CESR Consultations on the EU CRA Regulation - Debt Capital Markets

In 2009, the European Union ("EU") enacted legislation regulating credit rating agencies ("CRAs") in order to address the criticisms raised during the financial crisis that highlighted certain issues arising from conflicts of interest and a lack of transparency in the ratings process.¹

The EU Regulation on Credit Rating Agencies (the "CRA Regulation") came into force on 7 December 2009, introducing new obligations on CRAs designed to improve the independence, quality and transparency of ratings.² CRAs operating in the EU are subject to registration in order for their ratings to be used for regulatory purposes in the EU. Along with other EU member states, the United Kingdom ("UK") has proceeded to implement the CRA Regulation by passing the UK Credit Rating Agencies Regulations 2010, which will come into effect 7 June 2010.³

Recently, however, CRAs have been back in the spotlight for their role in the ongoing sovereign debt crisis in the Eurozone, particularly in relation to their decision to downgrade the credit ratings of Greece, Portugal and Spain.

On 17 May 2010, Michel Barnier, EU's Internal Market Commissioner, announced that the EU Commission will publish proposals in June 2010 for further regulations concerning CRAs, to be implemented by the end of 2010. The focal point of the new proposals is the centralised, pan-EU registration and supervision of CRAs through the European Securities and Markets Authority ("ESMA"). ESMA is one of the new EU supervisory authorities being created as part of the broad reform of EU financial supervisory framework and will replace the Committee of European Securities Regulators ("CESR") from 1 January 2011. As a further means of improving transparency, it is also proposed that EU regulators be given access to the CRAs' rating methodologies and past ratings information. The new proposals may also require CRAs to share some of the data on which their ratings are based.

On 17 May 2010, CESR launched two public consultations⁴ on its guidance relating to the enforcement practices and the assessment of credit rating methodologies under the CRA Regulation. Under Article 21(3) of the CRA Regulation, CESR is obliged to issue the guidance by 7 September 2010. Accordingly, CESR has set out its proposals in the latest consultation papers and invited comments from market participants by 18 June 2010.

We summarise CESR's proposals in relation to both sets of guidance below

Guidance on the Enforcement Practices under Article 21.3(a)

In the first consultation paper, CESR outlined the information that the competent authorities of the EU member states should receive from CRAs and the type of meetings that they should hold with the CRAs, in order to help them understand how the CRAs operate and to investigate any risks as they arise.

The draft guidance does not cover the supervisory measures or sanctions that the competent authorities may impose under the CRA Regulation. Those will be addressed in a separate CESR guidance, which will not be made public.

CESR noted that the draft guidance may be modified to reflect the precise powers and responsibilities of ESME as they are determined.

Enforcement practices as part of ongoing supervision: collection of periodic information and ad hoc requests

As part of ongoing supervision, competent authorities should require the CRA to provide them with information and data, in periodic reports or upon request, relating to the following:

1. Operational reports (monthly):

ratings activities (e.g., new issues, ratings reviews and withdrawals, issuers and transactions rated or monitored, broken down by type of credit rating);
methodologies reviews (including any back-testing), and key findings and actions taken;
costs and revenues generated by each type of credit ratings;
staff turnover and promotions (e.g., the committee chairman or person approving ratings), broken down by type of credit ratings;
any internal review performed on rating models and processes; and " any changes in the location of lead analysts or outsourcing arrangements.

2. Compliance reports (monthly or quarterly):

updated work plan;
compliance/internal audit/risk/internal review reports;
potential breaches and conflicts of interest identified and mitigating measures taken; and
relevant board minutes.

3. Notification of material changes (ad hoc):

CRAs must notify competent authorities of any material changes to the condition of initial registration, e.g., the rating methodology, including rating factors, criteria and/or assumptions (mathematical or correlation), or its organisational structure.

4. Further information and documents (upon request):

Under Article 23(3), the regulators may also make written or verbal requests for further information (including documents and records of telephone and data traffic) or to conduct onsite inspections or investigations, in relation to the CRA or any other persons involved in or related to the CRA or rating activities.

Supervisory interaction between competent authorities and the CRAs

The competent authorities should set up both regular and ad hoc meetings with key staff at the CRA, which would typically include:

annual meetings with the Chairman of the Board and the representatives of the administrative or supervisory board (including independent directors), the Chief Executive Officer and the Head of Internal Audit;
semi-annual meetings with the Head of Technology/IT and the Credit Risk Officer;
quarterly meetings with the senior management on strategy and business plan;
monthly meetings with the Chief Compliance Officer; and
ad hoc meetings with any member of staff to deal with specific issues in identified risk areas.

The number and frequency of the meetings should be proportionate to the size and structure of the CRA and its particular circumstances.

Guidance on Assessing Credit Rating Methodologies for Compliance with Article 8(3)

Article 8(3) of the CRA Regulation requires CRAs to use credit rating methodologies that are "rigorous, systematic, continuous and subject to validation based on historical experience, including back-testing." Each CRA is responsible for demonstrating its compliance with these requirements on an ongoing basis.

