Two Sides of the Same Coin: EU Financial Regulation and Private Law

Today, legislators, courts, financial regulators and other actors at the EU and national level face major new challenges in safeguarding public and private interests in an increasingly digital and sustainability-minded environment surrounding financial markets. Innovative ways of addressing tensions between the common good and the individual preferences of market actors are needed to address these challenges. However, at present, the efforts to develop workable solutions are seriously hampered by the gap between the two areas of law that profoundly shape the financial markets—financial regulation and private law—in the current European policy discourse and legal scholarship. This article is an attempt to systematically rethink the role of private law in the regulatory and enforcement landscape for financial markets and its relationship with public regulation more generally. It argues that financial regulation and private law are not two parallel universes, but rather two sides of the same coin, each of which has a critical role to play in safeguarding public and private interests. Examining EU financial regulation through the ‘private law’ lens would enable us to unveil a complex interplay between the regulatory dimension, contractual settings and private law remedies that we need to better understand in order to be able to better regulate financial markets. Conversely, examining national private law through the European ‘regulatory’ lens would allow us to unpack the potential of traditional private law to contribute to the objectives of EU financial regulation, while at the same time realising justice between private parties.


Introduction
The relationships between private parties in the financial sector were traditionally the exclusive domain of private law. Private law norms used to govern the interactions between banks and clients, credit rating agencies and investors, or between financial firms. Nowadays, however, such relationships have also increasingly become subject to financial regulation at the European Union (EU) and national level. Financial regulation increasingly determines how financial firms should behave in the contractual and extra-contractual domain, often using traditional private law as an instrument in the pursuit of public goals, such as financial stability, market efficiency, and consumer/investor protection.
For example, the EU Markets in Financial Instruments Directive II (MiFID II) 1 and the Markets in Financial Instruments Regulation (MiFIR), 2 adopted in the wake of the recent global financial crisis to replace MiFID I, 3 pose significant limits to freedom of contract in making standard contract terms for investment products, distribution agreements for such products, and service contracts for the provision of investment advice. Similarly, the Credit Rating Agencies (CRA) Regulation 4 obliges credit rating agencies to ensure that the issuing of a credit rating is not affected by conflicts of interest.
Furthermore, the rise of public supervision of the financial sector and public enforcement of financial regulation by EU and national financial supervisory authorities-a process known as 'agencification' 5 -has led to the development of a hybrid legal order which can be called 'European financial supervision private law'. 6 I use this oxymoron to describe a set of regulatory conduct of business rules with a European origin, to be observed by financial firms in the contractual or non-contractual domain, which forms part of a framework for public supervision over financial markets in the EU. From a legal-technical point of view, European financial supervision private law rules in this sense concern the relationship between a particular financial firm and an administrative agency entrusted with the supervisory and enforcement tasks and thus do not belong to the realm of traditional private law, particularly contract and tort law. At the same time, such rules set standards of behaviour for the relationship between financial firms and other professional or non-professional 1 5 See, e.g., Scholten and Van Rijsbergen (2014). 6 On this emerging legal field in more detail, see Cherednychenko (2014a). See also Micklitz (2014); Cherednychenko (2014b). private parties and often aim to protect the latter. In essence, therefore, European financial supervision private law affects the relationships between private actors and can thus be considered as quasi-private.
The upsurge in regulatory and supervisory action to rein in the financial industry post-crisis has led to the growing entanglement between financial regulation and traditional private law at the EU and Member State level. 7 At the same time, however, the disciplinary divide and silo mentality still profoundly affect the academic discourse on financial services and activities in Europe where financial regulation (predominantly as part of public law) and private law are still largely studied separately. As Mads Andenas and Federico Della Negra observe: 'For a contract lawyer, an interest rate swap is a contract, but for an administrative lawyer, it is a financial instrument.' 8 The gap between financial regulation and contract law is also manifest in the current EU policy discourse which has traditionally been concerned with the economic activities of market participants (e.g., financial services) rather than the legal mechanisms that enable such activities (e.g., contracts) and enforcement avenues that are available to private parties.
This article is an attempt to systematically rethink the role of private law in the regulatory and enforcement landscape for financial markets and its relationship to public regulation more generally. It argues that the gap between financial regulation and private law in the European policy discourse and legal scholarship seriously hampers the development of a coherent, just and effective legal regime for the financial sector. It must be acknowledged that financial regulation and private law are not two parallel universes, but rather two sides of the same coin, 9 each of which has a critical role to play in safeguarding public and private interests in financial markets. Examining EU financial regulation through the 'private law' lens would enable us to unveil a complex interplay between the regulatory dimension, contractual settings and private law remedies that we need to better understand in order to be able to better regulate financial markets. Conversely, examining national private law through the European 'regulatory' lens would allow us to unpack the potential of traditional private law to contribute to the objectives of EU financial regulation, while at the same time realising justice between private parties. Such a holistic approach to financial regulation and private law is particularly needed today when legislators, courts, financial regulators and other actors at the EU and national level face major new challenges in safeguarding public and private interests in an increasingly digital and sustainability-minded environment surrounding financial markets.
