The article examines the legal liability (administrative and civil) regimes introduced to establish an accountability model for credit rating agencies (CRA). In particular, the article focuses on the limits that hinder the achievement of a comprehensive accountability model for CRA, in which the two functions of deterrence – performed by the ESMA’s supervisory power – and interpersonal justice – left to the national private courts – are effective and appropriately counterbalanced. Against the background of the three models envisaged for the interplay of public enforcement and private enforcement (separation, complementarity and integration of the two functions), which reflect models already adopted in the EU, the article explores the possibility of establishing a dialectical relationship between private autonomy and public rules in CRA’s liability cases. It does so, on the one hand, by ascertaining the existence of a continuous interaction between public enforcement (ESMA supervision) and private law, of which it provides two examples (the MiFID regulation for investment services and the Standardization Regulation European Union in specific industrial sectors) and, on the other hand, evaluating whether the harmonization of the constituent elements that constitute non-contractual liability or of the procedural rules in appeals for purely pecuniary damages is possible at a European level.

Sommario/Summary:

1. Introduction. - 2. In search of an accountability model for CRA. - 2.2. The trade-off between the functions of deterrence and compensation. - 3. The EU liability regimes for CRAs and their criticalities. - 3.2. Art. 36(a) of the CRA II. - 4. The rise of administrative enforcement and the interplay with private law remedies. - 4.1. The case of MiFID II. - 4.2. The case of the Regulation on European Standardization. - 5. The problem of harmonizing private enforcement of tort law in Europe. - 6. Conclusive considerations. - NOTE

1. Introduction.

These last years have experienced – especially in Europe – an increasing regulation of the Credit Rating Agencies (CRAs) industry, which, after the last financial crisis of subprime and mortgage loans, have been under scrutiny worldwide. In particular, CRAs were accused of contributing to the proliferation of structured finance products such as asset-backed securities (ABS) in the global market and assessing these credits very poorly – often overestimating them. However, they were also suspected of having discriminated between sovereign debtors [1], giving preferential treatment to some country-issuers, or sometimes acting in the most inconvenient time, spreading undue panic, while not acting in good time during the financial crisis of 2008 [2].

The anomaly in the CRAs industry is that, notwithstanding their semi-public function in ordering public financial markets worldwide, CRAs are private multinational enterprises operating behind the shield of limited liability. They aim to maximize profits and shareholders’ value. Even if their reputation provides a strong incentive for issuing honest information, they do not act in the common interest, as would be the case if they were regulatory agencies mandated by the State. In situations where private interests and public imperatives diverge, conflicts of interest may arise and undermine the credibility of the regulatory process [3].

In their defence, CRAs have consistently upheld their role as neutral information providers, a stance that has been the cornerstone of their reliability and reputation. This commitment to impartiality has been a key consideration for regulators, who have often favoured market control mechanisms over legal strategies when discussing CRAs’ regulation. This emphasis on their role as neutral information providers should reassure the audience about their integrity [4].

However, the US courts’ approach has shifted away from quasi-judicial immunity. CRAs have lost their permanent status as financial journalists, as demonstrated by the several lawsuits against CRAs that followed the financial crisis. US courts took up the idea that structured financial products were for a specific business audience, such as investment banks and selected groups of investment bankers, and, therefore, they were only of private – not public – concern. By re-qualifying CRAs’ ratings, no longer as political but as commercial speech that does not touch public concerns [5], the US courts held CRAs liable for having operated not continuously in good faith or with the required professional diligence [6].

In addition, governments worldwide have implemented a substantial body of transnational regulations to discipline CRAs and provide them with an accountability model. In the US, the introduction of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (‘Dodd-Frank Act’) has provided a comprehensive framework for regulating CRAs. In Europe, introduced in September 2009 [7], the CRA regulation has been overhauled in several steps with two amendments in May [8] and June 2011 [9] and a third in May 2013 [10]. Similarly to the EU, Russia has implemented a Regulation on CRAs to catch up with the Western countries [11]. Instead, the case of China is different, where the introduced legal framework regulates a broader range of topics compared to the US and EU and appears more ambitious but fragmented [12].

Among the various provisions implemented to discipline CRAs, this article focuses on the legal liability regimes introduced by the EU legislator, including civil and administrative liability, and their effectiveness. The legislator first introduced administrative liability by embracing a list of infringements that entail the imposition of administrative sanctions and assigning the enforcement powers to ESMA and, later, adopted the same list of infringements as a standard for CRAs’ civil liability. Therefore, the EU accountability regime for CRAs relies on administrative enforcement and private law remedies. These two (public and private) enforcements should interact to reconcile the pursuit of the public interest with a concern to ensure justice between private parties. Of course, an accountability regime for CRAs should not primarily compensate investors for their investment loss but rather improve the regulatory governance of the financial markets as a whole. However, EU legislators must modulate deterrence and compensation to obtain an accountability model with the proper balance. Improving regulatory governance attains to providing deterrence for the common good of the financial markets while compensating investors for their losses attains to ensuring justice [13].

Two factors complicate this task. First, the nature of rating that – being a judgment – is inherently fallible, and this impacts the extent to which the promisor will be bound to the promise given (obligations de moyens) [14]. Second, CRAs also rate states and state-owned corporations, and a liability regime that is too rigid could negatively impact their independence [15]. So far, CRAs have always preferred not to establish subsidiaries or branches in countries that do not grant a certain degree of independence. Likewise, they have often terminated their activities in a specific country rather than carry on a revision of their operations to public demands [16]. In 2013, the EU legislator introduced Regulation n. 462 to provide a harmonized regime for CRAs’ accountability within the EU countries. However, the Regulation is not an autonomous EU law. It renvoie to the relevant rules of private international law to determine the applicable national law for the interpretation of too many key terms, including, among others, the causation link. Taking advantage of the lack of harmonization between private law and private law remedies in the EU, CRA could incur in forum shopping or regulatory arbitrage, choosing countries that do not embrace stringent liability regimes to avoid States’ interference and liability [17].

This article continues as follows. Section 2 provides a theoretical context against which the conclusive considerations of the study will be valued. Assuming that ending the market’s over-reliance on CRAs is unlikely to happen and that CRAs are the best cost-effective choice of the EU national supervisors, the EU legislator’s challenge of introducing a sound accountability model for CRAs is to be able to counterbalance the two functions of deterrence and compensation without incurring in under or over-deterrence. Section 3 comments on the administrative and civil liability regimes introduced by the EU legislator and their criticalities. Section 4 ascertains the existence of an ongoing interplay between public (administrative) enforcement and private law and analyses how a dialectical relation between the two is possible in the case of CRAs. The section discusses two co-regulation mechanisms in which public and private enforcement interact: the MiFID II for investment services and the Standardization Regulation for specific industries. Section 5 completes the exam by assessing whether harmonization of the elements of tort law is possible at the EU level to facilitate interaction between public and private enforcement. Section 6 concludes.

2. In search of an accountability model for CRA.

2.1. Ending over-reliance on CRAs: a mission impossible.

CRAs develop an essential twofold audit function for financial markets. First, they evaluate the solvability of entities and their issues (credit risk audit). Second, by monitoring the performance of these entities through the periodical rating activity of their default risk, they indirectly contribute to the prudential supervision carried out by the financial authorities and central banks (compliance audit). Since assessing these securities may require a high level of knowledge and be highly time-consuming, the national regulators have been happy to delegate this task to CRAs trading off political control power for efficiency in the financial markets [18]. As financial markets grew increasingly complex, CRAs’ high reputation and technical skills have pushed national supervisors and institutional and non-institutional investors to rely on their cost-effective information services offered through economies of scale [19].

In addition, CRAs fulfil the role of real standard setters. The qualified financial opinions they issue through their ratings (indirectly) promote specific organizational procedures by establishing a shared understanding of what constitutes creditworthiness [20]. In other words, CRAs generate standards similar to, for instance, OECD recommendations (on best practices) for corporate governance. This mode of governance could be socially valuable for effectively harmonizing the praxis and uses of the markets [21]. Standards differ from rules. While rules are compulsory, standards are non-binding and for the use of the issuers who may or may not adopt them. However, CRA standards, represented by their issued ratings, have been enforced hierarchically by the States and their financial regulators through the regulatory involvement of ratings. Knowing that, as proved by the last financial crisis, the loss of reputation was not an effective deterrent for them, a model of accountability for CRAs is justified. They act as a quasi-regulatory authority, and a regulatory authority is accountable for any wrongdoing committed in the regulation issued [22].

Aware of the difficulty of ensuring justice among the private actors in the financial markets without incurring over-deterrence vis-à-vis the CRAs, the international regulators pointed out the need to end mechanistic reliance on CRA ratings by banks, institutional investors, and other participants. This task had to be achieved by removing regulatory references to ratings from financial regulations, laws, and standards and providing incentives for firms to develop their risk management mechanisms: the so-called two-pronged approach elaborated by the Financial Stability Board (FSB) [23]. Accordingly, the US government planned for it in the Dodd-Frank Act of 2010 [24], while the EU regulator in Article 5, Sections b and c of the EU Regulation No. 462/2013 on credit rating agencies (CRA III) [25]. However, removing all normative references to ratings from financial regulations has yet to prove as straightforward as expected. In the US States, the regulatory reliance on ratings has remained pervasive [26]. In the EU, the particular characteristics of the financial market have made it even more challenging to remove references to ratings within EU legislation altogether, and the process of reducing reliance on ratings has remained very early [27]. In the words of the EU Commission, «[…] there are currently no feasible alternatives that could entirely replace external credit ratings, and, although the Commission will seek to avoid and further reduce regulatory barriers to market entry, […] recent developments suggest that the market for credit ratings may remain a highly concentrated oligopoly for the foreseeable future» [28].

Thus, the strategy has slightly changed to focus on mitigation rather than the removal of mechanistic reliance on ratings [29]. Governments targeted CRA reforms to address the conflicts of interest in their governance and increase competition and transparency in the industry. Assuming that CRAs can certify the quality of complex structured finance products through ratings and that there is no better cost-effective alternative for measuring credit risk in global financial markets, the implemented reforms have also envisaged public and private enforcement as forms of administrative and civil liability regimes to provide a credible sanctioning regime (as a deterrent) in support of the CRA’s regulatory framework implemented and restore a sense of justice (compensation) in the markets after CRAs’ cases of wrongdoing.

