The Knock-On Effect of Financial Supervision Law in Civil Liability Law

Danny Busch

doi:10.1515/jetl-2024-0013

Article Open Access

The Knock-On Effect of Financial Supervision Law in Civil Liability Law

Danny Busch

Published/Copyright: December 5, 2024

Published by

Become an author with De Gruyter Brill

Author Information Explore this Subject

From the journal Journal of European Tort Law Volume 15 Issue 3

Abstract

The heavy stamp that financial supervision law has come to put on the regulation of the financial sector has made the relationship between public and private law in this domain increasingly complex. The most pressing question in theory and practice in this respect is to what extent financial supervision law has a knock-on effect in civil law. This contribution discusses the effects of financial supervision law on civil liability law and distinguishes three types of knock-on effect: (i) financial supervision law itself contains rules of civil liability law; (ii) the knock-on effect of financial supervision law through national civil liability law; (iii) EU financial supervision law, whether or not, in combination with the EU effectiveness principle and the EU principle of legal certainty, imposes certain preconditions on national civil liability law.

I Introduction

The financial sector is of great importance to society. As we all borrow, save, invest, take out insurance and build up pensions, society is dependent on the proper functioning of the financial sector. In the recent past, we have seen what happens when the financial sector goes into crisis. Banks fail, investments evaporate, pensions are slashed and borrowing becomes harder for individuals and businesses alike. Thus, it is understandable that the financial sector is subject to strict government supervision in almost all developed economies – though unfortunately this does not preclude the possibility of accidents.^[1] This supervision is usually assigned to specialised financial supervisors whose powers of supervision are conferred by an impressive – and, after each financial crisis, ever expanding – volume of public law rules: financial supervision law.

Nowadays, financial supervision law largely originates from Brussels and should be classified as European Union (EU) law. For this reason, it is increasingly referred to as ‘EU financial supervision law’. Financial supervision law can mostly be found in national financial supervision acts and in secondary legislation based upon them. In addition, financial supervision law can increasingly be found in directly applicable EU regulations, such as the Prospectus Regulation and the Market Abuse Regulation.^[2]

But, as important as financial supervision law has become, the financial sector also remains dependent on – and subject to – our tried and trusted private law. After all, the transactions concluded between market participants through financial markets and financial institutions are still subject to applicable national private law.

In this contribution, I will focus, by way of concrete example, on the impact of financial supervision law in Dutch civil liability law. However, the underlying arguments are equally relevant for the impact of financial supervision law in civil liability law in other European jurisdictions as judges, legislators, lawyers and academics across Europe are confronted with this complex issue.^[4]

Financial supervision law ‘works through’ into liability law in three ways: (i) financial supervision law itself contains rules of liability law; (ii) financial supervision law has a knock-on effect through national civil liability law; and (iii) EU financial supervision law, whether or not in combination with the EU effectiveness principle and the EU principle of legal certainty, imposes certain preconditions on national civil liability law. These three knock-on effect variants are not mutually exclusive. In combination, they can also strengthen the knock-on effect.

II Variant I – liability law incorporated into financial supervision law

A General

The most far-reaching knock-on effect occurs when financial supervision law itself contains rules of liability law. It could be argued that this variant does not actually involve public law having a knock-on effect in private law as these rules are intrinsically of a private law nature. It is simply that they are not in the national civil or commercial codes, but are instead to be found in national or EU laws that otherwise deal with financial supervision law. However, the liability rules included in financial supervision law are substantially influenced by the public objectives that this financial supervision law tries to achieve. I would therefore like to consider this variant too as a form of knock-on effect of financial supervision law in civil liability law. I will give three examples of this knock-on effect variant.^[5]

B Liability of collective investment scheme depositaries

In the aftermath of the financial crisis, supervisory rules for collective investment schemes were significantly tightened, partly in response to the Madoff fraud uncovered during the financial crisis.^[6] These supervisory rules are of EU origin and, in addition to a licensing obligation, prudential requirements and rules of conduct, they also contain a strict civil liability regime for collective investment scheme depositaries. This regime has been partly implemented in the national financial supervision laws and secondary legislation, and partly follows from directly applicable EU regulations.

Before we look at the civil liability regime for depositaries, I should like to say a few words about collective investment schemes and the role of depositaries. Investing through a collective investment scheme is a form of collective asset management. Besides a manager (an external party responsible for, among other things, asset management), there is also a depositary involved. The depositary’s main tasks are (i) to hold and administer the assets of the collective investment scheme, (ii) to monitor cash flows, and (iii) to verify whether the collective investment scheme is entitled to its assets.^[7] The assets of the collective investment scheme will usually consist of financial instruments such as negotiable shares, bonds and a variety of derivative products, but may also include, for example, real estate. Usually, the depositary is a bank or other supervised financial institution. And to be clear: the depositary does not become the legal owner of the assets of the collective investment scheme. The ‘ownership’ of the assets remains vested in the collective investment scheme.^[8] For most financial instruments, the collective investment scheme maintains a securities account with the depositary, which is in the name of the collective investment scheme (as the legal owner of the financial instruments).^[9]

From a supervisory point of view, there are two types of collective investment scheme. First, there are undertakings for collective investment in transferable securities (UCITS). This type is mainly suitable for retail and other non-professional investors. Investment funds other than UCITS are referred to as alternative investment funds or AIFs. These collective investment schemes tend to accept a higher degree of risk in their investments than UCITS and are mainly suitable for professional investors. As the liability regimes for depositaries of both types of collective investment scheme are largely the same, I will simply refer below to ‘collective investment schemes’ to denote both UCITS and AIFs. However, where differences exist between the two liability regimes, I will use the acronyms UCITS and AIF.

The civil liability regime for depositaries as included in the supervisory rules basically entails the following. A depositary is liable to the collective investment scheme for the ‘loss’ of a financial instrument held in custody.^[10] Loss occurs if it appears that the collective investment scheme’s right of ownership has been lost or never existed (the latter was the case in the Madoff fraud), if the collective investment scheme has been permanently deprived of the right of ownership, or if the collective investment scheme is permanently unable to transfer ownership (for example, where a sub-depositary becomes insolvent).^[11] Temporary loss or suspension of rights cannot therefore count as ‘loss’. Nor does a ‘loss’ occur where the value of the financial instruments in which the collective investment scheme has invested decreases (investment risk).^[12] If there is a loss in the sense referred to here, the depositary is required to return a financial instrument of the same type or the corresponding amount to the collective investment scheme ‘without undue delay’.^[13] Intentional or negligent action is not required in this respect (ie this is virtually tantamount to strict liability).^[14] However, the depositary is not liable if it can prove that the loss resulted from an external event over which it had no reasonable control and whose consequences were unavoidable despite all efforts to prevent them (an example would be expropriation).^[15] With regard to the depositary of a UCITS, it is expressly provided that it cannot limit or exclude this strict liability.^[16] If it does so, the relevant clause is (to that extent) void.^[17]

The depositary of an AIF may exclude its liability to the AIF or the unit-holders for loss of financial instruments held in custody if it outsources work to a sub-depositary and (1) it (the depositary) has entered into a written agreement with the sub-depositary in which (a) it excludes its liability for failures of the sub-depositary and (b) under this agreement, the AIF or the unit-holder or the depositary on their behalf may sue the sub-depositary on the same basis as the depositary could originally be sued for damage caused by that loss; and (2) it (the depositary) has entered into a written agreement with the AIF or the manager (a) in which the latter agrees to the exclusion of the depositary’s liability, (b) which includes an objective reason for that exclusion (often the reason is that the assets are located in a non-EU27 jurisdiction where the depositary itself cannot operate) and (c) if applicable, under which it (the depositary) can sue the sub-depositary for damages on behalf of the AIF or the unit-holders.^[18] Thus, the depositary can exclude its liability for the activities it outsources to a sub-depositary only if the latter assumes the liability of the depositary.^[19]

