The European Securities and Markets Authority has launched a consultation on its proposed guidelines setting out the criteria that Credit Ratings Agencies should have in place to demonstrate that their internal control systems are adequate and effective to maintain the independence of their activities, in line with the EU Credit Ratings Agencies Regulation. Responses to the consultation should be submitted by March 16, 2020. ESMA intends to publish a final report in 2020.
The CRA Regulation requires CRAs to have robust and appropriately resourced internal controls to prevent conflicts of interest that may challenge the independence of the credit ratings activities that CRAs undertake. The draft Guidelines set out the characteristics and components that ESMA believes should be present in an effective internal control system. ESMA believes that an effective system can be divided into two main parts: (i) the presence of a strong framework for internal controls (the “IC Framework”); and (ii) the effectiveness of the internal control functions within such a framework (the “IC Functions”).
ESMA believes the IC Framework should include an effective control environment comprising an appropriate Board and senior management structure with high ethical and professional standards. It should also have an effective risk management framework that identifies and assesses risks posed by the CRA’s business activities and control activities that establish safeguards and controls for the day to day business of the CRA. Demonstrating strong internal and external communication and monitoring of the CRA’s activities and IC Framework are also key aspects of the IC Framework itself. ESMA then considers how the IC Functions should be integrated into the CRA’s business structure and advocates the importance of maintaining the independence of the IC Functions, keeping IC Functions organizationally separate from the functions they are designed to monitor and ensuring staff members with responsibility for IC Functions do not report to a person with responsibility for managing the activities the IC Function controls. Key aspects of the IC Functions identified by ESMA are management of compliance risk, review and validation of the CRA’s methodologies and models, a dedicated risk management function, safeguards for information processing systems and an internal audit function.
View ESMA's consultation paper.