Before we can begin to examine the interplay between financial regulation and private law, however, the meaning of each needs to be clarified. The complexity of defining these categories is reflected in the debates on the meaning of regulation 10 7 See also Grundmann (2017), pp 926 et seq. 8 Andenas and Della Negra (2017), p 505. 9 Cf. Hopt (2012), p 997, who uses this idiom to describe the interrelation between individual investor protection (that is, protection of the individual investor) and functional investor protection (that is, protection of the financial market). and its relationship to law, in general, 11 and private law, in particular. 12 Although these categories may have intuitive appeal, establishing criteria which differentiate between them is not straightforward. In a broader sense, the term 'regulation' can be understood as any system of rules-either produced by state or non-state actors-that intends to govern the behaviour of its subjects with a view to achieving a certain outcome. 13 In a narrower sense, the term 'regulation' is often used to describe a set of rules promulgated by government to control the operation of markets and accompanied by mechanisms for monitoring and enforcement, usually by a specialist public agency (also known as 'public regulation'). 14 Controversy also surrounds the concept of private law and its relationship with regulation. While the conventional approach to private law emphasizes its distinctive value in pursuing interpersonal justice in horizontal relations, 15 an increasing number of scholars consider private law to be an instrument for governing complex economic and social relations. 16 Moreover, the EU widely uses private law, particularly contract law, as a tool for market integration. 17 The oxymoron 'European regulatory private law' 18 -a term used to refer to EU measures of a regulatory nature that affect private law relationships-aptly captures this point. Nevertheless, for the sake of analytical clarity, when analysing a complex relationship between financial regulation and private law within the EU multi-level system of governance, it is helpful to distinguish between the two as ideal types, given the primary focus of each. For the purposes of this contribution, therefore, financial regulation is conceived of as a set of sector-specific EU and national rules imposed by government on the financial sector in the public interest and enforced by administrative agencies. By contrast, private law-notably contract and tort law-is understood as a legal framework which allows private parties to shape their legal relationships as self-determining agents and which, while being not insensitive to the common good, primarily seeks to ensure the balance between the interests of the parties.
The analysis in Section 2 commences with a sketch of the legal matrix for the financial sector, which includes a complex mix of public and private law instruments. The following sections explore the link between EU financial regulation and private law in the domains of retail financial market regulation (Sect. 3), prudential financial regulation (Sect. 4), and enforcement more generally (Sect. 5). These three domains have been profoundly affected by post-crisis EU regulatory measures and are therefore particularly relevant for present purposes. The analysis reveals actual and potential weaknesses in the overall legal framework for the financial sector in terms of coherence, justice, and effectiveness. Section 6 concludes with a recommendation for a more integrated approach to financial regulation and private law at the EU and national level.

The Legal Matrix for Relationships Between Private Parties in the Financial Sector
The growing importance of EU financial regulation as well as public supervision and enforcement in the private law domain has resulted in an overly complex legal matrix for relationships between private parties in the financial sector at the national level (see Fig. 1). The main components of this matrix include EU financial regulation, national administrative law, and national private law. In addition, multiple actors at the EU and Member State level are involved in rule-making, ensuring compliance with and the enforcement of multiple sets of rules. These include legislators, financial regulators (including three European Supervisory Authorities (ESAs)-the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), and the European Insurance and Occupational Pensions Authority (EIOPA), as well as the European Central Bank (ECB)), courts (including the Court of Justice of the European Union (CJEU), as well as national administrative and civil courts), alternative dispute resolution (ADR) bodies, and the financial industry. At present, all these actors face a major problem. There is no holistic theoretical framework to guide them in developing, interpreting and applying multiple sets of norms that directly or indirectly affect relationships between private parties in the financial sector.
There is general agreement that financial markets must be regulated because they are prone to failures. The potential market failures relate, for instance, to asymmetries of information between market participants and behavioural biases in consumer financial decision-making. And yet, one of the underlying causes of the recent global financial crisis is widely thought to have been a failure of the financial regulation itself-a failure to control misconduct by financial firms. The crisis has underlined the difficulties that regulatory measures generally face in capturing the complexity and dynamics of modern financial markets. As financial products and financial firms are in a constant state of flux, the process of identifying market failures, determining regulatory instruments, and ensuring their implementation is far from straightforward.
Moreover, the enforcement of applicable standards presents particular challenges for the development of a coherent, just and effective legal regime for the financial sector. Although the ultimate enforcement authority remains vested in state institutions, different public and private actors, such as financial regulators, courts, and ADR bodies, increasingly compete with one another in the enforcement domain. 19 The emergence of a regulated market for dispute resolution, in which providing justice is a service, contributes to the increasing fragmentation of the legal matrix for interactions between private parties in the financial sector, making it increasingly difficult to navigate.
The private law dimension of financial markets deserves particular attention in this context. As Julia Black aptly observes: Financial markets are inextricably interwoven with legal institutions as the products they trade in are legal, calculative and accounting constructs. Law does not just 'vindicate' financial instruments […], it constitutes them. Financial markets' development and innovation is thus facilitated by the 'law merchants' of the legal profession, who give material form to these synthetic constructs in legal opinions, standard form precedents and bespoke contracts which provide innovative ways in which to allocate rights and risks and exert a considerable influence in shaping market practice. The terms of those contracts will be the terms, for the most part, on which markets operate. They create the products that set the terms on which risk is being distributed and the terms on which it will crystallize. 20 A better understanding of the role of private law in constituting and regulating financial markets is thus key to ensuring regulatory success, and not only at national but also at EU level. In particular, gaining such understanding is in line with the European Commission's Better Regulation strategy.
According to the Commission, 'Better Regulation' is about designing EU policies and legislative instruments 'so that they achieve their objectives at minimum cost'. 21 Apart from efficiency, regulatory coherence and effectiveness are key in this context. However, the gap between financial regulation and private law in the current European policy discourse and legal scholarship may seriously undermine the efforts to meet these objectives. This gap is well illustrated by some examples from retail financial market regulation, prudential financial regulation, and the enforcement domain more generally, which are discussed below. These examples are also used to demonstrate how private law considerations can be given more weight in the EU's regulatory landscape, and not only when it comes to setting policy goals or standards, but also in the context of supervision and enforcement. For this purpose, we look at EU financial regulation through the 'private law' lens. Furthermore, the analysis of the enforcement landscape in the financial sector also shows how civil courts at Member State level could contribute to the realisation of EU policy goals when resolving disputes between private parties under private law. Here we look at national private law through the European 'regulatory' lens.