2.2. The trade-off between the functions of deterrence and compensation.

The rise of regulation as a distinctive mode of governance has developed in the EU through a process known as “agencification”, which has led to the creation of new delegated institutions for specific policy objectives, such as the ESMA for the supervision of the EU financial markets. The proliferation of these new entities has led to the development of a hybrid legal order labelled “European financial supervision private law” or “regulatory private law” [30]. That framework identifies any financial company operating its business under the public supervision of an EU regulatory authority. In such a framework, the EU regulatory authority (financial supervision) affects the relationship between any financial company, including CRAs, and all the other private actors – professional or non-professional private parties – becoming a sort of quasi-private. There is, therefore, a need for coordination between the ex-ante public regulation and the ex-post civil liability remedy to counterbalance the functions of deterrence and compensation in CRAs’ accountability model. The public regulation, including the oversight measures and the specific powers of supervisor (public enforcement) granted to ESMA for their direct day-to-day supervision, should serve as a deterrent. Instead, the civil liability involving the private enforcement and ensuring justice between the private actors should compensate those who suffered damages caused by the infringements of CRAs. In addition, a civil liability regime, if operative, could also perform a deterrent function to discourage CRAs from non-compliance with regulatory and private law standards. Deterrence and compensation as a consequence of the actions of supervision and enforcement carried out by the regulatory agencies and the private courts should interact with each other in a way that they do not result in under or over-deterrence.

The interplay between administrative enforcement and private law remedies (i.e., private damages) has been envisaged in three ways. Public and private enforcement may exist separately. In this first model, administrative enforcement is a matter for the regulatory agency (ESMA), and private enforcement remains the exclusive domain of the national private law courts. This ‘separation’ model places the onus on the judiciary to develop private law remedies by private law principles. However, because deterrence and compensation are wholly decoupled, the separation model can jeopardize justice for both victims and perpetrators and lead to under- or over-deterrence. Alternatively, public and private enforcement may complement each other. The ‘complementarity’ model implies that the agency is empowered to facilitate redress before the national private law courts. This approach has the merit of ensuring justice and maintaining an essential private enforcement mechanism and the role of the courts. However, since compensation is not one goal of the ESMA’s enforcement policy, the extent to which this potential can be realized depends on the goodwill of both parties. The regulatory agency may be unwilling to allow disputes for private damages claims in court if these can raise financial stability concerns. At the same time, the CRAs may be unwilling to cooperate and not signal a facilitated path for private damages litigation, which could lead to over-deterrence. Finally, private law remedies may be integrated within the administrative enforcement mechanism to provide compensation and deterrence. In this third “integration” model, the agency is directly involved in doing interpersonal justice. Therefore, the judiciary has no role, or at least, it is minimal. Another potential area for improvement of this model is the need for coordination between punitive administrative action and redress measures [31].

3. The EU liability regimes for CRAs and their criticalities.

3.1. Art. 35(a) of CRA III.

Introducing a liability regime for rating agencies has been one of the most controversial aspects of the new CRA reforms [32]. Article 35(a) of the CRA III establishes CRAs’ civil liability rules in the EU [33]. According to it, CRAs are liable to investors and issuers if they commit specific infringements listed in Annex III of the rating regulation. Thus, CRA III does not refer to false or erroneous ratings as the cause of damage. It instead provides a list of infringements of regulatory provisions, which may cause damage to the investor or the issuer [34]. This EU legislator’s choice has raised some criticisms because the procedural nature of the infringements listed in Annex III may function as a limit of the cases where CRAs can be held liable. Contrariwise, a CRA could escape liability by merely complying with the set of rules of conduct listed in Annex III [35]. The infringement list is supposed to be exhaustive and serve as a foundation for a liability claim. The duties included are of three kinds: those related to conflicts of interest, organizational or operational requirements; those related to obstacles to the supervisory activities; and those related to disclosure provisions [36].

For accountability to exist, the CRA’s infringements must have impacted the rating, resulting in a patrimonial loss for the claimant [37]. Regarding the standard of care for civil enforcement, Art. 35(a) states that the infringement shall be committed «intentionally or with gross negligence» [38]. Therefore, it excludes cases of slight negligence. However, CRA III allows for «further liability claims in accordance with national law», which allows investors and countries victims of breaches of extra-contractual liability to sue CRAs in any European national court [39].

Furthermore, the investor who wants to establish a claim under Art. 35(a) must show that «in accordance with Art. 5a(1) or otherwise with due care», reasonably relied on the credit rating for the decision to invest in, hold, or divest from the asset and that the infringement has caused damage [40]. This condition has been labelled as misleading [41]. If obeyed to the letter, the provision would appear excessively burdensome for the claimant. If the investors, after exercising their credit risk assessment, nevertheless rely on the disputed credit rating for economic convenience, it would be virtually impossible to convince a court that they did not behave negligently. After all, CRAs exist for a reason: to evaluate the solvability of entities and their issues. The market needs their services because they reduce the cost of monitoring for the investors and the interest rates paid by the borrower. Asking investors to carry out the same evaluations would nullify the point of having CRAs who are qualified experts. For this reason, it would be more logical to read this condition as the investor must show they reasonably relied on the rating with due care, which is less than the Article 5a requirement. The legislator probably introduced the provision of conducting their credit risk assessment to reduce over-reliance on ratings, assuming it was possible to find a valid alternative to CRAs for the European market. However, this has yet to be possible, at least so far [42].

Article 35(a) also introduces a cause of action in favour of the issuer of the rated product. However, it seems illogical to think this provision should cover contractually protected entities. More likely, the rationale behind this provision is to assist issuers in cases of unsolicited ratings issued by CRAs for which there is no contractual relationship between the issuer and the rating agency. These cases are typically the ratings assigned to sovereign bonds [43]. Accordingly, an issuer may claim damages if they prove that the disputed rating was not caused by misleading and inaccurate information provided by the issuer to the CRA directly or through publicly available information [44].

Finally, Article 35(a) renvoi to the relevant rules of private international law to determine the applicable national law for the interpretation of several key terms of the regulation as well as of all the matters concerning the civil liability of a CRA not covered by the regulation [45]. Among these critical terms is the causal relationship between conduct and result, which is left to the judgment of the competent national Court. Since the burden of proof is on the plaintiff, the competent national court will also assess whether the plaintiff has presented accurate and sufficiently detailed information indicating the CRA’s infringement of the present regulation [46]. The disappointment at this legislator’s choice is twofold. First, from a legal point of view, if the aim was to give flexibility to the Member States, it could have used a directive as a legal tool instead of a regulation [47]. Unlike the approved one, a regulation should typically contain substantive rules forming an autonomous EU law. Instead, CRA III allows as many autonomous interpretations of the civil liability regime as the EU Member States. For this reason, this new regulation has not added much to the European legal background already available [48]. The reference to the principles of private international law has contributed unnecessary complexity to the EU liability regime and may seriously constrain its effectiveness [49]. The convergence and harmonization of national laws on extra-contractual liability may also remain virtually impossible since the role of the European Court of Justice in bringing uniformity through preliminary ruling is vastly reduced here [50]. Second, from a political economy perspective, by exacerbating the territorial limits of the law, which is fragmented into as many pieces as the EU Member States, the EU legislator has weakened the political power of Europe and probably the deterrent function of the civil liability regime. From this perspective, the regulation looks like a facilitating law for CRAs’ global activity rather than a method of deterrence.

3.2. Art. 36(a) of the CRA II.

Together with a civil liability regime, the EU legislator also established an articulated system of responsibility of an administrative nature. ESMA is in charge of the day-to-day supervision of CRAs and has the power to request information, conduct necessary investigations and on-site inspections, and even take supervisory measures or impose fines for administrative infringements. In particular, article 36a of EC Regulation n. 513/2011 (CRA II) delegated the European Security and Markets Authority (ESMA) the power to impose monetary fines to a CRA violating, intentionally or negligently, one of the administrative infringements listed in Annex III. Thus, the same violations that can sustain a civil liability claim can also be used as the basis for administrative liability, given that Articles 35a and 36a refer to the misconducts described in Annex III. In truth, the administrative liability regime comes before civil liability. The legislator first introduced the list of the infringements included in Annex III to allow ESMA to impose administrative sanctions and, only later, adopted the list for CRAs’ civil liability regime. The fact that the EU legislators introduced the list for the administrative liability regime can be inferred by looking at the infringements listed and noting that not all of them trigger civil liability because not all of them impact the rating (i.e., disclosure obligations). However, all give rise to administrative liability [51].

Interestingly, while civil liability requires a CRA to act intentionally or with gross negligence to be held liable, slight negligence is enough for ESMA to apply a monetary fine. Minimum and maximum amounts are applicable for each type of infringement, and a list of coefficients is linked to aggravating or mitigating factors that can reduce or increase a sanction. The different intensity of a fine reflects the behaviour of a CRA committing, intentionally or negligently, one of the infringements listed in Annex III [52]. When the financial authority decides to impose a fine, which can also be periodic in specific cases [53], it determines its amount by looking at the applicable ranges included in Art. 36a(2) of CRA II for each type of infringement. ESMA’s board of supervisors must give the persons subject to the proceedings the opportunity to be heard, comment on ESMA’s findings, and access ESMA’s file within limits set forth by Art. 36c. ESMA’s decisions on fines and periodic penalty payments are subject to the Court of Justice of the European Union [54].

Besides the monetary penalty, non-financial supervisory measures include withdrawing a CRA’s registration and issuing a public notice [55]. In such cases, the ESMA must notify its decision to the CRA penalized, the competent national authority, the EU Commission, and the other European Supervisory Authorities (ESAs) and publish it on its website within ten working days from the date it was adopted. Under trial, the CRA can appeal the decision to the Board of Appeal of the ESAs [56]. The Board of Appeal of the ESAs is independent in its decision-making. Its members are precluded from participating in any appeal proceedings in which they have any personal interest. For instance, if they have previously been involved as representatives of one of the parties or have participated in the decision under appeal, they are not allowed to sit on the panel. The Board of Appeal is a quasi-judicial reviewing body [57].

