accounts, which do not belong to the firm and are controlled by criminals.

(c) Advise Ms Hawarden that these frauds are typically perpetrated using emails or letters that appear to be materially identical to letters or emails that may be received by her from ENS.

(d) Warn Ms Hawarden to take proper care in checking that any email received in connection with the transaction indeed emanated from ENS.

(e) Warn Ms Hawarden, before making any payments to ENS, to ensure that she verified that the account into which payment will be made is a legitimate bank account of ENS.

(f) Advise Ms Hawarden that if she was not certain about the correctness of the bank account, she may contact ENS and request to speak to the person attending to her matter, who will assist in confirming the correct bank details.

(g) Refrain from using email as a means of communicating banking details in instances where banking transactions of high value were to be performed, and rather use the easily available services of hand delivery of the relevant documents.

(h) Implement adequate security measures such as password protection of emails and or attachments thereto.

(i) Load the ENS Trust account as a public beneficiary in the FNB and Standard Bank online banking systems, so that the bank account does not require transmission by the medium of an unprotected and unsafe form of communication.

(j) Use secure portals where users need to log in by means of two or multi-factor authentication for access, thus avoiding transmission of sensitive information by way of email.

 

[13] Ms Hawarden pleaded further that the reasonableness of imposing a legal duty on ENS and to hold it liable for the damages suffered by her in breach thereof is supported by the following considerations of public and legal policy in accordance with constitutional norms. That ENS is a large sophisticated firm of attorneys compared to Ms Hawarden, who is an elderly divorced pensioner without the knowledge, experience or resources to protect herself against sophisticated cybercrime of which she had no knowledge or experience. BEC has gained notoriety and is well known amongst members of the legal fraternity, ENS would or should have been fully aware of and taken practical steps to minimise the risk of BEC and protect its clients and others like Ms Hawarden when exposed to the risk of BEC, especially where banking transactions of high value are involved.

 

[14] ENS pleaded that: the seller had appointed ENS to effect registration and transfer of the property; and, the balance of the purchase price had to be paid to the seller’s conveyancing attorneys by a bank guarantee in favour of the seller or other acceptable undertaking. It denied further knowledge of the allegations and averred that if correspondence that had been sent or received was fraudulently intercepted, altered and forwarded to Ms Hawarden, then unbeknown to it a hacker had gained access to Ms Hawarden’s email account and interposed himself or herself between Ms Hawarden and those to whom she sent and from whom she received email messages, thereby altering her incoming and outgoing messages and their attachments.

 

[15] ENS specifically denied that Ms Maninakis or Mr Carrim had a legal duty to advise Ms Hawarden on the payment, which she made from and with the help of her own bank. ENS denied that its conduct was either wrongful or negligent and in the alternative pleaded contributory negligence.

 

Issue for determination

[16] It is not necessary to consider all of the requirements (that had been placed in issue by ENS) for Ms Hawarden to succeed in her delictual claim against ENS. I shall confine myself to whether or not Ms Hawarden has in particular established the wrongfulness element for a delictual claim arising out of an omission causing pure economic loss.

 

Wrongfulness

[17] Ms Hawarden’s claim was one for pure economic loss caused by an alleged wrongful omission. In Home Talk, it was stated that:

‘The first principle of the law of delict, as Harms JA pointed out in Telematrix, is that everyone has to bear the loss that he or she suffers. And, in contrast to instances of physical harm, conduct causing pure economic loss is not prima facie wrongful. Accordingly, a plaintiff suing for the recovery of pure economic loss, is in no position to rely on an inference of wrongfulness flowing from an allegation of physical damage to property (or injury to person), because “the negligent causation of pure economic loss is prima facie not wrongful in the delictual sense and does not give rise to liability for damages unless policy considerations require that the plaintiff should be recompensed by the defendant for the loss suffered”.’ ¹

 

[18] This principle was further emphasised in Halomisa Investment Holdings: ²

‘. . . As a general rule our law does not allow for the recovery of pure economic loss. In Country Cloud Trading CC v MEC, Department of Infrastructure Development, the Constitutional Court said the following:

“. . . There is no general right not to be caused pure economic loss. So our law is generally reluctant to recognise pure economic loss claims, especially where it would constitute an extension of the law of delict . . .”

Wrongfulness is an element of delictual liability. The test for wrongfulness was set out in Le Roux and Others v Dey as follows:

“[I]n the context of the law of delict: (a) the criterion of wrongfulness ultimately depends on a judicial determination of whether – assuming all the other elements of delictual liability to be present – it would be reasonable to impose liability on a defendant for the damages flowing from specific conduct; and (b) the judicial determination of that reasonableness would in turn depend on considerations of public and legal policy and in accordance with constitutional norms.

The test for wrongfulness should not be confused with the fault requirement. The test assumes that the defendant acted negligently or wilfully and asks whether, in the light thereof, liability should follow”.’ (Citations omitted).

 

[19] These principles apply to Ms Hawarden’s claim. Our law does not generally hold persons liable in delict for loss caused to others by omission. . In Hawekwa,³ Brand JA stated as follows:

‘The principle regarding wrongful omissions have been formulated by this court on a number of occasions in the recent past. These principles proceed from the premise that negligent conduct which manifests itself in the form of a positive act causing physical harm to the property or person of another is prima facie wrongful. By contrast, negligent conduct in the form of an omission is not regarded as prima facie wrongful. Its wrongfulness depends on the existence of a legal duty. The imposition of this legal duty is a matter for judicial determination, involving criteria of public and legal policy consistent with constitutional norms.

In the result, a negligent omission causing loss will only be regarded as wrongful and therefore actionable if public or legal policy considerations require that such omissions, if negligent, should attract legal liability for the resulting damages.. . .’ (Citations omitted).