EU Retail Financial Market Regulation
A close link between financial regulation and private law is, at least in theory, particularly evident in the area of retail market regulation, the bulk of which is comprised of conduct of business rules. In the post-crisis conduct of business regulation adopted by the EU, one can distinguish between contract-related rules of business conduct and organisational requirements. The former are standards of behaviour that a financial firm should observe in contractual dealings with customers (e.g., a duty to know one's customer or a duty not to accept inducements from third parties). The latter are associated with requirements for the internal organisation of the activities of a financial firm, irrespective of the relationship with the client (e.g., product governance rules). Although such rules are regulatory and mostly supervisory in nature, in essence they determine how financial firms should treat their customers, and thus inevitably shape the relationships between private parties in the marketplace. 22 Moreover, many contract-related rules of business conduct (e.g., a duty to know one's customer) even originated in the traditional private laws of the Member States. 23 Yet, a closer look at EU retail financial market regulation through the 'private law' lens reveals that the link between the regulatory dimension and traditional private law in this domain is far less straightforward than might initially appear. While the need for a high level of financial consumer protection has been acknowledged by the EU, the relationship between the parties to consumer financial contracts has never been its central concern. Unlike traditional national private law, EU retail financial market regulation regards the contracting parties not as ends in themselves with their own justified interests, but rather as market functionaries, such as consumers, retail investors, investment firms or mortgage credit intermediaries, which play their roles in the internal market. 24 Consumer financial contracts and private law more generally are seen as vehicles of financial market integration. Whereas EU retail financial market regulation generally aims to ensure financial consumer/ retail investor protection, these specific objectives are linked to the promotion of the single market as a meta-goal. Accordingly, protective measures are primarily justified by the considerations of ensuring access to the internal market. 25 Insofar as EU retail financial market regulation is concerned with balancing the interests of financial firms and their customers, this interpersonal dimension typically plays a subsidiary role. 26 Whether a particular EU measure will confer private law rights or remedies on financial consumers/retail investors appears to be primarily dictated by the path dependency of harmonisation in a given area (notably the pre-existence of the national or EU legal framework that would ensure such rights) and/or the political constraints surrounding the EU law-making process (notably resistance by the industry and/or (some) Member States to the harmonisation of private law remedies, such as civil liability). 27 It does not therefore come as a surprise that, overall, EU retail financial market regulation suffers from an interpersonal justice deficit. 28 The weak link between financial regulation and private law in the EU policy discourse is manifest in contradictions and tensions between the post-crisis policies and regulatory objectives, demonstrating no coherent policy agenda for retail financial markets. For example, the different political backgrounds to the Consumer Credit Directive 29 and Mortgage Credit Directive 30 have resulted in peculiar differences in the levels of consumer protection with respect to non-mortgage and mortgage credit in the EU. In particular, while the pre-crisis Consumer Credit Directive has only introduced a limited duty of responsible lending which does not specify the consequences of the negative outcome of the consumer's creditworthiness assessment, 31 the post-crisis Mortgage Credit Directive has obliged the creditor to refuse to grant 24 Cf. Micklitz (2009) Cf. Hesselink (2016), p 445, who points to a 'possible deficit in civil justice' in the EU more generally. 29  credit to the consumer in such a case. 32 By introducing a stricter responsible lending obligation, the Mortgage Directive has clearly departed from the more liberal approach of the Consumer Credit Directive and struck a different balance between access to credit and consumer protection against overindebtedness. One may question, however, to what extent the fundamental differences in the levels of consumer protection between the two directives are justified. After all, problems of irresponsible lending exist not only in secured but also in unsecured credit markets, particularly those associated with high-cost credit, such as payday loans. 33 It is also telling that the current EU regulatory framework for consumer credit is not well equipped to address the novel risks involved in consumer peer-to-peer lending (P2PL)-a newly emerging form of crowdfunding that connects those who lend money directly with those who need financing by means of an electronic platform outside the conventional financial system. While P2PL raises profound concerns in terms of both consumer borrower and consumer lender protection, 34 it falls outside the scope of the Consumer Credit Directive. Moreover, these concerns appear to be of only secondary importance in the context of the EU efforts to promote this novel form of fundraising as part of its economic growth agenda. 35 According to the European Commission, the overall aim of its initiative for an EU regulatory framework for crowd and peer-to-peer finance is 'to enable crowdfunding activity to grow by making better use of the Single Market potential'. 36 Further, the Commission's recent proposal for a regulation on European crowdfunding service providers is limited to business lending and thus does not include consumer P2PL. 37 The tensions between various EU policy objectives also become clear in the context of retail investment services. On the one hand, the post-crisis era has witnessed a revolutionary intervention in the product life-cycle and remuneration structures in the distribution chain, indicating a major shift from the information paradigm of retail investor protection to more intrusive forms of financial regulation. 38 These include organisational requirements imposed on product design processes within investment firms, the powers of financial regulators to prohibit investment products, and bans on third party inducements by investment firms when providing independent investment advice and portfolio management to customers. 39 The MiFID II/ MiFIR regime, which contains the respective rules, reveals the EU legislator's distrust in the retail investors' and markets' ability to support optimal choices and the attempt to construct 'safe spaces' within which retail investors can operate. 40 On the other hand, however, the EU legislator appears to have a different image of the retail investor in mind in the context of the Banking Union-the post-crisis 35 Cf. Moloney (2015), p 744. 36 European Commission (2017b), p 2. 37 European Commission (2018c). 38 On this in more detail, see, e.g., Cherednychenko (2014c); Moloney (2018). 39 See, e.g., MiFID II, Art. 24 and MiFIR, Arts. 40-42. 40 Moloney (2018), p 258. regulatory and supervisory reform package to reinforce financial stability in the EU-, and particularly within the Single Supervisory Mechanism (SSM) concerned with bank resolvability. 41 When it comes to retail investment in complex bank securities, retail investor holders of such securities tend to be regarded as 'responsible financial citizens', capable of bearing losses following bank resolution. 42 Similarly, while FinTech is currently posing particular challenges for retail investor protection, notably in relation to investment-based crowdfunding, 43 the European Commission's FinTech Action Plan 44 related to its Capital Markets Union agenda 45 is first and foremost directed at fostering consumer/investor access to financial services. Even though the Action Plan highlights the need for a high level of consumer protection with regard to fintech, 46 it is predominantly concerned with fostering innovation in this area, in particular through an EU-level regulatory 'sandbox' for fintech firms. 47 Such an approach may lead to the construction of an excessively facilitative specialist regime for fintech providers of investment services that is out of touch with the predominantly protective regime for other providers under MiFID II/MiFIR. 48 Thus, the analysis of the current EU retail financial market policy space through the 'private law' lens reveals the vulnerable position of the financial consumer/retail investor interests therein. While the post-crisis EU regulatory measures are generally more paternalistic and interventionist than those adopted pre-crisis, financial consumer/retail investor protection can still be trumped by more dominant considerations related to the promotion of financial stability, consumer access to the markets or technological innovation. A stronger focus on the private law dimension of retail financial markets is needed in order to develop a more coherent regulatory agenda that would take interpersonal justice, and thence the interests of the weaker private parties as such, more seriously.

