UK: The EU Rating Agency Regulation

Last Updated: 29 April 2009
Article by Peter Green and Jeremy C. Jennings-Mares


Credit rating agencies ("CRAs") have been very much in the eye of the storm of the sub-prime crisis and ongoing turmoil in the financial markets, in which they have been heavily implicated. This is because CRAs and the ratings they assign play a crucial role in the international financial system. Credit ratings have become increasingly important to investors in assessing the risk profile of the relevant investments and have been extremely important in the development of the structured credit market. In addition, the introduction of the Basel II framework has meant that credit ratings have become an integral part of the methodology of determining many financial institutions' net capital reserve requirements.

Having rated many assets which have defaulted or been marked down in value during the recent financial crisis, CRAs have been blamed for helping cause the credit crunch and the large losses incurred by the financial sector. There have therefore been calls in Europe and the US for greater oversight and regulation of CRAs. Criticisms have been raised in particular over their methodologies for rating structured finance and structured product transactions and the assumptions made in those methodologies. Concerns have also been raised as to the speed with which many transactions were downgraded, sometimes going from AAA to default overnight. There is, however, also a general consensus amongst market participants that many investors became over-reliant on the credit ratings of the investments being acquired and did not undertake adequate analysis and due diligence of the underlying risks they were taking on, effectively outsourcing their internal due diligence to the CRAs.

Following action taken in the US to impose greater controls over CRAs in July 2008 and some of the other initiatives referred to below, the European Commission (the "Commission") published for consultation in November 2008, a draft regulation seeking to regulate CRAs and their activities at the European level. Further to such consultation and negotiations with the EU Parliament and the Council of Ministers, the Commission announced on 23 April 2009 that the final form of the regulation (the "Regulation") had obtained the necessary approvals. The Regulation is expected to come into force within the next month.

We set out below the principal features of the Regulation and also some of the other initiatives relating to CRAs that have been introduced since the onset of the credit crunch.

EU Regulation

In June 2008, Charlie McCreevy, the European Commissioner for Internal Markets and Services referred to the revised IOSCO Code (described further below) as a "toothless wonder" and stated that he did not believe the recommendations set out in the code were enforceable in a meaningful way. Following on from these comments, on 31 July 2008, the Commission published two consultation papers on CRAs. The first paper sought views on proposals to introduce a directive or regulation relating to the authorisation, operation and supervision of CRAs, including the introduction of an authorisation and external oversight regime for CRAs active in the EU based on a home state principle. The stated rationale for these proposals was to reform CRAs' corporate and internal governance, including appropriate management of conflicts of interest and to increase transparency of CRAs' activities. The second paper was aimed at tackling the problem of excessive reliance on credit ratings, including requiring greater health warnings and requiring regulated and sophisticated investors to rely more on their risk analysis.

The reaction to the EU proposals was mixed and included criticism from many market participants and trade bodies. On 5 September, the SIFMA Task Force (referred to below) published a response to the EU Consultation Papers noting its reservations about the nature and scope of the proposed measures. The Task Force was concerned that the EU paper suggested a prescriptive regime favouring rigid rules over principles. It also felt that the lack of confidence in the IOSCO Code was overstated and that the EU proposals did not form part of a coordinated international approach. Particular concerns raised included the potential extra territorial scope of the proposals and the scope for the relevant authorities to unduly interfere in ratings decisions. Concerns were also raised that the proposals could give rise to market disruption and raise barriers to entry.

CESR also responded to the EU proposals on 16 September 2008. It acknowledged the drivers behind the EU approach but said that it considered its 2008 annual report (see below) was the most appropriate and proportional way of dealing with the issue. CESR also reiterated the need for a coordinated international response to the challenges, noting that the EU proposal was not aligned with the US regulations and the IOSCO code. CESR also stated that the Commission should not take any measures which might result in anti-competitive consequences. It also believed the proposed rules were too rigid and detailed and preferred a principles-based approach.

On 12 November 2008, the Commission published its draft regulation which sought to address some of the issues raised in response to its consultation papers. In publishing the draft regulation, the Commission stated that it believed the current crisis revealed weaknesses in the methods and models used by CRAs, partially because CRAs operate in an oligopolistic market that offers limited incentives to compete on the quality of the ratings produced. The Commission stated that whilst it considers the IOSCO code of conduct to be the global benchmark, it also believes some of the IOSCO rules are quite abstract and generic and need to be more specific and consolidated, to make them easier to apply in practice and more efficient. Most importantly, it stated that it believes the code lacks teeth and is fatally weakened as a result. It further stated that it believes it is important to take a globally focused approach and create a regulatory framework in the EU comparable to that applied in the US and based on the same principles. Although the draft regulation sought to address some of the issues raised in response to its consultation papers, criticisms were raised that the provisions still provided an overly prescriptive approach and was not sufficiently coordinated with other global initiatives on CRAs.

