Regulation and Compliance Federal Regulation SEC

SEC Finds Flaws in Credit Rating Agencies

December 31, 2014 at 07:28 AM
Share & Print

Nationally recognized statistical rating organizations are lacking in their management of conflicts of interest, as well as information technology and cybersecurity issues, reports the Securities and Exchange Commission.

The SEC issued its annual staff report on the findings of examinations of credit rating agencies registered as nationally recognized statistical rating organizations (NRSROs) and submitted a separate report on NRSROs to Congress. 

"These reports provide the most current and comprehensive picture of the credit rating industry," said SEC Chairwoman Mary Jo White.  "The SEC's enhanced oversight of NRSROs, informed by risk assessment, regular examinations and policy considerations, provides increasingly robust and effective oversight of the industry, as reflected by overall improvements in compliance, documentation, and board oversight."

The 2014 exams, which focused on NRSROs' activities for 2013, includes several recommendations from the SEC staff. While the SEC has not determined whether any finding "constitutes a material regulatory deficiency," it is possible the commission may do so in the future.

The 10 credit rating agencies registered as NRSROs as of Dec. 1, 2014 – A.M. Best Co. Inc. (AMB); DBRS Inc. (DBRS); Egan-Jones Ratings Co. (EJR); Fitch Ratings Inc. (Fitch); HR Ratings de México, S.A. de C.V. (HR); Japan Credit Rating Agency Ltd. (JCR); Kroll Bond Rating Agency, Inc. (KBRA); Moody's Investors Service Inc. (Moody's); Morningstar Credit Ratings LLC (Morningstar); and Standard & Poor's Ratings Services (S&P) – generally remain nameless in specific statements made in the SEC's report.

One area that drew concern from the SEC was NRSROs' management of conflicts of interest related to the rating business operations.

The SEC found that all seven of the smaller NRSROs had "weaknesses in policies and procedures concerning certain conflicts of interest or did not sufficiently disclose certain conflicts of interest."

Of the 10 agencies, one larger and six smaller NRSROs were found by the SEC to have weaknesses in their policies and procedures and controls governing employee securities ownership.

"It is a conflict of interest if an NRSRO allows its personnel to directly own securities or money market instruments or have direct ownership interests in issuers or obligors subject to a credit rating determined by that NRSRO," states the SEC report.

For example, at one of the smaller NRSROs, the SEC says an analyst participated in determining or approving the ratings of two issuers in which that analyst owned securities.

The SEC staff recommended that this NRSRO enhance its securities ownership policies and procedures, including establishing policies and procedures for the review of a prior rating where a conflict of interest is discovered and for securities divestiture – as this NRSRO did not have policies and procedures in place.

The SEC also found that all three of the larger NRSROs and two of the smaller NRSROs did not have sufficient policies and procedures or controls related to IT or cybersecurity.

The report states, "IT and cybersecurity are increasingly significant components of an NRSRO's internal control structure … They also often affect an NRSRO's capacity to publish accurate ratings in a timely fashion."

The staff recommended that the two smaller NRSROs establish or enhance written IT and cybersecurity policies and procedures and internal controls, and enhance their IT testing and responses to IT-related tests.

In addition, the SEC also found that all three of the larger NRSROs had weaknesses in their IT policies and procedures concerning personnel's access to information that is confidential or otherwise restricted. The Staff recommended that all three of the larger NRSROs enhance their internal controls governing access to IT networks, systems, applications, and file shares.

The SEC also found improvements in several areas. Since the SEC's last report, NRSROs have enhanced their compliance resources, monitoring, and culture, as well as improving its board of directors or governing committee oversight.

The SEC also found that NRSRO's document retention in general had gotten better, as did these agencies' documentation and resources for criteria and model validation.

— Check out Under the Hood: What You Need to Know About Bonds, Pt. 1: Types and Ratings on ThinkAdvisor.                                                                                                 

Fixed IncomeSEC
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Robo-Advisor's Pro Athlete Ads Broke Marketing Rule, SEC Says JPMorgan Pays $151M to Settle Slate of SEC Complaints Race for Private-Credit ETFs to Face SEC Scrutiny LPL Discloses $18M Charge, but No Arnold Updates on Q3 Call Cetera Launches Regulatory Risk-O-Meter SEC Hit These 6 Firms With Reg BI Fines in 2024

Resource Center

Why Charitable Expertise Should Be Part of Your Practice link

White Paper

Why Charitable Expertise Should Be Part of Your Practice

Generative AI Trends Among U.S. Financial Advisors and Consumers link

White Paper

Generative AI Trends Among U.S. Financial Advisors and Consumers

Tech Is the New Talent Magnet: Firms That Invest in Innovation Attract Top Advisors link

White Paper

Tech Is the New Talent Magnet: Firms That Invest in Innovation Attract Top Advisors