How will the European Commission's latest legislative proposal affect European and U.S. transactions?
Broadly, the proposed reduction in reporting requirements will be welcome, especially for transactions classified as "private securitisations" (although the detail of such changes will not be available for some time). However, for U.S. transactions, there is some disappointment that the proposal reiterates the requirement that EU investors verify full compliance with the reporting requirements under Article 7 of the EUSR and increases the penalties on such investors for negligent or intentional non-compliance. The proposed changes to the regulatory capital treatment of securitisations which have been released concurrently with the legislative proposal also fall short of market expectations.
The European Commission (the "Commission") published its legislative proposal (the "Commission Draft Regulation") to amend the European Securitisation Regulation (Regulation (EU) 2017/2402, as amended) (the "EUSR") on June 17, 2025. The publication of the Commission Draft Regulation follows a lengthy review and consultation process, including a report by the Commission on the functioning of the EUSR published on October 10, 2022, (the "2022 Commission Report"), a targeted consultation on the functioning of the EUSR which ran from October 9 to December 4, 2024, and a report of the Joint Committee of the European supervisory authorities (the "Joint Committee") in respect of the EUSR published on March 31, 2025 (the "JC Report").
Among other things, the Commission Draft Regulation:
- Characterises as "public securitisations" any securitisation transactions for which a prospectus is required under the Prospectus Regulation1, that are listed on an EU trading venue or that are marketed to investors with non-negotiable terms (and specifies that securitisations that do not have any of the foregoing characteristics will be considered "private securitisations").
- Amends the transparency requirements applicable to public and private securitisations, requiring all securitisations to report to a securitisation repository and specifying that, in the future, private securitisations will have reduced reporting obligations and will be subject to a simplified reporting template.
- Updates the investor due diligence requirements for securitisations with EU sponsors or originators by eliminating the obligation to diligence risk retention, transparency and STS compliance. It also removes due diligence requirements for securitisations guaranteed by multilateral development banks or with a first loss tranche that is held or guaranteed by a narrowly defined list of public entities, if that tranche represents at least 15 percent of the nominal value of the securitised exposures.
- Reiterates the position set forth in the 2022 Commission Report that EU institutional investors in non-EU securitisations must verify that such securitisations comply with the reporting requirements in Article 7 of the EUSR and provides for the imposition of administrative sanctions and remedial measures for institutional investors that do not comply with their due diligence obligations under the EUSR.
- Makes certain amendments to the requirements applicable to STS securitisations by revising the homogeneity requirements to facilitate the securitisation of SME loans and allowing insurance and reinsurance companies to participate in the STS on-balance-sheet market by amending the eligibility criteria for credit protection under the EUSR to include an unfunded guarantee by an insurance or reinsurance undertaking that meets specified robustness, solvency and diversification criteria.
- Strengthens the authority of the Joint Committee to establish common supervisory procedures for securitisations in the EU.
- Imposes express penalties on EU investors that negligently or intentionally breach their due diligence obligations, which could include a fine of up to 10 percent of global turnover.
Notably, the Commission Draft Regulation does not provide any additional guidance in respect of the "sole purpose test" applicable to originator retention holders, despite the uncertainty surrounding such test following the JC Report.
Transparency requirements applicable to public and private securitisations
Under the existing EUSR, all securitisations (whether public or private) are required to provide the same level of detailed reporting, although securitisations which are not required to issue a prospectus under the Prospectus Regulation (currently considered private securitisations) are exempt from the requirement to provide such reporting to a securitisation repository.2 The Commission Draft Regulation proposes changes to the way public and private securitisations are defined and mandates the development of a separate reporting regime for private securitisations.
In the JC Report, the Joint Committee put forward its view that the current definition of private securitisations is too broad, capturing transactions which are public in substance but not required to produce a prospectus because they are not listed on a regulated market in the EU.3 CLOs, for example, are currently treated as private securitisations because they are listed on the Global Exchange Market of Euronext Dublin, which is a multilateral trading facility ("MTF") rather than a regulated market, and are therefore not required to report to securitisation repositories.
The Commission Draft Regulation accepts the Joint Committee's suggestion and expands the definition of "public securitisations" to include any securitisation that meets any of the following criteria:
- A prospectus has to be drawn up in accordance with Regulation (EU) 2017/1129 of the European Parliament and of the Council; or
- Marketed with notes constituting securitisation positions admitted to trading in the EU regulated markets and/or Multilateral Trading Facility (MTFs) and/or Organised Trading Facility (OTF) or/and any other trading venue in the EU; or
- Marketed to investors and where the terms and conditions are
not negotiable among the parties.4
"Private securitisations" are defined as any securitisations which are not public securitisations.
