(p.272) Appendix 4 US Legislation on CRAs
(p.272) Appendix 4 US Legislation on CRAs
(p.272) Appendix 4
US Legislation on CRAs
NRSRO No-action Letter Process
It was in the 1970s, when the largest rating agencies began the practice of charging issuers as well as investors for rating services, that the term Nationally Recognized Statistical Rating Organizations (‘NRSRO’) was first used by the SEC. In 1975 the SEC adopted the broker-dealer net capital rule, where the term NRSRO was used to classify debt instruments in terms of the amount they would be haircut for regulatory capital purposes, depending on the rating of a NRSRO. However, before the SEC adopted this rule the New York Stock Exchange already used the term NRSRO in its net capital rule, which distinguished between investment grade and non-investment grade instruments.
Despite the use of the NRSRO term in its rules, the SEC had no explicit authority to regulate CRAs as such. Therefore, the designation process of CRAs as NRSROs was done through the SEC staff’s no-action letter process. In that process, the staff reviewed information and documents submitted by the CRAs, including how broadly their ratings were used in the securities markets, to determine whether the agency had achieved broad market acceptance for ratings. If it was considered that there was a broad acceptance, the staff would issue a letter stating that it would not recommend enforcement action against broker-dealers who used the agency’s ratings for purposes of complying with the net capital rule. Although the no-action letters only referred to the SEC’s net capital rule, they effectively conferred NRSRO status for the purposes of all US statutes and regulations using that term. In the 1970s the three largest rating agencies (Fitch, S&P, and Moody’s) received no-action letters as NRSROs through this process.
Over time, the NRSRO concept was incorporated into additional SEC’s rules, and into laws and regulations from the USA and other countries.
In September 2006, the US Congress enacted the Credit Rating Agency Reform Act of 2006 to ‘improve the ratings quality for the protection of investors and in the public interest by fostering accountability, transparency and competition in the CRA industry’.
The CRA Reform Act substituted the staff no-action letter process, which lacked transparency, for a voluntary registration system for CRAs and provided the SEC with broad authority to oversee NRSROs. In particular, it provided the SEC with authority to prescribe the form of the application (including requiring the submission of additional information); the records the NRSRO must make and retain; the financial reports a NRSRO must provide to the SEC on a periodic basis; the specific procedures the NRSRO must implement to manage the handling of material non-public information; the conflicts of interest an NRSRO must manage or avoid; and the practices that an NRSRO must not engage in if the SEC determines they are unfair, coercive, or abusive. In addition, the Act provided the SEC with the authority to examine all books and records of an NRSRO and to bring enforcement action against NRSROs for violations of the US federal securities laws.
The operative provisions of the CRA Reform Act became applicable upon the SEC’s adoption in June 2007 of a series of rules implementing a registration and supervision regime for CRAs that register as NRSROs.
(p.273) As envisaged in the CRA Reform Act, the rules on registration prescribe, among other things, the application form a CRA has to submit in order to be registered with the SEC, the minimum information the applicant has to include in its form, and the obligation to keep its registration updated. These rules are very detailed and provide clarity regarding the basis upon which the application for registration is to be accepted and the grounds upon which the SEC could reject it.
Once a NRSRO is registered, it has to make its application form publicly available, together with most of the exhibits that accompany the application. The public disclosures include, among other things, organizational information, ratings performance statistics, ratings methodologies, conflicts of interest, and analysts’ experience. This upfront disclosure enables market participants to make their own assessment regarding the NRSRO’s integrity and quality of ratings and, together with the extensive records NRSROs are required to retain, form the basis of the SEC’s examinations. The rules also include annual financial reports that NRSROs have to submit on a confidential basis.
Combined with the extensive disclosure requirements, the other pillars of the 2007 rules are the detailed requirements on conflicts of interest (those that are prohibited and those that the NRSRO is required to identify, manage, and disclose) and the provisions requiring procedures to prevent the misuse of material non-public information.
Since the CRA Reform Act became effective in June 2007, ten CRAs have registered as NRSROs under the US legislative framework: A.M. Best Company, Inc., DBRS Ltd, Fitch, Inc., Japan Credit Rating Agency, Ltd, Moody’s Investors Service, Inc., Rating and Investment Information, Inc., Standard & Poor’s Ratings Services, LACE Financial Corp, Realpoint LLC, and Egan-Jones Rating Company.
