The U.K. Financial Conduct Authority has published a Dear CEO letter to Credit Rating Agencies setting out its expectations on the actions CRAs should undertake to minimize risks to consumers, market integrity and competition. The letter sets out the FCA's supervisory priorities:
- Ratings process and methodologies: the FCA observes that there is an inconsistency in the standard of regulatory notifications by firms. The FCA will review regulatory notifications that it receives and conduct spot checks of rating actions and methodology updates. It will take action against firms that fall short of expectations.
- Governance and oversight: firms should have good conduct risk frameworks and effective arrangements to identify risks of harm. The FCA will assess the effectiveness of board oversight over governance as well as internal controls structures and senior management skills.
- Market and perimeter risks: the FCA observes that the CRA market is concentrated amongst a small number of large firms but that smaller firms also play an important role by offering alternative opinions. CRAs also increasingly conduct activity which falls outside the regulatory perimeter, which could give rise to conflicts of interest. The FCA intends to promote competition in the market and will publish a market share report of U.K.-registered CRAs. It also plans to be proactive at the boundaries of the regulatory perimeter.
- Operational risk and resourcing: the FCA has observed some firms' failure to report information security incidents and a growing reliance on third-party providers to provide aspects of the ratings process. The FCA will engage with CRAs where there is a material operational incident and may take action against firms that fail to inform them where such an incident occurs.