The second consultation paper sets out the common standards that CESR proposes for the competent authorities to apply in monitoring or assessing credit rating methodologies for compliance with Article 8(3), including the information to be submitted by CRAs to demonstrate their compliance.

General information

The CRA should submit general information concerning its credit rating methodologies, including:

written policies and procedures ensuring that the methodologies are and continue to be rigorous, systematic, continuous and subject to validation;
the process for developing and reviewing methodologies and how they are used in the rating process, including the interaction between analysts developing methodologies and staff involved in the actual rating and sign-off; and
how methodologies are applied or implemented, including the processes in place to ensure consistency of approach and the role of rating committees and senior management in this regard.

Detailed information

1."Rigorous"

CESR describes this term to mean that CRAs have appropriate means of developing and reviewing methodologies and high standards of due diligence in utilising them. The qualifications of analysts developing and reviewing methodologies must be suitable for the task, and methodologies are subject to appropriate challenge. There should be appropriate resources dedicated to developing and reviewing methodologies.

The CRA must demonstrate the requisite attributes by submitting (or providing descriptions of), inter alia, the policies and procedures setting out:

the specific task of independent directors of the administrative or supervisory board;
the approach to the weightings of qualitative or quantitative factors within methodologies;
controls in place to ensure information or data used is from reliable sources and of sufficient quality;
for each asset type, the quantitative inputs (e.g., key variables, data sources, assumptions and techniques used and the extent of input from rated entities);
the rating review process (e.g., scope, means, frequency, relevant staff, surveillance and monitoring of rated entities or instruments, data updates, information from rated entities taken into account, automatic warning systems, revisions to methodologies);
quantitative evidence of the "discriminatory power" of the methodology, using statistical techniques (e.g., default studies, transition matrices) to demonstrate robustness and predictive power over time and across different asset classes;
how information is obtained from rated entities and (if requested) the extent of contacts with the rated entities' senior management; and
how the impact of changes to methodologies are analysed or publicised, before implementation.

2."Systematic"

CESR describes this term to mean that methodologies are developed and reviewed in a consistent, organised and repeatable manner. Similar methodologies should be developed to rate similar financial instruments or entities and assumptions and macro economic outlooks are applied consistently across methodologies.

The CRA must demonstrate these attributes by submitting (or providing descriptions of), inter alia:

the policies and procedures to promote and to assess consistent application of methodologies for a given asset class;
measures implemented to ensure consistent application of models, assumptions, macroeconomic forecasts/outlooks and other inputs across methodologies; and
review process for outstanding ratings when underlying methodologies are amended (with details of specific cases) or when ratings diverge from pre-defined methodology (to confirm there are appropriate reasons).

3."Continuous"

CESR describes this term to mean that methodologies are appropriately monitored, updated and responsive to market changes over time. Methodologies should be amended or removed in a way that minimises disruption.

The CRA must demonstrate these attributes by submitting (or providing descriptions of), inter alia:

a detailed business plan to cope with business disruptions (e.g., loss of key staff);
a monitoring programme to assess how the methodologies perform;
written policies and procedures concerning decisions to amend, disrupt, withdraw or suspend a rating methodology and associated ratings; and
written procedures, documentation, test plans and scenarios to address unforeseen events to allow for continuous monitoring and assessment of methodologies.

4."Subject to validation based on historical experience, including back-testing"

CESR describes this phrase to mean that methodologies and underlying assumptions are consistently reviewed against actual performance, new data and changes to underlying macroeconomic assumptions. There should be a comprehensive and integrated process composed of back-testing and establishing a rating validation framework to provide for clear, consistent validations of all the outstanding methodologies, while minimising potential conflicts that may arise.

The CRA must demonstrate these attributes by submitting (or providing descriptions of), inter alia:

the validation process, covering how it relates to possible changes to methodologies for each asset type;
written policies and procedures to control accuracy through use of a truly representative sample and for in-sample and out-sample tests; " the methods used in quantitative and qualitative assessments to confirm robustness of methodologies and assumptions (e.g., default recovery rates, correlations), discriminatory power and consistency of their credit assessment over time and across different market segments; and
historic information on validation and back-testing of methodologies and models.

The frequency of back-testing depends on the particular methodology and assets covered as well as the specific risks to which it is exposed and changes in market conditions.

Credit assessment must be reviewed at least annually and incorporate corrective measures for any systematic rating errors highlighted by back-testing.

Technical Advice on Equivalence of U.S. Regulatory Provisions

Under Article 4 of the CRA Regulation, credit institutions and other relevant financial institutions may only use a credit rating for regulatory purposes, if the relevant rating has been issued by a CRA located in the EU and registered accordingly. In circumstances where a credit rating is issued in a third country, such as the United States ("U.S."), the rating may be endorsed by a CRA registered under the CRA Regulation, provided that the endorsing CRA has verified and can demonstrate that the third country CRA fulfils requirements at least as stringent as certain provisions in the CRA Regulation.⁵ Where a "positive equivalence" decision by the Commission is in place, a European CRA will be able to endorse credit ratings without the need to verify or demonstrate the effectiveness of the relevant third party country's regime in respect of regulating CRAs.

