2016 Supervisory Priorities
ESMA has seen a number of changes in the CRA and TR industries during 2015, with new applicants for registration in both sectors, and current authorised entities seeking to develop their businesses. This has included CRAs providing credit ratings on new asset classes or in new geographic areas, and TRs offering trade reporting services for other instrument types.

ESMA identifies its supervisory priorities on the basis of risk assessment exercises conducted throughout the year. In 2015 these identified high levels of governance and strategy risk, and operational risk in the CRA industry and high levels of risk associated with TRs’ data and systems. Therefore, in 2016 ESMA will focus its supervisory activities on:
• CRA governance and strategy and the quality of credit ratings;
• TR data quality and data access;
• Fees charged and information security for all supervised entities.

Steven Maijoor, ESMA Chair, said:
“The credit rating and trade repository industries continue to evolve and develop. We are receiving new applications for registration and existing entities are seeking to develop their businesses by expanding into new areas. ESMA supports these developments where they contribute to the maintenance of stable and orderly financial markets.

“For this reason, in 2016 ESMA will focus its work on the quality of the services being provided by supervised entities. This means we will concentrate on issues surrounding CRA governance, strategy and ratings quality, along with data quality and access to TRs’ data with a broad focus on the fee structures and information security in both industries.”

2015 Annual Supervisory Review - CRAs and TRs
In 2015, following its risk-based approach, ESMA focused its supervisory efforts on CRAs’ governance, risk management and internal decision making and on CRAs’ business development processes. Some notable achievements were:
• investigating the techniques being applied to validate credit rating methodologies by some CRAs and using the differences identified to encourage industry-wide debate about appropriate validation standards;
• conducting an IT risk assessment which identified that CRAs are facing serious risks in several areas including IT operations and information security;
• investigating the process of issuing credit ratings followed by one CRA and raising concerns about the preparation of issue ratings, the workloads of credit rating analysts and their involvement in the provision of ancillary services; and
• concluding an enforcement case against DBRS Ratings Ltd for internal control failings and imposing a €30,000 fine for past record-keeping breaches. The case highlighted the need for CRAs to establish clear decision-making procedures, organisational structures and effective compliance functions.

The key risks TR supervision focused on in 2015 related to the quality of TRs’ data, access to data held by TRs and the operation and performance of TRs’ systems. In 2015, ESMA continued working with TRs to implement the data quality action plan established in September 2014 including:
• harmonising TRs’ data validation;
• monitoring the inter-TR reconciliation process; and
• ensuring the harmonisation of the aggregate data made available on TRs’ websites.

ESMA has also been monitoring National Competent Authorities’ (NCAs) access to TR data. It has entered into a number of Memoranda of Understanding (MoUs) to help third country regulatory authorities access TR data and is developing an IT system to allow NCAs to submit data queries through a centralised web portal.