ESMA’s enforcement began in 2014 with a public notice to S&Ps with no fines, and it has progressively enhanced its ex-post enforcement actions over the years [58]. ESMA’s responsibilities of direct day-to-day supervisory and enforcement powers concerning CRAs are strengthening its reputation as a credible and proactive supervisor, improving supervisory governance within the EU market [59]. In addition, public (administrative) enforcement has a significant advantage over private redress mechanisms. ESMA’s administrative measures represent a truly centralized form of enforcement that ensures consistent application throughout the European Union. After the enactment of the CRA II Regulation, public enforcement is, in fact, entirely in the hands of the European authority. Moreover, administrative sanctions do not have the downside of producing ‘floodgate’ effects [60].

However, as observed [61], ESMA’s enforcement work appears timid. It needs a good deterrent effect compared to other financial market authorities, such as the US Securities and Exchange Commission (SEC), for the scale of penalties imposed. For instance, in January 2015, the SEC announced charges against S&P for their involvement in fraudulent misconduct for their ratings regarding certain complex financial products. S&P agreed to pay more than $58 million as a fine, plus a further $19 million to settle parallel cases, among other ancillary penalties to settle the charges [62].

Furthermore, several constraints and barriers still need to be removed to empower ESMA fully with its public procurement powers:

1. The Meroni doctrine[63] establishes constitutional constraints on delegating powers to EU agencies that, although the CJEU endorsed ESMA’s certain powers of market intervention[64], uncertainties remain as to the extension of ESMA’s perimeter of the action [65].

2. ESMA has a relatively small budget, partly financed by the penalties it imposes and partially funded by the single national competent authorities, undermining its independence.

3. Most importantly, more political will is needed, which makes creating an EU-SEC very unlikely[66].

However, this seems the right path to follow.

4. The rise of administrative enforcement and the interplay with private law remedies.

Over the years, the EU law has witnessed a progressive change in the traditional image of enforcement in private law. On the one side, the EU legislator has promoted the public enforcement of European private law by prescribing the establishment of European administrative agencies; on the other, the Court of Justice of the European Union (CJEU) has become more and more influential in shaping the judicial private enforcement landscape in a way that the meaning itself of the principle of procedural autonomy no longer implies a net separation of EU and national spheres in enforcement issues. In other words, private enforcement is no longer the exclusive competence of the Member States [67].

4.1. The case of MiFID II.

For instance, in the field of investment services, the EU legislator envisaged a strong interconnection between private law and public enforcement by making the private law rules part of the EU-harmonized public supervision framework, leaving the Member States little room for manoeuvre in determining the modes of implementation and enforcement [68]. Unfortunately, in other areas, such as CRAs’ creditworthiness assessment, no firm link between private and public enforcement has yet been established at the EU level. To make ESMA’s ex-post enforcement powers more effective and its sanctions more deterrent, EU legislators could significantly increase the upper limit of the penalties and the budget allocated to ESMA. At the same time, it could expand ESMA’s powers to render the procedural framework in which it operates more flexible, making ESMA as close as possible to its US counterparty. The ESMA could provide an efficient form of transnational regulation and administration, developing transnational governance functions and networks of cooperation. In this logic, the MiFID II Directive [69] harmonizes supervisory and public enforcement powers for any breach of the conduct of business rules [70] and strengthens the private enforcement of conduct of business rules where it requires Member States to set up alternative dispute resolution mechanisms for consumer complaints. In particular, the Directive obliges the Member States to set up remedies for compensation by national law for any economic loss or damage suffered due to an infringement of the MiFID II Directive or Regulation (EU) No 600/2014 [71]. These powers should offer sufficiently effective enforcement of provisions to protect the individual investor [72]. However, as it was argued, if, on the one hand, MiFID I and II measures achieve the goal of protecting specific categories of market participants, such as the investors, on the other, they still need to provide a minimum European level of individual protection under private law [73].

At the same time, to facilitate investors’ redress in the great civil procedure hurdles, the EU courts could rely on the decision of ESMA to establish the infringement of the CRA Regulation in civil proceedings. In such a circumstance, investors bringing a claim against a CRA could establish causation based on factors other than the investor’s reliance on a credit rating. For instance, demonstrate that the inaccurate rating has distorted the price of securities or has been a necessary precondition for offering securities on the primary market [74]. The good side of this approach is that national civil courts could still play a role in developing a complementary relationship between EU financial regulation and national private law [75]. In particular, civil courts could and should consider the EU conduct of business rules to become accepted standards in the EU regulatory framework when establishing the standard of care in private law. For example, such an approach has been adopted in the Netherlands and the UK. Dutch and English courts generally consider regulatory conduct of business rules when determining the private law standard of care or loyalty in contract or tort [76]. In addition, under the complementarity model, EU financial regulation can also influence rules of civil procedure, which form the main obstacles to the damage claimants’ obtaining redress. Unfortunately, this approach is not prevalent within the EU, as demonstrated by the reluctance of the German Supreme Court to allow the aggrieved investors the possibility to claim damages for a breach of the conduct of business rules based on extra-contractual liability for a breach of statutory duty, but also to extend any indirect benefit of such rules on the standard of care in the contract [77].

In any case, facilitating investors’ redress was not among the priorities of the EU legislator at the time of the law’s drafting. The initial EU Commission’s proposal to reverse the burden of proof favouring the investors did not survive in the final draft of Art. 35(a) sec. 2 due to the lack of political will and pressure from the CRAs. In this regard, it was said that an excess of liability would also be counter-productive and destructive to the industry. Civil liability regimes should not and were not primarily introduced to compensate investors for their investment loss but rather to improve the regulatory governance of the financial markets [78].

4.2. The case of the Regulation on European Standardization.

Another tool that has been adopted at the EU level as a mechanism of co-regulation that brings together private and public parties at different decision-making stages to balance different interests is standardization [79]. A decade ago, EU legislators introduced the Standardisation Regulation as a new regulatory strategy to foster trade within the EU market, consisting of the interaction between legislative instruments and European standards [80]. The idea behind this approach is to complement top-down legislation with bottom-up regulation. The harmonized standards are not binding on individuals. However, since normative and economic incentives push businesses toward compliance, they can be considered soft law. The Standardization Regulation establishes European standards and standardization deliverables for products and services. Standards have become so significant that market access in certain industries is contingent on compliance with the related standards. It would be so expensive and time-consuming for a professional to provide any other evidence of compliance with EU law [81]. In the European approach to standardization, the idea is to make a specific activity procedural profiting from the dialectical relation established between private autonomy and public rules [82].

An example is the Italian Law No 24/2017, regulating the liability of healthcare professionals and allowing doctors to avoid liability by invoking their compliance with guidelines and best practices or otherwise explaining the circumstances of the case that justified a deviation from that behaviour (the so-called ‘comply or explain’ approach). Other examples come from the introduction of the AI (Artificial Intelligence) liability framework and the standardization of the ICT and Telecommunications sectors. In extra-contractual liability litigation for AI-related damages, the role of standards can mitigate the uncertainty that characterizes the judicial assessment of the elements of fault-based liability, namely damage, negligence and causation [83].

Theoretically, the standardization approach could also harmonize CRAs’ liability regimes in Europe. Extra-contractual liability or tort requires the assessment of fault on behalf of the alleged tortfeasor in addition to causation and damage. Determining whether the rating agency acted maliciously, recklessly or slightly negligently is essential but extremely challenging. Not all misconducts relate to the causation of damages: it is possible to act intentionally without intending to cause damages. Generally, fault is seen as an objective deviation from the required standard of conduct of a ‘reasonable person’. Standards of conduct in the rating activity could provide courts with a yardstick against which the CRAs’ behaviour must be assessed [84].

Moreover, compliance with these standards could also be ensured via contractual obligations. For instance, the EU regulator could prepare standardized clauses to be included in CRAs’ contracts with their clients, which concern the (third parties) protection of specific categories of investors. Violating one of these contractual clauses would easily and automatically trigger contractual remedies. Nevertheless, standards also have certain downsides. First, they are an efficient form of self-regulation in a fully competitive market, requiring higher rather than looser standards. However, the rating industry suffers from limited competition where CRAs operate in an oligopolistic market dominated by few agencies (i.e. S&Ps, Moody’s and Fitch), and there is no certainty that this scenario will change soon. Second, excess standardization could hamper innovation by aligning all the service providers to the same technique or practice. CRAs rate complex structured finance instruments for which they do not only provide credit assessment of the underlying collateral assets but also information on and are involved in designing the structural specifics of these securities, contributing to developing new accepted standards for the markets. CRAs in the performance of this task cannot be limited, nor can the procedures for doing it be standardized since they can continuously change. That is also why standards should not, in any case, replace national courts. It should be left to judges to establish whether the specific circumstances of a case justify the deviation from a standard.

5. The problem of harmonizing private enforcement of tort law in Europe.

There are several good reasons for the cautious approach of many EU legal systems to limit compensation of tort damages for pure economic loss strongly.

1. These claims are potentially indeterminate, characterized by unreliable evidence and collusive actions. Therefore, there would be no reasonable limit to a defendant’s liability. The risk is that the courts would become overwhelmed with claims, as in floodgate litigation, a phenomenon widespread in the USA[85].

2. In a free market economy such as the one of the European Union, the most important interest to protect is the individual freedom to determine one’s investment choices and not to prevent profits from being made at the expense of others if the gaining person has not intentionally caused wrongs to anybody[86].

3. Any suggestion to deal with these cases of tort damages for pure economic loss with loss insurance generally favours a rule of no liability (i.e. an exclusionary rule)[87].

The problem of harmonizing private enforcement of tort law also involves the United Kingdom, which was among the Member States at the entry into force of the Regulation, although later, following the Brexit process, the UK withdrew from the EU Community and, therefore, from its Regulations. However, while from the perspective of public law, the Financial Conduct Authority (FCA) has replaced the ESMA in its task of supervision of the UK financial markets [88], from a private enforcement perspective, it is still meaningful to include the UK in the process of harmonization of private law in Europe to avoid a potential regulatory arbitrage effect [89].

