What's Happening?

Facebook Twitter Youtube Linkedin

NEED HELP? QUESTIONS@FIA.ORG.ZA

become A FIA member TODAY
member login

Cybercrime in the South African legal fraternity

ARTICLE BY

  • Aon

SHARE THIS POST

Hack attacks, ransom threats and theft of money through fraudulent transactions are all becoming a stark reality for legal professionals and law firms around the world.

According to the South African Banking Risk Information Centre (SABRIC), South Africa currently has the third-highest number of cybercrime victims worldwide – with the country losing on average R2.2bn a year to cyber-attacks. 

Samantha Varela, a Legal Risk Advisor at Aon South Africa says that conveyancing attorneys specifically are in the sights of cyber criminals and bearing the brunt of the bulk of cyberattacks.  The Attorneys Insurance Indemnity Fund (AIIF) now known as the Legal Practitioners’ Fidelity Fund (LPFF), has been notified of at least 110 cyber-scam related claims worth over R70 million since 1 July 2016.

“In a recent case, the sellers of a property approached the court for an order that the conveyancing firm be held liable for their losses after they fell victim to a cyber scam in which they had apparently instructed their conveyancers via email to transfer the proceeds from the sale of their property to a different account.  It turned out to be a fraudulent account and the sellers lost R268 348.

“The case was dismissed, with the judge stating that despite the fact that the conveyancers did not pay the money into the sellers’ account, their failure to do so was not due to their negligence.  From this case, we can clearly see that the allegation of negligence based on a cyberattack is incredibly difficult to prove, and leaves all parties severely compromised,” notes Varela.  

Determining professional negligence

Taking this into account it is important to establish how professional negligence in the context of a cyberattack is determined.  “The test for negligence in South African courts is clear:  the court will weigh up the conduct of the reasonable professional, to that of a similarly qualified professional, with a similar set of skills, qualifications and qualities,” explains Varela. 

Very often it is not the lack of legal knowledge that leads to professional negligence claims in the legal fraternity, but rather non-adherence to basic office management protocols and good governance processes. The main reasons for claims attributed to a lack of supervision can be as a result of:

  • Lack of a diary system
  • Lack of internal controls
  • Failure to adhere to office procedures
  • Taking on matters where experience is lacking
  • Failure to obtain proper instructions

“If these issues are addressed and processes and procedures designed around them, one can begin to manage the implications that they may have on the business,” says Varela. 

Insurance implications

“When it comes to cybercrime, there are many misconceptions around the insurability of these types of risks. Cybercrime is a very complex risk from an insurance perspective, simply because there are so many permeations of it,” adds Varela. 

Following are a few examples of cybercrime impacting the legal field:

  • Privacy or network security breach
  • Funds transfer fraud
  • Theft of funds held in escrow
  • Corporate identity theft
  • Telephone hacking
  • Push payment fraud
  • Unauthorised use of computer resources

The Legal Practitioners’ Fidelity Fund (LPFF), provides professional indemnity insurance cover to legal professionals practicing in South Africa.  This policy does not, however, cover claims related to:

  • Any liability for compensation arising out of or in connection with the insured’s trading debts;
  • Misappropriation or unauthorised borrowing of trust money or property by the insured or

employee or agent of the insured;

  • A risk which is insured or could more appropriately have been insured under any other valid and collectible insurance available to the insured.

“Cyber liability insurance is intended to cover the costs, expenses and liability associated with the prevention of access to data or theft of data when the insured’s computer system is breached. The policy will not, however, cover the actual theft of money in your care, custody and control,” explains Varela. 

A Commercial crime policy, on the other hand is needed to provide cover for the theft of money or property which is in the care, custody and control of the insured as a result of:

  • Theft by an employee
  • Fraud committed by an employee
  • Third-party computer fraud (not by an employee)

“Finding an insurance solution that addresses, at least in part, the myriad of threats faced by the legal fraternity from a cyber event is a task best undertaken with a specialist broker by your side.  It is paramount to take special note of exclusions and to have a clear understanding of what cover is provided by different insurance policies, as you are likely to need a combination of solutions that are able to address your specific risk exposures,” urges Varela.

Risk management

A comprehensive insurance schedule also needs to be underscored by a comprehensive risk management programme.  In most instances it’s a case of implementing practices and procedures that will raise awareness of various schemes such as avoiding clicking on e-mail or hyperlinks from unverified sources, in addition to providing adequate supervision and monitoring of staff across the board.  With the proper checks and balances in place, a legal professional can verify a change in banking details or any other fundamental aspects of a matter. 

 

In conclusion, ensuring that a legal professional is aware of and understands the implications of cyber and commercial liability,  having stringent risk management procedures in place, making sure that a professional has a well-informed specialist broker by their side and staying abreast of the unfortunate trends facing their industry will go a long way in addressing the far reaching implications of cybercrime. 

