Recent Changes to SEC Rating Agency Reform Impose Burdensome Requirements on Structured Products Participants

March 03, 2010

Recent amendments to rules of the Securities and Exchange Commission (“SEC”) relating to Nationally Recognized Statistical Rating Organizations (“NRSROs”) will require persons seeking a rating of structured products and asset backed securities to establish and maintain a password-protected website containing all information provided to a NRSRO in connection with the rating. This information includes information that may have been previously supplied orally to a NRSRO or its counsel, and would include discussions and negotiations with the NRSRO or its counsel relating to applicable transaction documents. The compliance date for the revised rules is June 2, 2010.


In November 2009, the SEC issued a release (the “Release”)1 that amended its rules relating to NRSROs.  Among the changes effected by the Release are amendments to the conflicts of interests rules that NRSROs must comply with under Rule 17g-5 of the Securities Exchange of 1934 (the “Exchange Act”)2.  As discussed in more detail below, the amendments to Rule 17g-5 require one of the issuer, sponsor or underwriter (each, an “Arranger”) of securities or money market instruments issued by an asset pool or as part of any asset-backed or mortgage-backed securities transaction where such Arranger paid a NRSRO to issue and/or maintain credit ratings on such securities or instruments, to maintain a password-protected website containing information described below that will be accessible only by those NRSROs not hired to rate the securities or instruments.  The websites will not be accessible by the public.

The SEC has indicated that the amendments to Rule 17g-5 are designed to increase the number of credit ratings for a given structured finance product and, in particular, to promote the issuance of credit ratings by NRSROs that are not hired by an Arranger.

Compliance Date

In order to give NRSROs and Arrangers sufficient time to implement the changes required by the Release, the compliance date was set for June 2, 2010.  It is not clear from the Release if the revised rules apply to transactions where NRSROs are engaged by Arrangers prior to June 2, 2010, but the ratings are not issued until on or after June 2, 2010.3

Applicable Transactions

New paragraph (b)(9) of Rule 17g-5 was added to cover transactions where a NRSRO is issuing or maintaining a credit rating for a security or money market instrument issued by an asset pool or as part of any asset backed or mortgage-backed securities transaction that was paid for by the Arranger of the security or money market instrument (any such security or instrument, a “Covered Security”).

The SEC indicated in its Release that the new Rule 17g-5(b)(9) is intended to cover the full range of structured finance products transactions, and not just transactions covered by Regulation AB.  As an example, the SEC identified the following products that would be covered:  securities collateralized by static and actively managed pools or receivables (e.g., commercial and residential mortgages, corporate loans, auto loans, education loans, credit card receivables and leases), collateralized debt obligations, collateralized loan obligations, collateralized mortgage obligations, structured investment vehicles, synthetic collateralized debt obligations that reference debt securities or indexes, and hybrid collateralized debt obligations. 

Both registered and non-registered securities and money market instruments would be covered under this new rule.




New Requirements for Issuers, Sponsors or Underwriters

Under the rules as amended by the Release, in order for a NRSRO to issue and/or maintain a rating on a Covered Security, the NRSRO, among other things, must obtain from an Arranger of such Covered Security a written representation that can be reasonably relied upon that such Arranger will:

  • Maintain  ratings-related information at an identified password-protected internet website4 that presents the information in a manner indicating which information included on the website currently should be relied on to determine or monitor the credit rating.5
  • Post on the website all information an Arranger provides to the NRSRO, or contracts with a third party (e.g., servicers and trustees) to provide to the NRSRO, for the purpose of determining the initial credit rating for, or undertaking credit rating surveillance on, the Covered Security, including information about the characteristics and performance of the assets underlying or referenced by the Covered Security, and the legal structure of the Covered Security (in the case of determining the initial rating) at the same time such information is provided to the NRSRO.
  • Provide access to such password-protected internet website during the applicable calendar year to any NRSRO that provides such Arranger with a copy of the certification described in the new paragraph (e)6 of Rule 17g-5 that covers that calendar year.