Following further consultation and negotiation with the EU Parliament and the Council of Ministers, the Regulation was approved on 23 April 2009. Member states have 6 months to give effect to its provisions; although provisions relating to the recognition of rated products for regulatory purposes will not come into effect for another 12 months. The Regulation contains detailed provisions dealing with:

  • the mechanism for registration and surveillance of CRAs, seeking to avoid 'forum shopping' among EU jurisdictions;
  • the effect of ratings issues by CRAs registered under the Regulation (and the effect of those issued by CRAs that are not registered);
  • rules seeking to ensure that CRAs are independent and avoid conflicts of interest in the rating process (or at least manage them adequately);
  • transparency of ratings by setting disclosure obligations for CRAs; and
  • the imposition of organisational and operational requirements.

Content of the Regulation


The Regulation applies to credit ratings issued by CRAs registered in the EU which are publicly disclosed or distributed by subscription. It does not apply to private credit ratings produced pursuant to an individual order which are provided exclusively to the persons that ordered them and are not intended for public disclosure or distribution by subscription.

Use of credit ratings within the EU

Under Article 4 of the proposed Directive, credit institutions and other relevant financial institutions (including UCITS funds and insurance and reinsurance undertakings) may only use a credit rating for regulatory purposes (in particular under the Capital Requirements Directive) if it has been issued by a CRA located in the EU and registered as described below.

Where a credit rating is issued in a third country, the rating may be endorsed by a CRA registered under the Regulation (in which case it will be treated in the same way as a credit rating issued by a registered CRA), provided that the credit rating activities resulting in the issuance of the relevant credit rating are undertaken partly or entirely by the endorsing CRA or by CRAs in the same group as it and that the endorsing CRA has verified and can demonstrate on an ongoing basis that the third country CRA fulfils requirements at least as stringent as certain provisions in the Regulation, including those dealing with independence and conflicts of interests, rating analysts, methodologies and disclosure. Other requirements in respect of any such endorsement by a CRA include:

  • such CRA makes available on request to its competent authority all information necessary to enable such authority to supervise compliance with the requirements of the Regulation;
  • there is an objective reason for the credit rating being issued in the third country;
  • the CRA established in the third country is authorised or registered and subject to supervision in such country;
  • the CRA can establish that the third country regulatory regime prevents interference of the competent authorities with the content of credit ratings and methodologies (unless the Commission has recognised the legal and supervisory framework of the relevant third country as equivalent to the provisions of the Regulation as set out below); and
  • there is an appropriate cooperation arrangement between the competent authority of the home member state of the endorsing CRA and the competent authority of the CRA established in a third country, including arrangements for the exchange of information and the procedures concerning the coordination of supervisory activities.

It is expressly stated that a CRA registered under the Regulation shall not use endorsement with the intention of avoiding the requirements of the Regulation. It is also provided that a CRA endorsing credit ratings issued in third countries shall remain fully responsible for such credit ratings and the fulfilment of conditions set out therein.

In relation to credit ratings of entities established outside the EU or securities issued in a non-EU jurisdiction, the rating may still be used within the EU, even if not endorsed in accordance with the above provisions, if:

  • the relevant CRA is authorised or registered or is subject to supervision in the third country;
  • the Commission has determined that the legal and supervisory framework of such third country is equivalent to the requirements of the Regulation;
  • there are appropriate cooperation agreements in the same way as in relation to endorsements referred to above;
  • the ratings are not of systemic importance to the financial stability or integrity of the financial markets of one or more member states; and
  • the relevant CRA is certified as specified below.

In relation to determining jurisdictions outside the EU as having arrangements equivalent to the Regulation, the Commission is required to prepare a report on the regulatory framework for CRAs in third countries within a year of the Regulation coming into force. A third country legal and supervisory framework will be considered equivalent to the Regulation if the following conditions are met:

  • CRAs in the third country are subject to authorisation or registration and are subject to effective supervision and enforcement on an ongoing basis;
  • such CRAs are subject to rules equivalent to certain provisions of the Regulation, including those dealing with independence and conflicts of interests, rating analysts, methodologies and disclosure and organisational and operational requirements; and
  • the regulatory regime in the third country prevents the interference of the relevant authorities in relation to the content of credit ratings and methodologies.

