1. A credit rating agency shall take all necessary steps to ensure that the issuing of a credit rating or a rating outlook is not affected by any existing or potential conflicts of interest or business relationship involving the credit rating agency issuing the credit rating or the rating outlook, its shareholders, managers, rating analysts, employees or any other natural person whose services are placed at the disposal or under the control of the credit rating agency, or any person directly or indirectly linked to it by control.
2. In order to ensure compliance with paragraph 1, a credit rating agency shall comply with the requirements set out in Sections A and B of Annex I.
3. At the request of a credit rating agency, ESMA may exempt a credit rating agency from complying with the requirements of points 2, 5, 6 and 9 of Section A of Annex I and Article 7(4) if the credit rating agency is able to demonstrate that those requirements are not proportionate in view of the nature, scale and complexity of its business and the nature and range of issue of credit ratings and that:
(a) the credit rating agency has fewer than 50 employees;
(b) the credit rating agency has implemented measures and procedures, in particular internal control mechanisms, reporting arrangements and measures ensuring independence of rating analysts and persons approving credit ratings, which ensure the effective compliance with the objectives of this Regulation; and
(c) the size of the credit rating agency is not determined in such a way as to avoid compliance with the requirements of this Regulation by a credit rating agency or a group of credit rating agencies.
In the case of a group of credit rating agencies, ESMA shall ensure that at least one of the credit rating agencies in the group is not exempted from complying with the requirements of points 2, 5 and 6 of Section A of Annex I and Article 7(4).
4. Credit rating agencies shall establish, maintain, enforce and document an effective internal control structure governing the implementation of policies and procedures to prevent and mitigate possible conflicts of interest and to ensure the independence of credit ratings, rating analysts and rating teams regarding shareholders, administrative and management bodies and sales and marketing activities. Credit rating agencies shall establish standard operating procedures (SOPs) with regard to corporate governance, organisation, and the management of conflicts of interest. They shall periodically monitor and review those SOPs in order to evaluate their effectiveness and assess whether they should be updated.