These definitions, if adopted in their current forms, would categorise both European CLOs and CLO warehouses with listed notes as public securitisations. The Commission Draft Regulation requires all securitisations to report to a securitisation repository, removing the current exemption for private securitisations. Consequently, the redesignation of such transactions as public rather than private initially has little practical effect, although this is expected to change once revised reporting templates for public and private securitisations have been adopted.5
To protect the confidentiality of private securitisations, only EU supervisors, certain national competent authorities and, upon request, the European Commission, will be able to access information held by the repositories immediately and free of charge, while investors and potential investors will only be able to access such information for public securitisations. It should also be noted that CLO warehouses and other transactions that list notes for tax purposes may have the option of listing outside the EU (which would allow the associated securitisations to be characterised as private if listing is the only characteristic that results in the transaction being deemed to be a public securitisation). The Commission Draft Regulation does not address whether existing private securitisations that would be characterised as public securitisations under the revised definitions would be required to report to a securitisation repository or be "grandfathered" once the revisions come into force.
On a more positive note, the Commission Draft Regulation acknowledges that the current reporting templates applicable to public and private securitisations are too costly and burdensome, and directs that the number of mandatory data fields be reduced by at least 35 percent.6 In particular, securitisations of short-term underlying exposures (such as credit cards and certain consumer loans) are cited as examples of transactions for which the reporting templates should no longer required loan level information. The Commission Draft Regulation also introduces the concept of a distinct reporting framework and a dedicated and simplified reporting template for private securitisations,7 and directs the European Banking Authority (the "EBA") to develop the relevant regulatory technical standards.8 Until such new templates are developed, securitisations will continue to report on the existing securitisation templates.
Due diligence requirements for EU institutional investors
Prior to investing in a securitisation, the EUSR requires EU institutional investors to verify, among other things, that "the originator, sponsor or SSPE has, where applicable, made available the information required by Article 7 in accordance with the frequency and modalities provided for in that Article".9
In the 2022 Commission Report, the European Commission set out its view that compliance with this provision requires EU institutional investors to verify that the securitisation will provide the full set of information required by the EUSR (including the relevant reporting templates), even though this could have the effect of excluding EU institutional investors from certain transactions and markets.
In its onshoring of the EUSR following Brexit, the UK reformulated this requirement to emphasise the need for the information provided to be sufficient for an investor to independently assess the risks of holding the securitisation position,10 and some had hoped the European Commission would take a similar approach when reviewing the EUSR.
However, the Commission Draft Regulation reasserts the position in the 2022 Commission Report, replacing the existing diligence requirement in Article 5(1)(e) of the EUSR with a specificrequirement for EU institutional investors to verify that third country securitisations comply with the Article 7 reporting requirements.11
This is a disappointing outcome for EU institutional investors seeking to invest in non-EU securitisations, and non-EU issuers marketing to EU investors. While the reporting burden may eventually be eased somewhat by the proposal to simplify the reporting templates, the obligation to confirm such compliance means that EU institutional investors may be precluded from investing in certain third country transactions that do not strictly comply with all of the Article 7 transparency requirements, which is inconsistent with the stated objective to take a principles based approach to regulation of the securitisation market.
The Commission Draft Regulation also preserves the ability of EU institutional investors to delegate both investment management decisions and compliance with the due diligence obligations of that investor under the EUSR. However, under the proposed amendments to Article 5 of the EUSR the delegating investor would remain liable for compliance with such obligations irrespective of any delegation. Coupled with the changes to Article 32 of the EUSR, which specify that failure to comply with investor due diligence requirements will be subject to remedial measures and administrative sanctions, the European Commission's goal of reducing the compliance burden associated with the transparency requirements has been accompanied by an increase in punitive measures if the investor due diligence requirements are not met.
Penalties
The Commission Draft Regulation provides that national competent authorities may impose administrative sanctions in the case of negligence or intentional infringement by an institutional investor of its due diligence obligation under the EUSR, including fines of up to 10 percent of total annual net turnover.
Sole purpose test
The Commission Draft Regulation does not provide any guidance around the requirements to be an eligible retention holder under the EUSR, despite the uncertainty surrounding such requirements following the publication of the JC Report (as to which we discussed in detail in On Points of April 1, 2025, link here and April 4, 2025, link here).
The EUSR provides that an entity will not be considered to be an originator (and so will be ineligible to act as risk retainer) if it has been established or operates for the sole purpose of securitising exposures (the "Sole Purpose Test").12
Commission Delegated Regulation (EU) 2023/2175 (the "Risk Retention RTS") specifies that an entity will be deemed to satisfy the Sole Purpose Test where, among other things, "the entity has a strategy and the capacity to meet payment obligations consistent with a broader business model that involves material support from capital, assets, fees or other sources of income, by virtue of which the entity does not rely on the exposures to be securitised, on any interests retained or proposed to be retained in accordance with Article 6 [of the EUSR], or on any corresponding income from such exposures and interests, as its sole or predominant source of revenue".13
The reference to an entity's predominant source of revenue was added relatively late in the process of finalising the Risk Retention RTS and is not included, for example, in the equivalent provision in the UK securitisation framework (which is based on an earlier draft of the RTS). However, in its final report on the draft Risk Retention RTS published in 2022, the EBA expressed its view that consideration should be given to an entity's income rather than the composition of its balance sheet as the income better reflects the business model of the retainer.