EU Prudential Financial Regulation
Prudential regulation of the financial sector is concerned with the safety and soundness of individual financial firms (that is, micro-prudential regulation), and with systemic risks to the financial system as a whole (that is, macro-prudential regulation). Micro-and macro-prudential regulation generally complement each other in ensuring financial stability and impose requirements on, among others, capital, remuneration, governance arrangements, and management bodies. The harmonisation of prudential regulation has also been one of the priorities of the European Commission in the Banking Union context. While the prudential regulatory measures adopted within this framework may affect private law relationships, 49 their effectiveness depends on, among other factors, how financial firms treat their customers. This points to a link between prudential regulation and private law, and raises the question of whether prudential regulation is sufficiently sensitive to the private law aspects of the phenomena that it seeks to regulate.
Let me illustrate this point by using the example of culture in financial firms. The recent global financial crisis has made it clear that human behaviour plays a critical role in the functioning of financial firms and affects their performance. Therefore, post-crisis the culture in financial firms has come under supervisory scrutiny, both at the EU and national level. Two methods can be identified in this context: (a) at an individual level-the fit and proper test for board members as the carriers of culture in financial firms, and (b) at a group level-ensuring safeguards against risky behaviour.
The fit and proper test must ensure that individuals who pose a risk to the proper functioning of a financial firm do not enter that firm and do not continue in their function if a serious issue arises. The firms have primary responsibility for selecting and nominating individuals for a management body who comply with the requirements for fitness and propriety. Financial supervisory authorities act as gatekeepers. Within the SSM, the ECB decides on the appointment of management body members of the significant credit institutions that fall under its direct supervision. 50 The ECB and the national competent authorities (NCAs) jointly assess the fitness and propriety of new board members against five criteria: experience, reputation, conflicts of interests and independence of mind, time commitment, and collective suitability. 51 When applying these criteria, the ECB follows a case-by-case approach which takes into account the peculiarities of national law. What is striking about the ECB's approach to fit and proper assessments, however, is that it does not explicitly consider the past performance of prospective board members with respect to customer treatment. Has the financial firm previously led by the individual concerned treated its customers fairly? Or has it been involved in the mis-selling of financial products, as evidenced by the decisions of a financial regulator, an ADR board and/ or a civil court? And if so, can that individual effectively lead another financial firm?
At present, these questions are not directly relevant for the purposes of the fit and proper test at the EU level. But they do matter when the respective regulatory standards are assessed through the 'private law' lens, which highlights the relevance for prudential purposes of the financial firm's past conduct in the product development and distribution phases. After all, incorporating this factor into the fit and proper test could prevent new mis-selling cases, thereby enhancing the effectiveness of prudential regulation.
The other method of improving the culture in financial firms-ensuring safeguards against risky behaviour-raises similar concerns. Financial regulators are increasingly targeting the group level by supervising group dynamics and decision-making in the boardroom. In particular, the Financial Stability Board (FSB) has identified foundational elements of a sound risk culture in a financial institution that should be considered by financial supervisory authorities. 52 These indicators include tone from the top, accountability, effective communication and challenge, and incentives. The Dutch Central Bank, for example, appears to go even further. In order to identify irresponsible and unethical behaviour, it applies three frameworks for assessing the culture in a financial firm: (1) the board's effectiveness (observing group dynamics and decision-making in the boardroom); (2) the risk culture (determining to what extent specific behavioural patterns in a financial firm influence risktaking); and (3) the effectiveness of institutional change (determining to what extent groups in a financial firm are willing to change). 53 Yet again, however, the private law implications of the culture of financial firms are currently not taken into account in such assessments. In particular, financial regulators do not consider whether a particular culture regarded as sound has produced a positive impact on the design of financial products or customer treatment in the distribution phase. It is generally assumed that a sound culture at the top is crucial to ensuring that financial firms put customers' interests first. But so far little is known about the precise modalities of the relationship between the two.
Thus, the assessment of financial stability-oriented prudential regulation through the 'private law' lens highlights the need to better integrate the conduct of business aspects in the prudential domain. As the preceding analysis has shown, how financial firms interact with their customers has been shaped by the EU conduct of business regulation (mostly in the form of European supervision private law as defined above) and traditional national private law. The link between prudential regulation, the conduct of business regulation and private law is currently underdeveloped. However, a change appears to be underway.
