Standard not Poorer after ESMA enforcement

Should credit ratings agencies and other financial service firms be worried following the European Securities and Markets Authority’s enforcement action against Standard & Poor (S&P) for breaches of the CRA Regulation (EC) 1060/2009? Adam Epstein, partner at Mishcon de Reya Solicitors, says while the development represents a warning shot to the agencies, the sanction does not send out the message many wanted.

S&P’s Credit Market Services France SAS and S&P’s Credit Market Services Europe Limited have been publically censured in a notice by ESMA. ESMA’s decision to censure S&P results from an investigation into the erroneous publication of an email on 10 November 2011 by S&P to subscribers of its Global Credit Portal which stated ‘France (Republic of) (Unsolicited Ratings): DOWNGRADE’, although S&P’s rating of the country had not been downgraded.

What is the background to the enforcement action?

Since July 2011, ESMA has been responsible for the regulation of credit rating agencies in the EU. It has the power to impose sanctions on credit rating agencies for a variety of failings. This action was against two S&P companies, and it relates to an email alert erroneously released on 10 November 2011. The email had the heading ‘France (Republic of) (Unsolicited Ratings): DOWNGRADE’, when in fact S&P’s credit rating of France had not changed. The email alert was sent out due to technical specifications which meant that its systems wrongly treated as a rating a completely different type of assessment produced by S&P which was not, in fact, a rating.

What did ESMA say about the breach?

ESMA found a variety of breaches by the S&P companies, broadly relating to systems and controls. Despite finding some fairly serious shortcomings on a number of aspects, ESMA did not conclude that S&P had committed the infringements either intentionally or negligently, and therefore did not impose a fine. Instead, taking into account the voluntary measures taken by S&P to bring the infringement to an end and communicated to ESMA during the investigation, ESMA decided that the proportionate measure was to publish a notice setting out the infringements.

Why is this enforcement action particularly noteworthy?

In one sense, the action is noteworthy as it represents the first public use of the regulator’s relatively new enforcement powers. Beyond that, however, it is interesting as it provides a good case study on the kind of internal controls, processes, monitoring and other internal organisational requirements that may be needed in relation to IT systems.

Should other credit ratings agencies be concerned about the outcome in this case?

In relation to credit ratings agencies, the case shows that ESMA is prepared to take action when things go wrong. Given that the investigation started in November 2011, and the lack of a fine, I suspect the case was fairly hard fought. In that sense, while it represents a warning shot to the agencies, the sanction does not send out the message that many wanted. We shall have to see whether political pressure is brought to bear in future.

What about other types of financial services firms?

As to financial services firms, while no direct precedent, it forms a companion piece to messages coming out of the UK regulator (now, the Financial Conduct Authority (FCA)). For one thing, it sits alongside the FCA’s cases brought for systems and controls failings. Moreover, at the end of March 2014, the FCA made plain that one of its forward looking areas of focus related to IT. It stated that it was concerned to ensure, for example, that firms’ controls to protect consumers were able to adapt to their use of new technologies. Technology in financial services is currently a hot topic in all kinds of areas.

Interviewed by Nicola Laver.

The views expressed by our Legal Analysis interviewees are not necessarily those of the proprietor.

This article was first published on Lexis®PSL. Click here for a free one week trial of Lexis®PSL.

Follow us on Twitter: @LexisUK_CA_News