On 17 January 2018, an EU Regulation setting out a new regulatory framework for securitisation transactions (the Securitisation Regulation) takes effect, after being published in the Official Journal of the European Union on 28 December 2017. The Securitisation Regulation introduces the concept of simple, transparent and standardised (STS) securitisation into EU law, setting out detailed criteria which a transaction must satisfy in order to label itself as STS. Amendments (the CRR amendments) have been made to the Credit Requirements Regulation (the CRR) to introduce a preferential capital regime for positions held in STS securitisations by credit institutions and investment firms.

The Securitisation Regulation will apply from 1 January 2019 to securitisation transactions the securities of which are issued on or after 1 January 2019 and to any securitisation that creates new securitisation positions on or after 1 January 2019 (subject to certain transitional arrangements). This briefing summarises the key changes that will be made by the new securitisation framework from the date of its application.

Provisions applicable to all securitisations


  • The definition of “securitisation” used in the CRR has been copied across into the Securitisation Regulation with the addition of a new limb to make it clear that any transaction which creates “specialised lending exposures” in accordance with Article 147(8) of the CRR is not a securitisation for these purposes. Otherwise, the definition of securitisation remains unchanged.
  • The Securitisation Regulation sets out due diligence requirements that apply to “institutional investors”. “Institutional investors” is defined to include credit institutions, investment firms, insurers, reinsurers and alternative investment fund managers, to whom rules relating to exposures to securitisation transactions already apply, and also UCITS management companies, internally managed UCITS, institutions for occupational retirement provision and investment managers or authorised entities appointed by an institution for occupational retirement provision.
  • The definition of “sponsor” has been broadened, most significantly to include non-EU investment firms (as well as non-EU credit institutions).

Risk retention

  • 5% retention requirement retained: There has been no change to the minimum level of material net economic interest which must be retained (5%) or the five permitted retention methods.
  • Direct risk retention obligation: The new rules impose risk retention requirements directly on originators, sponsors and original lenders. This means that EU originators and sponsors will need to satisfy the requirements even where there is no requirement from investors to do so (e.g. because they are non-EU entities). This direct risk retention obligation applies to any originator, sponsor or original lender, including corporates, not just institutional entities regulated under sectoral legislation. The current ‘indirect’ obligations placed on EU institutional investors, to ensure that EU risk retention requirements are met before investing in a securitisation, are also maintained in the new due diligence rules.
  • Originator: The Securitisation Regulation specifies that, for the purpose of satisfying the risk retention rules, “an entity shall not be considered to be an originator where the entity has been established or operates for the sole purpose of securitising exposures”. Details of what is required to pass this test, such as how an originator can demonstrate that it has a “broader business enterprise”, will be included in a new set of regulatory technical standards (RTS) on the risk retention requirements which are in the process of being developed by the European Banking Authority (the EBA), and will replace the current RTS under the CRR.
  • Cherry picking: Article 6 of the Securitisation Regulation prohibits originators from intentionally securitising assets which are more likely to suffer losses than comparable assets kept on the originator’s balance sheet. However, the recitals suggest that an originator may select assets with a higher than average credit risk profile to be securitised, provided that this is clearly communicated to investors and authorities. This is also included in the EBA’s proposed RTS.

Comparative credit granting requirements

All originators, sponsors and original lenders will be required to apply the same sound and well-defined criteria for credit granting to exposures to be securitised as are applied to exposures held on balance sheet. An originator which purchases a third party’s exposures for its own account and then securitises them is required to verify that the original lender also met such credit granting criteria (although there is limited grandfathering for older transactions complying with current rules).

Self-certified loans

The securitisation of residential loans originated since 20 March 2014 that were marketed and underwritten on the premise that the loan applicant or intermediaries were made aware that the information provided by the loan applicant might not be verified by the lender (often referred to as ‘self-certified’ mortgages) is prohibited.


