The European Securities and Markets Authority (ESMA) considered the Consultation Paper on the IAASB’s Proposed Strategy for 2015-2019 and the Proposed Work Program for 2015-2016 (CP) and thanks you for the opportunity to contribute to the IAASB’s due process. The views expressed in this letter are made from the point of view of securities regulators with the aim to enhance investor protection and improve listed entities’ auditors’ reports.

The European Securities and Markets Authority’s (ESMA) annual report and work programme has been prepared according to Article 21 of Regulation 1060/2009 on credit rating agencies as amended (the CRA Regulation) and Article 85 of Regulation 648/2012 on OTC derivatives, central counterparties and trade repositories (EMIR). It highlights the direct supervisory activities carried out by ESMA during 2015 regarding credit rating agencies (CRAs) and trade repositories (TRs) and outlines ESMA’s main priorities in these areas for 2016.

ESMA adopts a risk-based approach to the supervision of CRAs and TRs in accordance with its overall objectives of promoting financial stability and orderly markets and enhancing investor protection. This risk-based approach requires the analysis of information from a variety of sources and the application of multiple supervisory tools including day-to-day supervision, cycle of engagement meetings with supervised entities, on-site inspections and dedicated investigations.

In order to build on the expertise that ESMA has developed through its supervision of CRAs and TRs, ESMA created a single Supervision Department in November 2015. ESMA intends to draw on the best practices identified from the supervision of both types of entity to further enhance its supervisory effectiveness in future.

The European Securities and Markets Authority (ESMA) has today published its 2016 supervisory priorities for credit rating agencies (CRAs) and trade repositories (TRs), as well as its annual report summarising the key supervisory work and actions undertaken during 2015.

2016 Supervisory Priorities

ESMA has seen a number of changes in the CRA and TR industries during 2015, with new applicants for registration in both sectors, and current authorised entities seeking to develop their businesses. This has included CRAs providing credit ratings on new asset classes or in new geographic areas, and TRs offering trade reporting services for other instrument types.

ESMA identifies its supervisory priorities on the basis of risk assessment exercises conducted throughout the year. In 2015 these identified high levels of governance and strategy risk, and operational risk in the CRA industry and high levels of risk associated with TRs’ data and systems. Therefore, in 2016 ESMA will focus its supervisory activities on:

• CRA governance and strategy and the quality of credit ratings;
• TR data quality and data access;
• Fees charged and information security for all supervised entities.

Steven Maijoor, ESMA Chair, said:

“The credit rating and trade repository industries continue to evolve and develop. We are receiving new applications for registration and existing entities are seeking to develop their businesses by expanding into new areas. ESMA supports these developments where they contribute to the maintenance of stable and orderly financial markets.

“For this reason, in 2016 ESMA will focus its work on the quality of the services being provided by supervised entities. This means we will concentrate on issues surrounding CRA governance, strategy and ratings quality, along with data quality and access to TRs’ data with a broad focus on the fee structures and information security in both industries.”

2015 Annual Supervisory Review – CRAs and TRs

In 2015, following its risk-based approach, ESMA focused its supervisory efforts on CRAs’ governance, risk management and internal decision making and on CRAs’ business development processes. Some notable achievements were:

• investigating the techniques being applied to validate credit rating methodologies by some CRAs and using the differences identified to encourage industry-wide debate about appropriate validation standards;
• conducting an IT risk assessment which identified that CRAs are facing serious risks in several areas including IT operations and information security;
• investigating the process of issuing credit ratings followed by one CRA and raising concerns about the preparation of issue ratings, the workloads of credit rating analysts and their involvement in the provision of ancillary services; and
• concluding an enforcement case against DBRS Ratings Ltd for internal control failings and imposing a €30,000 fine for past record-keeping breaches. The case highlighted the need for CRAs to establish clear decision-making procedures, organisational structures and effective compliance functions.

The key risks TR supervision focused on in 2015 related to the quality of TRs’ data, access to data held by TRs and the operation and performance of TRs’ systems. In 2015, ESMA continued working with TRs to implement the data quality action plan established in September 2014 including:

• harmonising TRs’ data validation;
• monitoring the inter-TR reconciliation process; and
• ensuring the harmonisation of the aggregate data made available on TRs’ websites.

ESMA has also been monitoring National Competent Authorities’ (NCAs) access to TR data. It has entered into a number of Memoranda of Understanding (MoUs) to help third country regulatory authorities access TR data and is developing an IT system to allow NCAs to submit data queries through a centralised web portal.

Decision to adopt a supervisory measure taking the form of a public notice and to impose a fine in accordance with Statement of Findings in accordance with Articles 64(5), 65, 67 and 73 of Regulation (EC) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties and trade repositories

Public notice regarding negligent breach by DTCC Derivatives Repository Ltd of its legal obligation to ensure immediate access for regulators to data reported under EMIR

DTCC Derivatives Repository Ltd (‘DDRL’) is a trade repository registered in the European Union and is part of the DTCC group which includes a number of companies providing post-trading services to the global financial services industry. DDRL was registered by ESMA as a trade repository under Regulation (EU) No 648/2012 on OTC derivatives, central counterparties and trade repositories (‘EMIR’) on 7 November 2013. ESMA has responsibilities for the supervision and enforcement of provisions under EMIR concerning DDRL and other trade repositories registered in the EU.

In May 2014, ESMA’s supervisory team became aware of delays in providing regulators with access to data reported to DDRL under EMIR. Following further examination, the supervisory team formed the view that there were serious indications of the possible existence of facts liable to constitute one or more of the infringements listed in EMIR. The matter was accordingly referred to an independent investigation officer (the ‘IIO’). The IIO considered the evidence referred to him and conducted further investigations, before submitting his findings to ESMA’s Board of Supervisors (the ‘ESMA Board’).

Based on the findings of the IIO and the evidence put before it, the ESMA Board found on 23 March 2016 that an examination of the facts showed that DDRL had committed the following infringement under EMIR and had done so negligently. DDRL committed an  infringement of EMIR by not allowing regulators and supervisors direct and immediate access to the details of derivatives contracts they need to fulfil their responsibilities and mandates.

ESMA fines DTCC Derivatives Repository Limited €64,000 for data access failures

The European Securities and Markets Authority (ESMA) has fined the trade repository DTCC Derivatives Repository Limited (DDRL) €64,000, and issued a public notice, for negligently failing to put in place systems capable of providing regulators with direct and immediate access to derivatives trading data. This is a key requirement under the European Markets and Infrastructure Regulation (EMIR) in order to improve transparency and facilitate the monitoring of systemic risks in derivatives markets.

This is the first time ESMA has taken enforcement action against a trade repository registered in the European Union (EU). DDRL is the largest EU registered trade repository.

ESMA found that DDRL failed to provide direct and immediate access to derivatives data from 21 March 2014 to 15 December 2014, a period of about nine months in which access delays increased from two days to 62 days after reporting and affected 2.6 billion reports. This was due to its negligence in:

• failing to put in place data processing systems that were capable of providing regulators with direct and immediate access to reported data;
• failing, once they became aware, to inform ESMA in a timely manner of the delays that were occurring; and
• taking three months to establish an effective remedial action plan even while delays were worsening.

DDRL’s failures caused delays to regulators accessing data, revealed systemic weaknesses in its organisation particularly its procedures, management systems or internal controls and negatively impacted the quality of the data it maintained.