According to the CRA Reform Act, the SEC has to provide an annual report to the US Congress. Until now the SEC has provided and published three reports in 2008, 2009, and January 2011, which are available at the SEC’s website.1
SEC’s NRSRO Monitoring
Following the global market turmoil, in September 2007, the SEC used its new monitoring authority to initiate examinations of the three largest NRSROs, Fitch, Moody’s, and S&P. These examinations focused on their compliance with the law and rules regarding the integrity of the credit rating processes, the policies and controls the CRAs adopted to address conflicts of interest in these processes, and the quality and soundness of their compliance control systems. In particular, the SEC staff reviewed the CRAs processes for rating subprime RMBS and CDOs.
The period reviewed by the examination generally covered January 2004 through July 2008. The SEC staff’s examinations highlighted many of the market failures that have been described in Section 2.1 and, given the global nature of the NRSROs investigated, the conclusions of the report were extremely relevant for policy‐makers and supervisors in other jurisdictions. In particular, the main findings of the SEC staff can be summarized as follows:
• Increased deal volume and complexity: there was a substantial increase in the number and complexity of RMBS and CDO deals beginning in 2002 and some of the NRSROs appeared to struggle with the growth due to the lack of sufficient staff and resources to manage the increasing volume of business.
(p.274) • Disclosure of ratings process: significant aspects of the ratings process were not always disclosed (for example, relevant ratings criteria). In addition, the NRSROs made ‘out‐of‐model adjustments’ without documenting the rationale for such adjustments.
• Documentation of ratings policies and procedures: the NRSROs’ policies and procedures for rating RMBS and CDOs could be better documented as none of the CRAs examined had consolidated and comprehensive written procedures for rating these products. The SEC staff also found that the NRSROs did not appear to have specific policies and procedures to identify or address errors in their models or methodologies.
• Documentation of the ratings process: NRSROs did not always document significant participants and steps in the ratings process and there was also a lack of documentation of rating committee’s actions and decisions.
• Surveillance processes: the surveillance processes appeared to be less robust than their initial ratings processes, there was poor documentation of the monitoring conducted, and the lack of resources appeared to impact the timeliness of the surveillance efforts.
• Management of conflicts of interest: while each NRSRO had policies and procedures restricting analysts from participating in fee discussions with issuers, the policies still allowed key participants in the ratings process to take part in these discussions. In addition, the NRSROs did not appear to take steps to prevent the possibility that considerations of market share and other business interests could influence ratings. Moreover, although the NRSROs had policies prohibiting employees from owning securities that were subject to a rating by them, the NRSROs varied in how rigorously they monitored or prevented prohibited transactions from occurring.
• Internal audits: the internal audits of the ratings processes of two NRSROs appeared to be inadequate. For example, at one NRSRO, the internal audits of its RMBS and CDO groups constituted a one-page checklist limited in scope to evaluate the completeness of deal files.
• Due diligence practices: NRSROs did not engage in any due diligence or otherwise seek to verify the accuracy or quality of the loan data underlying the RMBS pools they rated during the review period. They relied on the information provided to them by the sponsor of the RMBS.
Amendments to NRSRO Rules
The findings from these initial examinations informed a round of rule amendments, which the SEC proposed in June 2008 and adopted in February 2009. The amended rules required NRSROs to make additional public disclosures about their methodologies for determining structured finance ratings, to publicly disclose the histories of their ratings, and to hold more internal records and submit additional information to the SEC in order to assist staff’s examinations of NRSROs. The amendments also prohibited NRSROs and their analysts from engaging in certain activities that could impair their objectivity, such as recommending how to obtain a desired rating and then rating the resulting security.
In November 2009, the SEC adopted additional amendments. The new rules required a broader disclosure of credit ratings history information, such as the initial rating and any actions subsequently taken, including downgrades, upgrades, confirmations, and placements on watch. The rules required a NRSRO to disclose, on a delayed basis, ratings history information in a downloadable format for all ratings initially determined on or after 26 June 2007 (‘100% requirement’). This new disclosure requirement, as explained in Section 3.8.6—under the analysis of ESMA’s central repository—is designed to foster greater transparency of ratings quality and accountability among NRSROs, by making it easier for investors to analyse the actual performance of ratings.
(p.275) Also in November 2009, a new rule (amended rule 240 17g-5) was adopted in order to enable competing CRAs to offer unsolicited ratings for structured finance products, by granting them access to the necessary underlying data of the transactions (see Section 3.8.5).
