On December 17, 2013, the European Banking Authority (EBA) issued a consultation paper (Consultation Paper) regarding the manner in which national regulators and originator credit institutions should determine whether there has been significant risk transfer in connection with an institution’s securitization practices.1 The consultation period runs until March 17, 2014. A successful transfer permits the exclusion of the transferred exposures from the calculation of risk-weighted exposure amounts and expected loss amounts.
Articles 243 and 244 of the Capital Requirement Regulation (the CRR, adopted in connection with the Capital Requirements Directive of June 26, 2013 (CRD IV), both of which entered into force on July 17, 2013) state the requirements for significant risk transfer. Article 243 applies to traditional securitizations; Article 244, synthetic securitizations.1 Only Article 243 (set out in full at the end of this paper for ease of reference) and the portions of the Consultation Paper dealing with it will be considered here, although some related German regulatory actions will be discussed as well. The guidance in the Consultation Paper is interesting as an indication of the ways in which the substantive function of the securitization process is thought of and, by implication, of the ways in which compliance programs need to be implemented. The German actions throw light on the development of compliance programs in general.
The Consultation Paper states that the following states of affairs, among others, may indicate a need to conduct an examination of an institution’s risk transfer practices:
- The tranches whose thickness is used to measure risk transfer under Article 243(2) are too thin, indicating that the originator has retained too much exposure;
- The ratings assigned by an external rating agency and used in an evaluation of the risk weights do not seem justified;
- Reasons exist for believing that estimates of likely losses are too low;
- Reasons exist for believing that the margin by which the portions of the securitization position that would be deducted from Tier 1 capital or be treated as subject to a risk weight of 1,250% would exceed estimates of likely losses is too low;
- The cost of transferring credit risk is so high that it undermines the value of any actual risk transfer;
- The originator must rely on its own credit evaluation to demonstrate significant risk transfer because no external ratings are available; or
- What is being securitized is a trading book portfolio.
If an examination is conducted, the following factors are among those that should be considered in determining whether significant risk has been transferred:
- The relative values of the pre-securitization and retained post-securitization risk-weighted exposure amounts;
- The methods used to conduct the demonstration of significant risk transfer pursuant to Article 243(4)2;
- The internal and external models used to calculate the transfer of credit risk and the extent to which they are well understood and integrated into the institution’s regular processes;
- The stress assumptions used by the originator and how they compare to supervisory stress assumptions and other relevant economic and financial data;
- The degree to which the originator understands the exposures it is securitizing, including its understanding of the nature and extent of any idiosyncratic risk; and
- A high sensitivity of the capital requirements associated with the retained risk to small changes in the criteria used in an internal ratings based (IRB) system for calculating capital, if the originator uses the supervisory formula (and not IRB) in its capital calculations.
In addition to the substantive aspects of evaluating and transferring risk, the following elements of transaction structure need to be considered, according to the Consultation Paper:
- The existence of optional calls that provide an incentive for the originator to take exposures back onto its balance sheet;
- The presence of information suggesting the provision of implicit support in past transactions;
- The nature, purpose and effect of exercising any clean-up calls;
- The possible abuse of replenishment periods by using exposures that protect investors but increase the credit risk to the originator;
- Any mechanisms that might disproportionately reduce over time the risk transferred by the originator;
- The involvement of investors that are so closely affiliated with the originator that their holdings do not amount to an actual transfer of risk3;
- The adequacy of the credit rating agency whose ratings are being used to calculate the amount of capital required with respect to exposures; and
- The adequacy of an institution’s internal policies and mechanisms regarding the transfer of credit risk.
The Consultation Paper concludes with a discussion of what originator institutions need to do to ensure that the kinds of inquiries described above will generate results that national authorities will find acceptable. In addition to, in effect, reverse engineering the inquiries, behaving accordingly, and having the ability to demonstrate appropriate behavior, institutions are asked to keep the authorities informed about potential difficulties in satisfying the requirement of satisfactory risk transfer. Furthermore, institutions should:
- Integrate risk transfer issues into their overall capital allocation procedures;
- Consider the fundamental economic position of the institution when evaluating the effectiveness of risk transfer;
- Evaluate the costs paid (including the pricing of the deal itself) in connection with risk transfer, in order to determine how much financial risk is actually being transferred;
- Continue to measure risk transfer throughout the lifetime of a transaction, including matches and mismatches of cash inflows and outflows;
- Take both expected and unexpected risk into account, including counterparty risk; and
- Evaluate linkages between the parties to each transaction, the existence of any implicit credit support, the appropriateness of the tranche thicknesses chosen and the likely responses of the underlying assets to different kinds and magnitudes of stress events.
The combination of the steps or measures described above would appear to reinforce the general impression that the risk to institutions is, to an increasingly large extent, proposed to be managed by placing requirements on compliance systems and by making risk management a primary business function of financial institutions.
This general impression would appear to be confirmed by recent regulatory steps taken in Germany. Germany implemented the CRD IV and CRR by amending the German Banking Act (KWG or Kreditwesengesetz). Since January 1, 2014, German banks have been required by § 25a para. 1 sentence 6 No. 3 KWG to implement a whistleblowing hotline. That requirement had its origin in a July 2011 decision of the European Court of Human Rights that each person has the right to communicate his or her opinion. Together with the recent amendment of the KWG, this decision renders whistleblowing hotlines an important part of the compliance and corporate governance structures required of German credit institutions. In addition, whistleblowing hotlines are seen as furthering bank compliance with the required ethical standards and principles, which derive both from September 2011 EBA guidelines on internal governance and the recent amendments to the KWG. Whistleblowing hotlines in Germany are intended to give employees the opportunity to anonymously report breaches of the KWG and the rules and regulations promulgated thereunder as well as other criminal actions (so-called: “sonstige strafbare Handlungen”) and breaches of the CRR. To ensure anonymity, external lawyers and law firms are often employed to directly receive the information from whistleblowers. Whistleblowing hotlines also represent an important component of a credit institution’s general compliance functions and of the comprehensive “alert” function that must be established for senior management bodies.
