Insurance Informer: Business Email Compromise & Contractual Obligations

​​​​​In the recent case of Gerber,1 the High Court found that the defendant was liable for the losses suffered by the plaintiff when hackers deceived the defendant into making various payments from the plaintiff's account.

In terms of an agreement between the parties, the defendant managed the plaintiff's share portfolio on a discretionary basis. In October 2019, the defendant received an email, ostensibly from the plaintiff, requesting the liquidation and payment of ZAR 250 000 of his portfolio. The plaintiff indicated that his banking details (which had remained the same for 10+ years) had changed from Nedbank to FNB.

As part of the defendant's verification processes, it requested its Bank Verification Panel to verify the plaintiff's new account so that payment could be made. The verification report stated that (i) the identity details attached to the account did not match the client details; (ii) the account was not more than three months old; and (iii) neither the phone number nor email address attached to the account was valid.

Despite these red flags, the plaintiff's new account details were loaded onto the defendant's system. Payments were made by the defendant to the "plaintiff" on several occasions. It was only realised later that the parties had been conned.

A subsequent investigation by the plaintiff revealed that the plaintiff’s email account had been hacked and a rule had been created to divert the fraudulent emails to a separate folder on the plaintiff's email so that it remained hidden until it was too late.

The defendant argued, inter alia, that since the fraud resulted from the hacking of the plaintiff’s system and not the defendant’s, the plaintiff should bear the loss. In deciding against the defendant, the court held that the proximate cause of the loss was not the hacking, it was the failure to apply the necessary and contractually-prescribed vigilance when monies held in trust had to be paid into a different account.

In deciding that the defendant was liable for the losses suffered by the plaintiff, the court held that "the contractual obligation of the defendant to the plaintiff was to have and effectively employ the resources, procedures and appropriate technological systems that can reasonably be expected to eliminate as far as reasonably possible, the risk that the clients will suffer financial loss through theft or fraud". In this case, the plaintiff had failed to fulfil its obligation.

This case has reiterated the position in our law that the party making the payment bears the risk of ensuring that payment is made into the correct account.

1 Jan Jacobus Gerber // PSG Wealth Financial Planning​ (Pty) Ltd [2023] ZAGPJHC 270.


These materials are provided for general information purposes only and do not constitute legal or other professional advice. While every effort is made to update the information regularly and to offer the most current, correct and accurate information, we accept no liability or responsibility whatsoever if any information is, for whatever reason, incorrect, inaccurate or dated. We accept no responsibility for any loss or damage, whether direct, indirect or consequential, which may arise from access to or reliance on the information contained herein.

© Copyright Webber Wentzel. All Rights reserved.

Webber Wentzel > News > Insurance Informer: Business Email Compromise & Contractual Obligations
Johannesburg +27 (0) 11 530 5000
Cape Town +27 (0) 21 431 7000
Validating email against database, please wait...
Validating email: please wait...
Email verified: Please click the confirmation link sent to your mailbox, also check junk/spam folder. If you no longer have access to this email address or haven't received the verification email then email
Email verified: You are being redirected to manage your subscription
Email could not be verified: Please wait while you are redirected to the Subscription Form
Unanticipated error: Saving your CRM information Subscription Form