The European Financial Regulator ESMA (European Securities and Markets Authority) has today fined five Scandinavian banks for violations of the Credit Rating Agencies Regulation (CRAR). Each of the five banks was fined €495,000 and received a public notice for negligently breaching the CRAR by by issuing credit ratings without being authorised by ESMA to do so. Danske Bank, Nordea Bank, SEB, Svenska Handelsbanken and Swedbank issued between June 2011 and August 2016 credit research to their clients. SEB even continued to do so until as recently as May 2018. The credit research included the issuance of what the banks described as shadow ratings. These reports related to different entities and underlying financial instruments and these reports included opinions, which ESMA found met the definition of a credit rating provided for by the CRAR.
The regulator pointed out though that neither bank had acquired the necessary ESMA authorisation to issue ratings. Such conduct infringes the CRAR which requires prior authorisation.
Credit ratings help investors and lenders to understand the risks associated with a particular investment or financial instrument. However, over-reliance on credit ratings may reduce incentives for investors to develop their own capacity for credit risk assessment.
In the period leading up to the financial crisis in 2008, credit rating agencies failed to properly appreciate the risks in more complex financial instruments. For instance, structured finance products backed by risky sub-prime mortgages were issued with incorrect ratings that were far too high.
During the subsequent euro area debt crisis, certain countries were faced with abrupt bond sell-offs and higher borrowing costs following a downgrade of their credit rating.
As a result, the European Commission made several proposals to strengthen the regulatory and supervisory framework for credit rating agencies (CRAs) and new rules were introduced in 3 steps between 2009 and 2013. The latest legislative package on CRAs consists of a regulation (Regulation No 462/2013) and a directive (Directive 2013/14/EU), which seek to reduce the over-reliance on credit ratings, increase transparency regarding the issuing of sovereign debt ratings, improve the quality of the rating process and make credit rating agencies more accountable for their actions, and reduce conflicts of interest and encourage a greater number of actors to operate in the credit rating market.
ESMA stated that the individual fine amounts take into account the aggravating factor that the banks had committed the infringement for more than six months but also consider the mitigating factor that each bank has voluntarily taken measures to ensure that similar infringements could not be committed in the future.
Under the CRAR, issuing credit ratings requires authorisation by ESMA to ensure that such ratings are independent, objective and of adequate quality and that Credit Rating Agencies (CRAs) are subject to the same rules and oversight across all EU countries. A firm, in order to be registered as a CRA in the EU, needs to provide proof that it fulfils the necessary organisational requirements and provides adequate safeguards, in particular regarding governance, conflicts of interests, internal controls, rating process and methodologies, business activities and disclosures. A failure by a firm to apply for registration prior to issuing ratings is an infringement of the CRAR. None of the five banks was, or is, registered as a CRA nor had they applied for registration. Currently, there are 27 CRAs authorised by ESMA to issue credit ratings within the EU.
While not a frequent area of enforcement, ESMA has put its foot down before. For instance, in June 2016, the regulator fined Fitch Ratings for the amount of €1,38 million for a series of negligent breaches of the CRAR.
The ESMA statement and related information can be found here.