The European Securities and Markets Authority (ESMA) has issued a public notice censuring Standard & Poor’s Credit Market Services France SAS and Standard & Poor’s Credit Market Services Europe Limited (S&P) for breaches of Regulation 1060/2009 (CRA Regulation).
The decision by ESMA to issue a public notice results from its investigation into the erroneous publication on 10 November 2011 by S&P, to the subscribers of its Global Credit Portal, of an email stating “France (Republic of) (Unsolicited Ratings): DOWNGRADE”, although S&P’s rating of France had not been downgraded.
ESMA found that this incident was the result of a failure by S&P to meet certain organisational requirements set out in the CRA Regulation, relating to sound internal control mechanisms, effective control and safeguard arrangements for information processing systems and decision-making procedures and organisational structures.
ESMA, based on the provisions of the CRA Regulation, decided that the relevant breaches warranted a supervisory measure in the form of a public notice. The final decision on the supervisory measure took into account the steps taken by S&P to end the infringement and was considered proportionate to the seriousness of the breach.
S&P, on 10 November 2011 at 15:57 CET, erroneously released to subscribers of its web-based Global Credit Portal (GCP) an email alert which stated in its header “France (Republic of) (Unsolicited Ratings): DOWNGRADE”, although S&P’s credit rating of France had not changed.
GCP is one of the methods used by S&P to disseminate its credit ratings and other financial information products. Among other services, it provides an email alert function that a subscriber can customise in order to receive alerts when certain information changes on GCP, e.g. in case S&P decides to change a credit rating on a particular issuer.
S&P’s internal database, where it maintained its credit ratings, was also used to store its Banking Industry Country Risk Assessments (BICRAs). BICRAs are not credit ratings but assessments of the banking systems in particular countries and have been published since 2006. S&P later decided to maintain BICRAs in the same centralised internal database as its credit ratings and to display BICRAs on GCP.
The relevant technical specifications for this project treated BICRAs as ratings and no effective action was taken to address the implications this could have. This eventually led to the erroneous release when an attempt to change an incorrect display of France’s BICRA on GCP triggered an email alert stating in its header that the rating of France had been downgraded.
Since July 2011 ESMA has been responsible for the regulation of credit rating agencies in the European Union including their registration and supervision in line with the requirements of the CRA Regulation. ESMA has the power to take appropriate enforcement action where it discovers a breach of the CRA Regulation, ranging from the issuance of public notices to the withdrawal of registration and imposition of fines.
Notes for editors
2014/544 Decision of the Board of Supervisors
Relevant provisions of the CRA Regulation
Annex I, Section A, point 4, provides:
“A credit rating agency shall have sound administrative and accounting procedures, internal control mechanisms, effective procedures for risk assessment, and effective control and safeguard arrangements for information processing systems.
Those internal control mechanisms shall be designed to secure compliance with decisions and procedures at all levels of the credit rating agency.
A credit rating agency shall implement and maintain decision-making procedures and organisational structures which clearly and in a documented manner specify reporting lines and allocate functions and responsibilities.”
Annex I, Section A, point 10, provides:
“A credit rating agency shall monitor and evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with this Regulation and take appropriate measures to address any deficiencies.”
Annex III.I, paragraph 12, provides:
“The credit rating agency infringes Article 6(2), in conjunction with point 4 of Section A of Annex I, by not having sound administrative or accounting procedures, internal control mechanisms, effective procedures for risk assessment, or effective control or safeguard arrangements for information processing systems; or by not implementing or maintaining decision-making procedures or organisational structures as required by that point.”
Annex III.I paragraph 18, provides:
“The credit rating agency infringes Article 6(2), in conjunction with point 10 of Section A of Annex I, by not monitoring or evaluating the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established in accordance with this Regulation or by not taking appropriate measures to address any deficiencies.”
ESMA is an independent EU Authority that was established on 1 January 2011 and works closely with the other European Supervisory Authorities responsible for banking (EBA), and insurance and occupational pensions (EIOPA), and the European Systemic Risk Board (ESRB).
ESMA’s mission is to enhance the protection of investors and promote stable and well-functioning financial markets in the European Union (EU). ESMA, as an independent EU Authority, achieves this aim by building a single rule book for EU financial markets and ensuring its consistent application across the EU. ESMA contributes to the regulation of financial services firms with a pan-European reach, either through direct supervision or through the active co-ordination of national supervisory activity.