Lockdown: Companies beware of ‘electronic signatures’ whilst employees work remotely

However, with the increased level of connectivity comes greater risk to cybersecurity. Hackers are causing chaos across multiple industries and can cripple even the most resilient organisations by impacting on market share, brand and reputation.

Whilst electronic signatures are perfectly valid in terms of the Electronic Communications and Transactions Act 25 of 2002 (ECTA), companies must be alert to the wording contained in their written agreements and whether electronic signature suffices. If the form of an electronic signature has not been expressly agreed to, uncertainty potentially arises.

In the recent case of Global & Local Investments Advisors (Pty) Ltd v Nickolaus Ludick Fouché (71/2019) [2019] ZASCA 08, the Supreme Court of Appeal (SCA) had to determine whether Global & Local Investments Advisors (Pty) Ltd (Appellant) had breached its mandate to invest and manage money entrusted to it by Nickolaus Ludick Fouché (Respondent), by releasing funds in response to fraudulent emails, ostensibly sent by the Respondent. In determining whether the Appellant was in breach of its mandate, the SCA had to consider the question of what constitutes “signed” in certain circumstances.

The Respondent had given a written mandate to the Appellant to act as his agent and invest money with a bank on his behalf. The written mandate specifically stipulated that all instructions must be sent by fax or by email with client’s signature.

Fraudsters hacked the gmail account of the Respondent and sent three emails to the Appellant instructing it to transfer specified amounts to other account. These three emails had no attachments and each email ended with the words “Regards, Nick” or “Thanks, Nick”.

The Appellants completed the instructions by paying out three consecutive payments into the listed bank accounts in the amount of R804,000 in aggregate. The Respondent, becoming aware of the cyberattack, notified the Appellants that the instructions had not come from him and claimed the amount of R804,000 on the basis that the Appellant had acted contrary to their written mandate.

The Appellant tried to argue that it complied with the written mandate, as the “Regards, Nick” or “Thanks, Nick” constituted an electronic signature, which satisfied the mandate requirement of containing the client’s signature.

The Appellant tried to rely on section 13(3) of the ECTA and the use thereof in the case of Spring Forest Trading CC v Wilberry (Pty) Ltd t/a Ecowash and another 2015 (2) SA 118 (SCA), which dealt with the question of whether or not a person’s email signature, which appeared at the foot of an email, was sufficient to satisfy the stock standard boilerplate provision in an agreement that its terms could be varied or cancelled only by way of a written document signed by the parties.

Section 13(3) of the ECTA states that, where an electronic signature is required by the parties to an electronic transaction (and the parties have not agreed on the type of electronic signature), that requirement is met if:

(1)   a method is used to identify the person and to indicate the person’s approval of the information communicated; and

(2)   having regard to all the relevant circumstances at the time the method was used, the method was as reliable and appropriate for the purposes for which the information was communicated.

In Spring Forest an agreement had been entered into between the parties, which required cancellation thereof to be ‘in writing’ and to be ‘signed by both parties’. The parties subsequently cancelled the agreement by way of email exchanges. The respondent later contended that the agreement had not been validly cancelled due to the fact that the (electronic) agreement of cancellation had not been signed by both parties. The SCA, in this case, held that the names of the parties at the foot of their respective emails were (i) intended to serve as signatures, (ii) constituted ‘data’ which was logically associated with the data in the body of the emails; and (iii) identified the parties and accordingly, satisfied the requirement of an electronic signature in terms of section 13(3) of the ECTA and had the effect of authenticating the information contained in the emails.

In Global & Local Investments, however, the Respondent contended that the instructions did not bear his signature, whether manuscript or electronic.

The SCA found that, by definition, sign, is “to affix one’s name to a writing or instrument, for the purpose of authenticating or executing it, or to give it effect as one’s act; To attach a name or cause it to be attached to a writing by any of the known methods of impressing a name on paper; To affix a signature to… To make any mark, as upon a document, in token of knowledge, approval, acceptance, or obligation” and ultimately found that the instruction was not accompanied by such a signature, concurring with the court a quo that the funds were transferred without proper instructions and contrary to the written mandate.

It is interesting that the two SCA cases have opposite outcomes. The SCA in Global & Local Investments noted that the distinguishing factor between the cases was that the authority of the persons who had actually written and sent the emails in Spring Forest was not an issue as it is in the present case and that the issue in Spring Forest case was whether an exchange of emails between the parties could satisfy the requirement imposed by them in the contract that ‘consensual cancellation’ of their contract be ‘in writing and signed’ by the parties. There was no dispute regarding the reliability of the emails, accuracy of the information communicated or the identities of the persons who appended their names to the emails.

Whereas, in Global & Local Investments, the emails in issue were fraudulent and not written nor sent by the person they purported to originate from. It is perhaps debatable whether this distinction made by the court is entirely convincing: Had the Appellant acted on a forged manually signed instruction (and assuming the forgery would have fooled any reasonable person in the Appellant’s position), it would still factually be the case that the Respondent never signed the instruction and that is was therefore unauthorised.  Yet the instruction would have appeared ex facie to be perfectly valid and compliant – and arguably the Appellant would have been in the clear in that scenario. The mandate was probably to be interpreted as saying that the financial advisor’s reliance on a purportedly ‘signed’ instruction was sufficient.

Perhaps the better distinction, then, is that of the intention of the parties as to what the word ‘signed’ means in their agreement, given the context and purpose of the particular agreement (and this may have been what the SCA was alluding to at the end of the Global & Local Investments case when referring to the issue of the reliability of emails). Given the nature of a financial services mandate and the attendant risks, on probability, the parties did not intend that a mere email signature could suffice – it needed to be manuscript. Those same considerations, arguably, were not present in Spring Forest, and so in that case it was more appropriate to allow electronic signature. ‘Signed’ really just means what the parties intended it to mean. Possibly, a default presumption is that it includes electronic signature (per Spring Forest) but in other cases, the parties’ intention would override this (per Global & Local Investments).

Ultimately the two judgments prove that the question of what constitutes ‘signed’ or ‘in writing and signed’ can be contentious. It is important that parties specify in their agreements whether they intend to exclude all forms of electronic signature.  While a provision excluding electronic signature may seem old fashioned, its primary purpose is to avoid disputes of this nature.