In England, the situations in which the law recognizes a duty of care about pure economic loss are strictly limited and mainly included in the area concerning negligent misstatements and negligence in the performance of a service [90]. The case that introduced liability for negligent misstatements was Hedley Byrne v Heller in 1964 [91]. The House of Lords ruled that, even without fraud or a contractual relationship, damage for pure economic loss could arise in certain situations under specific conditions. These are the existence of a fiduciary relationship (“special relationship”) between the parties, the party preparing the advice/information has voluntarily assumed the risk, there has been reliance on the advice/info by the other party, and such reliance was reasonable. Therefore, to incur tort liability, a CRA must be in a fiduciary relationship, that means in a relationship of proximity with the endangered person (the investor seeking information from a CRA), where the investor trusts the CRA to exercise due care, and the CRA knew or ought to have known that reliance was being placed upon his skill and judgment. In such a scenario, there would be an assumption of responsibility as a basis for liability [92].

In the following Caparo case [93], the House of Lords refined the criteria for establishing a duty of care in negligence. In particular, the House of Lords elaborated on the concept of proximity, foreseeability, and whether it is fair, just, and reasonable to impose a duty of care, thereby clarifying the application of these principles in determining negligence claims. Regarding proximity, the House of Lords established that the claimant is not required to be identified explicitly by the defendant as long as the claimant is a member of an identifiable or recognizable class (i.e. limited class). Foreseeability is also required because, in its absence, the harm in question would be unavoidable – and a duty of care impossible. Finally, the third stage for the court involves balancing policy factors and private justice to decide whether imposing a duty of care responds to the principles of «fairness, justice and reasonableness». Proximity and reasonable foreseeability are a similar concept and an informant of the other. For some commentators, only these elements and, in particular, proximity should be the dominant factors in duty decisions [94]. The reason is that policy (“the reasonableness test”) should not be part of the structure of tort law. Arguably, there are several reasons why policy should not be included among the factors. First, courts are not well placed to judge policy because they may lack the technical competence (for inexperience) and information. Judges are experts in the application of the legal doctrine. Then, policy reasoning is characterised by short-termism, cultural fashion and applied social science. Thus, introducing policy could destabilise judicial reasoning and result in incoherence and concerns about legal certainty (unpredictability). Also, judges do not have political legitimacy to make such decisions, which belong to the Parliament and the government in primis and the Law Commission [95].

By contrast, other commentators developed different considerations [96]. Although tort is about corrective justice, and enforcing rights is purely a matter of interpersonal justice, deciding what those rights should be in the first place has critical distributional consequences. In this logic, courts are constitutionally required to consider the broader public interest. A strong argument in favour of policy reasoning is its openness and transparency. Even if a judge refuses to consider public policy concerns, the policy may still clandestinely influence the law. Arguably, legal development would then be even more unpredictable. Common law has the remarkable capacity to adapt to changing social conditions. Legal development indeed requires careful attention to values that have been legally recognized. However, these values evolve and may be in tension with one another. Relying solely on pure corrective justice would increase the statutory interventions in tort law (carried out by the Parliament to give effect to the public interest), reducing the power of common law – something that is improbable to happen in the UK [97]. Not surprisingly, in the recent Robinson case [98], the House of Lords pointed out that the three-stages test adopted in the Caparo case is not an actual test and, in particular, does not apply to all claims in the modern law of negligence. The Robinson case has renewed emphasis on precedent, apparently to curb the scope for policy reasoning. However, the UK Supreme Court’s approach is straightforward: follow precedent instead of weighing up policy reasons wherever possible [99].

The tort law rule in German law is covered by Section 823 of the German Civil Code (BGB), which consists of two parts [100]. In particular, s. 823(2) BGB allows recovery of pure economic loss, but only where the injurer breaches a statute intended to protect another person. The ratio behind this norm is to protect a specific personal interest (Schutzgesetzverstoß) damaged by violating a statutory norm [101]. Theoretically, since art. 35(a) of CRA III was implemented to protect individual investors and issuers; a claim based on the infringement of that article could be brought under s. 823(2) BGB. However, this would imply that German courts would make such an assumption, which is quite unlikely. In the area of law of torts, German law and British common law show an ideological affinity that is to refuse to compensate pure economic loss through the medium of tort rules [102]. Liability under s. 823(1) and (2) BGB is fault-based and requires the presence of causality and damage to have a right to an award of damages as any action in German tort law. The advantages of s. 823(2) compared to s. 823(1) BGB are that the former is not limited to a violation of one of the interests of s. 823(1) BGB [103], and that compensates pure economic loss if such loss is within the scope of the protective norm. In addition, if no particular level of culpability is mentioned for the violated statute, only negligence (Fahrlässigkeit) is required [104].

Another ground of extra-contractual liability can be found in s. 826 BGB, which covers damage (including pure economic interests) caused by a person acting contrary to public policy (sittenwidrig). This section is subjectively the narrowest of the three general provisions (s. 823(1) and s.823(2) BGB) since it requires the existence of the tortfeasor’s intention to be satisfied. Mere negligence is not an acceptable mens rea. The Supreme Court of Germany has extended the scope of this rule, which was traditionally limited to intentionally caused damage, to include gross negligence [105]. However, to prove that the injurer acted with at least gross negligence leaves the claimants of a civil law legal system with the major burden of proving causation [106].

German jurists have sought to get around the limits of s. 823(1) BGB considered overly restrictive by interpreting s. 826 BGB on behaviour contrary to good morals very broadly. An example is the German doctrine concerning contracts with protective effect to the benefit of third parties developed by the German courts under certain provisions of the BGB. For instance, s. 311(3) BGB states someone’s liability (pre-contractual liability or culpa in contrahendo as per s. 241(2) BGB) if, in acting as a highly qualified professional, a person inspires confidence, which results in determinant to the conclusion of a contract or to influence contract negotiations [107]. With no contract between the CRA and the investor, this latter could bring a claim against a CRA for quasi-contractual liability, assuming that CRAs are experts in the capital markets and that the investor strongly relied on ratings. For liability to arise, two conditions must be met: a ‘special relationship’ like a fiduciary relationship or a relationship equivalent to a contract between the parties, and a ‘disappointment of contract’ must have occurred, which means the defendant deceived the trusting party [108]. The proximity of the claimant to the party held liable (special relationship), which is the base for investors’ typical reliance on the misstatements, is even required for the more common scenario of prospectus liability. However, to their advantage, CRA’s business model depends on network effects that make personal contacts unnecessary. Therefore, it is uncertain whether the relationship is sufficiently close to trigger liability under this doctrine [109].

Not long ago, the Higher Regional Court of Dusseldorf (Oberlandesgericht Düsseldorf) rejected an investor’s lawsuit brought both under art. 35(a) of the CRA III and the national (German) private law against a CRA [110]. The Court argued that the ratings published only covered the company and not the company’s bonds as the internal structure of art. 35(a) of the CRA III requires [111]. The Court’s judgement shed light on the German doctrine concerning contracts with protective effect to the benefit of third parties, making clear that corporate ratings fall outside the protective scope of the doctrine. These ratings are disseminated to the investment market, and a CRA cannot foresee who will rely on its corporate rating once published. The situation would have been different if the rating of a financial instrument had been published for a specific group of investors (private placement), even a large one, as long as it was considered a recognisable category of investors [112].

If Germany and England remained relatively close to each other in their strict approach, this is not the case in France, where art. 1240 [113] complemented by art. 1241 [114] of the French Civil Code (FCC) gives an injured person much scope to recover personal injuries and property damage – even pure economic loss [115]. Like other civil law countries, French law relies on the elements of fault, damage and causation between the two. The French law does not clearly distinguish between harm and damage. The damage must harm a legitimate and legally protected interest, and its presence is required. The damage must be a direct and certain consequence of the negligent act. However, the French courts’ approach to tort claims for pure economic loss is the most liberal within European countries because French law accepts slight negligence as an element of fault [116]. Not surprisingly, France emerged as the only country that adopted, in 2010, a specific law on CRAs’ civil liability. Until recently, article L. 544-5 of the Monetary and Financial Code (Code monétaire et financier) [117], which was adopted in conjunction with the implementation of the CRA I, established a tort-based liability regime for CRA with a standard of care much stricter than the one that was later indicated at the European Union level. Art. L. 544-5 did not require a particular level of negligence. However, this regime was abrogated in 2018 to comply with the new harmonized standards for CRA’s liability established by the CRA III art. 35(a).

In this gap developed between France and Germany, there are Holland and Italy. Art. 6:162 of the Dutch Civil Code (DCC) has tried to bridge this gap in the Netherlands [118]. In the following paragraphs, 2 and 3, Art. 6:162 DCC provides three categories of torts that need to be repaired. The first is unlawful acts against property (breach of right). The second category is acts or omissions that violate a statutory duty, and the third relates to acts or omissions that violate a “rule of unwritten law pertaining to proper social conduct” (verkeersopvattingen). This last category enables the import of all kinds of duties of care, not only those of subjective fault but also those of objective fault (toerekenbaarheid), namely of attribution of responsibility. It is this category of tort that is often used to hold intermediaries liable [119]. Finally, each tort claim needs to examine the scope of protection of the violated duty. Therefore, the Court has to evaluate whether a particular case of breach of a statutory duty due to a failure to act by the ethical praxis and the unwritten standard of conduct purports to protect against the type of damage suffered and how it was suffered. Otherwise, no tort liability arises for that specific claimant [120].

Art. 2043 of the Italian Civil Code (c.c.) regulates tort liability, including pure economic loss, in Italy [121]. Like in France, for a claim to be granted, claimants must prove the existence of an unjust damage. Because Art. 2043 c.c. requires the damage caused to be unjust, while this requirement is not needed for contractual liability, some commentators considered compensation of damages for pure economic loss only possible in case of breach of contract and not in tort [122]. However, the Italian Supreme Court (Corte di Cassazione) has developed a right to the integrity of one’s economic assets since 1982 [123]. During the years, the judiciary review of the Italian courts expanded the concept of ‘unjust’ to include compensation for the infringements of credit rights, rights in personam and, from 1999, legitimate interests [124].

