The Regulation of Credit Rating Agencies before the Financial Crisis

5.1 The Importance of the IOSCO Code

In 2004, the Code of Conduct Fundamentals for Credit Rating Agencies were published by IOSCO (2004) in response to the CRAs' failings in the Enron and WorldCom affairs. They set out rules on ensuring the quality and integrity of the rating process, including the monitoring of ratings; on guaranteeing appropriate internal procedures and analyst independence in order to avoid conflicts of interests; on making sure that rating methods are transparent and that ratings can be adjusted if necessary without delay; on handling confidential information; and on disclosing the extent to which CRAs follow the Code. These rules were of a general nature; they did not prescribe methodological details such as ratios, models, or rating categories. For good reason, this was left to the agencies themselves.

The expectation was that the CRAs would incorporate the IOSCO Code into their own codes of conduct or explain in clear terms why certain aspects had not been adopted (“comply or explain”). Though the competent authorities monitored compliance with the Code, there was no sanctions mechanism. The Code provided the credit rating industry with an internationally accepted framework of self-regulation. Most CRAs—including the three market leaders—implemented the Code, often verbatim.

5.2 The Regulation of Credit Rating Agencies in the US

In the US, CRAs are officially registered as nationally recognized statistical rating organizations (NRSROs) if they satisfy the requirements set by the Securities and Exchange Commission (SEC); they are subject to extensive vetting. The SEC requirements incorporate many elements of the IOSCO Code.

The NRSRO system was introduced in 1975 and fundamentally revised in 2006. The approval process became a registration process. While this made it easier to obtain recognition as an NRSRO, the criteria to be met by agencies under the Credit Rating Agency Reform Act were significantly tightened (US Congress 2006). Since 2008, CRAs have been subject to SEC oversight in the form of disclosure requirements, among other things, and liability has been increased. CRAs are now held accountable for compliance with their own standards, which they file with the SEC (see Partnoy 2009; Dittrich 2007). Areas covered by the rules include the misuse of confidential information, the management of conflicts of interests, a ban on certain practices, the appointment of a compliance officer and the disclosure of the agencies' financial development. The SEC has extensive powers to enforce these rules. Regulation in the US thus goes somewhat further than the IOSCO Code. Some of the Code's provisions are enshrined in law or in regulations issued by US supervisors and consequently have a more stringent effect than is the case in the EU, for example.

Interference by the SEC in the methodologies used by CRAs is strictly prohibited, however: “Notwithstanding any other provision of law, neither the Commission nor any State (or political subdivision thereof) may regulate the substance of credit ratings or the procedures and methodologies by which any nationally recognized statistical rating organization determines credit ratings.”⁷

The Credit Rating Agency Reform Act may definitely be deemed a success. Since its introduction, there has been a significant increase in the number of registered CRAs. While previously only the big three rating agencies were registered as NRSROs, 2008 saw ten agencies apply for and obtain NRSRO status from the SEC (2008a).⁸

5.3 The Regulation of Credit Rating Agencies in the EU

Before the outbreak of the financial crisis, the regulatory setup in Europe was based mainly on self-regulation within certain supervisory “crash barriers” in the form of the IOSCO Code. In 2005, the CESR recommended the European Commission not to regulate the credit rating industry at EU level for the time being. Instead, it proposed adopting a pragmatic approach and reviewing how CRAs implemented the standards set out in the IOSCO Code of Conduct (CESR 2005). CESR therefore drew up a strategy on the basis of voluntary compliance by CRAs and in December 2005 issued a press release outlining a process to review implementation of the IOSCO Code. This framework, agreed with the main CRAs operating in the EU, included the following three elements:

• an annual letter from each CRA to be sent to CESR, and made public, outlining how it had complied with the IOSCO Code and indicating any deviations from the Code;
• an annual meeting between CESR and the CRAs to discuss any issues related to implementation of the IOSCO Code; and
• an undertaking for CRAs to provide an explanation to their national CESR member if any substantial incident occurred with a particular issuer in their market.

Four rating agencies agreed to this voluntary framework (Moody's, Standard & Poor's, Fitch Ratings, and Dominion Bond). In January 2006 the European Commission concluded that no new legislative proposals were needed as things stood. The European Commission considered that the existing financial services directives, combined with self-regulation by the agencies on the basis of the IOSCO Code, were sufficient to address all major issues of concern in relation to CRAs (see European Commission 2006).

Against this backdrop, the CESR (2006) and the European Securities Markets Expert (ESME) Group (2008)—both on behalf of the European Commission—presented proposals that appeared to show a way to keep up the required pressure.

On top of this, however, CRAs are also regulated directly in the EU by the Capital Requirements Directive, which implements Basel II in Europe. In practice, only the big three agencies are affected.

To be recognized as an external credit assessment institution (ECAI) under the standardized approach of the Basel II Capital Framework, an agency's rating methods must satisfy criteria set by supervisors concerning objectivity, independence, continuous monitoring, and transparency. ECAI recognition is a prerequisite for banks being able to use the agency's ratings to calculate their risk-weighted assets in accordance with the Capital Requirements Directive. A CRA may be recognized by supervisors if its rating methodology meets the following requirements:

• ratings must be objective—the methodology used must, in particular, be systematic and subject to some form of validation;
• the process should be free from political influence and economic pressure;
• ratings should be reviewed at least once a year; and
• general information about the methodology should be documented and publicly available.

It must be possible for supervisors to monitor the frequency with which methodologies are reviewed (see Everling and Trieu 2007: 109).

In addition, ratings

• should be judged credible and reliable by users, and
• should be available to all institutions with a legitimate interest in them on the same terms.

These criteria do not interfere in the methodologies used by CRAs but are general quality standards, which are admittedly monitored. They apply solely for prudential purposes.

Download this Paper [ PDF 169.2KB| 26 pages ].

Comment(s)

There are [0] comment(s) for this entry. Post a comment.