In August 2010 the Dodd–Frank Wall Street Reform and Consumer Protection Act was passed. As a response to the financial crisis, this complex piece of legislation reforms a number of areas of the US financial services framework. Its provisions, among other things, address systemic risk; regulate advisers to hedge funds; establish a Federal Insurance Office and seek to reform insurance regulation; regulate over-the-counter derivatives markets; reform the transaction clearing and settlement process; and strengthen investor protection and improve a number of areas of the securities regulation. Among the reforms in the last area mentioned are the improvements to the regulation of CRAs included in Title IX, Subtitle C of the Act. The following paragraphs summarize the key provisions and requirements of the Dodd–Frank Act that relate to CRAs.2
New Office of Credit Ratings at the SEC
The Act creates an Office of Credit Ratings at the SEC with its own director and compliance staff, composed of people with ‘knowledge of and expertise in corporate, municipal, and structured debt finance’. The mission of the Office is to protect the users of ratings, promote accuracy in credit ratings issued by NRSROs, and ensure that such ratings are not unduly influenced by conflicts of interest. The Office is required to examine NRSROs at least once a year and make key findings public. In connection with its annual examinations, the Office will review the following aspects of the NRSRO’s operations: whether the NRSRO is conducting business in accordance with its policies, procedures, and rating methodologies; the management of conflicts; the implementation of ethics policies; the internal supervisory controls; the governance; the processing of complaints; and the policies governing the post-employment activities of former staff of the NRSRO.
The Office will have authority to establish rules necessary to enforce the new regulations and be able to establish fines and other penalties for violation of the regulations.
Disclosure and Internal Control Requirements
The Act creates new requirements for the development and maintenance of internal controls in NRSROs and increases the amount of disclosure required by NRSROs.
Each NRSRO must establish an effective internal control structure governing the implementation of and adherence to policies, procedures, and methodologies for determining ratings. Each NRSRO must submit to the SEC an annual internal control report that is attested by the chief executive officer and that describes the responsibility of management in establishing and maintaining controls and assessing the effectiveness of the internal control structure of the NRSRO.
Disclosure of Rating Methodologies
The SEC has to prescribe rules to ensure that ratings are produced in accordance with procedures and methodologies that have been approved by the NRSRO’s board. The (p.276) NRSRO must disclose the reasons for any material change in rating procedures and methodologies and the changes must be applied consistently to all ratings to which the changed procedures and methodologies apply. The NRSRO must notify the users of the following: the methodology used with respect to a particular rating; any material change made to a procedure or methodology; any significant error that is identified in a procedure or methodology that may result in rating changes; and the likelihood that a material change in procedure or methodology would result in a change in current ratings.
Form for Disclosure
The SEC will prescribe rules to require NRSROs to publish with each rating a form (in paper or electronic format) including a number of disclosures. In particular, the form must discuss: the main assumptions underlying the rating; potential limitations of the rating; information on the uncertainty of ratings; whether and to what extent third party due diligence reports have been used; data about the issuer used in determining the rating; the NRSRO’s assessment of the quality of data available and considered; and information related to conflicts of interest and other information that the SEC may require.
Third Party Due Diligence Services for Structured Finance Products
Issuers of asset-backed securities must make public the findings and conclusions of any due diligence report obtained by the issuer. Third party due diligence services must certify (in a form and content to be established by the SEC) that they have conducted a thorough review of data, documentation, and other relevant information necessary for the NRSRO to provide an accurate rating. NRSROs shall make such certifications public, in order to allow market participants to determine the adequacy of third party due diligence services.
Corporate Governance and Management of Conflicts of Interests
The Dodd–Frank Act also contains provisions related to the corporate governance of NRSROs to ensure that conflicts of interest are minimized in the rating process.
Independent Directors and Duties of the Board
Each NRSRO must have a board of directors, and at least half the members of the board (but not fewer than two directors) must be independent. Independent directors may receive compensation, but such compensation cannot be linked to the business performance of the NRSRO. The term of the independent director is required to be for a non-renewable fixed term not to exceed five years. Provisions concerning the board’s role stipulate that, in addition to their overall responsibilities, the board of directors is required to oversee the policies and procedures for determining ratings and for addressing, managing, and disclosing conflicts of interest; the effectiveness of the internal control system; and the compensation and promotion policies and practices of the NRSRO.