For a CRA outside the EU to be registered, it must apply to CESR. The process for registration is similar to that for the registration of CRAs under the Regulation referred to below and will involve the establishment of a supervisory college of the competent authorities from any member state that wishes to participate. The college is permitted to exempt such CRA from complying with certain organisational requirements of the Regulation or from having a physical presence in the EU depending upon the nature, scale and complexity of its business and the nature and range of issuance of its credit ratings and the impact of such ratings on the financial stability or integrity of the financial markets of any member states.

A prospectus issued under the Prospective Directive must state whether or not any credit ratings are issued by a CRA registered under the Regulation.

The possible extra territorial effect of the Regulation and its application to ratings issued by CRAs in countries outside of the EU was a major issue of controversy during the consultation process. The final version of the Regulation seeks to address many of these concerns through its provisions for endorsement of ratings and allowing ratings to be used in relation to entities established outside the EU or securities issued in a non-EU jurisdiction where such jurisdiction is regarded as having provisions equivalent to the Regulation. Concerns are, however, likely to remain that, in practice, it is going to be difficult to market securities in the EU which do not have a rating issued by a CRA which is incorporated and registered within the EU (or by a CRA in the same group as such an entity). Although there is scope for CRAs located outside the EU to be registered in accordance with the provisions set out above, this process is likely in most cases to be almost as onerous as establishing a subsidiary in the EU and obtaining registration. It therefore seems unlikely this route will be widely used.

It also remains to be seen which jurisdictions will be regarded as having provisions equivalent to the Regulation. In relation to securities issued by entities in non-EU jurisdictions not regarded as having such provisions, it is likely to make such securities unattractive to investors in the EU, unless rated or endorsed by an EU-registered CRA.

Independence and avoidance of conflicts of interest

The Regulation sets out specific requirements in relation to a CRA's internal governance structures with the intention of separating the rating function from business incentives. It obliges CRAs to have an administrative or supervisory board which is required to ensure the independence of credit rating activities from all political and economic influences or constraints and that conflicts of interest are properly identified, managed and disclosed. At least one third of the supervisory board (being a minimum of two persons) must be independent members not involved in credit rating activities.

A CRA must disclose conflicts of interest in a complete, timely, clear, concise, specific and prominent manner and record all significant threats to the CRA's independence or that of its employees, together with the safeguards applied to mitigate those threats. In addition, it must limit its activities to credit rating and related operations, excluding consultancy or advisory services.

Under the Regulation, a CRA is not permitted to provide consultancy or advisory services to an entity it is rating or any related party; although it may provide ancillary services such as market forecasts or pricing analysis. It is, however, provided that in relation to the rating of structured finance instruments, the CRA must ensure that its analysts or persons who approve ratings do not make formal or informal proposals or recommendations regarding the design of the security. This is likely to impact significantly on the 'iterative' process typically engaged in between arrangers and CRAs to determine the rating applicable to a particular product. Where a specific rating is required for a product, it will make the arranger's task much more difficult if they cannot receive an indication from the CRAs as to what changes would be necessary to achieve a particular rating. The SIFMA Task Force commented that it believes that the iterative process between an issuer, arranger, underwriter and CRA during the rating of the product is part of the core service and not an advisory function. In practice, however, CRAs will need to consider very carefully whether any dialogue between themselves and the arranger of a structured product could fall foul of these provisions.

CRAs will also be required to keep adequate records of their credit rating activities, including the identity of the relevant analysts and the identity of persons approving the rating and fees.

Specific rules also apply to rating analysts and other persons involved in credit rating activity. Such persons may not be involved in rating any entity in which they hold a financial instrument issued by such entity or a related entity and must not solicit or accept money, gifts or favours from anyone with whom the CRA does business. CRAs are also required to ensure that lead rating analysts are not involved in credit ratings activities related to the same entity or related parties for a period greater than four years. This period is extended to five years in relation to other analysts and seven years in relation to persons approving credit ratings.

In addition, CRAs are required to establish a gradual rotation mechanism in relation to analysts and persons approving ratings which should be phased in relation to individuals, rather than complete teams.

