22 March 2012

ESMA issues a report on its first examinations of CRAs

This report provides the results of ESMA’s first examination on the three groups of registered CRAs. ESMA has identified several shortcomings and areas for improvement in CRAs internal policies and  procedures and addressed specific recommendations to the CRAs in the following areas:

Recording of internal meetings: In ESMA’s view, CRAs should improve the recording of core internal processes, in particular regarding the activities of the Rating Committees. A more rigorous approach  to the organisation and recording of Rating Committees and other key internal meetings and committees (i.e. relating to control functions, business lines management meetings etc...) would lead to improved control mechanisms for monitoring the quality and consistency of internal decisions, in particular relating to the rating activities. Further formalisation should also be achieved in order to enhance rigorousness and transparency as regards participation and decision making within key internal meetings and committees, including selection of committees’ members (chair and voting and non-voting members).

Analysis of information: CRAs should ensure that the documentation is distributed in a timely manner  to allow RC members to prepare in advance, so as to ensure that the RC decision is based on a thorough analysis of all available information by all the RC members.

Analytical resources: ESMA considers that CRAs should monitor the adequacy of resources devoted to the analytical business lines on an ongoing basis in terms of number of employees and expertise, within the context of market developments and their impact on the organisation.

Governance and control functions: CRAs should ensure that their internal control functions fulfil the duties conferred to them by the Regulation. Therefore, CRAs should:

• continuously monitor the adequacy of resources devoted to the control functions in terms of number of employees and expertise; and
• make sure that the relevant control functions effectively contribute to ensuring the consistent  application of credit rating methodologies.

ESMA would expect the Independent Directors to continue developing their role and involvement in CRAs’ activities and their interactions with internal control functions.

Disclosure of Methodologies and presentation of rating: CRAs should:

• aim at a the maximum level of transparency by disclosing all criteria on which the rating is based and by describing the method for adopting its decision; and
• ensure that the disclosure of rating methodologies is complete and comprehensive, and that, as far as possible, all relevant (including complementary) criteria are compiled in a single document setting forth the main methodology.

In addition, ESMA is of the opinion that CRAs should make all reasonable efforts to ensure adherence to rigorous procedures for the disclosure of rating actions, defining clear roles and responsibilities relating, in particular, to the controls to be performed prior to public announcements on the content, form and timing of the disclosure. More specifically, adequate attention should be placed on each step of the publication process so as to avoid the risks potentially linked to overreliance on purely automatic mechanisms. 

IT Systems: CRAs should put in place adequate measures to ensure that the IT environment is properly managed and controlled by:

• ensuring that IT audit activity is adequate in terms of the scope and type of activity which is performed. In particular, ESMA recommends that CRAs not only focus their IT controls and review on the security aspects of their IT systems but also on the appropriateness and soundness of the transitional phases (new systems, replacement of old systems);
• ensuring that the IT audit activity is appropriately implemented in the European legal entities; and
• ensuring adequate controls over the systems and procedures that are related to the disclosure of 
  the ratings on the company website.

© ESMA