For a UCITS depositary, the possibility of exclusion of liability described in the previous paragraph does not apply. A UCITS depositary is therefore liable for the loss of financial instruments held in custody even if it outsources activities to a sub-depositary.^[20] This stricter regime can be explained by the fact that investors in UCITS are mostly retail investors.^[21]

The depositary of a collective investment scheme (whether a UCITS or an AIF) is also liable for loss of assets other than financial instruments entrusted by the collective investment scheme to the depositary for safekeeping. A depositary is liable for loss of assets other than financial instruments only if it fails to comply with the applicable provisions of supervision law due to intent or negligence.^[22] With regard to the depositary of a UCITS, it is expressly provided that it cannot limit or exclude these liability rules. If it does so anyway, the relevant clause is (to that extent) once again void.^[23]

As I see it, the liability regime outlined above for depositaries of collective investment schemes fulfils a dual function. First, it acts as an extra inducement to ensure proper compliance with applicable supervisory rules. I use the word extra advisedly because the competent financial supervisor can, of course, take enforcement action if the depositary fails to comply with the supervisory rules applicable to it, for example by imposing an order for incremental penalty payments or an administrative fine, and in extreme cases by withdrawing its authorisation. Proper compliance with supervisory rules by depositaries contributes not only to investor protection in a general sense but also to confidence in a stable, transparent and sound financial sector. To that extent, the depositary liability regime can be seen as an extension of the supervisory rules. And, second, this regime also has a real loss compensatory function and thus, it is not just an extra inducement to ensure that the applicable supervisory rules are properly complied with.

C Liability of credit rating agencies

A credit rating agency (CRA) is a commercial enterprise that issues and publishes ratings on (i) the creditworthiness of companies and governments (issuer ratings) and (ii) the quality of the financial instruments they issue, such as government and corporate bonds (issue ratings). The best-known rating agencies are Moody’s, Standard & Poor’s and Fitch. In the aftermath of the financial crisis, it turned out that these agencies had not infrequently overstated the creditworthiness of companies and governments and the quality of financial instruments. Normally, CRAs were (and are!) paid for their work by the very governments and companies whose creditworthiness and financial instruments they rate. Apparently, CRAs could not always resist the pressure exerted by their clients to issue positive ratings. This financing structure is still permitted, but, as a result of the various scandals, CRAs in the United States, the EU and elsewhere in the world have been placed under strict financial supervision, subject, for example, to rules to prevent conflicts of interest. In the EU, the European Securities and Markets Authority (ESMA) has been designated as the financial supervisor.^[24] ESMA assesses whether a CRA is authorised to operate in the EU and also supervises CRAs in Europe on an ongoing basis, based on the CRA Regulation.^[25]

The CRA Regulation also sets out the cases in which a CRA can be held liable. This liability regime is contained in art 35a and, in brief, provides as follows. If a CRA commits an infringement of the applicable supervisory rules in Annex III to the Regulation intentionally or with gross negligence and the infringement has an impact on a credit rating, the CRA has to compensate investors or the governments and companies whose creditworthiness and financial instruments it rates for the damage suffered as a result of that infringement. Annex III is extensive, comprising more than 80 items.

This liability regime should be seen primarily as an extra inducement to ensure that CRAs correctly comply with the supervisory rules applicable to them, thereby ensuring that they issue accurate ratings. This is not only in the interest of governments and companies whose creditworthiness and financial instruments they rate, but also in the interest of the investing public at large, which relies to a large extent on, and trusts, the ratings issued. Carefully prepared and correct ratings thus contribute to the smooth functioning of financial markets. As I see it, the liability rules can to a large extent be seen as an extension of the supervisory rules.^[26]

There is an important difference between this liability regime and the regime applicable to collective investment scheme depositaries.^[27] Whereas the liability rules for depositaries are actually extra strict (as already noted, virtually tantamount to strict liability), the liability rules for CRAs are limited to intent and gross negligence, which considerably raises the bar for bringing a successful liability claim. This limitation is justified, according to the EU legislator, because a rating depends on a complex interplay of economic factors and CRAs can use different methodologies resulting in different ratings for the same company, government or financial instrument, none of which can be considered incorrect.^[28] The following argument is also found in the literature. If the bar for bringing a successful liability claim is set too low, CRAs will shy away from issuing ratings, which is not in the interest of firms, governments and the wider investing public.^[29] Similar reasoning could, in theory, be applied in the case of depositary liability, but in that case a far-reaching form of investor protection has clearly won out over other considerations. Incidentally, one consequence of the strict liability rules, combined with the stringent supervisory requirements that apply to depositaries, is that only a limited number of financial institutions are still willing to act as depositaries for collective investment schemes.^[30]

Either way, a successful liability claim always requires that the investor or issuer (government or company) was reasonably entitled to rely on the rating issued.^[31] For investors which are financial institutions, such as asset managers and pension funds (ie institutional investors), it is more difficult to make a plausible case for reliance on incorrect ratings, as they are expected to make their own credit risk assessment and may ‘not solely or mechanically rely’ on ratings.^[32]

Moreover, an issuer (corporate or sovereign) may bring a liability claim against a CRA for an incorrect rating in respect of that issuer itself or financial instruments issued by it only if that incorrect rating was not caused by misleading or inaccurate information provided by that issuer to the CRA.^[33]

As regards the burden of proof, it is the responsibility of the investor or issuer to present accurate and detailed information showing that a CRA has committed an infringement of a supervisory rule set out in Annex III to the CRA Regulation. The competent national court must assess what constitutes accurate and detailed information, taking into consideration that the investor or issuer may not have access to information that is purely within the sphere of the CRA.^[34]

Although a CRA may limit its liability, it may do so only if that limitation is (i) ‘reasonable and proportionate’ and (ii) allowed by the applicable national law. Limitations that do not comply with these conditions are ‘deprived of any legal effect’.^[35] In other words, the limitation of liability is void.

This civil liability regime uses a variety of terms that are not defined in the CRA Regulation, such as ‘damage’, ‘intention’, ‘gross negligence’, ‘reasonably relied’ and ‘proportionate’. These terms have to be interpreted and applied in accordance with applicable national law, as determined by the relevant rules of private international law.^[36] Naturally, this is hardly conducive to the uniform application of this liability regime.^[37] Once again, matters concerning the civil liability of a CRA which are not covered by the CRA Regulation, are (understandably, of course) governed by the applicable national law as determined by the relevant rules of private international law.^[38] Thus, the liability regime in the CRA Regulation cannot be separated from the applicable national liability law. To that extent, therefore, this regime is not a pure form of liability law incorporated ‘into’ financial supervision law (knock-on effect variant I). The court that is competent to decide on a claim for civil liability brought by an investor or issuer must be determined by the relevant rules of private international law.^[39] In short, the competent national court must assess whether or not a liability claim under art 35a of the CRA Regulation can be granted.

The civil liability regime of art 35a of the CRA Regulation ‘does not exclude further civil liability claims in accordance with national law’.^[40] The preamble notes that Member States should be able to maintain national civil liability regimes which are more favourable to investors or issuers.^[41] In cases where national civil liability law applies, this would suggest that investors and issuers may also bring claims for damages against CRAs on the basis of breach of contract, tort, unfair trading practices and, for example, misleading advertising, where appropriate.^[42] Such claims have the advantage that they do not depend on proving intent or gross negligence on the part of the CRA, but can also be brought successfully if, for example, there is ‘ordinary’ negligence. Actually, this is rather strange because, as noted above, the CRA Regulation has deliberately limited the civil liability of CRAs to cases of intent and gross negligence.