The compensation and performance evaluation of rating analysts and persons approving credit ratings must not be contingent on the amount of revenue that the CRA derives from the rated entities or related parties.

Quality of ratings

The Regulation provides that CRAs must disclose the methodologies, models and key assumptions they use in the rating process to allow market participants to check the soundness of the methodologies used, to verify the rating issued by the CRA and to increase market discipline. Methods and ratings must be kept up-to-date and are subject to review. If the agency changes its rating methodology, it must immediately disclose which ratings are likely to be affected by this change and re-rate them promptly, to keep them up-to-date and responsive to changes in financial conditions.

Any outsourcing of operational functions must be undertaken in a way which does not materially impair the quality of the CRA's internal controls and the ability of the relevant competent authorities to supervise such CRA's activities.

Disclosure and transparency obligations

The Regulation obliges CRAs to disclose promptly all ratings, unless the ratings are only distributed by subscription, to enable investors to distinguish between ratings for structured products and for traditional products by requiring the use of an additional symbol for structured finance instruments or additional information on their risk characteristics. Specific disclosure requirements apply to unsolicited credit ratings.

To ensure that internal processes and procedures are sufficiently transparent, each CRA must publicly disclose certain material information including on actual and potential conflicts of interest, methodologies and key rating assumptions, what it does and does not consider to be services ancillary to its core rating business and the general nature of its compensation policy. CRAs must also periodically disclose data on the historical default rates of rating categories and give competent authorities certain elements such as the list of the largest 20 clients by revenue.

To ensure that relevant, standardised data on a CRA's performance is available to allow market participants to make industry-wide comparisons, CESR will create a publicly available central repository for such data. With a view to restoring public confidence in the rating business, CRAs will be required to publish an annual transparency report, and keep records of their activities.

Registration and surveillance

CRAs whose credit ratings fall within the scope of the Regulation will be subject to a new registration regime. Registration will only be provided to entities established in the EU, so to obtain registration CRAs located outside the EU will be required to establish a subsidiary within the EU.

CESR will act as a central point for application. Following receipt of the application, a college of supervisors will be established in relation to such application comprising the competent authority of the home member state of the CRA and the competent authority of any other member state that wishes to join the college, provided that a branch of the CRA is established in its jurisdiction or that the use for regulatory purposes of credit ratings issued by such CRA are widespread or has or is likely to have a significant impact in its jurisdiction. The college will appoint one of its members as a facilitator. The facilitor is the primary interface of the college with CESR, chairs meetings of the college, coordinates its actions and seeks to ensure an exchange of information among its members.

The college is obliged, in consultation with CESR, to use all reasonable efforts to reach an agreement among its members as to whether or not to accept the application for registration. In the absence of an agreement, the request for registration must be declined.

The competent authorities of the relevant member state are responsible for supervising and monitoring a CRA's compliance with its obligations and have wide powers to access documents and demand information. The Regulation provides, however, that neither the competent authorities nor any other public authorities of the member states are permitted to interfere with the content of credit ratings or the methodologies.

The competent authority of the relevant member state may withdraw the registration of the CRA in circumstances where the CRA:

  • renounces the registration or has provided no ratings for six months;
  • obtained registration by false statements or other irregular means;
  • no longer meets the conditions for registration; or
  • has seriously or repeatedly infringed the provisions of the Regulation.

There is, however, a requirement that where the competent authority of the home member state considers one of these grounds has been satisfied, it must notify the facilitator of the relevant supervisory college and closely cooperate with the members of the college to determine whether or not the registration should be withdrawn. Any member of the college can also request that CESR be consulted. If the members of the college cannot reach agreement, the home member state still has the ability to make a decision to withdraw the relevant CRA's registration.


The Regulation seeks to be consistent with the revised IOSCO Code and the principles set out at the beginning of the draft Regulation are generally in line with such Code. The Regulation, however, contains detailed prescriptive rules and many market participants have questioned whether these are appropriate. Although the European Parliament has sought to address a number of concerns raised by various bodies, including CESR, concerns remain in some quarters that the provisions are overly prescriptive in some respects, particularly in relation to corporate governance. It should also be noted that whilst the European Central Bank broadly welcomed the Regulation, it is concerned that some aspects of the Regulation are unclear, in particular what is meant by the use of ratings for "regulatory purposes." Standard & Poor's, whilst welcoming greater transparency and accountability for CRAs, highlighted the need for consistent application of the rules across the EU. The creation of supervisory colleges of regulators to consider applications for the registration of rating agencies and other matters attempts to assist in ensuring a greater degree of cooperation, information sharing and consistency of approach among European regulators and it is likely that this initiative will be used for other aspects of financial regulation in the future.