In June 2009, the European Commission mandated CESR to provide it with technical advice on the equivalence between the U.S., Canadian and Japanese legal and supervisory frameworks. Accordingly, on 21 May 2010, CESR published such advice (dated 21 April 2010) to the Commission on the equivalence between the U.S. and EU regulatory regimes.⁶ CESR's analysis is that the two regimes are broadly equivalent in achieving the overall objective of ensuring "that users of ratings in the EU would benefit from equivalent protections in terms of the CRA's integrity, transparency, good governance and reliability of the credit rating activities." However, it has identified certain weaknesses in the U.S. regulatory regime, mainly relating to the methodologies being utilised, the potential quality of the credit ratings themselves and disclosure requirements.

For the purpose of assessing equivalence, CESR has divided the EU Regulation into the following seven areas:

The scope of the regulatory and supervisory framework: the nature of the legal and supervisory framework that is in place must be able to meet the same overall objectives as the EU regulatory regime;
Corporate governance: senior management must be responsible and legally accountable for ensuring that relevant criteria are met, such as the independence of credit ratings criteria;
Conflicts of interest management: the objectivity, independence, integrity, quality and transparency of credit ratings must be maintained, and this requires the need for CRAs to ensure there are no conflicts of interest;
Organisational requirements: Among other concerns, outsourcing, record keeping and confidentiality are considered to be organisational requirements that contribute to the objectivity and quality of credit rating activities;
Quality of methodology and quality of ratings: methodologies, models and key rating assumptions used in credit rating activities must be rigorous, continuous and thorough and of adequate quality and integrity;
Disclosure: there must be adequate requirements in place for presentation and disclosure of credit ratings, as well as general and periodic disclosure in respect of the CRA itself; and
Effective supervision and enforcement: CRAs in third countries must be registered or authorized and subject to effective supervision and enforcement on an ongoing basis.

CESR considers that there are important differences between the U.S. and EU approaches to objectives 2 (corporate governance) and 3 (conflicts of interest management) above. Even so, taken as a whole, it considers that the U.S. requirements presently in place in these areas do meet the relevant requirements. However, in respect of objectives 5 (quality of methodology and quality or ratings) and 7 (disclosure), CESR does not consider that the legal and supervisory framework presently achieves the objectives of the EU regulatory requirements. The Commission is expected to make a final decision on the equivalence between the regulatory regimes in the U.S. and other third countries and the EU by the end of 2010.

We will continue to monitor and provide updates on CESR's ongoing work on the application of the CRA Regulation, as well as further proposals by the Commission in relation to the regulation of CRAs in the EU.

Footnotes

1. See Morrison & Foerster client alert: The EU Rating Agency Regulation (28 April 2009), http://www.mofo.com/files/Publication/11a58094- 7be4-4329-a677-1891bdcf6719/Presentation/PublicationAttachment/b3d9ebe7-efa9-46a7-81c0-1a5cdea4cf61/090428EURatingAgency.pdf

2. Regulation (EC) No. 1060/2009 of the European Parliament and of the Council of 16 September 2009 on credit rating agencies (http://eurlex. europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:302:0001:0031:EN:PDF ) came into effect on 7 December 2009, except that (i) certain provisions of Article 4 (relating to the use of credit ratings) apply from 7 December 2010 and (ii) other Article 4 provisions shall apply from 7 June 2011.

3. UK Credit Rating Agencies Regulations 2010 (SI 2010/906), http://www.opsi.gov.uk/si/si2010/pdf/uksi_20100906_en.pdf.

4. CESR Consultation Papers (17 May 2010): Guidance on Enforcement Practices & Activities to be Conducted under Article 21.3(a) of the Regulation, http://www.cesr.eu/popup2.php?id=6634 , and Guidance on Common Standards for Assessment of Compliance of Credit Rating Methodologies with the Requirements set out in Article 8(3), http://www.cesr.eu/popup2.php?id=6635

5. Under Article 5 of the CRA Regulation, CRAs from third countries can also be "certified" (thereby allowing their credit ratings to be used for EU regulatory purposes) in circumstances where the activities of such third country CRA are not considered to be of "systemic importance" to the financial stability or integrity of the financial markets of one or more Member States. Certification is dependent upon the relevant CRA meeting certain conditions including the CRA being subject to authorisation/registration requirements and supervision in the applicable third country.

6. CESR Technical Advice to European Commission on the equivalence between U.S. regulatory and supervisory framework and EU regulatory regime for credit rating agencies (21 April 2010), http://www.cesr.eu/data/document/10_332s.pdf

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.