On February 16, 2024, the U.S. Securities and Exchange Commission (SEC or Commission) Office of Credit Ratings (OCR) issued its statutorily mandated annual staff report on credit rating agencies registered as Nationally Recognized Statistical Rating Organizations (NRSROs).1 Although nominally a backward-looking review of the staff’s 2023 annual examinations of NRSROs, the report provides some of the best insights into OCR’s current priorities and future focus areas. Among the areas of interest, this year’s report revealed a continued focus on the following critical areas:
- conflicts of interest
- the distinction between analytical tools and models
- ratings transitions disclosed on Exhibit 1 to Form NRSRO
- qualitative adjustments (and associated recordkeeping practices)
- cybersecurity practices
NRSROs can likely expect ongoing regulatory scrutiny — both from the OCR annual exam process and from the SEC Division of Enforcement — in these areas, particularly high-risk issues like conflicts of interest. What’s more, the report shows that the OCR staff is willing to disagree with NRSROs about the meaning of their own rating methodologies, despite the Exchange Act’s express prohibition on regulating the substance of credit ratings or the procedures and methodologies by which any NRSRO determines credit ratings.
Overview of Findings
This year’s report highlighted 29 instances where the SEC staff identified activity that, in its view, did not comply with the federal securities laws or the Commission’s rules applicable to NRSROs. Five of these findings concerned what the staff characterized as “material regulatory deficiencies,” which the report defined as “[c]onduct or a deficiency that could undermine the quality of a credit rating or impair the objectivity of an NRSRO’s credit rating process or [c]onduct that may be inconsistent with the antifraud provisions of the federal securities laws.”
The report grouped these 29 findings thematically into seven categories, with some findings fitting into multiple categories:
- nine findings related to issues addressing or managing conflicts of interest, implicating Sections 15E(h) (1), (4) and (5) and Rule 17g-5 of the Exchange Act
- eight findings related to disclosure or reporting issues, implicating Section 15E(f)(2), Rule 17g-7(a) and Rule 17g-7(b) of the Exchange Act, and Form NRSRO
- six findings related to internal control issues, implicating Section 15E(c)(3)(A) of the Exchange Act
- three findings related to retention and/or production of records, implicating Rule 17g-2 of the Exchange Act
- two findings related to issues regarding the prevention of misuse of material, nonpublic information, implicating Section 15E(g)(1) of the Exchange Act;
- two findings related to procedures for the receipt, retention, and treatment of complaints, implicating Section 15(E)(j)(3) of the Exchange Act
- one finding related to compliance with a prior SEC order
Summary of Key Findings
The report’s identification of five findings as material regulatory deficiencies is particularly notable, as they are areas the staff found most concerning.
- First, at a large NRSRO, a member of an analytical team who chaired the rating committees exerted pressure on other analytical team members and rating committee participants to assign higher ratings due to business considerations and, in one circumstance, a desire to make accommodations to please the issuer. The staff concluded that the individual had both participated in sales and marketing and been influenced by sales and marketing considerations. This issue was flagged internally through a compliance hotline, the NRSRO conducted an internal investigation that resulted in terminating the member of the analytical team, and the matter was self-reported to the staff. Considering the Commission’s historic focus on the separation of analytical and marketing functions in NRSRO, it is unsurprising that this finding was a material regulatory deficiency.
- Second, a small NRSRO used an incentive system where analyst productivity was based on the number of rating actions an analyst was able to complete on a weekly basis, which the staff saw as raising serious concerns about rating quality and sales and marketing considerations. This situation appears to be a somewhat unusual circumstance involving a compensation scheme as a potential “channel of influence.”
- Third, at that same small NRSRO, a senior manager prevented the designated compliance officer from enforcing a policy and procedure regarding permitted attendance at a joint meeting of analytical and marketing personnel with clients.
- Fourth, another small NRSRO changed its rating analysis at a client’s request, which resulted in providing a higher credit rating that was determined inconsistently with the NRSRO’s policies, procedures, and methodologies for determining credit ratings.
- Fifth, that same small NRSRO did not appear to have effective internal controls to ensure that models were adequately evaluated and validated prior to use because, with respect to one model, the model’s review and validation did not discover apparent inconsistencies between the model and the governing methodology. While the description of this material regulatory deficiency is somewhat opaque, the finding may be grounded in a disagreement with the NRSRO about the meaning of the NRSRO’s own rating methodology — despite the statutory protections afforded by the Exchange Act to substantive NRSRO credit rating decisions.
Aside from these material regulatory deficiencies, the report identified other key essential findings, including the following:
- a large NRSRO failing to conduct required reviews following the departure of certain personnel
- a large NRSRO and a medium NRSRO failing to require sufficient records to be made and retained with respect to certain qualitative adjustments made by analysts
- a medium NRSRO failing to disclose complete and correct credit rating histories in its Rule 17g-7(b) disclosures
- a medium NRSRO failing to enforce its policies and procedures regarding conflict-of-interest reviews following the departure of employees who participated in determining credit ratings
- a small NRSRO failing to store documents containing confidential information in a manner that would prevent unauthorized access.
An Ounce of Prevention Is Worth a Pound of Cure
As all NRSROs know full well from the annual examination process, identifying potential issues at the earliest possible time, appropriately remediating them, and proactively enhancing internal controls and policies and procedures can place NRSROs on the best potential footing when faced with regulatory scrutiny.
With the report’s findings in mind, each NRSRO should review its practices, policies, and procedures in these areas and any others relevant to their credit ratings business to determine whether updates or enhancements may be appropriate.
1 U.S. Securities and Exchange Commission Office of Credit Ratings Annual Staff Report on Nationally Recognized Statistical Rating Organizations, available at https://www.sec.gov/files/feb-2024-ocr-staff-report.pdf.
Attorney Advertising—Sidley Austin LLP is a global law firm. Our addresses and contact information can be found at www.sidley.com/en/locations/offices.
Sidley provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship. Readers should not act upon this information without seeking advice from professional advisers. Sidley and Sidley Austin refer to Sidley Austin LLP and affiliated partnerships as explained at www.sidley.com/disclaimer.
© Sidley Austin LLP