D Liability when cryptos are offered to the public

Investing in and paying with cryptos has become wildly popular in recent years. Nonetheless, cryptos had until recently not been subject to much, if any, financial supervision law despite the fact that the crypto world has been hit by a veritable tidal wave of scandals.^[43] So it is undoubtedly a good thing that crypto issuance, trading and service provision in Europe are now regulated by the Markets in Crypto-Assets Regulation (MiCAR). MiCAR also contains substantive civil liability rules.^[44]

For a better understanding, I should like to preface my remarks on the MiCAR civil liability rules as follows. If a company offers securities (such as negotiable shares and bonds) to the investing public, it must first publish an information document (prospectus) which complies with the detailed rules under the Prospectus Regulation.^[45] The prospectus aims to provide interested investors with the information they need to decide whether or not to buy the securities offered. Once approved by the competent financial supervisor, the prospectus serves as an EU passport. That is, the securities covered by the offer may be offered to the public throughout the EU/EEA on the basis of the approved prospectus. If the prospectus contains inaccurate or incomplete information that affects the value of the securities offered, the company concerned and the banks involved may be liable under applicable national civil liability law (prospectus liability).^[46]

However, most cryptos are not securities. In such cases, the offer of cryptos to the public is not subject to the rules of the EU Prospectus Regulation and no prospectus needs to be published either. It is to be hoped that most investors will not be willing to buy cryptos without receiving at least outline information about them. Be that as it may, it is common practice to make available what is known as a ‘white paper’ containing information about the cryptos on offer. Exactly what information should be in this white paper is currently not regulated in financial supervision law (other than for offers of securities to the public). MiCAR has changed this as follows.

To begin with, MiCAR distinguishes between asset-referenced tokens, e-money tokens and the other cryptos covered by MiCAR. Before any of these three types of cryptos are offered to the public, a white paper must be published that meets MiCAR’s requirements. These requirements differ according to the type of crypto being offered.^[47] For offerings of asset-referenced tokens, the relevant financial supervisor must approve the white paper in advance.^[48] This is not required in the case of the other cryptos covered by MiCAR, including e-money tokens, but the white paper must be sent in advance to that supervisor for information in those cases.^[49]

A separate civil liability regime (‘white paper liability’) applies to each of the three types of crypto covered by MiCAR.^[50] However, those liability regimes have what is in effect a common structure. Purchasers of cryptos have a liability claim against the provider (and other parties involved) if (i) the white paper does not meet MiCAR’s requirements because the information it contains is incomplete or unclear or because it contains misleading information, and (ii) the holder of the cryptos has suffered damage as a result. A contractual provision purporting to limit or exclude such liability has no legal effect (‘shall be deprived of any legal effect’). The holder of the cryptos must prove that (1) the white paper does not meet MiCAR’s requirements and (2) this affected its decision to buy, sell or exchange the cryptos. The white paper should also always include a summary, which is presumably the most widely read in practice. However, liability of the offeror (and others involved) on the basis of the summary alone is excluded, although the offeror can be held liable on the basis of the summary read in conjunction with other parts of the white paper. Liability based on MiCAR does not affect civil liability claims in accordance with national law.

In my view, this regime (like the EU liability regime applicable to depositaries of collective investment schemes^[51]) fulfils a dual function: first, it acts as an extra incentive to ensure that the applicable supervisory rules are correctly complied with and, second, it nonetheless also has a genuine compensatory function.

III Variant II – knock-on effect through national civil liability law

A General

A second way in which financial supervision law impacts private law is through national civil liability law. As mentioned previously, in this contribution, I will focus, by way of concrete example, on the impact of financial supervision law in Dutch civil liability law. However, the underlying arguments are equally relevant for the impact of financial supervision law in civil liability law in other European jurisdictions, as judges, legislators, lawyers and academics across Europe are confronted with this complex issue.

But first let us take a few steps back. Banks and other financial institutions are subject to rules of conduct under supervisory law. These are rules contained for the most part in the national financial supervision acts, secondary legislation and EU regulations, which prescribe how they should behave towards their clients, other counterparties, certain third parties and the investing public in general. The rules include all kinds of pre-contractual and contractual information duties, know-your-client rules, as well as various refusal, contracting and termination obligations. ‘Ordinary’ businesses are also bound by rules of conduct under supervisory law when entering the financial markets. Consider the strict and detailed requirements for the information document (prospectus) that must be presented to the public prior to the offer of securities and is intended to provide interested investors with the information they need to decide whether or not to buy the securities on offer.^[52] Listed companies are also required to disclose price-sensitive information without delay.^[53] Finally, even mere mortals like you and I are sometimes bound by rules of conduct under supervisory law. For instance, the ban on insider trading applies to everyone.^[54]

B Knock-on effects

1 Knock-on effect through the civil duty of care

If a bank or other financial institution breaches the pre-contractual duty of care, this will constitute a tort due to the breach of an unwritten standard of care (art 6:162(2) of the Dutch Civil Code (DCC)).^[55] During the term of the contract, a breach of the duty of care will constitute a breach of contract, usually on account of a breach of the duty to exercise the care that may be expected of a good provider of services (art 7:401 DCC) if the contract with the bank or other financial institution can be regarded as an agreement of assignment, or more specifically of mandate.^[56] Should the contract not qualify as such, the default may be based (directly or indirectly) on breach of the requirement of reasonableness and fairness (arts 6:2(1) and 6:248(1) DCC) or the banking duty of care as contained in art 2 of the General Banking Conditions, insofar as these have been declared applicable in the specific case.^[57]

It is now commonplace in Dutch case law for rules of conduct under supervisory law to be applied to flesh out the pre-contractual and contractual civil duty of care of banks and other financial institutions.^[58] But because the duty of care is an open norm, the interpretation also depends on the other circumstances of the case.^[59]

Although the main rule is that the circumstances of the case are decisive, there are certainly exceptions. As its 2009 judgments on securities leasing products involved large-scale loss, the Dutch Supreme Court (Hoge Raad der Nederlanden) deliberately arrived at its rulings by abstracting from the particular circumstances of the case, in order to provide as much legal certainty as possible with a view to their further settlement.^[60] In view of various factors, particularly (i) the Dutch Class Actions (Financial Settlement) Act, which came into force on 1 January 2020, and (ii) a trend towards further standardisation and digitalisation of financial products and services, the risk of mass claims for breach of the duty of care of banks and other financial institutions is likely to increase rather than decrease in the near future. Further abstraction from the circumstances of the case might well (necessarily) emerge as the main rule in the long run when it comes to mass claims in the financial services sector. In any case, a more abstract approach will be able to speed up settlement considerably, regardless of whether mass damages are settled by the courts (under the Dutch Class Actions (Financial Settlement) Act) or by other means. In a more abstract approach of this kind, the rules of conduct under supervisory law can at least provide useful guidance.