  • Repeal of Article 8(b): Article 8(b) of the Credit Rating Agency Regulation contains information disclosure requirements applicable to securitisations of certain asset classes (although no ESMA website has been set up to enable parties to upload such information). This will be repealed from 1 January 2019 and replaced with new disclosure requirements.
  • New disclosure requirements: Originators, sponsors and securitisation special purpose entities (SSPEs) must make available to holders of a securitisation position, competent authorities and, upon request, to potential investors, certain information on the transaction and underlying exposures. ESMA is in the process of developing standardised disclosure templates.
  • Securitisation repositories: Information must be disclosed via a registered securitisation repository or, if no registered securitisation repository exists, via a website that meets specified requirements as to data control and security.
  • Private transactions: Where there is no requirement under EU law to draw up a prospectus in relation to a securitisation transaction, the obligation to disclose transaction information publicly by way of securitisation repository or website does not apply (information must be disclosed on a bilateral basis). A transaction summary or overview of the main features of the securitisation will have to be prepared for such private transactions and made available to holders of securitisation positions, competent authorities and, upon request, to potential investors. In the context of private transactions, however, “potential” investors is likely to be a limited category of persons.

Restrictions on selling securitisations to retail clients

Specific conditions will have to be met before a “seller” of a securitisation position can sell that position to a retail client. This restriction, alongside the MIFID II and PRIIPS regimes, means that originators, issuers other parties involved in marketing and distribution will have to be very careful about the target market for securitisations.


Re-securitisation transactions (securitisation transactions where the underlying exposures include securitisation positions) are prohibited, subject to certain carve outs including where the securitisation is used to ensure the viability as a going concern of a credit institution, investment firm or financial institution (or to facilitate its winding-up), or to preserve the interest of investors where the underlying exposures are non-performing.

Requirements for SSPEs

The Securitisation Regulation introduces a prohibition against SSPEs being established in certain types of jurisdiction, including those which are considered high-risk by the Financial Action Task Force and those which have not signed up to OECD agreements for the exchange of information on tax matters.

Simple, transparent and standardised securitisation

STS criteria

The STS criteria are set out on a general basis, rather than being asset-class specific, but there are separate sets of criteria for STS term transactions and for STS asset-backed commercial paper transactions. Much of the detail remains to be fleshed out in technical standards and guidelines which are being developed by the European supervisory authorities.

Application to existing transactions

The Securitisation Regulation includes transitional provisions enabling securitisations, the securities of which were issued before 1 January 2019, to be designated as STS provided that they satisfy certain criteria at the time of notification of STS status. Parties may wish to amend the terms of existing transactions to enable them to be designated as STS.

Excluded classes

Certain types of securitisation are very unlikely to be able to satisfy STS criteria; these include securitisations of non-performing loans, managed CLOs and CMBS. At this point synthetic securitisations cannot qualify as STS (although the EBA is required to publish a report on STS synthetic securitisation by July 2019). Any securitisation which involves a non-EU originator, sponsor or SSPE will not be able to qualify as STS; there is no third country equivalence regime applicable to non-EU parties. This is a significant consideration for UK originators as they will be non-EU parties post-Brexit.

STS designation

Originators and sponsors (or, in the case of ABCP programmes, just sponsors) are required jointly to notify ESMA if their securitisation satisfies the STS criteria. This STS notification must include an explanation of how each of the STS criteria is satisfied. Further detail will be set out in new technical standards.

Third party certification agents

The originator, sponsor or SSPE is permitted to use the services of an authorised third party certification agent to assess the compliance of a securitisation with the STS criteria. However, it is made clear that (i) the originator, sponsor and SSPE would remain liable for any incorrect notification and (ii) a certification would not affect the obligation placed on institutional investors to assess whether a securitisation labelled as STS has actually satisfied the criteria. Institutional investors are permitted to rely “to an appropriate extent” on the STS notification and the information contained within it, but “without solely or mechanistically relying on that notification or information”.

