The Securitisation Regulation (Regulation 2017/2402) (the Regulation) came into force on 17 January 2018 and will be directly applicable across the EU from 1 January 2019.

It is part of the European Commission’s reform measures on the EU’s capital markets union. It contains significant changes to the current securitisation regulatory framework in its consolidation of the existing patchwork of sector-specific rules. It also introduces rules for issuing simple, transparent and standardised (STS) transactions. These harmonised rules impact UCITS management companies, AIFMs, internally-managed UCITS and AIFs and certain other types of investor (collectively, Institutional Investors) that engage in certain transactions.


The Regulation is intended to capture any transaction or scheme whereby the credit risk associated with an exposure or a pool of exposures is tranched and has the following characteristics:

ƒ payments in the transaction or scheme are dependent upon the performance of the exposure or of the pool of exposures; and

ƒ the subordination of tranches determines the distribution of losses during the ongoing life of the transaction or scheme.

Transactions or schemes which create exposures towards entities created specifically to finance or operate physical assets (“specialised lending exposures”) are out of scope.


AIFMs which gain exposure to securitisations on behalf of AIFs they manage are already required to comply with certain securitisation rules under AIFMD. However, no such due diligence, transparency and risk rules were imposed with respect to investment in securitisations by UCITS as delegated acts required to introduce these under the UCITS Directive were not implemented. This has now been addressed under the Regulation as the definition of “institutional investor” includes new investor classes such as UCITS management companies and internallymanaged UCITS, meaning that they will, for the first time, have to comply with rules applicable to securitisation positions held under the regulatory framework. 

Moreover, certain AIFMs and internally-managed AIFs which have to date been outside the scope of the Regulation are now within its remit due to the broader definition of Institutional Investor. These are sub-threshold AIFMs who have not opted into the full AIFMD and non-EU AIFMs which manage and/or market AIFs into the EU. On a strict reading of the definition, a non-EU AIFM could bring its entire portfolio of AIFs within scope if it markets any AIF in the EU. It is not clear that this extension is provided for and it clearly was not intended. We expect that the matter will be clarified by way of guidance from ESMA or the European Commission.

In addition to applying to Institutional Investors, the Regulation applies to certain originators, sponsors, original lenders and securitisation special purpose entities.

Overview of the obligations

Due diligence

Institutional Investors must undertake verification and due diligence processes before becoming exposed to a securitisation covered by the Regulation in order to properly assess the risks arising. Prior to holding a securitisation position, an Institutional Investor must verify that the originator, original lender, securitisation special purpose entity or sponsor (as applicable):

ƒ grants all the credits giving rise to the underlying exposures on the basis of sound and well-defined criteria and clearly established processes for approving, amending, renewing and financing those credits and has effective systems in place to apply those criteria and processes;

ƒ retains on an ongoing basis a material net economic interest of at least 5%;

ƒ discloses the risk retention to Institutional Investors; and

ƒ makes available information under the transparency obligations in accordance with the frequency and modalities imposed, if requested.

In advance of holding a securitisation position, an Institutional Investor must also carry out a due diligence assessment which enables it to assess the risks involved. The assessment must cover at least all of the following:  

ƒ the risk characteristics of the individual securitisation position and of the underlying exposures;

ƒ all the structural features of the securitisation that can materially impact the performance of the securitisation position, including the contractual priorities of payment and priority of payment-related triggers, credit enhancements, liquidity enhancements, market value triggers and transaction-specific definitions of default; and

ƒ where the securitisation has been notified as STS, the compliance of that securitisation with the requirements in the Regulation.