Whatever the case, in the traditional approach, where the circumstances of the case are decisive, the rules of conduct under supervisory law are only one element in a larger set of relevant circumstances. It follows that, from this perspective, a breach of these rules of conduct need not automatically constitute a breach of the duty of care. In line with this at least theoretically rather loose relationship between the supervisory rules of conduct and civil liability law, the Dutch Supreme Court assumes that the duty of care can extend beyond the rules of conduct under supervisory law if that is necessary in the particular circumstances of the case.^[61]

In Dutch theory and practice, a distinction is often made between the special and general duty of care of banks and other financial institutions. A strict distinction between the two types of duty of care is not easy to make. Indeed, the distinction between the general and special duty of care is fluid.^[62] Both are open standards that are ultimately rooted in reasonableness and fairness and social propriety, and in both cases the interpretation depends on the circumstances of the case, although the latter cannot always be maintained in full in cases of mass damage (see above). In any case, what matters is not how it is labelled but the specific obligations arising from the duty of care in a specific case, whether we call it special or general. I will disregard the sense and nonsense of this distinction in the rest of this contribution. Indeed, the distinction is of little importance in this context as both types of duty of care can, by their open nature, act as transmission channels for rules of conduct under supervisory law.^[63]

2 Knock-on effect through acts or omissions in breach of a statutory duty

Moreover, under Dutch law, a breach of rules of conduct in, above all, the Dutch Supervision Act (Wet op het financieel toezicht, Wft), secondary legislation and EU regulations can directly constitute a tort for an act or omission in breach of a statutory duty (ie separately from a breach of the civil duty of care). This knock-on effect seems, at least in theory, to allow Dutch civil courts less room for manoeuvre than the knock-on effect through the civil duty of care. After all, in the latter case, the Dutch civil courts can still argue that the rules of conduct under supervisory law are not necessarily decisive in deciding whether the duty of care has been breached, because the other circumstances of the case must also be taken into account. But if the knock-on effect is through breach of a statutory duty, unlawfulness is established if the applicable rules of conduct have been breached. The only exception would be where a justification ground exists.^[64]

Below, I will discuss some judgments in which the civil effect of the duty of refusal under supervisory law was central, and the effect was achieved either through the civil duty of care or through the more direct effect route of a tort for acting in breach of a statutory duty (below III C). I also discuss the subject of the retroactive effect of supervisory rules (below III D) and the subject of the reflex effect of supervisory rules (below III E).

C The civil effect of the duty of refusal under supervisory law

1 Margin obligation

In relation to non-professional clients,^[65] it follows from arts 85 and 86 of the Decree on Conduct of Business Supervision of Financial Undertakings (Besluit gedragstoezicht financiële ondernemingen, Bgfo) that a bank^[66] (1) will not execute a transaction on behalf of a client if the balances held in the client’s name are insufficient to meet the obligations arising from that transaction (eg an option transaction); (2) will ensure that clients who have positions in financial instruments from which obligations may arise (such as option transactions) have sufficient balances at all times to meet their current obligations arising from those positions; (3) will ensure that a client who has insufficient balances to meet current obligations arising from positions in financial instruments posts collateral from which those obligations can be met; and (4) if the client is unable to post collateral, will close the positions as soon as possible but no later than five business days, unless special circumstances arise.

Case law shows that retail investors do not always feel like heeding their bank’s call to comply with a margin obligation. In the past, to avoid straining the relationship, bank officials were sometimes willing to turn a blind eye to the margin requirement and, for instance, allowed retail investors to write put options without requiring them to deposit margin. The Dutch Supreme Court has been strict from the start. Non-compliance with margin obligations constitutes, ‘in principle’, a breach of the bank’s special duty of care.^[67]

Use of the term ‘in principle’ means that this is not always the case. In a 2019 judgment, the Dutch Supreme Court suggested that an exception to the rule occurred in the following case.^[68] A very wealthy retail investor from India traded through a Dutch bank for large amounts in options and futures. In keeping with the Dutch Financial Supervision Act, the investor was classified as a non-professional investor for the purpose of investment services. This meant that the obligations under arts 85 and 86 Bgfo applied in relation to this investor and the bank therefore had to comply with them. The bank failed to do so.^[69] Partly on that ground, the investor claimed damages from the bank for breach of the special duty of care. In keeping with the Dutch Supreme Court’s settled case law, the Amsterdam Court of Appeal agreed with the investor.

However, the Dutch Supreme Court quashed the judgment on appeal in cassation. The bank had argued that the retail investor should be regarded as an expert and professional investor who knew what he was doing and knowingly took risks associated with derivatives trading. The bank submitted, inter alia, (i) that at the start of his relationship with the bank, the retail investor already had extensive international knowledge and experience of financial instruments (including options and futures relating to precious metals), whether or not through investment firms which he co-owned or co-managed, (ii) that he was exceptionally wealthy at the start of his investment relationship with the bank and presented himself as such, (iii) that he had independent access to, and actively used, information intended for professional securities dealers, (iv) that he had his own back office which administered his transactions professionally and (v) that he traded on an exceptionally large scale on stock exchanges around the world. These circumstances may affect the substance of the bank’s duty of care to the retail investor. The Amsterdam Court of Appeal should therefore have taken these factors into account in its judgment, but, in the Supreme Court’s view, it was not sufficiently clear that it had done so.^[70] The Dutch Supreme Court set aside the judgment.

Would the outcome have been different if the retail investor had directly invoked a breach of the statutory obligations contained in arts 85 and 86 Bgfo rather than a breach of the special duty of care? Possibly. After all, the fact that these obligations had been breached was not in dispute. If this approach had been adopted, the circumstances mentioned in the previous paragraph would not have been relevant in deciding whether there had been an infringement. Is that a bad thing? I do not think so, because these circumstances may, of course, give rise to a reduction of the loss or damage eligible for compensation, for example on the basis of the doctrine of contributory negligence (art 6:101 DCC).^[71] However, I also do not exclude the possibility that, if an infringement of arts 85 and 86 of the Bgfo had been directly invoked, the Dutch Supreme Court would have allowed the claim to be fully dismissed on the basis of the ‘relativity requirement’ (art 6:163 DCC) and would therefore not have been able to apply the doctrine of contributory negligence at all.^[72]

Be that as it may, it is evident from its judgment in Nabbe v Staalbankiers, that, when an infringement of the statutory obligations contained in (currently) arts 85 and 86 Bgfo is directly invoked, the Dutch Supreme Court considers it possible that a claim for damages based on the infringement may be frustrated by the relativity requirement (art 6:163 DCC). In that case, a direct infringement of (currently) arts 85 and 86 Bgfo was (also) invoked, separately from the duty of care.^[73] The bank, in its capacity of investment adviser to retail investor Nabbe, had performed option transactions in breach of (what are now) arts 85 and 86 Bgfo. In the light of these provisions, the bank had failed to close positions in options on time and had executed new transactions despite margin shortages. As a result, the investor had suffered large losses on his investment portfolio, but had nevertheless made a net gain in the relevant period as its value had risen from NLG 700,000/800,000 to NLG 1,300,000. The question was whether the bank was liable for the losses incurred. The Dutch Supreme Court held that ‘... the standards laid down in Articles [85 and 86 Bgfo] are intended to protect the client from relatively excessive financial risks, but not to protect so selectively against every (price) loss suffered by the investor on a transaction, as argued by Nabbe’.^[74] The loss on option transactions was offset by gains on shares. The Dutch Supreme Court treated the investment portfolio as a single entity.

2 Client and order remisiers

In the Netherlands, securities lease products were offered to retail investors both directly and through intermediaries in the period when they were still popular and sold. Some of those intermediaries had the status of client remisier. This had the advantage that they were exempt from the then Securities Transactions Supervision Act 1995 (Wet toezicht effectenverkeer 1995, Wte 1995). The exemption could be used only if the activities of the intermediary consisted solely of finding clients for regulated providers of securities lease products, such as banks. Under no circumstances was a remisier allowed to combine this with the provision of advice or other forms of investment services, because this was something for which an authorisation was (and is) required. If a provider of securities lease products accepted clients from a remisier who overstepped these boundaries by still advising the client, and the provider knew or should have known this, it had to refuse the client. This followed explicitly from art 41 of the Further Regulation on the Supervision of the Securities Trade (Nadere regeling toezicht effectenverkeer 1999, NR 1999).