A NRSRO will not be responsible to enforce compliance by an Arranger with these new requirements.  However, if a NRSRO had knowledge that an Arranger had not complied with its representations, the NRSRO would be on notice that future reliance on that Arranger might not be reasonable.  The SEC believes it is likely that the required representations from Arrangers will be part of the standard contracts entered into between NRSROs and Arrangers and that an Arranger that fails to comply with its representations will risk having the hired NRSRO withdraw the credit ratings paid for by that Arranger and being denied the ability to obtain credit ratings from the hired NRSRO in the future, given that the hired NRSRO may not be able to reasonably rely on such Arranger’s representations.

The SEC Release acknowledges that, as a consequence of the changes to Rule 17g-5, the process of information exchange between Arrangers and hired NRSROs for structured finance products will likely become more formalized, including the written submission of information that may, in the past, have been provided orally.  Arrangers and NRSROs will need to implement procedures to ensure that all communications between NRSROs (including any of their agents, such as counsel) and Arrangers (including any of their agents, such as counsel and accountants and any other third parties engaged to provide information to the NRSROs) with respect to a transaction are in written form7 and contemporaneously posted to the applicable website.

The SEC is not requiring that non-hired NRSROs accessing the information on websites enter into confidentiality agreements with the Arranger.  However, the SEC indicated that an Arranger  will not be precluded from employing a simple process requiring non-hired NRSROs to agree to keep the information they obtain from the websites confidential, provided that such a process does not operate to preclude, discourage, or significantly impede non-hired NRSROs’ access to the information, or their ability to issue a credit rating based on the information.8

1   Release No. 34-61050; File No. S7-04-09; 74 Fed. Reg. 63832 (December 4, 2009).

2   The Release also amended Rule 17g-2, which amendments did not impose additional burdens on issuers, sponsors or underwriters.

3   If the rules were to apply in this case, it is also unclear whether Arrangers are required to post all communications with the NRSROs prior to June 2, 2010 or only those communication commencing on and after June 2, 2010.

4   The website identified in the Arranger’s written representation will be specifically referenced by the NRSRO on the separate password-protected internet website required to be maintained by the NRSRO that lists each Covered Security that such NRSRO is currently in the process of determining an initial credit rating.

5   For example, anytime information is updated or new information is given to the hired NRSRO, the Arranger will be required to tag the information in a manner that informs the non-hired NRSRO accessing the website which information currently is operative for purposes of determining or maintaining the rating on the Covered Security.

6   In order to access a password-protected internet website, a NRSRO must furnish to the SEC, for each calendar year for which it is requesting a password, the following certification, signed by a person duly authorized by the certifying entity:

The undersigned hereby certifies that it will access the Internet Web sites described in 17 CFR 240.17g–5(a)(3) solely for the purpose of determining or monitoring credit ratings. Further, the undersigned certifies that it will keep the information it accesses pursuant to 17 CFR 240.17g–5(a)(3) confidential and treat it as material nonpublic information subject to its written policies and procedures established, maintained, and enforced pursuant to section 15E(g)(1) of the Act (15 U.S.C. 78o–7(g)(1)) and 17 CFR 240.17g–4. Further, the undersigned certifies that it will determine and maintain credit ratings for at least 10% of the issued securities and money market instruments for which it accesses information pursuant to 17 CFR 240.17g–5(a)(3)(iii), if it accesses such information for 10 or more issued securities or money market instruments in the calendar year covered by the certification. Further, the undersigned certifies one of the following as applicable: (1) In the most recent calendar year during which it accessed information pursuant to 17 CFR 240.17g–5(a)(3), the undersigned accessed information for [Insert Number] issued securities and money market instruments through Internet Web sites described in 17 CFR 240.17g–5(a)(3) and determined and maintained credit ratings for [Insert Number] of such securities and money market instruments; or (2) The undersigned previously has not accessed information pursuant to 17 CFR 240.17g–5(a)(3) 10 or more times during the most recently ended calendar year.

7   However, the new Rule 17g-5 does not require that information posted to websites be in written form; thus it would seem permissible to post audio or video files recording telephone and in-person information exchanges.

8   For example, an Arranger could interpose a confidentiality agreement on the website in a window (click-through screen) that appears after the NRSRO successfully enters its password to access the information and which requires the NRSRO to hit an “Agree” button before being directed to the information to be used to determine the credit rating.