Most notably, there is growing attention in the prudential sphere to the conduct of financial firms towards their customers, reflecting the fact that severe patterns of misconduct, including the mis-selling of financial products, may adversely affect financial stability. 54 In particular, EBA has deployed prudential supervisory 52 Financial Stability Board (2014). 53 Cherednychenko (2017) (2015). 54 On this in more detail, see, e.g., Moloney (2018), pp 275 et seq. strategies to address 'conduct risk' defined as 'the current or prospective risk of losses to an institution arising from inappropriate supply of financial services including cases of wilful or negligent misconduct'. 55 In the context of the Capital Requirements Directive IV (CRD IV)/Capital Requirements Regulation (CRR), 56 for example, EBA required national authorities to consider a bank's exposure to conduct risk, including in relation to poorly designed distribution channels, conflicts of interest in the conduct of business, product mis-selling, in both retail and wholesale markets, and unfair processing of customer complaints. 57 Indicators of conduct risk include sanctions imposed by relevant authorities and complaints made against the bank in terms of numbers and the amounts at stake. Misconduct can lead to additional, costly capital requirements for a bank. Furthermore, conduct risk has also been incorporated within EU bank stress tests which have been coordinated through EBA. In particular, the 2018 stress test of 48 major EU banks, which required a consideration of the impact of conduct risk on bank capital, found that conduct risk losses accounted for EUR 54 billion. 58 The inclusion of conduct risk among the risks against which financial firms are stress tested and required to provide capital under prudential regulation internalises within the firms, through capital charges, the costs of misconduct in the private law domain, generating cost-based incentives to treat customers fairly.
The embedment of conduct risk in prudential regulation also reflects an international trend. In particular, the Financial Stability Board (FSB) responsible for promoting global financial stability has recently come up with a toolkit for financial firms and regulators to strengthen corporate governance in order to mitigate the risk of misconduct, including product mis-selling in retail financial markets. 59 FSB has focused on three interrelated aspects considered to be especially important from a financial stability perspective: (a) cultural drivers of misconduct; (b) individual responsibility and accountability; and (c) the 'rolling bad apples' phenomenon, which refers to individuals who engage in misconduct in one firm but are subsequently employed elsewhere. The toolkit shows how the conduct risk can be incorporated within the corporate governance structures and related supervisory strategies, and can thus be used to fill some of the gaps in the supervision of culture at an individual and group level identified above. For example, financial regulators could require firms to regularly reassess and revalidate the conduct or suitability of the employees deemed to pose the greatest risk to customers; 60 provide methods for firms to exchange meaningful information on employees, such as databases; 61 and build a supervisory programme focused on culture to mitigate the risk 55  of misconduct. 62 While the tools are described in rather general terms, they strongly encourage legislators and prudential regulators to think creatively about how to embed the conduct risk, and thus the private law aspects associated therewith, in the prudential ambit.

EU Level
Effective enforcement in terms of reducing the incidence of harmful behaviour and at the least cost for both the regulators and the regulated is vital to the ability of EU financial regulation to attain desired outcomes. Accordingly, efforts to set standards must be allied to effective supervisory and enforcement strategies. 63 However, the development of such strategies is seriously hampered by the gap between financial regulation and private law, which is most evident in the current enforcement landscape.
First, the rise of public supervision and enforcement in the private law domain poses many new challenges in developing an adequate enforcement strategy at the EU and national level. 64 In particular, one may question to what extent European supervision private law actually lends itself to formal enforcement actions with the use of pecuniary penalties and other punitive administrative sanctions. Such sanctions are prescribed, for example, by MiFID II. This directive specifies not only the range of administrative sanctions, including pecuniary penalties, which should be employed for certain types of breaches of investor protection rules, but also how the determination as to the appropriate sanction and the level of that sanction should be made. 65 But is this enforcement mode fit for purpose when it comes to the openended regulatory obligations of investment firms towards their customers which leave much discretion to the firms in terms of compliance?
Consider, for example, a duty to act 'honestly, fairly and professionally in accordance with the best interests of its clients' when providing investment services or a duty to ensure that financial instruments for sale to clients 'are designed to meet the needs of an identified target market of end clients'. 66 By placing a significant degree of responsibility for compliance on financial firms, conduct of business rules of this kind compensate for the limitations of prescriptive command and control regulation in capturing the complexity of financial markets. They allow financial firms to engage with the regulatory goals and spirit, and thus have the potential to prompt a cultural reorientation within the financial sector towards customers' interests and needs. However, resorting to top-down formal enforcement actions with the use of punitive administrative sanctions may stand in the way of realising this potential. This is particularly true for the product governance obligations of investment firms that manufacture financial instruments, partly because the financial regulators themselves have accumulated very little experience so far with this quite intrusive regulatory technique. It is noteworthy in this context that the Dutch Authority for the Financial Markets (Autoriteit financiële markten (AFM)), for example, tends to engage in a dialogue with financial firms about what constitutes a good financial product rather than to impose its own vision.
Furthermore, despite the rise of public enforcement, private enforcement by individuals or their groups remains necessary for EU financial regulation to achieve its policy goals. 67 After all, by exercising their liability rights, whether contractual or otherwise, customers play an important role in promoting responsible, customeroriented behaviour by financial firms. 68 The importance of private enforcement in the financial services sector has been increasingly recognized by the EU which has been keen to promote individual consumer redress through ADR, 69 and collective consumer redress through representative actions before national courts or administrative authorities. 70 However, the role of national private law within the European enforcement architecture has been largely neglected. This is reflected in the lack of a coherent approach to the issue of private law rights and remedies at the EU level.
For instance, some EU measures in the financial services field, such as the Payment Accounts Directive, 71 the Payment Services Directive II (PSD II), 72 and the Consumer Credit Directive, were, at least in part, drafted from the private law perspective and clearly conferred individual rights on financial consumers. The examples include the consumer's right of access to a payment account with basic features, 73 the consumer payer's right to a refund for payment transactions initiated by or through a payee, 74 and the consumer borrower's right to early repayment. 75 Moreover, PSD II also extensively deals with the issue of payment service providers' liabilities towards consumers, in particular in the case of unauthorized payment transactions or their defective execution. 76 In addition, this directive even contains rules on the burden of proof designed to improve the consumers' procedural position in disputes with providers. 77 It is undisputed, therefore, that such measures confer individual rights on consumers, empowering them to invoke these rights against financial firms.