Although extra-contractual liability claims in Italy include malicious intent and negligence as fault elements, in the case of CRAs, the level of negligence required is that of gross negligence [125]. Therefore, slight negligence is not sufficient. Further, a damage claim requires that the CRA’s infringement had an impact on the rating issued and that that infringement caused the damage. These two main elements are the standards of conduct and the causation link. Italian scholars unanimously agree that proving a rating was false or erroneous is insufficient to assign CRA a liability. It is necessary to look at the standard of care adopted by the CRA for such a professional task. Therefore, the courts must verify that the CRA’s conduct in performing its obligations matched that of the industry practice and that the CRA complied with the methodologies and procedures generally accepted by the industry [126]. Since we are concerned with extra-contractual liability, the burden of proof bears on the investors [127]. As in other civil law countries, the causation link requirement to be verified must fulfil twofold conditions: factual and legal causation. The factual causation is the condicio sine qua non and concerns what would have happened if the act had not occurred. If the damage had materialized anyway, then there would have been no factual causation. Instead, the legal causation restricts compensation to the kind of harm and damage that pertains to the violated norm. If the damages cannot be limited, they are not sufficiently close or related to the wrongful act to deserve compensation. As described above, the precise criterion varies among the countries: the proximity in England, direct and immediate consequence in France and Italy, and adequacy in Germany [128].

A harmonization of these requirements would be desirable for facilitating the function of compensation within a CRA accountability model. A common interpretation and application of these requirements is also helpful for facilitating the problems related to the conflict of laws. According to Art. 35(a) terms such as “damage”, “intention”, “gross negligence”, “reasonably relied”, “due care”, “impact”, “reasonable”, and “proportionate”, which are referred to in this article but are not defined, shall be interpreted and applied in accordance with the applicable national law as determined by the relevant rules of private international law. It goes without saying that pure economic loss suffered on the financial market for a CRA’s wrongdoing, where financial damages can hardly be assigned to a geographical place, faces serious localization problems.

6. Conclusive considerations.

Public policymakers rely on CRAs to perform a function of private governance over the financial markets. CRAs assess the solvability of entities and their issues by evaluating their risk, and they contribute to prudential regulation by periodically monitoring their performance and indirectly promoting specific organization procedures. Assuming no alternative is available, this article has commented on the EU legal liability regimes implemented for CRAs, emphasizing their main criticalities. A sound accountability model should provide deterrence and compensation without incurring under or over-deterrence. The two functions of sanctioning any infringement committed and compensating those who suffer damages due to the infringement attain the goals of serving as a deterrent and ensuring justice between the private individuals. Three models envisaged for the interplay of public (administrative) and private (civil) enforcement reflect models already adopted in the EU. The first is the separation model, in which the ESMA develops its role of supervisor by sanctioning CRAs in case of the infringement of a procedure, while in parallel, the national private courts are in charge of the provision of redress to private parties who suffered damages for pure economic loss due to the infringement. From the study conducted, it could be argued that such an accountability model would most likely bring an under-deterrence – because it would be tough to hold a CRA liable for extra-contractual liability – which could, in turn, become over-deterrence in the remote case of harmonization of EU private law or facilitation in the procedural law applicable to the cases of CRA civil liability. In fact, this would create a risk of floodgate litigation. At the same time, the original intent of the regulator was not much to compensate but mainly to improve the regulatory governance of the financial markets as a whole.

The second is the complementarity model, in which the ESMA could have a role to play in facilitating private redress for victims of breaches of EU private law. The EU legislator has promoted such a model in other areas of EU private law, such as unfair trading, unfair contract terms, consumer sales of goods, and antitrust. The article discusses two examples: the MiFID II framework for investment services and the Standardization Regulation for specific sectors like AI liability or ICT and Telecommunication. The ESMA could be empowered with specific discretionary powers to be able, once exercised its administrative sanctioning power, to initiate redress settlements or to bring a collective action for damages before the national private courts [129]. Alternatively, national private courts could interpretively arrive at a reversal of the burden of proof for investors bringing an action for damages against a CRA that ESMA has just sanctioned. The proximity requirement and the causation link could be used to substantially limit CRAs’ civil liability in order to avoid floodgate litigations. The smaller the recognizable class, the more likely courts will impose liability for pure economic loss on CRAs. Although many civil law countries are not familiar with the proximity requirement and there is not a harmonized concept of what constitutes a pure economic loss, it would be sufficient to develop at the European level a common interpretation and application of the concept that the claimant belongs to an identifiable or recognizable class both about the position of the defendant and the extension of liability [130]. However, as shown above, ESMA still lacks teeth and an adequate budget to be fully effective. At the same time, the harmonization of the elements of the fault-based liability, namely proximity between the parties and directness of the causal link in private redress, cannot be achieved by statutory law but has to be achieved by the judiciary through the development of the case-law and the time seems to be not yet ripe.

The third model is the integration model, in which the ESMA could be empowered with additional discretionary power to be able to secure redress, obliging a CRA to pay a certain amount for compensation in addition to a penalty payment. In such a model, the compensation function would be integrated within the administrative enforcement mechanism managed by the ESMA [131]. Entrusting ESMA with public and private enforcement would vastly simplify the public-private co-regulation mechanism. Administrative enforcement has a significant advantage over private redress mechanisms because it is a centralized form of enforcement that ensures consistency among EU members. However, again, empowering the ESMA with such a power would raise issues of legitimacy that are still outstanding and imply political will and, therefore, an EU political unity that still needs to be there.

While the CRA regulation has created a separation model at the moment, and it is too early to envisage a public-private co-regulation mechanism of the third type (integration model), the EU legislator should work towards achieving a complementarity model, which could facilitate a process of harmonization of procedural law within the EU market and solve the problems related to the conflict of laws.

NOTE

[1] For instance, empirical research showed that a different perception of the same credit risk existed from one rating agency to another, resulting in a difference between the ratings issued by the American agencies Moody’s and S&P and the more “Europe-oriented” Fitch. According to the study, the latter rated Eurozone crisis countries on average between 0.25 and 0.59, rating notches more favourably than the former. See the Halle Institute for Economic Research (IWH), Worse ratings by US rating agencies for European sovereigns no argument for European rating agency, press release (4 January 2017), available at http://www.iwh-halle.de.

[2] In the summer of 2011, S&P declared that it would classify any planned or voluntary restructuring of the Greek debt as default. The European leaders were re-negotiating a second rescue package for Greece, which was more expensive. See Council on Foreign Relations, The credit rating controversy, 19 February 2015, available at http://www.cfr.org. In July 2011, Mr Wolfgang Schäuble and Mr Jose Manuel Barroso claimed an anti-Europe bias following the downgrading of Moody’s, S&P, and Fitch at the expense of several countries in Europe. See Charlemagne, The EU and credit rating agencies: poor standards, in The Economist, 20 December 2013; S. O’Grady, Europe threatens ‘mad’ rating agencies’, in The Independent, 6 July 2011.

[3] P. Gavras, Ratings Game, in Finance and Development, 2012, 49, 34-37; M. Bussani, Credit Rating Agencies’ Accountability: Short Notes on a Global Issue, in Global Jurist, 2010, 10(1), 1 ff.

[4] C.A.E. Goodhart, The Regulatory Response to the Financial Crisis, London, Edward Elgar Publishing, 2009, 121; S.L. Schwarcz, Private ordering of public markets: the rating agency paradox, in U. Ill. L. Rev., 2002, 1, 26; F. Partnoy, Rethinking regulation of credit-rating agencies: an institutional investor perspective, in Journal of International Banking Law and Regulation, 2010, 25, 190 ff.

[5] The Supreme Court has defined commercial speech as «solely related to the interest of the speaker and its audience»; see Virginia. State Board of Pharmacy v Va. Citizens Consumer Council, Inc., 425 U.S. 748, 762 (1976). The First Amendment still protects this type of speech but does not reach the same level of constitutional protection. See also Central Hudson Gas and Electricity Corporation v Public Service Commission, 447 US 557, 561 (1980).

[6] N. Gaillard, M. Waibel, The Icarus syndrome: how credit rating agencies lost their quasi-immunity, in SMU L. Rev., 2018, 71(4), 1102-1106.

[7] See, Regulation (EC) No 1060/2009 of the European Parliament and of the Council of 16 September 2009 on credit rating agencies, OJ L 302, 17.11.2009, p. 1 (CRA I).

[8] Regulation (EU) No 513/2011 of the European Parliament and of the Council of 11 May 2011 amending Regulation (EC) No 1060/2009 on credit rating agencies, OJ L 145, 31.5.2011, p. 30 (CRA II).

[9] Directive (EU) 2011/61 of the European Parliament and of the Council of 8 June 2011, OJ L 174, 1.7.2011, p. 1.

[10] Regulation (EU) No 462/2013 of the European Parliament and of the Council of 21 May 2013 amending Regulation (EC) No 1060/2009 on credit rating agencies, OJ L 146, 31.5.2013, p. 1 (CRA III).

[11] Federal’nyi zakon RF o deyatel’nosti kreditnych agentstv v Rossiiskoi Federatsii [Federal Law of the Russian Federation on ‘The activities of the rating agencies in the Russian Federation’]. Rossiiskaia Gazeta [Ros. Gaz.] July 17, 2015.

[12] The Securities Law (证券法) of the People’s Republic of China Implemented on March 1, 2020, and the Interim Measures for the Administration of the Credit Rating Industry (信用评级业管理暂行办法, n. 5 of 2019) for CRAs supervision. In addition, a major recent development affecting the Chinese legal framework for CRAs is the broader regulatory framework called the Social Credit System (SCS, 社会信用体 系), intended to report on the ‘trustworthiness’ of individuals, corporations, and governmental entities across China. See Qin Q, Legal Engineering in the Supervisory System Reform, Springer, Yilin Press, Ltd., 2023, Part IV, 179 ff.

[13] O.O. Cherednychenko, Regulatory Agencies and Private Damages in the EU: Bridging the Gap between Theory and Practice, in Yearbook of European Law, 2021, 40(1), 147 ff.

[14] A. Miglionico, Making Credit Rating Agencies Accountable: Is Estoppel a Possible Solution?, in BLR, 2013, 5, 166-173.

[15] See S.L. Schwarcz, Private ordering of public markets: the rating agency paradox, in U. Ill. L. Rev., 2002, 1, 26, where the author queries whether market forces sufficiently restrain rating agencies or whether public sector regulation is warranted. See also J.R. Macey, Public and private ordering and the production of legitimate and illegitimate legal rules, in Cornell L. Rev. (1996-97), 82, 1123-1149, particularly at 1140-1147.