 

[20] The issue of wrongfulness in this matter needs to be considered having regard to the following: That Ms Hawarden was not a client of ENS at the relevant time and there was no contractual relationship between Ms Hawarden and ENS. Her loss occurred at a time when there was no attorney-client relationship between them. Ms Hawarden suffered loss, not as a result of any filing in the ENS system, but because hackers had infiltrated her email account and fraudulently diverted her payment meant for ENS into their own account. The interference that caused the loss was as a result of her email account having been compromised. Ms Hawarden had been warned in the PGP letter about this very risk. In that instance she heeded the warning and verified the account details. She, however, failed to do so three months later in respect of ENS and was unable to explain her failure in that regard. It would have been fairly easy for Ms Hawarden to have avoided the risk of which PGP had warned her. As she did with Mr Lukhele of PGP earlier, she could have verified ENS’ bank account details with either Ms Maninakis or Carrim, when she spoke to them whilst at the bank. Both of them would no doubt have taken comfort from the fact that she was at her bank (Ms Hawarden banked at that very branch of Standard Bank) and in professional hands. It was open to Ms Hawarden, who had enlisted the assistance of Ms Shabalala, to assist her in verifying ENS’ bank details. She could not explain why she did not do so. Ms Hawarden thus had ample means to protect herself. Moreover, any warning by ENS of the risk of BEC would have been meaningless, in the circumstances of this case, because by that time the cyber criminal was already embedded in Ms Hawarden’s email account, consequently the risk had already materialised.

 

[21] In this case, a finding that ENS’ failure to warn Ms Hawarden attracts liability would have profound implications not just for the attorneys’ profession, but all creditors who send their bank details by email to their debtors. The ratio of the high court judgment that all creditors in the position of ENS owe a legal duty to their debtors to protect them from the possibility of their accounts being hacked is untenable. The effect of the judgment of the high court is to require creditors to protect their debtors against the risk of interception of their payments. The high court should have declined to extend liability in this case because of the real danger of indeterminate liability.

 

[22] In Country Cloud,⁴ the Constitutional Court recognised the risk of indeterminate liability as the main policy consideration that militates against the recognition and liability for pure economic loss:

'In addition, if claims for pure economic loss are too-freely recognised, there is the risk of "liability in an indeterminate amount for an indeterminate time to an indeterminate class."

Pure economic losses, unlike losses resulting from physical harm to the person or property – “are not subject to the law of physics and can spread widely and unpredictably, for example, where people react to incorrect information in a news report, or where the malfunction of an electricity network causes shut-downs, expenses and losses of profits to businesses that depend on electricity”.’

 

[23] In Country Cloud,⁵ the Constitutional Court identified ‘vulnerability to risk’ as an important criterion for the determination of wrongfulness in claims for pure economic loss. It held:

'It is settled that where a plaintiff has taken, or could reasonably have taken, steps to protect itself from or to avoid loss suffered, this is an important factor counting against a finding of wrongfulness in pure economic loss cases. In these circumstances, the plaintiff is not “vulnerable to risk” and, so it is reasoned, there is no pressing need for the law of delict to step in to protect the plaintiff against loss.'

 

[24] In Cape Empowerment Trust,⁶ Brand JA held:

'…What is now well established in our law is that a finding of non-vulnerability on the part of the plaintiff is an important indicator against the imposition of delictual liability on the defendant...In many cases there will be no sound reason for imposing a duty on the defendant to protect the plaintiff from economic loss where it was reasonably open to the plaintiff to take steps to protect itself. The vulnerability of the plaintiff to harm from the defendant's conduct is therefore ordinarily a prerequisite to imposing a duty. If the plaintiff has taken or could have taken steps to protect itself from the defendant’s conduct and was not induced by the defendant's conduct from taking such steps, there is no reason why the law should step in and impose a duty on the defendant to protect the plaintiff from the risk of pure economic loss.'

 

[25] The court held in Two Oceans,⁷ that the criteria of vulnerability to risk will ordinarily only be satisfied 'where the plaintiff could not reasonably have avoided the risk by other means. . . '. It is evident in this case that Ms Hawarden could reasonably have avoided the risk by either asking Mr Carrim or Ms Maninakis to verify the account details of ENS. Ms Hawarden had previously been made aware by PGP of the need to verify banking details and the risks of BEC fraud. She could also have had her bank verify the banking details of ENS. She enlisted the help of her bank to make the payment. She did so at the desk and on the computer of Ms Shabalala. It would have been easy in those circumstances to have had her assist in verifying the bank details of ENS. There was thus more than sufficient protection available to Ms Hawarden.

 

[26] In all of this, sight must not be lost as well of the fact that after weighing up her options she elected, whilst at the bank, to forego a bank guarantee for a cash transfer. As she had ample means available to her, she must in the circumstances take responsibility for her failure to protect herself against a known risk. There can thus be no reason to shift responsibility for her loss to ENS. It follows that Ms Hawarden ought to have failed before the high court. Consequently, the appeal must succeed.

 

[27] In the circumstances the following order is made:

1 The appeal is upheld with costs, such costs to include the costs of two counsel where so employed.

2 The order of the high court is set aside and substituted with the following order:

‘The Plaintiff’s claim is dismissed with costs, such costs to include the costs of two counsel where so employed.’

 

 

 

 

________________________

F B A DAWOOD

ACTING JUDGE OF APPEAL

 

 

 

 

Appearances

 

For appellant: W Trengove SC (with R Ismail)

Instructed by: Clyde & Co, Johannesburg

Mayet & Associates, Bloemfontein.

 

For respondent: C.H.J Badenhorst SC (with M.D Williams)

Instructed by: Werksmans Inc, Johannesburg

Matsepes Inc, Bloemfontein.