S & P and the SEC

standard and poors

The Securities and Exchange Commission took the bold step of filing charges against Standard and Poor’s, one of the three giant rating agencies. Personally, I think the role of rating agencies in the run up to the 2008 financial crisis has been under-appreciated. Without the the top AAA rating they bestowed on securitized mortgage bonds, the flow of cash into those toxic instruments would have stopped much earlier and decreased the size of the bubble.

The SEC complaint claims that S&P continued to give subprime mortgage securities high ratings as the the securities looked increasingly fragile and financial crisis began to bubble to the surface. In the first half of 2007, S&P rated a large number of large mortgage-backed securities, bestowing top grades on the investments. It then quickly downgraded the securities, which defaulted in months.As a result, federally insured banks incurred losses. That gives the SEC jurisdiction.

As with any government investigation, the SEC found emails saying stupid things. In one case there is a March, 2007 satire in an email based on the Talking Heads song “Burning Down the House”:

“Watch out
Housing market went softer
Cooling down
Strong market is now much weaker
Subprime is boi-ling o-ver.
Bringing down the house.”

The SEC claims that S&P knew that the performance of non-prime residential mortgage backed-securities was bad and getting worse. The firm expected deals to rush in before those packaging the mortgages were stuck with them on their books.  The SEC takes individual instances of ratings failures by S&P and ties them to losses sustained by the banks that bought them.

Another e-mail from an analyst in response to a question about how his new job was going reads:

“Job’s going great. Aside from the fact that the M.B.S. world is crashing, investors and the media hate us and we’re all running around to save face … no complaints.”

But then went on to state the central part of the case:

“The fact is, there was a lot of internal pressure in S&P to downgrade lots of deals earlier on before this thing started blowing up. But the leadership was concerned of p*ssing off too many clients and jumping the gun ahead of Fitch and Moody’s.”

….

This might shake out a completely different way of doing biz in the industry. I mean come on, we pay you to rate our deals, and the better the rating the more money we make?!?! Whats [sic] up with that? How are you possibly supposed to be impartial????

There is an unforgiving conflict in the way mortgage bonds were rated. The issuer pays for the ratings work. So there is an incentive by the ratings agency to met the issuer’s expectations, keep them happy, and retain their business.

Finally, in July, 2007, S&P downgrades 612 classes of RMBS, totaling $12 billion in securities. Of course it was too late for the securities that S&P had favorably rated just days and weeks earlier. It is the ratings issued between March and July of 2007 that the SEC is focused on this complaint. The SEC claims that S&P could see the walls crumbling, but held back saying anything to appease the pipeline of deals in the works.

My big unanswered question is whether the SEC is going to make a similar case against Moody’s and Fitch.

Sources:

The S&P Assessments

compliance-week-blue

My notes, live, from the Compliance Week Conference session by Steven Dreyer who is overseeing Standard & Poor’s program to assess corporate ERM efforts as part of credit ratings. Standard & Poor’s To Apply Enterprise Risk Analysis To Corporate Ratings (.pdf)

S&P’s ERM review for non-financial companies will be based primarily on information provided by issuers in public disclosures and through discussions with S&P analysts. S&P does not require written responses to these questions, but will certainly consider them if provided to supplement or make more efficient our in-person discussions.

  • What are the company’s top risks, how big are they, and how often are they likely to occur? How often is the list of top risks updated?
  • What is management doing about top risks?
  • What size quarterly operating or cash loss has management and the board agreed is tolerable?
  • Describe the staff responsible for risk management programs and their place in the organization chart. How do you measure success of risk management activities?
  • How would a loss from a key risk impact incentive compensation of top management and on planning/budgeting?
  • Tell us about discussions about risk management that have taken place at the board level or among top management when making strategic decisions.
  • Give an example of how your company responded to a recent “surprise” in your industry and describe whether the surprise affected your company and others differently.

All S&P cares about is the ability of the company to repay its debt. Corporate social responsibility is nice, but does not affect credit. S&P does not lower a credit rating on an airline because of a plane crash. They care about cash flow. They do care if a risk is a risk to cash flow. S&P is not a missionary for ERM.

So why are they adding ERM to credit ratings to non-financial institutions?

  • Enhance Analytical Process & Focus
  • Create More Forward-Looking Ratings
  • Better Insights and Communication on Management
  • Differentiate Better

Non-financial institutions tend to die very slow deaths. Financial institutions have the potential to fall off a cliff and disappear quickly. For non-financial institutions, ERM is a means to see inside the enterprise to see how they may be able to bounce back from issues and crises.

Every company has an appetite risk and a tolerance for risk. By focusing on risk management, there is some insight about how they treat risk, the appetite and the tolerance.

What Is S&P Not Looking For… (These mindsets can actually hinder effectiveness):

  • Eliminating all risks
  • Cramming together disparate policies
  • Solely compliance/disclosure requirements
  • Replacement for internal controls
  • A shiny new software program
  • Naming a CRO and calling it a day

“The reviews will focus predominantly on risk-management culture and strategic risk management, two universally applicable aspects of ERM.” – Standard & Poor’s To Apply Enterprise Risk Analysis To Corporate Ratings, May 7, 2008

Culture = Communications, Frameworks, Roles, Policies, Metrics, Influence

Strategic = Identification and Updating Process, Impact on Key Decisions

Here are some ERM discussion topics he offered:

  • How are key risks identified, updated, and dealt with?
  • How is risk tolerance defined and communicated?
  • Who “owns” risk in the organization and how is success measured?
  • What is the board’s involvement in risk management?
  • How did your company respond to _______________ ?

Ultimately, they are looking for evidence of effectiveness. They are planning to release the criteria during the fourth quarter of 2009. They are currently in the process of benchmarking and comparing information. They are thinking about using a rating scale, but there is a concern that people will focus on the number and not the nuances that went into the number.

A counter-intuitive result was that the companies that responded quicker to questions were more accurate than those that took longer. The quick result was because they had better access to their information. The longer response was because the information was hard to find and less reliable.

(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)