[16] See, for instance, the Japanese parliament’s financial committee attempted to demand CRAs justify their rating in 2002, in D. Ibison, Japan hits out as rating downgrade looms, in Financial Times, 25 May 2002, 3.

[17] See F. Amtenbrink, J. De Haan, Taming the Beast? New European Regulation on Credit Rating Agencies, in JCGEP, 2012, 10, 4, 450.

[18] L. Enriques, M. Gargantini, Regolazione dei mercati finanziari, rating e regolazione del rating, in Banca impr. soc., 2010, 2, 475.

[19] L. Sasso, A critical analysis of the recent Russian Regulation on Credit Rating Agencies, in Russian Law Journal, 2016, 4(2), 65 ff.

[20] CGFS (2008), Ratings in Structured Finance: What Went Wrong and What Can Be Done to Address Shortcomings?, in CGFS Papers No 32, available at https://www.bis.org (accessed 18 December 2024).

[21] Although these standards have sometimes been labelled as socially unequal since they benefit (and result from) the politics and regulatory needs of the world’s largest financial centres. See D. Kerwer, Holding global regulators accountable: the case of credit rating agencies, in Governance, 2005, 18, 453-475.

[22] P. Hunt, Credit rating agencies and the worldwide credit crisis: the limits of reputation, the insufficiency of reform, and a proposal for improvement, in Colum. Bus. L. Rev., 2009, 109, at 112-114, 127-128.

[23] See the FSB, Principles for Reducing Reliance on CRA Ratings (FSB principles), 27 October 2010, available at www.financialstabilityboard.org (accessed 18 December 2024); see also the European Securities and Market Authorities (ESMA), Technical Advice on reducing sole and mechanistic reliance on external credit ratings, 30 September 2015, available at https://www.esma.europa.eu (accessed 18 December 2024).

[24] See the Dodd-Frank Act, s. 939-939A. In particular, s. 939(a-f) has expressly removed statutory references to ratings. Under s. 939A, every Federal Agency has one year to remove regulatory reliance on ratings, which will have to be removed from every type of governmental rule.

[25] See Regulation (EC) No. 462/2013 (CRA III) of the European Parliament and of the Council of 21 May 2013, which amended the Occupational Pension Funds Directive (2003/41/EC) (IORP Directive), the UCITS IV Directive (2009/65/EC) and the Alternative Investment Fund Managers Directive (2011/61/EU) (AIFMD) to require firms not to rely solely or mechanistically on external credit ratings for assessing the creditworthiness of assets.

[26] See F. Partnoy, What’s still wrong with credit ratings?, in Wash. L. Rev., 2017, 92, 1407-1472, at 1419-25; F. De Pascalis, Reducing overreliance on credit ratings: failing strategies and the need to start from scratch, Amicus Curiae, Autumn 2012, 91, 17-21.

[27] For an excellent example of it, look at the difficulties encountered by the Basel Committee in Banking Supervision (BCBS) to unsuccessfully remove the “standardised approach” – introduced under Basel II capital adequacy rules for banks – that has been and will continue to be one of the most commonly used sets of measures to quantify the required capital for credit risk in banking capital regulation and that requires the ratings of CRAs. BCBS, Consultative Document: Revisions to the Standardised Approach for Credit Risk, March 2015, available at http://www.bis.org (accessed 18 December 2024) and then BCBS, Second Consultative Document: Revisions to the Standardised Approach for Credit Risk, December 2015, available at https://www.bis.org (accessed 18 December 2024) that reintroduced the use of external ratings where available and permitted by national supervisors, for exposures to banks and corporates. Eventually, the BCBS removed the internal model option also from the framework of credit valuation adjustment, see BCBS, Basel III: Finalising Post-Crisis Reforms, December 2017, available at http://www.bis.org (accessed 18 December 2024).

[28] See the Report of the EU Commission to the EU Parliament of the 19 October 2016 on alternative tools to external credit ratings, the state of the credit rating market, competition and governance in the credit rating industry, the state of the structured finance instruments rating market and on the feasibility of a European Credit Rating Agency – Main contents, COM (2016) 664 final.

[29] See ESMA, Technical Advice on Reducing Sole and Mechanistic Reliance on External Credit Ratings, 30 September 2015, available at https://www.esma.europa.eu (accessed 18 December 2024), and previously European Banking Authority, The use of credit ratings by financial intermediaries Article 5(a) of the CRA Regulation, Discussion paper, 23 December 2014. See anticipation of these results in L. Sasso, Bank capital structure and financial innovation: antagonists or two sides of the same coin?, in J. of Financial Regulation, 2016, 2, 225-26, and 80.

[30] O.O. Cherednychenko, Public Supervision over Private Relationships: Towards European Supervision Private Law?, in ERPL, 2014, 22, 37; H.-W. Micklitz, The Public and the Private – European Regulatory Private Law and Financial Services, in ERCL, 2014, 10, 473.

[31] O.O. Cherednychenko, Regulatory Agencies and Private Damages in the EU, (nt. 13), 146-171.

[32] A. Miglionico, The Governance of Credit Rating Agencies: Regulatory Regimes and Liability Issues, London, EE Publishing, 2019, Ch. 9 “European Union”; M. Lutter, W. Bayer and J. Schmidt, Europäisches Unternehmens- und Kapitalmarktrecht, Berlin, De Gruyter, 2018, Ch. 41 “Credit Rating Agencies Regulation (CRAR)”, 1566-1584; A. Darbellay, Regulating Credit Rating Agencies, Cheltenham, Edward Elgar Publishing, 2013, Ch. 12 “Regulatory response to the systemic issue”; F. Parmeggiani, Gli effetti distorsivi del crediti rating sul rischio di insolvenza, Milano, Giuffrè, 2023, Ch. 6; C. Picciau, Diffusione di giudizi inesatti nel mercato finanziario e responsabilità delle agenzie di rating, Milano, Egea, 2018, Ch. 4; C. Rinaldo, Rating incongrui e tutele di mercato, Milano, Giuffrè, 2017, Ch. 4; E. Maciariello, La responsabilità da rating: analisi dell’articolo 35-bis del Regolamento CE n. 1060/2009, in Banca impr. soc., 2018, 157.

[33] Regulation (EU) No 462/2013 of the European Parliament and of the Council of 21 May 2013 amending Regulation (EC) No 1060/2009 on credit rating agencies, OJ L 146, 31.5.2013, 1 (CRA III).

[34] EU Regulation No. 1060/2009 as amended, Annex III, Section I, point 42.

[35] I.H.Y. Chiu, Regulating credit rating agencies in the EU: in search of a coherent regulatory regime, in European BLR, 2014, 25, 269-294, at 279.

[36] A. Miglionico, The Governance of Credit Rating Agencies, (nt. 32), § 9.04-§ 9.15; M. Lamandini, Le agenzie di rating: alcune riflessioni in tema di proprietà e conflitto di interessi, in Le agenzie di rating, ed. by A. Principe, Milano, Giuffré, 2014, 179.

[37] See art. 35(a), sec. 2 of the EU Regulation as amended in 2013.

[38] «Where a credit rating agency has committed, intentionally or with gross negligence, any of the infringements listed in Annex III having an impact on a credit rating, an investor or issuer may claim damages from that credit rating agency for damage caused to them due to that infringement».

[39] See art. 35(a) sec. 5 of the CRA III.

[40] See Recitals 26 of the Proposal of CRA III.

[41] H. Edwards, CRA 3 and the liability of rating agencies: inconsistent messages from the regulation on credit rating agencies in Europe, in Law and Financial Market R., 2013, 7, 186-191, at 189.

[42] As art. 5(c) states, «the Commission will continue to review whether references to credit ratings in Union law trigger or have the potential to trigger sole or mechanistic reliance on credit ratings». The Commission proposed eliminating all references to credit ratings from EC legislation by 1 January 2020.

[43] H. Edwards, (nt. 41), 190.

[44] Art. 35(a), sec. 1.

[45] Art. 35(a), sec. 4.

[46] Art. 35(a)(2) of CRA III.

[47] The Product Liability Directive, for instance, gives an autonomous meaning to the many terms of tort law adopted in the text. See, art. 1 of the Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products.

[48] See A. Darbellay, Regulating Credit Rating Agencies, (nt. 32), 82; B. Haar, Civil liability of credit rating agencies – regulatory all-or-nothing approaches between immunity and over-deterrence, in EBLR, 2014, 25, 317-318. In England, art. 35(a) looks like a less protective duplication of the tort of deceit. Deceit consists in making a false statement, knowing it to be false, or «recklessly, careless whether it be true or false», and the claimant then acts to his or her detriment in reliance on it, see N. Hoggard, What a Tangled Web We Weave: Conflicts in Rating Agency Liability, in Cambridge J. of International and Comparative Law, 2016, 5(2), 363-377, particularly at 366; contra T.M.J. Möllers, C. Niedorf, Regulation and Liability of Credit Rating Agencies – A More Efficient European Law? in ECFR, 2014, 11(3), 333, 355-56.

[49] See F. Della Negra, The regulatory design and goals of civil liability in EU securities regulation after the global financial crisis: trends and perspectives, in Financial Regulation and Civil Liability in European Law, edited by O.O. Cherednychenko and M. Andenas, London, EE Publishing, 2020, 160; C. Picciau, The civil liability of credit rating agencies to investors in the EU, in ibidem, 181; G. Deipenbrock, The European civil liability regime for credit rating agencies from the perspective of private international law – opening Pandora’s box?, in ICCLJ, 2015, 11, 6-16; G. Risso, Investor Protection in Credit Rating Agencies’ Non Contractual Liability: The Need for a Fully Harmonised Regime, in EL Rev, 2015, 40(5), 706-721.

[50] See M. Lehmann, Civil liability of rating agencies – an insipid sprout from Brussels, in Capital Markets Law J., 2016, 11, 60-83, at 77.

[51] F. De Pascalis, Public enforcement and the civil liability regime in the European regulation of credit rating agencies: a quest for interplay, in Financial Regulation and Civil Liability in European Law, edited by O.O. Cherednychenko and M. Andenas, London, EE Publishing, 2020, 202; A. Marcacci, Public and private enforcement in the investor protection field in the US and the EU: what kind of interplay for Europe?, in ibidem, 242; C. Picciau, The Evolution of the Liability of Credit Rating Agencies in the United States and in the European Union: Regulation after the Crisis, in ECFR, 2018, 2, 339-402.

