Cybercrime has been prevalent in the legal profession, more especially in the conveyancing field where property is bought and sold. In the conveyancing field, common practice dictates that the price of property is paid by the purchaser into the transfer attorneys trust account, pending the transfer of the property. The aforementioned is done in order to curtail instances in which monies are paid to the seller of the property prior to registration of the property being effected as a financial risk issue may present itself, in the event that the transfer of the property fails or falls flat.

In a notice issued by the Law Society of South Africa, titled “Cybercrime: Business eMail Compromises”, Business email compromises are described as a form of cybercrime where electronic communications are accessed, monitored and appropriated and replaced with emails that are similar to emails that may be expected by the recipient. These emails are ultimately aimed at deceiving the recipient into accepting the trustworthiness and integrity of the email and acting thereon.

A recent judgment in the High Court held that an attorney was liable to their client for monies they had erroneously paid to an unknown third party as a result of falling victim to fraud and cybercrime. This article aims to explore cybercrime in the field of conveyancing through the backdrop of a recent High Court judgment, together with tips on how it can be safeguarded against. 

Fourie v Van der Spuy and De Jongh Inc. and Others – facts and the legal issue

The High Court case of Fourie v Van der Spuy and De Jongh Inc. and Others involves a property transaction wherein which the seller of a property was prejudiced by the transfer attorney due to the transfer attorney having made an erroneous payment of the proceeds of the purchase price of the property, to an unknown third party and fell victim to the plight cybercrime. The transfer attorney rendered professional services to the seller of the property and was instructed to retain monies in their trust account up until such a time that the seller gave the transfer attorney instructions on what to do with the monies. The issue that was to be decided by the honourable court was who should take the knock between the client or the attorney in relation to the loss suffered by the client. 

The court held that the transfer attorney was negligent and failed to exercise the requisite skill, knowledge and diligence expected of an average practicing attorney and thus failed to discharge the fiduciary duty owed to the client by transacting via email whilst being fully aware that fraud is prevalent in the legal profession and despite that being so, not employing any measures to ensure that neither they nor the client fall victim to the plague of fraud and cybercrime.

The court further held that the transfer attorney’s defence that fraud occurred is no defence in law and that it would not release the transfer attorney from paying client their monies, due to the principal agent relationship being in existence. Due to the transfer attorney being the principal in the relationship, the transfer attorney had an obligation to account to the client for the funds and had failed to discharge those obligations and was contractually liable to do so by virtue of there being a mandate in place. 

The plight of cybercrime

The aforementioned judgment encapsulates the plight that legal practitioners face in the legal profession as a result of fraud and cybercrime. The above topic is not however, a novel issue that has arisen as it has and continues to be widely warned against in the legal profession. On 14 October 2019, the Legal Practice Council issued a Notice, warning legal practitioners against the increasing levels of cybercrime and further reiterating the fact that cybercrime is not covered by the cover provided by the Legal Practitioners Indemnity Insurance Fund. In effect and in the absence of a legal practitioner having taken out insurance cover for cyber theft, a legal practitioner together with the firm in question will be held to be duly and severally liable for any monies that the said  legal practitioner or firm cannot account to their client for. It is common cause that most legal practitioners are not IT gurus, therefore, the question seeps into one’s mind as to – what can a firm and/or legal practitioner do in order to avoid falling victim to the plight of cybercrime and fraud.

Key tips to avoid cybercrime

Due to the prevalence of cybercrime, it is pertinently important to employ measures to safeguard against cybercrime as it can be detrimental to a legal practitioner’s business, as per the previously discussed judgment. 

As per a notice issued by the then Law Society of South Africa (now the Legal Practitioners Council) dated 10 September 2019, some key tips to safeguard against fraud and cybercrime are as follows:

1. Take out cyber theft insurance: although it may seem as if cybercrime is an issue that may not affect you and your business, the prevalence thereof is increasing and, in the absence thereof, your business is open to a financial risk in the event that it does occur;
2. Ensure payment security is effective: this would entail verifying emails in conjunction with banking details, using emails in conjunction with telephone call verification and employing multi-verification mechanisms;
3. Employ contingency plans in the event of cyber breach: examples of these include insurance, mitigation as well as a communication policy;
4. Ensuring a proper back-up facility or software; and
5. Ensuring that all staff are responsible that ICT resources are secure. 
    

Although the abovementioned is not an exhaustive list, other practical implementations would be those that seem obvious such as having the adequate security such as a firewall and up-to-date anti-virus programs.

Conclusion

It is without a doubt that cybercrime cannot be avoided in the legal profession, more so in the field of conveyancing but it is paramount importance that legal practitioners and firms employ various safeguards to protect their business from financial risk and falling victim to fraud and cybercrime.

Written by Ade Nyongo, Professional Assistant, Attorney, Schoeman Law