Concerns have also been raised that, despite an express provision that prohibits regulators from interfering with the rating process, there is still a possibility that political pressure may be applied to CRAs. In particular, national supervisors will have the ability to issue a temporary prohibition of a CRA issuing a rating. The final version of the Regulation mitigates these concerns to some extent by requiring national supervisors to liaise with the relevant college of supervisors before withdrawing a rating but the final decision will rest with the competent authority in the CRA's home member state.

Some commentators believe that the problem is a different one altogether, requiring a radically different solution. They suggest that CRAs have too much power and influence and obtain access to information that other market participants do not. Attempting to tie them even more tightly into the regulatory system may in fact exacerbate these contradictions by raising barriers to new entrants and making CRAs appear even less fallible. An alternative approach is to instead have less regulation, permit more competition and require bond issuers to publicly release any information which they provide to CRAs. Investors would then be required to make credit judgments of their own, the absence of which is potentially the greatest single factor behind the credit crisis. It is, however, clear that this approach does not hold favour with most regulators and legislators and a greater regulatory oversight for CRAs is inevitable.

Other Initiatives Regarding Rating Agencies since the Credit Crunch

Since the onset of the credit crisis there have been a number of proposed regulatory and industry reforms from the international regulators and industry bodies. These proposed reforms have generally been based on a principlesbased approach, focusing largely on conflicts of interest and greater transparency and disclosure.


In the US, the Securities and Exchange Commission (the "SEC") has power to register and oversee Nationally Recognized Statistical Rating Organizations ("NRSROs") under the Credit Rating Agency Reform Act 2006 which came into effect in 2007.

The SEC proposed rules on June 16, 2008 designed to address concerns about the integrity of NRSRO credit rating procedures and methodologies. The SEC proposed additional rule changes on July 1, 2008 intended to reduce perceived undue reliance on credit ratings within the SEC rules and forms.1 The final rule changes were approved by the SEC on December 3, 2008. 2

The new rules include prohibiting conflicts of interest and are substantially in the form of the June 16 proposals. They include a prohibition on NRSROs rating a security where the obligor, issuer, underwriter or sponsor has received ratings recommendations from the NRSRO or where the personnel responsible for participating in determining the credit rating or developing or approving procedures or methodologies used for determining credit ratings have participated in fee discussions, negotiations or arrangements with the related issuer.

The final rules also include new record-keeping, reporting and disclosure requirements for NRSROs.

The SEC has also issued a re-proposal to its previous proposal that prohibited NRSROs rating a structured finance transaction paid by a party to the transaction unless all information provided to the NRSRO in connection with its rating was publicly disclosed. This raised numerous securities law liability and Regulation FD concerns. The proposal has therefore been relaxed to require that the relevant information provided to the NRSRO to determine and monitor the rating is, subject to certain conditions, also made available to NRSROs not retained to issue a credit rating.

The June 16 proposals also included requiring an alternative symbol for the rating of structured finance products. This proposal was subject to criticism from many market participants and was not included in the December 3 rule changes and proposals.


In December 2004, the International Organisation of Securities Commissions ("IOSCO") published a voluntary code of practice which a number of CRAs, including S&P, Moody's and Fitch have since adhered to. 3

In May 2008, IOSCO published an updated revised version of the Code. This included changes arising out of the financial crisis, including requiring CRAs to: 4

  • ensure the quality and integrity of the ratings process, e.g., by prohibiting analysts from making recommendations on structuring;
  • be independent and avoid conflicts of interests;
  • act responsibly towards investors and issuers, e.g., by differentiating structured finance ratings; and
  • disclose codes of conduct, rating methodologies and historic performance data in a prominent position on its website.

In March 2009, the IOSCO Task Force published a report reviewing implementation by CRAs of the revised Code. It concluded that Fitch, Moody's and S&P had also substantially implemented the revised Code but that 14 CRAs reviewed had not addressed the revisions. This indicates that amongst the smaller rating agencies there is still substantial work to be done in getting CRAs universally to adopt practices based on the revised Code. Of course, any such agencies wishing to obtain registration in the EU will now need to comply with the Regulation.

