As with many compliance issues this one started with a series of errors.
In 2017 a client asked S&P Global Ratings (S&P) to rate a residential mortgage-backed security transaction. S&P’s analytical employees responsible for evaluating and assigning ratings provided feedback to the issuer, assigning “AAA” ratings to super senior tranches of the transaction. Then they changed their mind, not once, but twice. Were the ratings “AAA” or were they not?
The issuer was naturally unhappy with this and “repeatedly expressed its disappointment and frustration” to the S&P commercial employees, also threatening to sue S&P because uncertainty about the ratings had potentially impacted a “key marketing period for the offering”. The issuer then sent an ultimatum threatening to permanently stop doing business with S&P if the tranches in question were not rated as the issuer expected.
Under pressure
S&P’s employees fully understood the gravity of the situation. And so, under pressure, the analytical employees went straight back to work re-evaluating the transaction over a five-day period. During this time the S&P analytical and commercial teams communicated with each other as well as with compliance. It is these communications that led to S&P falling foul of Rule 17g-5(c)(8). This rule explicitly prohibits certain conflicts of interest including, among many others, one where someone within the rating organization who participates in the credit rating process itself also participates in sales and marketing activities.
§ 240.17g-5 – Conflicts of interest.
…
(c) Prohibited conflicts. A nationally recognized statistical rating organization is prohibited from having the following conflicts of interest relating to the issuance or maintenance of a credit rating as a credit rating agency:
…
(8) The nationally recognized statistical rating organization issues or maintains a credit rating where a person within the nationally recognized statistical rating organization who participates in determining or monitoring the credit rating, or developing or approving procedures or methodologies used for determining the credit rating, including qualitative and quantitative models, also:
(i) Participates in sales or marketing of a product or service of the nationally recognized statistical rating organization or a product or service of an affiliate of the nationally recognized statistical rating organization; or
(ii) Is influenced by sales or marketing considerations.
All of the communications connected to the rating were “chaperoned” by compliance staff. Emails between the teams were often sent to compliance “for review and possible redaction” and only then distributed by compliance to the recipients. Despite this supervision, they included “statements reflecting sales and marketing considerations”. In one instance, for example, an email was redacted by one member of the compliance team, only for the unredacted version of the email to be distributed by another compliance team member.
According to the SEC the “content, urgent nature, high volume, and compressed timing of the communications” between the teams led to a determination that the commercial employees had effectively become participants in the credit rating.
The S&P analytical employees eventually “analyzed a unique structural feature of the transaction”, one that they had been urged to look at by the issuer, and exercised their analytical judgement to conclude that it was enough to accord the tranches the ratings expected by the issuer.
Prohibited conduct
The SEC is careful to point out that this specific rule is breached even “if the individual’s conduct does not influence the credit rating or rating procedures or methodologies.” In other words, there was no need to determine whether the S&P commercial employees actually did influence the credit rating, and no suggestion is being made that they did. The very fact that they had become participants in the process was enough to constitute prohibited conduct.
The SEC found that S&P “failed to establish, maintain, and enforce written policies and procedures reasonably designed to ensure compliance with 17g-5(c)(8)(i). The absence of adequate policies might explain why the compliance team did not consistently intervene despite being able to supervise the communications between the teams.
It is difficult to police a rule, particularly one that includes such a strict prohibition, if one is not aware of the rule or its very specific implications in a particular situation. The ever-increasing number and complexity of the rules is such that effective compliance can only be conducted where adequate policies and procedures are in place to support and guide compliance staff.
Internal investigation
S&P launched an internal investigation after the events had taken place and self-reported to the SEC. It also revised its policies and procedures and instituted additional training for its employees. It has also agreed to settle the matter by paying a “$2.5m penalty and agreeing to the entry of a cease-and-desist order, a censure, and compliance with certain undertakings”.
Sadly, given all the hard work done, one of the undertakings is the withdrawal of the ratings in question. One can only wonder what impact this might have on the relationship with the client and here is another important point. Compliance issues, when they arise, not only result in fines and censures, they have a tangible impact on individuals, teams, relationships with clients as well as the reputation of the business more generally.