In the JC Report, the Joint Committee expressed concern that the use of third party origination vehicles that are predominately funded by third party investors and derive a substantial majority of their revenues from retention notes "would not be in line with the original intention behind the sole purpose test given that the entity's revenues would be or are predominately derived from the securitised assets or assets held on balance sheet that are subsequently securitised".14
In response to this concern, the JC Report states that "the term 'predominant' used in these RTS should be understood as corresponding to a threshold of more than 50%. According to the RTS, this means that the entity's revenues should correspond to no more than 50% [of] the exposures to be securitised, risk retained assets or [assets] proposed to be retained in accordance with Article 6 of the SECR, or any corresponding income from such exposures and risk retained assets"15 (the "50 percent Revenue Test").
Following the publication of the JC Report, many aspects of the 50 percent Revenue Test remain unclear, including how and when the threshold should be calculated. The Commission Delegated Regulation does not propose to make any changes to the risk retention requirements in Article 6 of the EUSR (including the Sole Purpose Test) and leaves questions about the 50 percent Revenue Test unresolved. There is currently no indication from the Joint Committee or any other European regulatory authority as to when any such guidance is likely to be issued.
Impact on U.S. transactions
Currently, U.S. CLOs, ABS and RMBS ("U.S. Asset-Backed Securities Transactions") marketed to EU investors, along with U.S.-based asset-backed loan transactions ("U.S. Asset-Backed Loans") with EU lenders (to the extent classified as "securitisations" under the EUSR), are required to comply with EU risk retention rules, reporting requirements under Article 7 of the EUSR and credit-granting criteria. However, such transactions are currently categorised as "private securitisations" and therefore not required to report to a securitisation repository.
If adopted in its current form, the Commission Draft Regulation will have the following impact on such transactions:
- U.S. Asset-Backed Securities Transactions (if classified as public securitisations) will continue to be subject to the full reporting requirements under Article 7 of the EUSR and will not benefit from the reduced reporting requirements which will apply to private securitisations (although they will benefit from the proposed simplification of the reporting requirements for public securitisations). EU investors will also be subject to increased penalties for failing to verify that transactions have provided the required reporting.
- U.S. Asset-Backed Loans (if classified as securitisations under the EUSR) should be treated as private securitisations and therefore will be able to use the simplified reporting templates for private securitisations once they are introduced, which should significantly reduce the EU compliance burden for such transactions and other private securitisations.
- Both public and private securitisations will be required to submit reports and information to a securitisation repository and will incur additional fees for such reporting (although such fees are relatively modest). U.S. issuers should review their current EUSR reporting to ensure that it meets the requirements of the securitisation repositories (such as the 10 percent limit on the use of "no data" responses),16 otherwise the report will be rejected.
Regulatory Capital
In a separate proposal released at the same time, the Commission also proposed changes to European prudential capital legislation for banks holding securitisation exposures to, among other things, reduce the p-factor (used in the calculation of securitisation risk capital) and to adopt a more principles-based approach to risk transfer. The proposals also suggested that similar reforms will also be made to Solvency II for insurers. However, market sentiment seems to be that these proposals fall far short of the regulatory capital changes needed to encourage bank and insurance investors to invest in securitisations and to re-energise the market and that the proposed regulatory capital treatment of securitisations will continue to be much more adverse compared to similar exposures from other instruments such as whole loans and covered bonds.
Conclusion
While the potential reduction in the reporting burden for both public and private securitisations is welcome, the other headline changes in the Commission Draft Regulation are either neutral from the perspective of securitisation market participants or net negative. The Commission Draft Regulation imposes securitisation repository reporting requirements on all securitisations, requires EU institutional investors to verify full Article 7 compliance by non-EU securitisations and does not offer any clarity on the questions raised in relation to the Sole Purpose Test in the recent JC Report.
The introduction to the Commission Draft Regulation states that
the Commission's review of the EUSR "aims to remove undue
obstacles that hinder the growth and development of the EU
securitisation market, but without introducing risks to financial
stability, market integrity or investor
protection".17 A number of improvements could be
made to the Commission Draft Regulation to facilitate the
streamlining of the current regulatory framework without
compromising its integrity. Market participants will hope that the
European Council and Parliament consider incorporating such
improvements in their respective reviews of the Commission Draft
Regulation, which are expected to begin later this year. The
revised EUSR is expected to come into force in 2026.
Footnotes
1 Regulation (EU) 2017/1129.
2 EUSR, Article 7(2).
3 JC Report, paragraph 52.
4 Commission Draft Regulation, Article 1(2).
5 Commission Draft Regulation, Recital 13.
6 Commission Draft Regulation, Recital 12.
7 Commission Draft Regulation, Article 1(4)(b).
8 Commission Draft Regulation, Article 1(4)(c).
9 EUSR, Article 5(1)(e).
10 Securitisation sourcebook of the UK FCA Handbook, 4.2.1R(e).
11 Commission Draft Regulation, Article 1(3)(b).
12 EUSR, Article 6(1).
13 Risk Retention RTS, Article 2(7).
14 JC Report, paragraph 120.
15 JC Report, paragraph 123
16 ESMA Final Report – Guidelines on securitisation repository data completeness and consistency thresholds – 10 July 2020
17 Commission Draft Regulation, p. 2.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.