In 2016, the Dutch Supreme Court held that where this statutory duty of refusal was infringed, the provider was obliged to compensate the investor for 100 % of the damage and could not successfully rely on the defence that there had been contributory negligence on the part of the investor.^[75] As a result, the investor who had happened to buy a securities lease product through a client remisier who had exceeded his powers was considerably better off than other aggrieved securities lease investors. The Amsterdam Court of Appeal did not think this was fair and, less than a year later, gave a ruling that was a direct contradiction of the Dutch Supreme Court’s judgment.^[76] However, on appeal in cassation, the Court of Appeal’s ruling was overturned and the Dutch Supreme Court reaffirmed its 2016 judgment. According to the Dutch Supreme Court, serious blame attaches to a provider for entering into a contract in defiance of a statutory prohibition designed precisely to protect clients from concluding an investment agreement after receiving advice from an adviser lacking the necessary authorisation.^[77]

Unlike in many cases of breach of the margin obligation, liability in this case is based on acting in breach of a statutory obligation, and not on breach of the duty of care. And, unlike cases of liability for acting in breach of the statutory margin requirement, the penalty is every bit as severe as it first seems: the damage must be compensated in full, as there is no scope to enter a defence of contributory negligence.

But this is not the end of the matter as there were also cases where the securities lease agreement was arranged through a so-called order remisier. Such an intermediary receives and transmits client orders, which, like investment advice, constitutes the provision of an investment service. But order remisiers – unlike client remisiers at the time – were not (and still are not) exempt from the authorisation obligation under the Securities Transaction Act 1995 (and now the Wft). In short, if a provider of securities lease products accepted orders from an unauthorised order remisier and the provider knew or should have known that the remisier was unauthorised, it had to refuse the client (see once again the then art 41 NR 1999). Should an aggrieved investor then receive the same favourable treatment as an investor who enters into a securities lease product with a provider through a client remisier who has exceeded their powers? In that case, the investor would receive 100 % compensation for their loss or damage and the provider would not be able to enter a defence of contributory negligence. The Dutch Supreme Court has held in the following judgment that this is not the case after all.

If the sending of a completed application form by the intermediary to the provider of a securities lease product can be deemed to be the ‘transmission of an order’ and the intermediary acts in this capacity as an order remisier, the provider of the securities lease product, by entering into the agreement, infringes the prohibition of art 41 NR 1999 if the intermediary concerned did not have the requisite authorisation under sec 7(1) of the Securities Transactions Supervision Act (Wte) 1995 and the provider knew or should have known that. But, unlike when the intermediary has advised the client to purchase a certain securities lease product, the position of a client whose application form has been transmitted by the intermediary to the provider is not substantially different from that of a client whose application form has not been transmitted by an intermediary to the provider. Here, after all, the possibility of an (advice-related) objection, namely that the client had less need to be aware of undeclared risks and less need to look into them of their own accord, does not arise. So, in this case, the harm suffered as a result of infringing a hard-and-fast statutory obligation to refuse an order is mitigated by the fact that the loss or damage eligible for compensation must be reduced on the basis of contributory negligence.^[78]

D Retroactivity of supervisory rules through duty of care

Since 1 January 2006, banks (and other professional providers) must refuse credit to a consumer if it would be irresponsible in view of the borrower’s personal circumstances (see currently sec 4:34(2) Wft). What is irresponsible is now elaborated in detail in secondary legislation.^[79] In practice, there seems to be a general awareness that a breach of this statutory duty of refusal is a good basis for a claim for damages founded directly on it, separate from any claim for a breach of the duty of care.^[80] It seems clear to me that the relativity requirement will normally be met in such cases (art 6:163 DCC).

In principle, the Dutch Supreme Court is very much against a retroactive effect of this statutory ban on over-indebtedness (in the sense of an obligation on lenders to refuse credit).^[81] This seems correct to me, as imposing such a sweeping obligation without an explicit statutory basis would be very much at odds with the principle of legal certainty. However, in other contexts, the Dutch Supreme Court sometimes does not shy away from giving retroactive effect to supervisory rules. For example, the Dutch Supreme Court has ruled that, even between 1999 and 2003, banks were required by their special duty of care to obtain information about a consumer’s income and assets before granting a mortgage loan in order to prevent over-indebtedness. In doing so, it took the view that although this obligation was not laid down in legislation until a later date, this did not alter the fact that the standard had previously been adopted through self-regulation. Rather, its enshrinement in written law constituted its confirmation. A bank’s duty of care to guard against over-indebtedness also implied that it had to inform the consumer about the results of its screening in such a way as to enable the consumer to assess whether they could bear (or continue to bear) the obligations under the loan agreement. Furthermore, the bank had a duty to notify a consumer if the provision of credit might not be justified and to warn them of the associated risk.^[82] But this is where the Dutch Supreme Court draws the line. At the time, banks were, in principle, not obliged to refuse a mortgage loan, even if irresponsible, if the consumer – after being given adequate information or warning – chose to take out the mortgage loan anyway.^[83]

E Reflexiveness of supervisory rules through duty of care

A contracting obligation for banks is included in sec 4:71f and further of the Wft.^[84] These provisions are the Dutch implementation of art 16 and further of the Payment Accounts Directive (PAD).^[85] Under this regime, consumers are entitled, in principle, to a basic payment account. However, a basic payment account must be refused if the bank cannot comply with the Money Laundering and Terrorist Financing Prevention Act (Wet ter voorkoming van witwassen en financieren van terrorisme, Wwft) when opening the payment account.^[86] In addition, the bank may refuse to open a basic payment account, but only on the grounds listed in the Financial Supervision Act (Wft), for example if the consumer has been convicted of a financial crime by final and unappealable judgment less than eight years ago.^[87] The idea behind this EU regime is that it is virtually impossible for consumers to participate in society without a payment account and that access to a basic payment account should therefore be guaranteed as much as possible.^[88] If the contracting and refusal obligations outlined here are breached, the obvious course of action in this case too would be to invoke a failure to fulfil a statutory obligation (rather than a breach of the civil duty of care).

Things are not substantially different for businesses and other non-consumers (such as foundations), as it is also virtually impossible for them to participate in society without a payment account. In its Yin Yang judgment, the Dutch Supreme Court accordingly held that the Amsterdam Court of Appeal had (i) rightly taken as its point of departure that banks, by virtue of their position in society, can also be obliged to offer a payment account to non-consumers (the Dutch Supreme Court explicitly referred to sec 4:71f Wft (‘compare in the case of consumers sec 4:71f Wft’)), and (ii) rightly given weight to the fact that without a payment account, it is virtually impossible to participate in day-to-day life and to operate a business.^[89]

So how exactly should we interpret the Dutch Supreme Court’s reference to sec 4:71f Wft? I do not have the impression that the Dutch Supreme Court necessarily wants to apply the statutory regime to non-consumers on a one-on-one basis. After all, the reference to sec 4:71f Wft is fairly loosely worded (‘compare in the case of consumers sec 4:71f Wft’). The provisions of sec 4:71f and further of the Wft specify quite precisely the cases in which a bank must provide a basic payment account to a consumer and when the bank must or may refuse it. Thus, the balancing of interests here has already largely been done by the (EU) legislator, which is something the Dutch civil courts must simply accept. When deciding whether or not a bank may refuse a payment account to a non-consumer, the civil courts seem to have rather more freedom to make their own assessment because this is not laid down by law, although sec 4:71f and further of the Wft may have a certain reflex effect.^[90] That sounds vague and of course it is. For the sake of legal certainty, it would be better to have this matter regulated by legislation.^[91] Other drastic restrictions on banking contractual freedom are also all enshrined in legislation.

In any event, in deciding whether or not a bank was entitled to refuse a payment account to a non-consumer, it is necessary to balance the bank’s interest in refusing the payment account against the client’s interest in obtaining the payment account. While the civil courts must attach considerable weight to the fact that without a payment account it is virtually impossible to participate in society and operate a business, this does not mean that this argument should always prevail. It will depend on other circumstances of the case.