In contrast, MiFID I and MiFID II, for example, were drafted from the perspective of public supervision, casting conduct of business rules of investment firms as supervisory standards subject to administrative enforcement. 78 This has led Member States to implement these rules within financial supervision frameworks, leaving the issue of their private law effect in the investment firm-client relationship to national civil courts. The latter in turn have demonstrated varying degrees of willingness to grant such effect in their legal systems. 79 Dutch and English courts, for example, generally tend to consider regulatory conduct of business rules when determining the private law standard of care or loyalty in contract or tort. 80 The German Supreme Court (Bundesgerichtshof (BGH)), in contrast, is reluctant to do so, denying the aggrieved investors not only the possibility to claim damages for a breach of the conduct of business rules on the basis of non-contractual liability for a breach of a statutory duty, 81 but also to benefit from the indirect effect (Ausstrahlungswirkung) of such rules on the standard of care in contract. 82 In its judgment in Genil v. Bankinter, 83 the CJEU has not taken the opportunity to unequivocally clarify its stance on the issue in question under MiFID I in the light of the principles of equivalence and effectiveness. 84 While MiFID II contains extensive rules on administrative sanctions for breaches of regulatory conduct of business rules, the 'principle of civil liability', which was included in the initial consultation document of the European Commission, 85 ultimately did not make it into the text of the directive, in particular as a result of the resistance of the financial industry, coupled with the disagreement among Member States. 86 Thus, the uncertainty concerning the effect of the investment firms' regulatory conduct of business rules in private law, which has emerged 76 PSD II, Arts. 73 and 89. 77 PSD II,Art. 90. 78 On this in more detail, see Cherednychenko (2015a) See, e.g., BGH 19 February 2008, XI ZR 170/07, NJW 2008, 1734BGH 22 June 2010, VI ZR 212/09, NJW 2010 See, e.g., BGH 3 June 2014, XI ZR 147/12, no. 35, NJW 2014, 2947BGH 17 September 2013, XI ZR 332/12, WM 2013, 1983BGH 27 September 2011, XI ZR 178/10, NJW-RR 2012, 43. 83 Case C-604/11, Genil v. Bankinter, ECLI:EU:C:2013 On this in more detail, see Cherednychenko (2015b), pp 635 et seq. 85 See European Commission (2010), para. 7.2.6 (Liability of firms providing services). 86 Cf. Moloney (2012), p 421. under MiFID I, is likely to continue. Even more questions may arise with respect to the private law effect of organisational requirements in EU prudential regulation, such as the governance standards enshrined in CRD IV and CRR, given that these measures, like the MiFID I and MiFID II, are also silent on this issue.
The foregoing analysis of EU financial regulation highlights the need for greater sensitivity to the private law dimension in designing public and private enforcement mechanisms, and determining the extent of their harmonisation at the EU level. While certain EU measures provide for the intensive harmonisation of enforcement tools of a public law nature, such means may be ill-suited for ensuring compliance with the regulatory standards which, in essence, govern private law relationships. This is particularly the case with the standards that imply a wide margin of discretion for financial firms. In 'managing' private law relationships, financial regulators across the EU may need innovative supervisory practices of a more informal nature. 87 Pursuing a uniform public enforcement strategy in this area at EU level, however, could preclude national financial regulators from experimenting with different-both formal and informal-supervisory techniques in the private law domain.
At the same time, more harmonisation at EU level may be needed in order to strengthen private enforcement, and thence the interpersonal dimension, of EU financial regulation-an area which currently lacks a consistent approach to individual protection in case of a breach of regulatory standards. The lack of such an approach may seriously imperil the attainment of the regulatory objectives pursued by EU legislation. While full harmonisation in such a delicate area should be avoided, the minimum harmonisation of private law remedies for breaches of EU financial regulation, in particular civil liability, could ensure the European minimum level of individual protection without jeopardising the possibility for the Member States to further shape it within their private law systems.

Member State Level
The insufficient 'empathy' of EU financial regulation towards the private law side of private conduct that it seeks to steer raises the question about the role of civil courts and other dispute resolution bodies at Member State level in remedying the interpersonal justice deficit at the EU level. In order to unpack the potential of private (judicial) enforcement to contribute to the policy objectives pursued by the EU legislator in the financial sector, we need to look at national private law through the European 'regulatory' lens and conceptualize its relationship with EU financial regulation.
Such a conceptualisation is particularly needed in the context of the predominantly public law-oriented EU measures, such as the MiFID I and MiFID II discussed above. 88 While such measures aim to protect certain categories of market participants (e.g., investors), they nevertheless fall short of providing a minimum 87 See Svetiev and Ottow (2014); Cherednychenko (2016). 88 On the unrecognized distinction between the public and private law-oriented EU measures in the field of EU private law, see Cherednychenko (2020b).
European level of individual protection under private law. Even in the absence of an unequivocal obligation to this effect under EU law, however, national civil courts could address the lack of European private law remedies for breaches of regulatory conduct of business rules in deciding private law disputes, and thus contribute to the realisation of EU policy objectives.
In particular, civil courts could develop a complementary relationship between the 'public law'-coloured EU financial regulation, also known as European financial supervision private law in the above-mentioned sense, and national private law. 89 Such a relationship implies that when establishing the standard of care in private law, courts should consider the EU conduct of business rules that have become part of a national financial supervision framework. 90 In other words, the ex ante regulatory standards of financial firms' conduct should be taken into account when reviewing their behaviour towards (potential) customers ex post on the basis of general private law norms. Yet, the complementarity between EU financial regulation and national private law in this sense does not preclude civil courts from imposing more protective duties on financial firms in private law. 91 Such an approach has been adopted, for example, in the Netherlands. According to the standing case law of the Dutch Supreme Court (Hoge Raad), there is a two-tier system of duties of care for financial firms in Dutch law-public law duties and private law duties; while the public law duties influence the private law duties, the former do not determine the latter. 92 An aggrieved customer may thus invoke regulatory conduct of business rules in support of his or her private law claim. At the same time, the defendant financial firm cannot successfully contend that because it has complied with the applicable regulatory duty, it has also discharged its duty of care in private law. After all, private law concepts act as mediators of the effect of regulatory standards in private law relationships.
