Written by Ng Chiew Hwa, Ong Yi Jun and Syazrinie Jalil
Introduction
The recent decision by Sessions Court judge Sazlina Safie in the case of Yew See Tak v Luno Malaysia Sdn Bhd raises significant legal questions regarding the duty of care owed by cryptocurrency platforms to their users, particularly in the context of unauthorised transactions. This commentary will explore the legal principles underlying the judgment, the implications for financial service providers in the digital asset space, and the potential avenues for appeal.
Negligence and Duty of Care
At the core of this case is the concept of negligence, specifically whether Luno, as a cryptocurrency exchange, owed a duty of care to Yew to prevent unauthorised transactions on his account. Negligence in tort law requires the plaintiff to establish that the defendant owed a duty of care, breached that duty, and caused damage as a result.
In this case, the Sessions Court found that Luno had a duty to ensure the security of Yew’s account, particularly given the high value of the transactions involved. The judgment suggests that Luno’s failure to prevent unauthorized trades, verify the transactions with Yew, and take prompt action to mitigate losses constituted a breach of this duty. This decision reinforces the expectation that financial service providers, including cryptocurrency exchanges, must implement robust security measures and actively monitor suspicious activities.
Breach of Security Protocols
One of the critical aspects of the judgment was Luno’s alleged failure to stop transactions that exceeded the daily transaction limit. Such limits are typically in place to prevent significant losses in the event of unauthorised access. The court’s ruling underscores the importance of adhering to internal security protocols and promptly responding to anomalies that could indicate fraudulent activity.
Luno’s failure to verify with Yew whether he had authorised the transactions further exacerbates the breach. In traditional banking and financial services, verification procedures are standard practice, especially for high-value transactions. The judgment may signal a shift towards similar expectations in the cryptocurrency industry, where user protection is paramount.
Suspicious Activity and Money Laundering Concerns
Another significant aspect of the case was Luno’s failure to detect and report suspicious activities that could indicate money laundering. Financial institutions, including cryptocurrency platforms, are subject to anti-money laundering (‘AML’) regulations, which require them to monitor and report suspicious transactions to relevant authorities.
The Sessions Court decision suggests that Luno’s lack of action in this regard may have contributed to the unauthorised transactions going undetected. This finding highlights the broader regulatory responsibilities of cryptocurrency exchanges, particularly in ensuring compliance with AML obligations. As the digital asset industry matures, regulatory scrutiny in this area is likely to increase, making it essential for platforms to establish and maintain robust AML frameworks.
Exemplary Damages
The award of RM100,000 in exemplary damages against Luno is noteworthy. Exemplary damages, also known as punitive damages, are awarded in cases where the defendant’s conduct is deemed particularly egregious or where it is necessary to deter similar behavior in the future. The court’s decision to impose exemplary damages on Luno reflects the seriousness of the negligence and serves as a warning to other financial service providers.
This aspect of the judgment may have broader implications for the industry, as it emphasises the need for platforms to prioritise user security and comply with legal obligations. The imposition of exemplary damages could potentially lead to increased litigation against cryptocurrency exchanges and other digital asset service providers, particularly in cases where users suffer significant financial losses due to security breaches or other failures.
Potential Grounds for Appeal
Yew’s lawyer has indicated the possibility of an appeal, which could introduce further legal scrutiny into the case. On appeal, Luno may challenge the findings on negligence, particularly whether the duty of care was sufficiently established and whether the alleged breaches directly caused Yew’s losses.
Additionally, Luno might argue that the award of exemplary damages was excessive or unwarranted, given the circumstances of the case. The appellate court’s review of these issues could have broader implications for the standard of care expected of cryptocurrency exchanges and the potential liabilities they face in the event of security failures.
Conclusion
As the digital asset industry continues to evolve, the Yew See Tak v Luno Malaysia Sdn Bhd case underscores the growing legal challenges faced by cryptocurrency platforms, particularly in ensuring the security of user accounts and complying with regulatory obligations. The court’s decision highlights the importance of robust security measures, prompt response to suspicious activities, and adherence to AML regulations.
Published on 9 November 2024