Conflicts of Interest
The SEC has to prescribe rules to prevent the sales and marketing considerations of NRSROs from influencing the production of ratings. Such rules will provide exceptions for small NRSROs.
There is a new requirement for NRSROs to conduct a one-year look-back review when an employee goes to work for an issuer, obligor, or underwriter of a security that has been (p.277) rated by that NRSRO. The NRSRO is also required to report to the SEC when certain employees are hired by an entity that the NRSRO has rated in the previous 12 months.
Enforcement and Liability
The Dodd–Frank Act also contains several provisions that allow for greater enforcement of violations by NRSROs and provides the SEC with the right to revoke an NRSRO’s status under certain circumstances.
The Act amends the Securities Exchange Act of 1934 to allow investors to bring private actions against NRSROs for a knowing or reckless failure to conduct a reasonable investigation of the rated security with respect to factual elements relied upon by its own methodology or to obtain reasonable verification of such factual elements from other sources that are reliable and independent of the issuer. Additionally, NRSROs will now be subject to ‘expert liability’ through the nullification of the rule which previously provided an exemption for credit ratings provided by NRSROs from being considered a part of a registration statement. In this context, NRSROs will now face the same type of liability in private securities actions faced by registered public accounting firms or securities analysts.
Right to Deregister
The Act authorizes the SEC to revoke a CRA’s NRSRO status for a particular class of securities when an NRSRO has insufficient financial and managerial resources to consistently produce accurate ratings.
Testing and Education
The Act directs the SEC to issue rules to ensure that any person employed by an NRSRO to perform ratings meets standards of training, experience, and competence necessary to produce accurate ratings, and is tested for knowledge of the rating process.
Universal Rating Symbols
NRSROs are required to clearly define any symbols used to denote a credit rating, and apply those symbols in a consistent manner to all types of securities. However, there is no restriction on NRSROs using distinct sets of symbols to denote credit ratings for different types of securities (such as the structured finance indicator in the EU).
SEC Implementation of the Dodd–Frank Act
The Act directs the SEC to issue within one year the final rules required by the Act. At the time of writing the SEC has undertaken some relevant actions.
(p.278) Credit Rating Standardization Study
In December 2010, the SEC requested comments for the preparation of the Credit Rating Standardization Study. These comments will help inform the SEC study pursuant to the Dodd–Frank Act on the feasibility and desirability of ‘standardizing credit ratings terminology, so that all credit rating agencies issue credit ratings using identical terms; standardizing the market stress conditions under which ratings are evaluated; requiring a quantitative correspondence between credit ratings and a range of default probabilities and loss expectations under standardized conditions of economic stress; and standardizing credit rating terminology across asset classes, so that named ratings correspond to a standard range of default probabilities and expected losses independent of asset class and issuing entity’.
Removal of References to Ratings in Legislation
During the first semester of 2011, the SEC proposed revisions to the rules that contain references to credit ratings. In particular, the SEC proposed to: change existing rules related to money market funds that allow such funds to only invest in securities that have received one of the two highest categories of short-term credit ratings; to remove references to ratings from broker-dealer capital and other financial responsibility rules and, where necessary, substitute alternative standards of creditworthiness; and to remove ratings as one of the conditions for companies seeking to use short form registration when registering securities for public sale.
Study on a System to Assign NRSROs to Determine Ratings for Structure Finance Products
In May 2011, the SEC published for comment a document to assist it in carrying out the study requested by the Dodd–Frank Act on the feasibility of establishing a system in which a public or private utility or a self-regulatory organization assigns NRSROs to determine credit ratings for structured finance products (see Section 5.1.4).
Detailed Implementing Rules
In May 2011, the SEC published a set of proposed rules to implement a number of provisions of the Dodd–Frank Act (SEC proposed rules for NRSROs May 2011). Basically, the proposed rules analyse the provisions of the Act dealing with disclosure and internal control requirements and employees, as explained before, and, in some cases, propose more detailed requirements. For example, in relation to the provision on transparency of the performance, the SEC proposes to standardize the way an NRSRO calculates and presents aggregate information about how its ratings change over time and how often a rated entity or product subsequently defaulted. In addition, it proposes to enhance the so-called ‘100% Requirement’ to require that the disclosures include any credit ratings that were outstanding as of 26 June 2007, and any subsequent rating actions taken with respect to those ratings.
At the time of writing, the SEC has not yet published the final rules. If adopted along the lines proposed, this reform will be a mayor step towards strengthening the US monitoring of CRAs.