Furthermore, under the complementarity model, EU financial regulation may not only influence private law duties of care, but also rules of civil procedure. The latter often pose considerable obstacles to aggrieved customers on the way to redress. In the context of MiFID I and MiFID II, for instance, retail investors typically struggle to establish a causal link between the breach of the applicable standard of care by an investment firm and the damage sustained by them (a condicio sine qua non relationship). When faced with a claim for damages, investment firms often contend that even if they had, for example, properly informed or advised the client, he or she would have taken the same investment decision anyhow. As MiFID I and MiFID II do not contain any rules on the burden of proof in case of a breach of the conduct of business rules, it depends on national private laws whether and, if 89 On this in more detail, see Cherednychenko (2015a), p 513. 90 Cherednychenko (2015a), pp 513 et seq. 91 This idea of complementarity between the public law-oriented EU financial regulation and private law thus does not support the view expressed by some authors that because MiFID I provides for the maximum harmonisation of regulatory conduct of business rules for investment firms, Member States are not allowed to maintain or introduce stricter duties for such firms in national private law. This argument has been made, for example, by Mülbert (2006), p 318. 92 See, e.g., the case law mentioned above, n. 80. so, how evidential problems will be alleviated. However, in line with the idea of complementarity, the conduct of business regime enshrined in these directives, and the underlying goal of investor protection, could influence private law rules on causation, prompting national civil courts to reverse the burden of proof between the breach of the standard of care and the damage suffered in favour of retail investors or to lower the standard of proof concerning such a link. 93 This would not only assist retail investors in obtaining redress, but would also foster investor protection as pursued by MiFID I and MiFID II.
Embracing a complementary relationship between the 'public law'-coloured EU financial regulation and national private law would thus urge civil courts and other dispute resolution bodies to openly consider regulatory expertise when interpreting and applying traditional private law concepts in individual cases. This would enable them not only to develop an appropriate remedial response to breaches of regulatory standards, but also to contribute to the achievement of the underlying EU policy objectives. At the same time, the complementarity model would not eliminate the autonomy of national private law and private law adjudication from regulatory and supervisory measures. Such autonomy is particularly important today, given the growing standardisation of retail financial market governance through post-crisis EU measures, coupled with their increasingly technocratic quality, notably through ESMA's activities. 94 This trend is evident in the emergence of immensely detailed European regulatory standards on how firms should approach their engagement with retail financial markets. These standards leave national financial regulators in the first place with little room for manoeuvre, thereby impairing their ability to secure good retail market outcomes geared towards local market circumstances. In addition, however, over-reliance on prescriptive ex ante regulatory rules by national dispute resolution bodies may preclude such bodies from ensuring justice between the parties to an individual dispute. This in turn would undermine the potential of national private law systems to act as laboratories in which problems in financial markets can be detected and adequately addressed ex post.
By developing a complementary relationship between EU financial regulation and private law, national dispute resolution bodies could thus 'upgrade' the public laworiented EU measures, such as MiFID I and MiFID II, with the interpersonal dimension which is currently missing therein. But the idea of a dialogue between European supervision private law and traditional national private law enshrined in the complementarity model could also prove useful in other contexts, especially where the individual protection provided by a particular EU measure is weak. The CRA Regulation is a case in point. This EU measure puts in place a harmonized extra-contractual civil liability regime for credit rating agencies which provides investors and issuers with a European civil remedy that can be enforced before national courts. In particular, the regime is designed to facilitate investor redress in cases where there is no contractual relationship between a credit rating agency and an investor. 95 It is here 93 On this in more detail, see Wallinga (2020a); Wallinga (2020b). 94 On this in more detail, see Moloney (2018), pp 283 et seq. 95 CRA Regulation, recital 32. that the national private laws of the Member States are considered to be insufficient. Paradoxically, however, without further action at the national level discussed below, the European remedy for investors created by the CRA Regulation risks remaining a paper tiger, given the enormous civil procedural hurdles associated therewith that investors need to overcome to obtain compensation.
Article 35a of the CRA Regulation grants investors a right to claim damages from a credit rating agency in case of intentional or grossly negligent infringements of this regulation. The burden of proof with respect to all the requirements for establishing the agency's civil liability rests entirely with the investor. Not only does the investor need to establish that the credit rating agency has committed one of the infringements listed in the CRA Regulation by presenting 'accurate and detailed information' to this effect and 'that infringement had an impact on the credit rating issued'. 96 In addition, the investor must demonstrate that 'it has reasonably relied, in accordance with Article 5a(1) or otherwise with due care, on a credit rating for a decision to invest into, hold onto or divest from a financial instrument covered by that credit rating'. 97 It is generally very difficult, if not impossible, for investors to discharge the burden of proof with regard to these requirements. 98 The pertinent question is whether investors will succeed in establishing (a) a violation of the CRA Regulation by the credit rating agency and (b) a causal link between the violation and the damage suffered in terms of (i) the investor's reliance on the credit rating and (ii) the impact of the violation on that rating largely depending on the willingness of national civil courts to alleviate the evidential problems.
