The European Securities and Markets Authority (ESMA), the EU’s financial markets regulator and supervisor, has fined S&P Global Ratings Europe Limited (S&P) a total of EUR 1,110,000, and issued a public notice, for breaches of the Credit Rating Agencies Regulation (CRA Regulation). ESMA found that S&P published credit ratings before the concerned securities were issued by the rated entities and announced to the market. This was due to internal control failures and led to breaches by S&P of its transparency obligations.
Verena Ross, ESMA’s Chair, said: “The recent action against S&P emphasises the importance ESMA places on CRAs complying with their obligations of timely disclosure of information regarding ratings to the market. Publishing a credit rating before the issuance of the rated securities may result in harm to the issuer, to investors and more generally to the orderly functioning of the financial markets.”
The breaches covered by the fine specifically relate to:
- deficiencies in S&P’s internal control mechanisms, which did not ensure compliance with its obligations regarding the timely disclosure of credit ratings;
- the failure by S&P to disclose on a non-selective basis and in a timely manner decisions to discontinue credit ratings; and
- the failure by S&P to submit up-to-date rating information to ESMA.
All breaches were found to have resulted from negligence on the part of S&P. In calculating the fine, ESMA considered both aggravating and mitigating factors provided for in the CRA Regulation.
S&P’s Breaches of the Credit Rating Agencies Regulation
Internal controls infringement
ESMA found that the flaws in the internal control procedures and the way in which those procedures were implemented led S&P to release credit ratings prematurely. In particular, ESMA found that between 5 June 2019 and 8 September 2021, S&P released solicited credit ratings regarding six issuers prematurely, i.e. the credit ratings were published by S&P before the issuance of the securities by the rated entities and announcement to the market. Consequently, ESMA fined S&P EUR 825,000 for not having internal control mechanisms to ensure compliance with its obligations regarding the timely disclosure of credit ratings.
Infringements related to transparency obligations
ESMA found that, between 2019 and 2021, in six instances, S&P removed, without providing explanations, credit ratings from its public platforms. Consequently, ESMA fined S&P EUR 210,000 for failing to disclose on a non-selective basis and in a timely manner decisions to discontinue credit ratings. ESMA also found that in relation to one rated entity, S&P did not ensure that the information it submitted to ESMA for publication on the European Rating Platform (ERP) was correct and up to date. Consequently, ESMA fined S&P EUR 75,000.
Right to appeal
S&P may appeal against this decision to the Board of Appeal of the European Supervisory Authorities. Such an appeal does not have suspensive effect, although it is possible for the Board of Appeal to suspend the application of the decision in accordance with Article 60(3) ESMA Regulation.
Source: ESMA
Sains Data Reageren
What lessons can other credit rating agencies and financial institutions learn from this case to enhance their own risk management frameworks and prevent similar lapses in data security and regulatory compliance?