The EBA Publishes Draft Regulatory Technical Standards on the Risk Retention Requirements Under the EU Securitisation Regulation

by Cadwalader, Wickersham & Taft LLP

Cadwalader, Wickersham & Taft LLP


On 15 December 2017, the European Banking Authority (“EBA”) published a consultation paper (the “Consultation Paper”) containing draft Regulatory Technical Standards on the risk retention requirements[1] (the “Risk Retention RTS”) under the EU regulation intended to lay down common rules on securitisation and to create a European framework for “simple, transparent and standardised” securitisation (the “Securitisation Regulation”).[2]

Legislative Background

On 20 November 2017, the Council of the European Union, which comprises representatives of the Member States, announced that it had that day adopted the Securitisation Regulation. The European Parliament had previously voted to approve the Securitisation Regulation at a plenary session on 26 October 2017. We summarised the key provisions and commented on the obligations that will arise under the Securitisation Regulation in our Clients and Friends Memorandum dated 26 October 2017.

The Securitisation Regulation was signed by the President of the European Parliament and by the President of the Council on 12 December 2017, will next be published in the Official Journal of the European Union, probably in early 2018, and will enter into force 20 days later. It will be directly applicable law across the EU and will apply from 1 January 2019.

The Securitisation Regulation will apply to securitisations, the securities of which are issued (or where no securities are issued, the securitisation positions of which are created) on or after the application date of 1 January 2019.

Legislative Basis of the Risk Retention RTS

The Securitisation Regulation does not contain full details of the new regime. Detailed rules in respect of certain aspects of the regime are to be contained in regulatory technical standards. The Securitisation Regulation provided that the Risk Retention RTS should specify in greater detail the risk-retention requirement, in particular with regard to, inter alia,: (a) the modalities for retaining risk; (b) the measurement of the level of retention; and (c) the prohibition of hedging or selling the retained interest.

The Securitisation Regulation mandates that the Risk Retention RTS are to be drafted by the EBA, “in close co-operation” with the European Securities and Markets Authority and the European Insurance and Occupational Pensions Authority. They are to be submitted by the EBA to the European Commission within six months from the date of entry into force of the Securitisation Regulation. The finalised Risk Retention RTS will then be adopted by the Commission by way of a delegated act.

Comparison with the Current CRR Risk Retention RTS

The EBA has drafted the RTS with a view to ensuring that, as far as possible, they follow the rules set out in the current risk retention RTS[3] prepared under the Capital Requirements Regulation[4] regime (the “Current CRR Risk Retention RTS”). The main changes are new provisions concerning: the circumstances in which an entity will be deemed not to have been established, or operate, for the “sole purpose” of securitising exposures; the prohibition on the adverse selection of assets to be securitised; and those regarding a change of the retention holder. In addition, given the scope of the mandate in the Securitisation Regulation, certain provisions in the Current CRR Risk Retention RTS are not reflected in equivalent provisions in the draft Risk Retention RTS (such as due diligence requirements for institutions becoming exposed to securitisations and policies for credit granting).

Transitional Provisions in Relation to the Risk Retention RTS

In its transitional provisions, the Securitisation Regulation states that until the Risk Retention RTS apply, originators, sponsors or the original lender must comply with the Current CRR Risk Retention RTS in respect of securitisations the securities of which are issued on or after 1 January 2019. The EBA has started drafting these new RTS in good time and it is to be hoped that the Risk Retention RTS will be adopted by the Commission during the course of 2018 ready for their application on 1 January 2019. This would avoid any potential complications that could arise from market participants having to comply with the Current CRR Risk Retention RTS after the application date of the new Securitisation Regulation regime.

Minimum Risk Retention Levels

The current minimum risk retention level of 5% and the five different modes of risk retention have been maintained in the Securitisation Regulation and in the draft Risk Retention RTS.

Prohibition of Hedging or Selling the Retained Interest

The general rule is that the retention holder (the “Retainer”) is not permitted to sell, transfer or otherwise surrender all, or part of, the rights, benefits or obligations arising from the retained net economic interest.

However, the Retainer is allowed to hedge, sell, transfer or otherwise surrender that part of the retained interest, if any, which is in excess of the material net economic interest of at least 5% required to be retained, as disclosed to investors in the offering document, provided that the selection of the relevant part of the retained material net economic interest is made in accordance with the method initially chosen for the retention.

Change of Retainer

The draft Risk Retention RTS allow for a change in the Retainer in the limited circumstances in which it is unable to continue acting as Retainer, due to the transfer of a direct or indirect holding in the Retainer, or for legal reasons beyond its control and beyond the control of its shareholders. The “remaining retained material net economic interest shall, instead, be retained by another entity which, had the securitisation been closed as of the date when such entity becomes the retainer, would have satisfied all relevant conditions for constituting the retainer”.

It is uncertain at this time whether this provision is wide enough to include the removal and/or replacement of a Retainer, such as a CLO manager, due to investors exercising a contractual right to remove such a party. The provision has also been drafted as a prescriptive requirement to appoint a replacement, although we think that this may have been unintentional.

“Originator” Definition for Risk Retention and the Sole Purpose Test

The CRR definition of originator has been narrowed in the Securitisation Regulation in the context of risk retention. An entity shall not, for the purposes of risk retention, be considered to be an originator where it has been established or operates for the “sole purpose” of securitising exposures. This is to avoid the possibility of an “originator” being created for risk retention purposes that met the legal definition, but was not an entity of real substance.

