Esma censures Standard & Poor's for internal control failings
03 June 2014 | 1460 views | 0
The European Securities and Markets Authority (ESMA) has issued a public notice censuring Standard & Poor's Credit Market Services France SAS and Standard & Poor's Credit Market Services Europe Limited (S&P) for breaches of Regulation 1060/2009 (CRA Regulation).
The decision by ESMA to issue a public notice results from its investigation into the erroneous publication on 10 November 2011 by S&P, to the subscribers of its Global Credit Portal, of an email stating "France (Republic of) (Unsolicited Ratings): DOWNGRADE", although S&P's rating of France had not been downgraded.
ESMA found that this incident was the result of a failure by S&P to meet certain organisational requirements set out in the CRA Regulation, relating to sound internal control mechanisms, effective control and safeguard arrangements for information processing systems and decision-making procedures and organisational structures.
ESMA, based on the provisions of the CRA Regulation, decided that the relevant breaches warranted a supervisory measure in the form of a public notice. The final decision on the supervisory measure took into account the steps taken by S&P to end the infringement and was considered proportionate to the seriousness of the breach.
S&P, on 10 November 2011 at 15:57 CET, erroneously released to subscribers of its web-based Global Credit Portal (GCP) an email alert which stated in its header "France (Republic of) (Unsolicited Ratings): DOWNGRADE", although S&P's credit rating of France had not changed.
GCP is one of the methods used by S&P to disseminate its credit ratings and other financial information products. Among other services, it provides an email alert function that a subscriber can customise in order to receive alerts when certain information changes on GCP, e.g. in case S&P decides to change a credit rating on a particular issuer.
S&P's internal database, where it maintained its credit ratings, was also used to store its Banking Industry Country Risk Assessments (BICRAs). BICRAs are not credit ratings but assessments of the banking systems in particular countries and have been published since 2006. S&P later decided to maintain BICRAs in the same centralised internal database as its credit ratings and to display BICRAs on GCP.
The relevant technical specifications for this project treated BICRAs as ratings and no effective action was taken to address the implications this could have. This eventually led to the erroneous release when an attempt to change an incorrect display of France's BICRA on GCP triggered an email alert stating in its header that the rating of France had been downgraded.
Since July 2011 ESMA has been responsible for the regulation of credit rating agencies in the European Union including their registration and supervision in line with the requirements of the CRA Regulation. ESMA has the power to take appropriate enforcement action where it discovers a breach of the CRA Regulation, ranging from the issuance of public notices to the withdrawal of registration and imposition of fines.