[52] For instance, for intentional infringements, a coefficient of two applies. See Point 5, s I of Annex IV to EC Reg. n. 1060/2009 as amended by EU Reg. n. 513/2011.

[53] See Art. 36b of EC Reg. n. 1060/2009 (CRA I) as amended by EU Reg. n. 513/2011 (CRA II).

[54] See Art. 36e of EC Reg. n. 1060/2009 as amended by EU Reg. n. 513/2011.

[55] CRA II art. 23e(5); art. 24(1).

[56] CRA II art. 24(5); Regulation 1095/2010, art. 60.

[57] See M. Lamandini, The ESA’s Board of Appeal as a Blueprint for the Quasi-Judicial Review of European Financial Supervision, in European Company Law, 2014, 6, 290-294.

[58] In 2016, it inflicted a sanction of € 1,38 million on Fitch for unlawful disclosure of information and other violations. In 2017, € 1,24 million was on Moody’s Germany and Moody’s UK for breaching the obligations on the public announcement of specific ratings and the public disclosure of rating methodologies. In 2018, ESMA fined the Danske Bank € 495.000 for issuing a credit rating without authorization. In 2019, ESMA inflicted a €5,13 million fine on Fitch UK, France, and Spain for violating the procedures and requirements on conflicts of interest. In 2021, a fine of € 2,7 million was assigned to Moody’s UK for the same reasons. Finally, in 2023, ESMA sanctioned S&P Global Ratings Europe for € 1,11 million for publishing its credit ratings on securities not yet issued. See all ESMA’s enforcement actions at https://www.esma.europa.eu.

[59] E. Howell, The Evolution of ESMA and Direct Supervision: Are There Implications for EU Supervisory Governance?, in CML Rev, 2017, 54, 1027, and 1031-45.

[60] N. Moloney, International Financial Governance, the EU, and the Brexit: The Agencification’ of EU Financial Governance and the Implications, in EBOR, 2016, 17, 451, 461.

[61] E. Howell, The Evolution of ESMA and Direct Supervision, (nt. 59), 1050-55.

[62] SEC, SEC announces Charges against Standard & Poor’s for Fraudulent Rating Misconduct, January 2015, http://www.sec.gov (accessed October 2021). Other sanctions imposed by the SEC includes: nearly $6 million on DBRS rating agency (DBRS Administrative Proceedings Release No. 76261, October 26, 2015); $16.25 million on Moody’s (Moody’s Administrative Proceedings Release No. 3-18689, August 28, 2018); more than $2 million on Kroll Bond Rating Agency Inc. (KBRA Administrative Proceedings Release No. 3-20096, September 29, 2020); $3,5 million on Morningstar Credit Rating (MCR Administrative Proceedings Release No. 3-19802, May 15, 2020).

[63] Which arose from Case 9/56 and Case 10/56 Meroni v High Authority [1957 and 1958] ECR 133, available at https://eur-lex.europa.eu (accessed 18 December 2024)

[64] In the Case C-270/12 UK v Parliament and Council available at https://curia.europa.eu (accessed 18 December 2024) case on the Short Selling Regulation where the Court upheld most of the provisions that were delegated to the ESMA by the co-legislators.

[65] The Meroni doctrine limits the extent of delegation of powers to EU agencies. It is important for policymakers and stakeholders to clarify the agency’s powers and responsibility to ensure effective financial regulation in the EU. See A. Witte, Standing and Judicial Review in the New EU Financial Markets Architecture, in J. of Financial Regulation, 2015, 1(2), 226-262.

[66] E. Howell, The Evolution of ESMA and Direct Supervision, (nt. 59), 1057. C. Picciau, The Evolution of the Liability of Credit Rating Agencies, (nt. 59), 397-400.

[67] See O.O. Cherednychenko, Public and Private Enforcement of European Private Law in the Financial Services Sector, in ERPL, 2015, 4, 621-648.

[68] A phenomenon called «European supervision private law» by O.O. Cherednychenko, Public Supervision over Private Relationships, (nt. 30), 37 or «Regulatory private law» by H.-W. Micklitz, The Public and the Private, (nt. 30), 473.

[69] Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 (MiFID II) on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU

[70] See MiFID II, Art. 69(1) on supervisory powers and Art. 70 on sanctions.

[71] See F. Della Negra, The Civil Effect of MiFID II between Private Law and Regulation, in Private and public enforcement of EU investor protection regulation, in Quaderni di Ricerca Giuridica della Banca d’Italia n. 90, edited by R. d’Ambrosio and S. Montemaggi, 2020, 115-143, at 121; F. Della Negra, MiFID II and private law: enforcing EU conduct of business rules, Oxford, Hart Publishing, 2019, Ch. 2.

[72] This is the opinion of Advocate General Kokott of 14 November 2019, in case C-616/18 Cofidis SA v YU, ZT, ECLI:EU: C:2019:975, para 82 available at https://curia.europa.eu (accessed 18 December 2024).

[73] See F. Della Negra, MiFID II and private law, supra (nt. 71), Ch. 7.

[74] O.O. Cherednychenko, Rediscovering the public/private divide in EU private law, in Eur. Law J., 2020, 26, 32-47. See also C. Picciau, The Evolution of the Liability of Credit Rating Agencies, (nt. 51), 391.

[75] O.O. Cherednychenko, Contract governance in the EU: conceptualising the relationship between investor protection regulation and private law, in Eur. Law J., 2015, 21, 513 ff.

[76] For the breach of duty of care, in England see Gorham & Others v. British Telecommunications Limited plc [2000] EWCA Civ 234 available at https://vlex.co.uk (accessed 18 December 2024). In the Netherlands see HR 5 June 2009, ECLI:NL:HR:2009:BH2815 (Dexia v. De Treek) available at https://uitspraken.rechtspraak.nl (accessed 18 December 2024); HR 5 June 2009, ECLI:NL:HR:2009:BH2811 (Levob Bank v. Bolle) available at https://uitspraken.rechtspraak.nl (accessed 18 December 2024); HR 5 June 2009, ECLI:NL:HR:2009:BH2822 (Stichting GeSp v. Aegon Bank) available at https://uitspraken.rechtspraak.nl (accessed 18 December 2024).

[77] See O.O. Cherednychenko, Two Sides of the Same Coin: EU Financial Regulation and Private Law, in EBOR, 2021, 22, 163-165. See e.g. BGH, 19 February 2008, XI ZR 170/07, NJW 2008, 1734; BGH, 22 June 2010, VI ZR 212/09, NJW 2010, 3651.

[78] See B. Haar, Civil liability of credit rating, (nt. 48), 316 ff.; M. Lehmann, Civil liability of rating agencies, (nt. 50) 74-75; T.M.J. Möllers, C. Niedorf, Regulation and Liability of Credit Rating Agencies, (nt. 48) 333-363. CRAs’ liability should be secondary and perhaps capped at a certain amount for these authors. See recently, C. Picciau, The civil liability of credit rating agencies to investors in the EU, (nt. 49), 181.

[79] EU Commission, An EU Strategy on Standardisation Setting global standards in support of a resilient, green and digital EU single market, COM (2022) 31 final, 1.

[80] EU Commission, An EU Strategy on Standardisation Setting global standards in support of a resilient, green and digital EU single market, COM (2022) 31 final, 1. See also Regulation (EU) No 1025/2012 of 25 October 2012 on European Standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council Decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council [2012] OJ L316/12.

[81] M. Cantero Gamito, Europeanization through Standardisation: ICT and Telecommunications, in YEL, 2018, 37, 395, 421-422; R. van Gestel, P. van Lochem, Private Standards as a Replacement for Public Lawmaking?, in The Role of the EU in Transnational Legal Ordering: Standards, Contracts and Codes, edited by M. Cantero Gamito and H-W. Micklitz, London, EE Publishing, 2020, 31-32.

[82] The development of European standards is entrusted to private international non-profit organisations called the European Standardisation Organisations (ESOs), which are the European Committee for Standardization (CEN), the European Committee for Electro-technical Standardization (CENELEC) and the European Telecommunications Standards Institute (ETSI).

[83] See also the recent German Road Traffic Act of 2021 that transposed the The Society of Automotive Engineers (SAE International) standards into the law. The Act introduces specific provisions for accidents caused by autonomous vehicles, creating a distinction with direct consequences on the operators’ liability between vehicles where drivers are still in control of the car and driverless vehicles, in C. Frattone, Reasonable AI and other creatures. What role for AI Standards in liability litigation?, in J. of Law, Market & Innovation, 2022, 1, Issue 3, 47-48.

[84] See European Group on Tort Law, Principles of European Tort Law: Text and Commentary, Wien, New York, Springer, 2005, 64-100.

[85] US judge Cardozo J. in his famous judgment in Ultramares Corp v Touche 255 NY 170, 174; NE 441, 444 (1931) available at https://casetext.com (accessed 18 December 2024) described it as «a fear of an indeterminate number of claims by an indeterminate number of parties in indeterminate amounts of money for an indeterminate amount of time».

[86] B.S. Markesinis, J. Bell, A. Janssen, Markesinis’s German Law of Torts: A Comparative Treatise, Oxford, Hart Publishing, 2019, 5^th ed, 89-90.

[87] M. Bussani, A.J. Sebok, M. Infantino, Common law and civil law perspectives on tort law, Oxford, OUP, 2022, Ch. 6 on “Compensation for Pure Economic Loss”.

[88] In truth, even before there was a tendency of the UK to be restless under the ESMA’s authority, see the Case C-270/12 UK v Parliament and Council available at https://curia.europa.eu (accessed 18 December 2024) to annul Art. 28 of the Reg. (EU) No 236/2012 on short selling and certain aspects of credit default swaps, in which ESMA had been given the power to take a legally binding decision targeting a specific financial market participant or specific conditions in relation to certain financial instruments.

[89] N. Moloney, Access to the UK Financial Market After the UK Withdrawal from the EU: Disruption, Design, and Diffusion, in EBOR, 2024, 25, 25-47.

[90] S. Deakin, A. Johnston, B. Markesinis, Markesinis and Deakin’s Tort Law, Oxford, OUP, 2012, 177.