Subscriber Terms and Conditions

  1. APPLICATION OF TERMS
    • These terms and conditions (“Subscriber Terms”) apply to the subscription by any qualifying member of the South African Underwriting Managers Association NPC (“SAUMA”) to the services and benefits offered by FIA Services (Pty) Ltd (“FIA Services”) under the SAUMA affiliation arrangement (“Subscription”).

  2. NATURE OF SUBSCRIPTION
    • A Subscription under this arrangement:
      • does not constitute membership of FIA NPC;
      • does not confer any voting rights or governance participation in FIA NPC; and
      • is governed solely by the contractual relationship between the Subscriber and FIA Services.

  1. ELIGIBILITY
    • To qualify for the Subscription, the applicant must, at the time of application, be a current paid-up member of SAUMA.
    • FIA Services will verify the applicant’s SAUMA membership status with SAUMA prior to activation, and may re-verify such status periodically.
    • If a Subscriber ceases to be a paid-up member of SAUMA, the Subscription will correspondingly be terminated.
    • Applicants are required to authorise FIA Services to confirm their SAUMA membership status with SAUMA as part of the application process.

  1. SERVICES
    • The Subscription entitles the Subscriber to the following benefits:
      • Complimentary access to the FIA CPD Platform;
      • Complimentary access to the FIA Insight Magazine (digital edition);
      • Advertising opportunities on FIA platforms at a discounted rate of 15% (fifteen percent) off the prevailing published rates; and
      • Invitations to attend FIA Technical Webinars annually.
    • FIA Services reserves the right to update, vary or substitute the Services from time to time, provided that the overall value and nature of the benefits remain materially the same.

  1. FEES AND PAYMENT
    • The monthly subscription fee is R260.00 (two hundred and sixty rand) for up to seven registered individuals (Key Individuals and Representatives), and R36.00 (thirty-six rand) per additional registered individual thereafter, excluding VAT.
    • The Subscriber shall provide FIA Services with the required details of each individual to be registered under the Subscription for the purposes of activation and billing.
    • All fees are exclusive of VAT, which shall be charged at the prevailing statutory rate.
    • Subscription fees are reviewed annually in March and may be adjusted with effect from 1 April.
    • Any changes to the Subscription, including but not limited to the number of Representatives and Key Individuals registered under the Subscription, may only be effected once annually during the annual review period in March of each year, with such changes taking effect from 1 April.
    • Subscription fees shall be billed monthly in arrears, unless the Subscriber elects an annual billing cycle at the time of application.
    • The Subscriber shall ensure that all billing information (including contact details, authorised signatories and bank account details) is kept accurate and up to date.
    • Non-payment of subscription fees may result in suspension of access to the Services until such fees are brought up to date.
    • The Subscriber acknowledges and agrees that all subscription fees payable under these Subscriber Terms may be collected by way of debit order, which shall be processed by the holding company, FIA NPC (The Financial Intermediary Association of South Africa), on behalf of FIA Services. Payment to FIA NPC shall be deemed to constitute valid and sufficient discharge of the Subscriber’s payment obligations to FIA Services under these Subscriber Terms.

  1. ONBOARDING
    • Onboarding will be conducted as a Subscription with FIA Services under the SAUMA affiliation arrangement.
    • Onboarding will not confer FIA NPC membership status or any associated rights.
    • Onboarding is conditional on confirmation of the Subscriber’s current SAUMA membership at the time of application

  1. DATA PROTECTION
    • FIA Services will process all personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) as set out in our POPIA policies.
    • By subscribing, the Subscriber authorises FIA Services to confirm their SAUMA membership status with SAUMA and to process personal information for the purposes of fulfilling the Subscription.

  1. TERMINATION
    • The Subscriber may terminate the Subscription by giving FIA Services one calendar month’s written notice.
    • FIA Services may terminate the Subscription on one calendar month’s written notice, or immediately if the Subscriber breaches these Subscriber Terms and fails to remedy such breach within 14 (fourteen) days of receiving written notice.
    • Termination of the SAUMA–FIA Services affiliation agreement shall not automatically terminate these Subscriber Terms.
    • Termination by the Subscriber shall not relieve the Subscriber of liability for any subscription fees accrued up to the effective date of termination.
    • FIA Services may suspend or terminate the Subscription with immediate effect in the event of non-payment of fees by the Subscriber.

  1. GENERAL
    • These Subscriber Terms are governed by the laws of the Republic of South Africa.
    • Any disputes arising under these Subscriber Terms shall be dealt with in accordance with the dispute resolution provisions contained in the FIA NPC membership terms and conditions, as modified to reflect that the contractual relationship is with FIA Services.
    • Any notices required under these Subscriber Terms may be validly delivered by email to the addresses provided in the Subscriber’s application form, and such notices shall be deemed received on the day of transmission if sent during business hours.
    • The Subscriber may not assign, cede or transfer any of its rights or obligations under these Subscriber Terms without the prior written consent of FIA Services.
    • No variation of these Subscriber Terms shall be of any force or effect unless reduced to writing and signed by both FIA Services and the Subscriber.