The position is different where the bank cannot conduct an adequate customer due diligence as referred to in the Money Laundering and Terrorist Financing Prevention Act (Wwft). In such a case, the bank has no option but to refuse to provide the payment account (see sec 5(1) Wwft). In any dispute, the main task of the civil courts will be to decide whether the bank was able to conduct adequate customer due diligence. The bank will then usually take the position that too little information was provided to be able to conduct adequate customer due diligence; the applicant for the bank account will, on the contrary, take the position that the bank acted unreasonably by demanding too much information.^[92]

The Amsterdam Court of Appeal has viewed the question of a bank’s obligation to provide a payment account (whether or not together with a facility to deposit cash) in the context of the doctrine of the special duty of care towards third parties.^[93] The Dutch Supreme Court has no objection to this, as it dismissed an appeal in cassation by ING to the effect that the court of appeal had wrongly assumed that the special duty of care for banks could lead to an obligation to contract.^[94]

In short, supervisory rules can sometimes also influence the specific interpretation of the civil duty of care in cases in which, strictly speaking, those supervisory rules are not even applicable (reflex effect of supervisory rules through the duty of care).

IV Variant III – knock-on effect through EU (supervision) law

A General

A third knock-on effect variant concerns cases in which EU supervision law, whether or not combined with the EU effectiveness principle and the EU principle of legal certainty, imposes certain preconditions on national liability law. I will again give some examples.

B Preconditions under the Prospectus Regulation

The Prospectus Regulation (like its predecessor) is considered primarily as EU financial supervision law. Nevertheless, it does set some preconditions for civil liability under applicable national law. Indeed, the Prospectus Regulation stipulates (i) which parties should in any case be liable for inaccuracies and omissions in the prospectus, and (ii) that liability based solely on the summary of the prospectus is excluded. Article 11(1) of the Prospectus Regulation provides as follows in this regard:

‘Member States shall ensure that responsibility for the information given in a prospectus, and any supplement thereto, attaches to at least the issuer or its administrative, management or supervisory bodies, the offeror, the person asking for the admission to trading on a regulated market or the guarantor, as the case may be. The persons responsible for the prospectus, and any supplement thereto, shall be clearly identified in the prospectus by their names and functions or, in the case of legal persons, their names and registered offices, as well as declarations by them that, to the best of their knowledge, the information contained in the prospectus is in accordance with the facts and that the prospectus makes no omission likely to affect its import’.^[95]

Article 11(2), first sentence, Prospectus Regulation shows that responsibility for the information contained in the prospectus should also be able to give rise to liability, in accordance with national civil liability law:

‘Member States shall ensure that their laws, regulations and administrative provisions on civil liability apply to those persons responsible for the information given in a prospectus’.^[96]

Civil liability based solely on the summary of the prospectus is explicitly excluded in the Prospectus Regulation, although the persons responsible for the prospectus should be able to be held liable on the basis of the summary read in conjunction with other parts of the prospectus.^[97] A similar rule has already been discussed in relation to white paper liability.^[98] But how the knock-on effect arises differs. In relation to white paper liability, this rule is part of an EU liability regime included ‘in’ the financial supervision law itself (ie in MiCAR) (knock-on effect variant I). In relation to prospectus liability, this rule is not part of an EU liability regime included ‘in’ financial supervision law itself because the Prospectus Regulation does not (like MiCAR) contain its own EU liability regime. Instead, the Prospectus Regulation provides that ‘Member States shall ensure’ that prospectus liability under national law is not based solely on the summary, provided that the persons responsible for the prospectus should indeed be able to be held civilly liable on the basis of the summary read in conjunction with other parts of the prospectus.^[99] Thus, the Prospectus Regulation sets limits on national liability law (knock-on effect variant III).

C Preconditions in accordance with the EU effectiveness principle

The Court of Justice of the European Union (CJEU) has already ruled on several occasions that, in the absence of EU legislation, it is up to the Member States themselves to determine the civil law consequences of a breach of EU supervisory rules, but that the principles of equality and effectiveness (effet utile) must be observed.^[100] The principle of effectiveness is most relevant to the question of how EU financial supervision law works through into civil liability law and, in this context, implies that the conditions under which an investor can hold a bank or other financial institution civilly liable for a breach of EU supervisory conduct rules should not be such that successful actions are impossible or extremely difficult in practice. In short, as far as the effect of EU supervisory rules is concerned, the principle of effectiveness sets certain preconditions for, among other things, the applicable liability law, procedural law and the law of evidence. But what this means in concrete terms has so far not been clarified by the CJEU.

In previous publications, I have argued that the principle of effectiveness means, for example, that civil courts may not reject claims for damages due to a breach of EU supervisory conduct rules on the grounds that (i) this fact does not carry sufficient weight in the light of the other circumstances of the case to constitute a breach of the civil duty of care, or (ii) the rules of conduct in question do not serve, among other things, to protect against the damage suffered by the investor.^[101] In any case, the strength of the EU effectiveness principle should not be underestimated. This is demonstrated, for example, by the far-reaching case law of the CJEU on the Unfair Terms Directive,^[102] for example in relation to all kinds of banking and other financial contracts concluded with consumers.^[103]

Be that as it may, the Dutch Supreme Court applied the EU effectiveness principle as long ago as 2009 in relation to proof of causation in prospectus liability under the Prospectus Directive, which was the predecessor of the Prospectus Regulation.^[104] The case concerned loss that investors claimed to have suffered, partly as a result of a misleading prospectus published on the occasion of the initial public offering (IPO) of the internet company, World Online. In brief, the Dutch Supreme Court held as follows. As proving a causal connection (the sine qua non rule) is often problematic in the case of prospectus liability, the investor protection envisaged by the former EU Prospectus Directive can become illusory in practice. Although the Directive prescribed in detail what information had to be included in a prospectus, it did not regulate prospectus liability. However, it did require Member States to ensure that national civil liability provisions applied to those responsible for the information contained in the prospectus (art 6(2), first paragraph, of the Prospectus Directive). In the opinion of the Dutch Supreme Court, this meant that effective legal protection had to be provided according to the rules of national law. The Dutch Supreme Court therefore used as a starting point that a causal connection existed between the incorrect prospectus and the investment decision. In the case of a professional investor, their knowledge and experience may justify the conclusion that they were not actually influenced by the incorrect information. The Dutch Supreme Court considered that in such a case, it is possible to revert to the main rule that the investor bears the burden of proving the causal connection.^[105]

D Preconditions under the EU principle of legal certainty

1 General

The EU principle of effectiveness does not seem to provide a definitive answer to the much-debated question of whether civil courts may impose stricter duties of care than those arising from rules of conduct under supervisory law. After all, an aggrieved client would then not be denied a claim for breach of rules of conduct under EU supervisory law. Therefore, if a civil court is stricter than the rules of conduct under EU supervisory law, there would not seem to be a breach of the principle of effectiveness.^[106] Nonetheless, the power of civil courts to impose duties of care stricter than the applicable EU rules of conduct would seem to be subjected to certain conditions by another EU principle in at least some cases. I am referring to the EU principle of legal certainty.^[107]

2 Nationale-Nederlanden v Van Leeuwen

To this end, let us first look at the judgment of the CJEU in Nationale-Nederlanden v Van Leeuwen.^[108] Article 31 of the Third Life Assurance Directive^[109] (since repealed and replaced by art 185 of Solvency II)^[110] played a crucial role in this dispute and read as follows:

‘Before the assurance contract is concluded, at least the information listed in Annex II(A) shall be communicated to the policyholder.

The policyholder shall be kept informed throughout the term of the contract of any change concerning the information listed in Annex II(B).

The Member State of the commitment may require assurance undertakings to furnish information in addition to that listed in Annex II only if it is necessary for a proper understanding by the policyholder of the essential elements of the commitment.