In fact, the possibility to do so when it comes to establishing an infringement of the relevant rules is provided by the CRA Regulation itself. The latter obliges national courts to assess for this purpose 'what constitutes accurate and detailed information', 'taking into consideration that the investor […] may not have access to information which is purely within the sphere of the credit rating agency'. 99 To address this problem in line with the idea of the complementarity between European supervision private law and national private law, national courts could allow investors, for instance, to rely on the decision of ESMA establishing the infringement of the CRA Regulation in civil proceedings. Furthermore, when an investor brings a claim against a credit rating agency based on national tort law-which is not precluded by the CRA Regulation-, 100 courts could allow him or her to establish causation based on other factors than the investor's reliance on a credit rating. For example, in the light of the US experience, investors could simply demonstrate 96 CRA Regulation, Art. 35a(2). It is notable that the initial proposal of the European Commission contained a 'partial' reversal of the burden of proof with respect to these requirements, stating that 'where an investor establishes facts from which it may be inferred that a credit rating agency has committed any of the infringements listed in Annex III, it will be for the credit rating agency to prove that it has not committed that infringement or that that infringement did not have an impact on the issued credit rating. ' See European Commission (2011), Art. 35a(4). 97 CRA Regulation, Art. 35a(1). 98 See, e.g., Picciau (2018). 99 CRA Regulation, Art. 35a(2). 100 CRA Regulation, Art. 35a(5). that the inaccurate credit rating has distorted the price of securities or that it has been a necessary precondition for offering securities on the primary market. 101 Such a solution could be achieved through the interpretation of national tort law in the light of the investor protection objective of the CRA Regulation, making it possible for investors to indirectly circumvent the problematic requirement of reliance under Article 35a. The development of a complementary relationship between EU financial regulation and national private law along these lines would thus enable the latter to contribute to the achievement of the regulatory objectives pursued by the EU legislator beyond what is strictly required by EU law, while at the same time ensuring justice between the parties to an individual dispute.

Conclusion: Towards a Holistic Approach to EU Financial Regulation and Private Law
The European financial sector today is subject to an overly complex and highly fragmented legal framework which includes an intricate mix of public and private law instruments. The legal regimes that govern particular financial services and activities are essentially hybrid in nature. Such regimes are not 'public law' or 'private law' in the traditional 'national' understanding. They are neither solely a product of the regulatory mind nor that of private law making. The post-crisis legal matrix for the financial sector in the EU is developing in a piecemeal fashion, combining elements of public and private law without a clear vision of how various bits and pieces actually fit together in the context of policy-making, standard-setting, and enforcement design. The resulting patchwork of rules raises serious concerns not only as to its overall coherence and effectiveness, but also in terms of justice.
In particular, the above analysis of EU financial regulation does not reveal a coherent approach to retail financial markets and to private enforcement more generally, demonstrating a considerable interpersonal justice deficit. Further, while the effectiveness of EU financial regulation in the prudential and conduct of business domain depends on a broader legal framework that reaches well beyond its regulatory ambit, the links between EU prudential standards, EU conduct of business rules, and national private law are currently weak, both in standard-setting and enforcement. Moreover, legislators, courts, financial regulators and other actors at the EU and national level face major new challenges in safeguarding public and private interests in an increasingly digital and sustainability-minded environment surrounding financial markets. However, the gap between EU financial regulation and private law in the current European policy discourse and legal scholarship stands in the way of developing innovative and workable solutions to address these challenges.
In order to reduce this gap, we need a more holistic approach to EU financial regulation and private law that would allow us to systematically rethink the role of private law in the regulatory and enforcement landscape for financial markets and its relationship with public regulation more generally. This approach would break down the boundaries between public and private law and would view these two areas of law as distinct but closely interrelated. This article has attempted to develop the contours of such an approach, arguing that financial regulation and private law are not two parallel universes, but rather two sides of the same coin, each of which has a critical role to play in safeguarding public and private interests in financial markets. The proposed holistic approach to public regulation and private law in the financial sector points to the need to construct an integrated theoretical framework in which to analyse the existing legal regimes and develop new ones in terms of policy goals and interpersonal justice, substantive standards, and enforcement tools. Such an enriched framework, which could inform rule-making and enforcement at different levels of the EU multilevel governance system, would allow for a systematic assessment of financial regulation through the 'private law' lens and that of private law through the European 'regulatory' lens.
Examining EU financial regulation through the 'private law' lens would enable us to unveil a complex interplay between the regulatory dimension, contractual settings and private law remedies that we need to better understand in order to be able to better regulate financial markets. Detailed empirical and legal-comparative studies can explore such an interplay within and across specific financial markets. These studies in turn should inform the 'fitness check' of EU financial regulation in line with the EU's Better Regulation agenda. A greater sensitivity to the 'private law' side of the coin in the context of EU law making can be expected to lead to a stronger overall focus on the interpersonal dimension of EU financial regulation; to closer links between conduct of business regulation, prudential regulation, and traditional private law; and to a more coherent enforcement strategy for financial markets. At the same time, close attention should be paid to the division of labour between the EU and Member States in order to avoid excessive harmonisation and to leave room for further experimentation in standard-setting and enforcement at the national level. Rediscovering the role of private law in the regulation of financial markets along these lines is also a prerequisite for the EU to be able to adequately respond to the emergence of new technologies 102 and to reorient financial markets to facilitate sustainable development. 103 Conversely, examining national private law through the European 'regulatory' lens would allow us to unpack the potential of traditional private law to contribute to the objectives of EU financial regulation, while at the same time realising justice between private parties. In particular, a complementary relationship between EU financial regulation and national private law, including both substantive and procedural rules, would prompt civil courts to reduce the interpersonal justice deficit at the EU level in cases where they are not-at least not explicitly-required to do so by EU law. By giving more attention to the 'regulatory' side of the coin within the private law discourse, courts could 'upgrade' the 'public law'-coloured EU measures, such as MiFID I and MiFID II, with the interpersonal dimension or strengthen the latter in those EU measures where it is currently weak, such as the CRA Regulation. At the same time, the complementarity between EU financial regulation and private law would not preclude national private law systems from acting as laboratories in which injustices in regulated financial markets can be discovered.
Further interdisciplinary research is needed to develop a holistic approach to EU financial regulation and private law. While there is much work ahead, can we claim that if the suggested integrated theoretical framework is in place and is widely used in practice another global financial crisis will be averted? Almost certainly not, given that the financial market reality remains highly complex. But such a framework could offer a solid basis for a systematic analysis of the legal regimes in the financial sector, which could ultimately lead to improvements in terms of coherence, justice, and effectiveness.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creat iveco mmons .org/licen ses/by/4.0/.