ƒ There is also an obligation to monitor (on an ongoing basis and in a timely manner) performance information on the exposures underlying securitisation positions. In order to comply with the obligations imposed, an Institutional Investor must: 

ƒ establish appropriate written procedures that are proportionate to the risk profile of the securitisation position and, where relevant, to the Institutional Investor’s trading and nontrading book;

ƒ perform regular stress tests on the cash flows and collateral values supporting the underlying exposures or, in the absence of sufficient data on cash flows and collateral values, stress tests on loss assumptions, having regard to the nature, scale and complexity of the risk of the securitisation position or (where relevant) on the solvency and liquidity of the sponsor;

ƒ ensure internal reporting to its management body so that the management body is aware of the material risks arising from the securitisation position and so that those risks are adequately managed; and

ƒ be able to demonstrate to its competent authorities, upon request, that:

  • it has a comprehensive and thorough understanding of the securitisation position and its underlying exposures;
  • it has implemented written policies and procedures for the risk management of the securitisation position and for maintaining records of the verifications and due diligence in accordance with the requirements and any other relevant information; and; 
  • it has, where relevant, a comprehensive and thorough understanding of the credit quality of the sponsor and of the terms of the liquidity facility provided.

These compliance measures need to be in place as long as exposure to a securitisation remains in place.

Risk retention 

Institutional Investors have to comply with indirect risk retention obligations set down in the Regulation to ensure that the securitising entity retains a material net economic interest of at least 5% in the securitisation. This is already the case for AIFMs and internally-managed AIFs under AIFMD but (as noted above) does not currently apply to UCITS management companies or internally-managed UCITS. In addition to this obligation applying to all entities that fall within the broad definition of Institutional Investor, the Regulation introduces a “direct” risk retention obligation on the originator, sponsor or original lender itself to ensure it retains this interest, such that the burden no longer rests on investors alone. This new obligation requires retention of risk by EU established securitising entities even if investors are not located in the EU and fall outside the definition of Institutional Investors. 

The due diligence which must be carried out by Institutional Investors prior to becoming exposed to a securitisation position includes verifying that this risk retention obligation has been complied with. 


Originators, sponsors and original lenders must make available to holders of a securitisation position certain information on the transaction and underlying exposures within investor reports. This will assist Institutional Investors in complying with the due diligence obligations imposed on them on an ongoing basis for the duration of an exposure to a securitisation.

Corrective action

Where Institutional Investors are exposed to a securitisation that no longer meets the requirements of the Regulation they must, in the best interest of the investors, act and take corrective action, if appropriate. This obligation does not necessarily require that positions are sold, which gives flexibility to determine what actions should be taken in the circumstances to ensure investors are protected. This could mean hedging or seeking compliance instead of a sale of investments, or documenting why holding a non-compliant position is the best option available to investors. 

Contractual arrangements

The Regulation addresses delegation to third parties of investment management decisions. Where an Institutional Investor has given another Institutional Investor authority to make investment management decisions that might expose it to a securitisation, the Institutional Investor may instruct that delegate to fulfil its obligations in respect of any exposure to a securitisation arising from those decisions. Institutional Investors may wish to review their contracts with delegates to ensure they cover compliance with the obligations.

Grandfathering and transitional provisions

The Regulation applies to securitisations the securities of which are issued on or after 1 January 2019 or which create new securitisation positions on or after that date. Securitisations that already exist on that date will continue to be subject to the existing rules applicable to them. 

Authorised AIFMs are currently subject to certain rules on investing in securitisations under the Commission Delegated Regulation (EU) No. 231/2013 supplementing AIFMD and these will continue to apply to investment in securitisations where the securities were issued prior to 1 January 2019.

UCITS management companies and internallymanaged UCITS are required to comply with the Regulation in respect of investments of securitisations that are issued from 1 January 2019.

Next steps

Institutional Investors should review their investments to determine if they engage in transactions that fall within the scope of the Regulation.

Where Institutional Investors do engage in such transactions or intend to in the future, they will adopt a methodology to ensure long-term compliance with the requirements that will apply to them from 1 January 2019. This will include: 

ƒ reviewing existing policies and procedures regarding due diligence, risk assessment, reporting, record-keeping and actions which may be taken where securitisations cease to comply;

ƒ updating the policies and procedures to address the detailed obligations laid down in the Regulation;

ƒ reviewing fund documentation to ensure that the necessary disclosures are included in the prospectus or relevant supplement in respect of the impact of the Regulation; and

ƒ reviewing contractual arrangements with investment managers to ensure that the investment manager is obliged to comply with the relevant provisions of the Regulation.