Regulatory capital treatment

The CRR amendments introduce preferential regulatory capital requirements for exposures to STS securitisations, when compared with exposures to non-STS securitisations, for credit institutions and investment firms. Additional criteria are set out in the CRR amendments which the securitisation must satisfy in order for such preferential regulatory capital treatment to apply. The Commission is working on adjustments to the regulatory capital treatment of STS securitisations applicable to insurers and reinsurers pursuant to Solvency II.

Supervision and extra-territoriality

National competent authorities will supervise compliance with the Securitisation Regulation. Where an entity is already supervised by a competent authority under existing EU sectoral legislation, the same competent authority will generally supervise their compliance with the Securitisation Regulation. Member States are required to designate competent authorities to supervise any currently unsupervised entities (e.g. corporate originators). In relation to the direct risk retention requirements, the transparency rules, the ban on re-securitisation and the criteria for credit granting, only originators, original lenders and SSPEs established in the EU are required to be supervised. However, we do not have complete certainty over the geographical scope of application of the Securitisation Regulation.

The drafting of the CRR amendments has created significant concerns (for institutions who are subject to the CRR) in relation to application of the rules on a consolidated basis to non-EU subsidiaries. All references to Part Five of the CRR, which will be repealed from 1 January 2019, will be read as references to Chapter 2 of the Securitisation Regulation from that date. Therefore, the current requirement under Article 14 of the CRR (that CRR parent undertakings must ensure that subsidiaries not subject to the CRR comply with Part Five of the CRR) would apply to all of the rules contained in Chapter 2 of the Securitisation Regulation, including the due diligence requirements, the direct risk retention requirements, the transparency rules, the ban on re-securitisation and the criteria for credit granting. It would, clearly, be of real concern if non-EU subsidiaries active as an originator or sponsor in a non-EU securitisation market had to comply with these EU rules, despite having no EU investors and no EU nexus other than its parent company. There is some hope that this will be addressed in the new technical standards, but any fix is likely to be fairly limited.

Sanctions for breach

Severe sanctions, including large fines, may be applied for breach of the new rules. However, the final text requires that competent authorities must take into account, when determining the applicable sanction, the extent to which the infringement is intentional or results from negligence, as well as other factors including the materiality, gravity and duration of any infringement and the level of cooperation by the responsible party with the competent authority.

Grandfathering and transitional provisions

The general position is that the Securitisation Regulation will only apply to securitisations the securities of which are issued, or which create new securitisation positions, on or after 1 January 2019. Pre-existing securitisations would, generally, continue to be subject to the rules in place immediately before the application date of the Securitisation Regulation, unless new securities are issued or new positions are created.

It is likely that not all of the regulatory technical standards and guidelines required by the Securitisation Regulation will be operative by 1 January 2019. In relation to certain provisions, existing technical standards will continue to apply in the interim period.

What about Brexit?

The UK Government has proposed a European Union (Withdrawal) Act (the Withdrawal Act), the effect of which would be to carry over the content of EU law, as it stands immediately before Brexit, into UK law on the date the UK leaves the EU. The Bill is currently going through Parliament. Given the current expected timelines, this would mean that the Securitisation Regulation will be incorporated into UK domestic law by the Withdrawal Act. There is a chance that not all regulatory technical standards supporting the Securitisation Regulation will be applicable at the withdrawal date; if not, they will not automatically become part of UK law under the Withdrawal Act, although that would not prevent other legislation from being made for that purpose. Indeed, it is possible that an EU-UK agreement on a post-Brexit transitional period would require the UK to adopt EU legislation made during the transitional period. Under the proposed Withdrawal Act, the UK Government will be given powers to amend the statue book by secondary legislation to address deficiencies (so-called “Henry VIII powers”). Many uncertainties remain as to how this might operate in practice.

Next steps

The market has generally welcomed the finalisation of the Securitisation Regulation and the increased degree of certainty that this brings. All eyes are now on the development of supporting technical standards and guidelines, which will flesh out much of the detail required to comply with the new regime. The industry hopes for a pragmatic approach to be taken.