The detailed rules for implementing this Article and Annex II shall be laid down by the Member State of the commitment.’

The obligation to furnish the policyholder with the information listed in Annex II to the Third Life Assurance Directive was implemented in the Netherlands at the time in art 2 of the Regulation regarding the Provision of Information to Policyholders 1998 (RIAV 1998). Judging from the text of RIAV 1998, the Netherlands did not use the possibility of imposing additional information duties under art 31(3) of the Third Life Directive at that time.

It was not in dispute that Nationale-Nederlanden had furnished the policyholder with information about the impact of costs and risk premiums on the yields in accordance with art 2(2)(q) and (r) RIAV 1998. However, the policyholder had not received an overview of, or information about, the actual and/or absolute costs and risk premiums and their composition. Nor was this required under RIAV 1998. In short, it was not in dispute that Nationale-Nederlanden had furnished all the information to the policyholder that it was required to provide under RIAV 1998.

In its interlocutory judgment, Rotterdam District Court nevertheless held that Nationale-Nederlanden had failed to furnish the policyholder with an overview of, or information about, the actual and/or absolute costs and risk premiums and their composition:

‘Nationale-Nederlanden complied with the requirements referred to in Article 2(2)(q) and (r) of the 1998 RIAV, but violated the open standards (which in these proceedings should be understood to include Nationale-Nederlanden’s general and/or special duty of care towards Van Leeuwen within the framework of their contractual relationship, pre-contractual good faith and/or requirements of reasonableness and fairness) vis-à-vis Van Leeuwen by merely providing information about the influence of costs and risk premiums on the return’.^[111]

Nationale-Nederlanden argued that it could not be required to provide additional information under open and/or unwritten rules.

The district court put the following two preliminary questions to the CJEU:

Does EU law, and in particular art 31(3) of the Third Life Assurance Directive, preclude an obligation on the part of a life assurance provider on the basis of the ‘open and/or unwritten rules’ of Dutch law – such as the reasonableness and fairness which govern the (pre-) contractual relationship between a life assurance provider and a prospective policyholder, and/or a general and/or specific duty of care – to provide policyholders with more information on costs and risk premiums of the insurance than was prescribed in 1999 by the provisions of Dutch law by which the Third Life Assurance Directive was implemented (in particular, art 2(2)(q) and (r) of the RIAV 1998)?
Are the consequences, or possible consequences, under Dutch law, of a failure to provide that information relevant for the purposes of answering question 1?

The first preliminary question was answered in the affirmative (and the second in the negative). In short, the civil courts may impose information duties on the grounds of reasonableness and fairness under art 6:2 DCC in addition to the information duties specified in RIAV 1998, provided that three cumulative conditions are met (this being a matter for the referring court to ascertain):

the requested information must be clear and accurate;
the information required must be necessary for a proper understanding by the policyholder of the essential characteristics of the commitment; and
a sufficient level of legal certainty must be ensured for the insurer.^[112]

The first two conditions follow from the wording of art 31(3) of the Third Life Assurance Directive, of Annex II and recital 23 of the preamble to the Third Life Assurance Directive.^[113] The third condition expresses the EU principle of legal certainty. The CJEU held that the legal basis for the use by a Member State of the possibility provided for in art 31(3) Third Life Assurance Directive must be such as to enable the insurer to identify with sufficient foreseeability what additional information it must provide and the policyholder may expect.^[114] A supplementary information duty based on reasonableness and fairness under art 6:2 DCC does not, at first sight, seem to meet this requirement, as this standard is extremely vague and therefore has little or no value for the purposes of foreseeability. This seemed to be good news for Nationale-Nederlanden.

However, the CJEU then went on to present two considerations that were favourable to the policyholder and unfavourable to Nationale-Nederlanden. It held that when assessing whether the principle of legal certainty has been met, the national court may (not: should) take into consideration the fact that it is for the insurer to determine the type and characteristics of the insurance products which it offers, so that, in principle, it should be able to identify the characteristics which its products offer and which are likely to justify a need to provide additional information to policyholders.^[115] In short, the ball is passed back to the insurer. The insurer knows best what information it should provide to its clients to ensure that they also understand the insurance product. Perhaps a factor here was that, according to the CJEU, it was in fact so obvious that the policyholder should receive an overview of, or information about, the actual and/or absolute costs and risk premiums and their composition in order to understand how the product works that the insurer itself should have thought of providing this information to the policyholder. Moreover, the CJEU noted that, according to the explanatory memorandum to RIAV 1998, the application of RIAV 1998 is governed, in particular, by the national civil law in force, ‘including the requirements of reasonableness and fairness’ set out in art 6:2 DCC.^[116] In short, the CJEU apparently considered that Nationale-Nederlanden could and should have known that its responsibility did not begin and end with literal compliance with RIAV 1998.

3 Vereniging Woekerpolis v Nationale-Nederlanden

Despite the Nationale-Nederlanden v Van Leeuwen ruling, Dutch case law and literature remained divided as to whether insurers could be subject to additional information duties through the duty of care, the requirement of reasonableness and fairness or other open standards of private law.^[117] For this reason, the question was raised again, but now as a request to the Dutch Supreme Court for a preliminary ruling. In Vereniging Woekerpolis v Nationale-Nederlanden, the Dutch Supreme Court answered that question in the affirmative, albeit without indicating in what cases there would or would not be a duty to provide additional information.^[118] As a result, the judgment has not provided the concrete guidance that legal practitioners had undoubtedly hoped for.

In essence, the judgment contains nothing new, except that the Dutch Supreme Court explicitly states that in relation to investment insurances, additional information duties can also be imposed on the insurer via the transparency requirement under art 5 of the Unfair Terms Directive, over and above the supervisory rules, provided those information duties meet the requirements set out in NationaleNederlanden v Van Leeuwen. However, the latter judgment was only about the relationship between purely Dutch private law (reasonableness and fairness and the duty of care) and an EU Directive (the Third Life Assurance Directive), and not about the relationship between two EU Directives (the Unfair Terms Directive and the Third Life Assurance Directive). Strictly speaking, in my view, the Dutch Supreme Court should, in turn, have requested a preliminary ruling from the CJEU on this, because this is a question of the mutual ranking of two EU Directives to which there is no obvious answer.

It is also worth noting that the Dutch Supreme Court’s judgment, like the judgment of the CJEU in Nationale-Nederlanden v Van Leeuwen, applies only to life assurance policies (including investment policies). It is therefore not necessarily self-evident that the same yardstick should be applied when answering the question whether additional information duties can be imposed on the grounds of the requirement of reasonableness and fairness or the duty of care (or via the transparency requirement) on top of the information duties applicable under other EU supervisory rules, for example, the Markets in Financial Instruments Directives I and II (MiFID and MiFID II), the Insurance Distribution Directive (IDD), the Crowdfunding Regulation, the Markets in Crypto Assets Regulation (MiCAR), the Prospectus Directive, the Prospectus Regulation, the Market Abuse Directive, the Market Abuse Regulation, the Transparency Directive and the Sustainable Finance Disclosure Regulation (SFDR).^[119] After all, the first two conditions specified in Nationale-Nederlanden v Van Leeuwen follow from the wording of art 31(3) of the Third Life Assurance Directive, of Annex II to that Directive and recital 23 of the preamble to that Directive, and it is not certain that similar wording can be found in other EU supervisory rules. Furthermore, art 31(3) of the Third Life Assurance Directive explicitly gives the Member State the possibility to impose additional information duties, which will not necessarily be the case in most other EU supervisory rules. Nevertheless, a case can be made for extending this practice to other EU supervisory rules. After all, the third requirement for being able to impose additional information duties is that legal certainty must be sufficiently ensured and, in principle, this requirement seems to have general validity due to its fundamental nature.^[120]

E Is EU law blind to the distinction between public and private law?