In addition, effective January 1, 2014, German law requires that a new compliance function be established pursuant to BaFin’s minimum requirements for risk management (MaRisk). These minimum requirements widen the scope of compliance from capital markets compliance, anti money-laundering, fraud prevention and data protection to include all legal provisions which are relevant to the bank itself. As part of the new requirements, the institution’s compliance officer must now report all relevant compliance risks to the members of the institution’s management board, or Vorstand. Included in the focus of these legal provisions is investor protection. Pursuant to MaRisk, German banks are currently implementing proactive compliance advisory functions as well as compliance control functions for all legal matters relating to investor protection which are not yet covered by the other compliance functions already existing within the organizational structure.
Article 243 - traditional securitisation
- The originator institution of a traditional securitisation may exclude securitised exposures from the calculation of risk-weighted exposure amounts and expected loss amounts if either of the following conditions is fulfilled:
- significant credit risk associated with the securitised exposures is considered to have been transferred to third parties;
- the originator institution applies a [1,250%] risk weight to all securitisation positions it holds in this securitisation or deducts these securitisation positions from Common Equity Tier 1 items in accordance with Article 36(1)(k).
- Significant credit risk shall be considered to have been transferred in the following cases:
- the risk-weighted exposure amounts of the mezzanine securitisation positions held by the originator institution in this securitisation do not exceed 50% of the risk weighted exposure amounts of all mezzanine securitisation positions existing in this securitisation;
- where there are no mezzanine securitisation positions in a given securitisation and the originator can demonstrate that the exposure value of the securitisation positions that would be subject to deduction from Common Equity Tier 1 or a [1,250%] risk weight exceeds a reasoned estimate of the expected loss on the securitised exposures by a substantial margin, the originator institution does not hold more than 20% of the exposure values of the securitisation positions that would be subject to deduction from Common Equity Tier 1 or a [1,250%] risk weight.
Where the possible reduction in risk weighted exposure amounts, which the originator institution would achieve by this securitisation is not justified by a commensurate transfer of credit risk to third parties, competent authorities may decide on a case-by-case basis that significant credit risk shall not be considered to have been transferred to third parties.
- For the purposes of paragraph 2, mezzanine securitisation positions mean securitisation positions to which a risk weight lower than [1,250%] applies and that are more junior than the most senior position in this securitisation and more junior than any securitisation position in this securitisation to which either of the following is assigned in accordance with Section 4:
- in the case of a securitisation position subject to Section 3, Sub-section 3 a credit quality step 1;
- in the case of a securitisation position subject to points Section 3, Sub-section 4 a credit quality step 1 or 2.
- As an alternative to paragraphs 2 and 3, competent authorities shall grant permission to originator institutions to consider significant credit risk as having been transferred where the originator institution is able to demonstrate, in every case of a securitisation, that the reduction of own funds requirements which the originator achieves by the securitisation is justified by a commensurate transfer of credit risk to third parties. Permission shall be granted only where the institution meets all of the following conditions:
- the institution has appropriately risk-sensitive policies and methodologies in place to assess the transfer of risk;
- the institution has also recognised the transfer of credit risk to third parties in each case for purposes of the institution’s internal risk management and its internal capital allocation.
- In addition to the requirements set out in paragraphs 1 to 4, as applicable, all the following conditions shall be met:
- the securitisation documentation reflects the economic substance of the transaction;
- the securitised exposures are put beyond the reach of the originator institution and its creditors, including in bankruptcy and receivership. This shall be supported by the opinion of qualified legal counsel;
- the securities issued do not represent payment obligations of the originator institution;
- the originator institution does not maintain effective or indirect control over the transferred exposures. An originator shall be considered to have maintained effective control over the transferred exposures if it has the right to repurchase from the transferee the previously transferred exposures in order to realise their benefits or if it is obligated to re-assume transferred risk. The originator institution’s retention of servicing rights or obligations in respect of the exposures shall not of itself constitute indirect control of the exposures;
- the securitisation documentation meets all the following conditions:
- it does not contain clauses that other than in the case of early amortisation provisions, require positions in the securitisation to be improved by the originator institution including but not limited to altering the underlying credit exposures or increasing the yield payable to investors in response to a deterioration in the credit quality of the securitised exposures;
- it does not contain clauses that increase the yield payable to holders of positions in the securitisation in response to a deterioration in the credit quality of the underlying pool;
- it makes it clear, where applicable, that any purchase or repurchase of securitisation positions by the originator or sponsor beyond its contractual obligations is exceptional and may only be made at arms’ lengths conditions;
- where there is a clean-up call option, that option shall also meet the following conditions:
- it is exercisable at the discretion of the originator institution;
- it may only be exercised when 10% or less of the original value of the exposures securitised remains unamortised;
- it is not structured to avoid allocating losses to credit enhancement positions or other positions held by investors and is not otherwise structured to provide credit enhancement.
- The competent authorities shall keep EBA informed about the specific cases, referred to in paragraph 2, where the possible reduction in risk-weighted exposure amounts is not justified by a commensurate transfer of credit risk to third parties, and the use institutions make of paragraph 4. EBA shall monitor the range of practices in this area and shall, in accordance with Article 16 of Regulation (EU) No 1093/2010, issue guidelines. EBA shall review Member States’ implementation of those guidelines and provide advice to the Commission by 31 December 2017 on whether a binding technical standard is required.