The meaning of “sole purpose” has been clarified in the draft Risk Retention RTS. For the purposes of risk retention, an entity shall be deemed not to have been established, or to operate, for the “sole purpose” of securitising exposures if it satisfies each of the following conditions (at the closing of the securitisation):

(a) it has a business strategy and the capacity to meet payment obligations consistent with a broader business enterprise and involving material support from capital, assets, fees or other income available to it (but disregarding any exposures to be securitised by that entity and any interests retained, or proposed to be retained, as well as any corresponding income from such exposures and interests);

(b) it has been established and operates for purposes consistent with a broader business enterprise; and

(c) it has sufficient decision makers with the required experience to enable it to pursue the established business strategy, as well as an adequate corporate governance structure.

An entity satisfying each of the above criteria will be deemed not to have been established, or to operate, for the “sole purpose” of securitising exposures and so may constitute an originator for risk retention purposes. The above criteria have, in practice, largely been followed by the industry in recent years.

Risk Retention: Selection of Assets to be Securitised

The Securitisation Regulation provides that originators will not be permitted to select assets to be transferred to a securitisation special purpose entity (“SSPE”) (i.e. to be securitised) with the aim of rendering losses on such assets, measured over the life of the transaction (or a maximum of 4 years where the life of the transaction is longer than 4 years), higher than the losses over the same period on “comparable” assets held on the balance sheet of the originator. This is intended to prevent originators from taking advantage of the fact that they could hold more information than investors on the assets. The Recitals to the Securitisation Regulation note that this is intended to catch an intentional (rather than a negligent) transfer of assets with a higher credit risk profile.

As for which assets will be deemed to be “comparable” for the purposes of selection, the draft Risk Retention RTS state that it is those assets which “share similar characteristics in terms of the most relevant factors determining their expected performance”. The performance of the selected assets should reasonably be expected not to be significantly different from that of the non-securitised assets over the life of the transaction (or a maximum of 4 years where the life of the transaction is longer than 4 years), based on indications such as past performance or applicable models.

The Recitals to the draft Risk Retention RTS clarify that the prohibition on adverse selection should not apply where there are no comparable assets against which to perform such a comparison exercise.

The Recitals to the Securitisation Regulation (although not its operative provisions) also provided another important clarification in that the assets being securitised can have a higher than average credit risk profile compared to the average credit risk profile of comparable assets that remain on the balance sheet of the originator, as long as the higher credit risk profile of the assets being securitised is “clearly communicated” to the investors or potential investors. This disclosure route mentioned in the Recitals to the Securitisation Regulation has been detailed in the operative provisions of the draft Risk Retention RTS. Originators and sponsors will be able to select assets to be securitised with a higher than average credit risk profile than that of assets which are otherwise “comparable” and which remain on the balance sheet of the originator, provided that the higher credit risk profile of the assets to be transferred to the SSPE is “clearly and conspicuously communicated” in writing to the competent authorities, investors and potential investors prior to the investment being made. The draft Risk Retention RTS therefore expand on the disclosure requirement in the Securitisation Regulation Recitals to provide that: (i) the communication should be both clear and “conspicuous”; and (ii) to require that the communication should also to be made to the competent authorities (i.e. the national regulators).

The draft Risk Retention RTS allow a further way in which compliance with the selection of assets requirement may be achieved. They state that, even where no such communication has been made, an originator will not be considered to have intentionally breached the selection of assets provision (in the absence of evidence to the contrary), if it proves that it has established and applied policies and procedures to ensure that the securitised assets would reasonably be expected not to lead to higher losses than those on comparable assets held on its balance sheet. A proviso for reliance on such a policies and procedures route is that that the criteria defined in the originator's policies and procedures must be “appropriate to that end”.

Jurisdictional Scope of the “Direct” Obligation to Comply with the Risk Retention Requirements.

The draft Risk Retention RTS do not provide any more clarity on the jurisdictional scope of the new “direct” obligation on one of the originator, sponsor or original lender to comply with the risk retention requirements. Although it appears from the Explanatory Memorandum to the original 2015 Commission proposal for the Securitisation Regulation that the intention is that where none of the originator, sponsor or original lender is “established in the EU”, the direct approach will not apply, this has not been set out in the Securitisation Regulation or in the draft Risk Retention RTS.

Next Steps

The Consultation Paper asks for comments and poses a number of specific questions on the draft Risk Retention RTS. The consultation period will remain open until 15 March 2018.

After the Consultation period has closed, the EBA will finalise its Risk Retention RTS, which will be submitted to the Commission, which will then adopt them by way of a delegated EU act.

Cadwalader intends to engage with the EBA as regards issues arising from the Consultation Paper and the draft Risk Retention RTS. We would encourage industry participants also to make their views known to the EBA or to their trade associations.


[1]   Draft Regulatory Technical Standards specifying the requirements for originators, sponsors and original lenders relating to risk retention pursuant to Article [6(7)] of the [Securitisation Regulation]

[2]   Regulation of the European Parliament and of the Council laying down common rules on securitisation and creating a European framework for simple, transparent and standardised securitisation and amending Directives 2009/65/EC, 2009/138/EC, 2011/61/EU and Regulations (EC) No 1060/2009 and (EU) No 648/2012.

[3]   Commission Delegated Regulation (EU) No 625/2014 of 13 March 2014 supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council by way of regulatory technical standards specifying the requirements for investor, sponsor, original lenders and originator institutions relating to exposures to transferred credit risk

[4]   Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cadwalader, Wickersham & Taft LLP | Attorney Advertising

Written by:

Cadwalader, Wickersham & Taft LLP

Cadwalader, Wickersham & Taft LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.