Finally, a fundamental issue. This contribution is about how public law works through into private law. In the Netherlands, we usually know what we mean by these terms, but what does and does not belong to the realms of public and private law may differ from one jurisdiction to another. It is therefore understandable that the EU legislator prefers not to burn its fingers on this distinction and usually leaves open whether rules in directives or regulations are classified as public or private law. Indeed, it seems to follow from the Nationale-Nederlanden ruling that EU law is blind to the distinction between public and private law when it comes to the implementation of EU legal norms.^[121] After all, the CJEU has no problem with directives being implemented in the national legal order through a combination of public and private law. Annex II to the Third Life Assurance Directive is implemented in the Netherlands through RIAV 1998 (public law), while the Member State option of requiring the provision of additional information may be implemented through the reasonableness and fairness requirement of art 6:2 DCC (private law), provided that the three conditions are met (see above). And there are more examples. The Consumer Credit Directive, the Mortgage Credit Directive and the Payment Services Directive II are partly implemented in the DCC and partly in the Financial Supervision Act (Wft) (and the Decree on Conduct of Business Supervision of Financial Undertakings [Bgfo]).^[122] So there, too, we see directives being transposed into a combination of public and private law.

If it is indeed the case that EU law is blind to the distinction between public and private law, then this also has an important impact when deciding whether civil courts are allowed to apply stricter standards than the rules of conduct originating in directives and incorporated in regulations. Take, for example, MiFID/MiFID II, which for the most part provides for maximum harmonisation. If EU law is truly blind to the distinction between public and private law insofar as the implementation of EU legal norms is concerned, this would mean that maximum harmonisation also applies to civil courts. They cannot then impose stricter duties of care than the standards arising from MiFID/MiFID II.

The above needs to be qualified in the following way. MiFID/MiFID II itself contains open standards. An important open standard is that investment firms (such as asset managers and investment advisers) must act in a loyal, fair and professional manner in the interests of their client (general duty of loyalty).^[123] While that obligation is elaborated in MiFID/MiFID II in more concrete standards (eg know-yourclient rules and information duties), the general standard does not coincide with these more detailed provisions.^[124] It follows that the general duty of loyalty provides some scope for the imposition of additional duties of care. This could be made use of by the civil courts. As a result, it is, in point of fact, not stricter than MiFID/MiFID II because it uses space that MiFID/MiFID II itself provides. The only question is exactly how much scope the open standard offers, partly in the light of the EU principle of legal certainty.

Let us take an example. MiFID/MiFID II provides that warnings may be given in standard form.^[125] An approach in which the civil courts, by applying the special duty of care, require that risks be warned about in explicit and unambiguous terms, and the investment firm must then satisfy itself that the retail investor is actually aware of these risks, would seem to go beyond a standardised warning,^[126] although a standardised warning will, of course, also have to be sufficiently clear.

May a civil court now reason as follows? The investment firm complied with its duty to warn about the risks of the product in a standardised format, thereby fulfilling its actual duty to provide information under MiFID/MiFID II. But under the general duty of loyalty, the investment firm should nevertheless also have warned about the risks in explicit and unambiguous terms, and should then have ensured that the retail investor was actually aware of these risks. Accordingly, the investment firm breached the general duty of loyalty under MiFID/MiFID II and the investment firm must compensate the investor for the loss suffered as a result.

From the perspective of the EU principle of legal certainty, this line of reasoning can be questioned. At the same time, the Nationale-Nederlanden judgment proves that the CJEU is willing to be flexible with the principle of legal certainty for the sake of a just outcome. From this perspective, it therefore remains to be seen whether the CJEU will actually prohibit national civil courts from applying the general duty of loyalty under MiFID/MiFID II in order to require investment firms to provide individualised rather than standardised risk warnings. The CJEU attaches great importance to investor protection, especially when it comes to consumers. This is reflected, for example, in its far-reaching case law on the Unfair Terms Directive, including judgments on all kinds of banking and other financial contracts concluded with consumers.^[127]

V Final remarks

The three variants of the knock-on effect of financial supervision law in civil liability law outlined in this contribution show that public and private law in the financial sector have become closely intertwined. For a balanced judgement on liability, it has become indispensable for the civil courts to include financial supervision law in their analysis, regardless of whether this supervision law is of national origin or originates from Brussels. Moreover, it is important for the civil courts to take into consideration the general principles of EU law, such as the principle of effectiveness and the principle of legal certainty. In any case, the influence of financial supervision rules on liability law has increased considerably, and the end is not yet in sight.

As the influence of financial supervision law on liability law has grown, the complexity of the law has increased accordingly. The analysis has become a lot more complicated, with a greater risk of errors, in part because the supervisory rules are ever-expanding and are also regularly amended, all against the background of an ever-increasing workload for the judiciary.^[128] Greater judicial specialisation could be part of the answer, provided that a thorough knowledge of the general doctrines of civil law remains guaranteed.

The increased complexity is also leading to considerable legal uncertainty, as there are still many unanswered fundamental questions about the extent of the impact of financial supervision law on liability law. For instance, there will undoubtedly be legal experts who take the view that, ultimately, it cannot be said with certainty whether it is a mandatory corollary of the EU effectiveness principle that civil courts may not rely on more lenient (less strict) standards than those under EU supervisory rules that have been infringed in a particular case. Be that as it may, even apart from the principle of effectiveness, I think there is a strong argument in favour of civil courts not being allowed to apply more flexible (less strict) standards than the standards under the applicable supervisory rules, both for the sake of legal certainty and in order to guarantee at least a certain minimum level of statutory investor protection, regardless of whether the supervisory rules come from Brussels or a national legislator. Even then, by the way, the civil courts can still do justice to the circumstances of the case, for instance through the doctrine of contributory negligence, which is also recognised as a general principle in EU law.^[129]

Furthermore, according to the Dutch Supreme Court, the civil duty of care may extend beyond the rules of conduct under supervisory law, but, insofar as these rules of conduct have an EU origin, arguments can still be derived from the EU principle of legal certainty that this is subject to certain preconditions. As far as investment insurances are concerned, this has also been accepted by the Dutch Supreme Court, but this was inevitable as the CJEU’s judgment in Nationale-Nederlanden v Van Leeuwen meant that there was no way around this. And civil courts have even less room for manoeuvre if it is assumed that EU law is blind to the distinction between public and private law, which in any case may differ from one Member State to another. But even in the latter, most far-reaching approach, the civil courts still have the necessary room for manoeuvre, because the supervisory rules of conduct themselves also contain open norms, through which the courts can impose additional duties of care if that is required in the circumstances of the case.

It is also notable that financial supervision rules are themselves increasingly likely to contain liability law rules, for instance for collective investment scheme depositaries, credit rating agencies and crypto providers. However, as we have seen, these liability rules are still relatively rudimentary, they raise many questions and it is always necessary to include national liability law and national procedural and evidentiary law in the analysis. As matters now stand, EU law is simply not a fully-fledged legal system capable of operating completely autonomously from national law. Since, for the time being, national courts have jurisdiction to take cognisance of liability issues of this kind, one can only hope that they will apply these liability rules with due regard to their EU origin, and that, where necessary, they will be prepared to request preliminary rulings from the CJEU.

Be that as it may, the complex issue of the effect of financial supervision law in private law will continue to demand the attention of judges, legislators, lawyers and academics in the coming decades.

Published Online: 2024-12-05

Published in Print: 2024-11-27

This work is licensed under the Creative Commons Attribution 4.0 International License.

Articles in the same Issue

https://doi.org/10.1515/jetl-2024-0013

Creative Commons

BY 4.0