[91] Hedley Byrne & Co. Ltd v. Heller & Partners Ltd [1964] AC 465 available at https://vlex.co.uk (accessed 18 December 2024).

[92] See the Lord Sales speech at the Annual Tort Law Research Group Lecture Western University, Ontario 26 September 2022 titled Pure economic loss in the law of tort: the history and theory of assumption of responsibility, available at https://www.supremecourt.uk.

[93] Caparo Industries plc v. Dickman [1990] 2 AC 605 available at https://vlex.co.uk (accessed 18 December 2024).

[94] C. Witting, Duty of Care: An Analytical Approach, in Oxford J. Legal Stud., 2005, 25, 33; cf. A. Robertson, Justice, Community Welfare and the Duty of Care, in LQR, 2011, 127, 370.

[95] A. Beever, Rediscovering the Law of Negligence, Oxford, Hart Publishing, 2007, 176.

[96] J. Stapleton, Three Essays on Torts, Oxford, Oxford U. Press, 2021, Ch. 2, 29-32.

[97] In the words of Sir Jack Beatson, while statutes improve through legislative microsurgery, «the core of pure common law doctrine continues to shrink». See J. Beatson, Has the Common Law a Future?, in CJL, 1997, 291, 301.

[98] Robinson v Chief Constable of West Yorkshire Police (Rev 1) [2018] UKSC 4 available at https://supremecourt.uk (accessed 18 December 2024).

[99] J. Morgan, Great debates in tort law, London, Hart Bloomsbury Publishing: Great Britain, 2022, 153 ff. and 188.

[100] S. 823 BGB (Liability in damages): «(1) A person who, intentionally or negligently, unlawfully injures the life, body, health, freedom, property or another right of another person is liable to make compensation to the other party for the damage arising from this. (2) The same duty is held by a person who commits a breach of a statute that is intended to protect another person. If, according to the contents of the statute, it may also be breached without fault, then liability to compensation only exists in the case of fault».

[101] It is equivalent of the common law tort of breach of statutory duty or the French violation of a legal duty (devoir légal).

[102] B.S. Markesinis, J. Bell, A. Janssen, Markesinis’s German Law of Torts: A Comparative Treatise, (nt. 86), 88 ff. Despite liability under s. 823(2) will be imposed only if some fault can be found in the wrongdoer, in this instance the case law reversed the onus of proof and placed it squarely on the defendant. See G. Wagner, Commentary on the §§ 823-852 BGB and the Produckthaftungsgezetz, in Münchener Kommentar zum BGB, 6th ed., nos 363-64.

[103] For instance, the Russian Civil Code contains a general clause (art. 1064) very similar to s. 823(1) because literally seems to refer to a list of protected interests. However, the Russian courts in later case law decided to give this article in a very broad scope of interpretation, in the French style rather than German.

[104] E.T.T. Tai, Tort Law: A Comparative Introduction, Northampton, Massachusetts: Edward Elgar Publishing, 2022, Ch 4, para 4; G. Wagner, Deliktsrecht, Cologne, Vahlen, 14^th, 2021, paras 5.109-5.125.

[105] BGH WM 1986, 904 (14 April 1986), available at https://dejure.org (accessed 18 December 2024).

[106] B.S. Markesinis, Markesinis’s German Law of Torts, (nt. 98), 79; E.T.T. Tai, Tort Law, (nt. 100) Ch. 4 par. 5.

[107] B.S. Markesinis, W. Lorenz, G. Dannemann, The German Law of Obligations. Vol. I. The Law of Contract and Restitution: A Comparative Introduction, Oxford, Oxford University Press, 1997, 279.

[108] A. Darbellay, Regulating Credit Rating Agencies, (nt. 32), 82.

[109] B. Haar, Civil Liability of Credit Rating Agencies, (nt. 48), 317-318.

[110] I-6 U 50/17, 8 February 2018, available at https://dejure.org (accessed 18 December 2024).

[111] That states an issuer may claim damages for credit ratings that cover «it [i.e. the issuer] or its financial instruments, while an investor may claim damages only if it has relied on a credit rating covering a financial instrument».

[112] See E. Nästegård, The Tort Liability of CRAs in Europe and the Need for a Harmonized Proximity Requirement at the Union Level, in EBLR, 2020, 31, 804-813.

[113] «Any act whatsoever by man which causes damage to another person obliges the person through whose fault it occurred to make reparation for it».

[114] «Everyone is liable for the damage he causes not only by his acts, but also by his negligence or imprudence».

[115] See Paris 5 fév. 1952, D. 1952.275 where the court imposed tort liability for negligence based on the mere foreseeability of loss. Cf. E.T.T. Tai, Tort Law: A Comparative Introduction, (nt. 104), Ch. 3 para 3 ff.

[116] M. Fabre-Magnan, Droit des obligations: Responsabilité civile et quasi-contrats, 2, Paris, Presses Universitaires de France, 5th ed., 2021, 136.

[117] The liability regime was part of the Loi n° 2010-1249 du 22 Octobre 2010 de régulation bancaire et financière en matière de droit des marchés financiers.

[118] Art. 6:162(1) DCC: «a person who commits a tort towards another which can be imputed to him, must repair the damage which the other person suffers as a consequence thereof».

[119] C. von Bar et al., Principles of European Law (PEL) on Non-Contractual Liability Arising out of Damage Caused to Another, Munich, Sellier European Law Publishers Publisher, 2009, 232-233.

[120] As a consequence of art 6:163 DCC. Cf. T. Beumers, W. van Boom, Tortious and Contractual Liability from a Dutch Perspective, in Tortious and Contractual Liability – Chinese and European Perspectives, edited by E. Karner Vienna, Jan Sramek Verlag, 2021, 223-246.

[121] Art. 2043 c.c.: «any intentional or negligent act which causes unjust damage to others obliges the person who committed the act to compensate for the damage».

[122] Cf. C. Castronovo, Responsabilità contrattuale e responsabilità extracontrattuale, in Pers. Danno, 2008, 1-2 available at https://personaedanno.it.

[123] In the De Chirico case, the Supreme Court found that the individual freedom of the plaintiff to self-determinate its investments, protected by art. 41 of the Constitution, was harmed. See Cass., 4 May 1982, n. 2765, in Foro it. 1982, I, 2864 and in Giust. Civ., 1982, I, 1745 ff., con nota di A. Di Majo, Ingiustizia del danno e diritti non nominati. See also Cass., sez. I, 25 Luglio 1986, n. 4755, in Rep. Giur. it., 1986, voce Concorrenza e pubblicità n. 71, in Nuova giur. civ. comm., 1987, I, 386 con nota di Libertini; Cass., sez. III, 4 Febbraio 1992 n. 1147, in Corriere Giur., 1992, 774, nota di Zeno Zencovich, in Giur. it., 1993, I, 862 ss.; Cass. Sez. I, 3 Aprile 1995, n. 3903, in Società, 1995, 12, 1544, con nota di Balzarini.

[124] See the eminent decision of Cass., sez. Unite., 22 Luglio 1999, n. 500, in Giust. Civ., 1999, I, 2261 con nota di Morelli.

[125] More restrictive view is taken only in Sweden, where only wilful damages for pure economic loss must be compensated by the tortfeasor (Swedish Damages Liability Act of 2 June 1972 ch. 2 § 1). There are, however, numerous exceptions to this principle. In Finland, the Finnish Damages Liability Act (412/1974) allows compensation for pure economic loss if caused by a criminal act, but it also adds that such a loss may also be compensable if it has been caused in the exercise of public authority or if there are ‘particularly weighty reasons’ (Article 1 of Chapter 5 of the said act). Cf. E. Nästegård, The Tort Liability of CRAs in Europe, (nt. 112), 805-814.

[126] See G. Facci, Le agenzie di rating e la responsabilità per informazioni inesatte, in Contr. impr., 2008, 164. Id., Il danno da informazione finanziaria inesatta, Bologna, Zanichelli ed., 2009, 63; F. Greco, La responsabilità “extracontrattuale” dell’agenzia di rating nei confronti dell’in­vestitore, in Resp. civ. e prev., 2013, 1461; R. Rosapepe, Intervento, in Le Agenzie di Rating, Atti del convegno. Salerno, 8-9 novembre 2012, a cura di A. Principe, Milano, Giuffrè, 2014, 177; L. Di Donna, Danni da rating e rimedi degli investitori, in Le agenzie di rating, cit., 286; C. Scaroni, La responsabilità delle agenzie di rating nei confronti degli investitori, in Contr. Impr., 2011, 806; P. Giudici, L’agenzia di rating danneggia l’emittente con i propri rating eccessivamente favorevoli? In Società, 2011, 1454; M. Saponaro, Il danno da rating: se e come le agenzie sono tenute a rispondere, in Danno resp., 2012, 186; G. Presti, voce Rating, in Enc. dir., Annali VII, Milano, Giuffrè, 2014, 870; P. Montalenti, Le agenzie di rating: appunti, in Giur. comm., 2013, I, 511; G. Alpa, Responsabilità civile delle agenzie di rating. Alcuni rilievi sistematici, in Riv. trim. dir. econ., 2013, 71.

[127] In Italy, art. 23, comma 6, of the Testo Unico della Finanza (T.U.F.), which allocates the burden of proof on the authorized financial intermediaries in proceedings for damage compensation, is not applicable to CRA.

[128] E.T.T. Tai, Tort Law: A Comparative Introduction, (nt. 104), Ch. 2, para 2.7.

[129] For an example of such an agency, see the Dutch Authority for Consumers and Markets (Autoriteit Consument en Markt) illustrated in O. Cherednychenko, Regulatory Agencies and Private Damages in the EU: Bridging the Gap between Theory and Practice, in University of Groningen Faculty of Law Research Paper Series, No. 8/2022, 158-160.

[130] See E. Nästegård, The Tort Liability of CRAs in Europe and the Need for a Harmonized Proximity Requirement at the Union Level, in EBLR, 2020, 31, 814-818.

[131] A notable example of such an agency is the UK Financial Conduct Authority (FCA) under the Financial Services and Markets Act (FSMA) 2000 as amended in 2010 (by the Financial Services Act). A failure of a financial firm to comply with regulatory standards may trigger – in case of damage to consumer – a consumer redress scheme ordered by the FCA (s. 404 FSMA).