Financial Stability Forum

In its "Report of the Financial Stability Forum on Enhancing Market and Institutional Resilience" published on 7 April 2008, the Financial Stability Forum set out various recommendations relating to the quality of the rating processes within CRAs, issues particular to structured products, the assessment of underlying data quality by CRAs and the use of ratings by investors and regulators. These measures involved requiring greater transparency relating to rating practices, including the publication of historical performance data. It also recommended a separate rating scale or additional rating symbol for structured products. The report also urged investors to reconsider how they use credit ratings in their investment guidelines and mandates and for risk management and valuation. It also stated that supervisory authorities need to check the roles they assess to ratings in regulations and supervisory rules are consistent with the objectives of investors making independent judgment or risks and carrying out their own due diligence, and do not induce uncritical reliance on credit ratings as a substitute for such independent evaluation.

At the G20 summit in London in March 2009, the working group on enhancing sound regulation and strengthening transparency noted the fact that the IOSCO Code lacks legal authority and that any enforcement of the Code rests with national regulators. It noted that the Financial Stability Forum is following national and regional initiatives relating to such regulation including in the US, the EU and Japan.


On 31 July 2008, the Securities Industry and Financial Markets Association ("SIFMA") issued global recommendations for CRAs which were developed by the SIFMA Task Force. 5 The recommendations include encouraging CRAs to:

  • provide clear standardised disclosure of rating methodologies;
  • disclose the results of due diligence and other information relied upon;
  • provide access to performance of ratings to allow comparison among agencies;
  • address conflicts of interest, being sensitive in particular towards the difference between core ratings services and consulting services;
  • work towards a global regulatory framework; and
  • disclose CRA fees.

The SIFMA Task Force has also urged legislators, regulators and law enforcement agencies to coordinate more closely in addressing the global issues surrounding CRAs. It is keen, in particular, to avoid "counter-productive, piecemeal, inconsistent attempts at remediation." The Task Force recommended that a global SIFMA advisory board of industry participants should be established to advise regulators and lawmakers on ratings issues.


On 13 February 2008, the Committee of European Securities Regulators ("CESR") published a consultation paper in relation to the role of CRAs in structured finance. Issues raised included:

  • transparency of the rating process and methodologies;
  • the monitoring of rating performance;
  • CRA staff resourcing;
  • conflicts of interest; and
  • regulatory options.

CESR subsequently published, in May 2008, its second annual report to the Commission on the voluntary compliance of CRAs with the IOSCO Code. This report also considered the role of CRAs in structured finance. The report favoured market-led improvement rather than regulation, although it considered that the revised IOSCO Code and the initiatives taken by the CRAs themselves were not sufficient to maintain the integrity of and confidence in CRAs.

ESF/ EFAMA/ IMA Guidelines

On 11 December 2008, the European Fund and Asset Management Association ("EFAMA"), the European Securitisation Forum ("ESF") and the Investment Management Association ("IMA") published guidelines designed to apply to a wide range of securitisation and other structured credit transactions. 6 The guidelines were prepared from the standpoint of the asset management industry and are principally designed to address concerns that investors have over-relied on credit ratings.

The guidelines provide that asset managers should:

  • have regard to their obligation to act professionally and in the best interests of their client; this includes undertaking necessary due diligence in relation to the investments and underlying assets and not treating credit ratings as a complete proxy for the analysis that should be made;
  • understand the limitations to any credit ratings and address the risks arising. Ratings should not replace appropriate risk analysis and management on the part of investors. Asset managers should understand the methodologies and competencies of the relevant CRA;
  • challenge mandates which appear ill-designed; and
  • periodically assess the adequacy and effectiveness of their arrangements for addressing the guidelines.


1 More details of the SEC's proposed rules are available from our client alerts: "SEC Adopts and Proposes Reforms Relating to Credit Ratings Agencies" (4 February 2009), , "SEC's New and Proposed Credit Rating Agency Rules" (4 December 2008), "SEC Proposals for Credit Rating Agency Reform: Potential Impact on the Asset-backed Markets" (5 August 2008), .

2 .

3 IOSCO Code of Conduct Fundamentals for Credit Rating Agencies (23 December 2004), .

4 See Annex A to the IOSCO Technical Committee's Final Report on The Role of Credit Rating Agencies in Structured Finance Markets (Revised May 2008), .

5 .

6 .

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Peter Green
Jeremy C. Jennings-Mares
In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.