Opinion on improving access to and use of credit ratings in the European Union

ESMA • 201-203 rue de Bercy • CS 80910 • 75589 Paris Cedex 12 • France • Tel. +33 (0) 1 58 36 43 21 • www.esma.europa.eu OPINION OF THE EUROPEAN SECURITIES AND MARKETS AUTHORITY of 22 September 2021 on improving access to and use of credit ratings in the European Union in accordance with Regulation (EC) No 1060/2009 Having regard to Articles 16a(1) and 44(1) of Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC, 1 THE EUROPEAN SECURITIES AND MARKETS AUTHORITY BOARD OF SUPERVISORS HAS ADOPTED THIS OPINION: 1 Introduction and legal basis

1. ESMA’s Board of Supervisors has adopted this Opinion of its own initiative in accordance with Article 16a(1) of Regulation (EU) 1095/2010 to inform the Commission, the European Parliament and the Council of the need to improve access to and use of credit ratings in the European Union (EU) under Regulation (EC) No 1060/2009 of the European Parliament and of the Council of 16 September 2009 on credit rating agencies (CRA Regulation). 2
2. As the direct supervisor of credit rating agencies (CRAs) operating in the EU, the CRA Regulation empowers ESMA to register, supervise and take enforcement action to ensure that ‘credit rating activities are conducted in accordance with the principles of integrity, transparency, responsibility and good governance’.3
3. This Opinion draws on ESMA’s Thematic Reports on Fees Charged by CRAs 4 and evidence collected through ESMA’s Call for Evidence on Accessibility and Use of Credit Ratings. 5 It explains the reasons why users of credit ratings rely on unregulated, fee￾1 OJ L 331, 15.12.2010, p. 84. 2 OJ L 302, 17.11.2009, p. 1. 3 Recital 1 of the CRA Regulation. 4 ESMA80-196-954 Thematic Reoport on fees charged by credit rating agencies and trade repositories, 11 January 2018, available at https://www.esma.europa.eu/sites/default/files/library/esma80-196- 954_thematic_report_on_fees_charged_by_cras_and_trs.pdf and ESMA80-196-3218 Follow up report on fees charged by credit rating agencies and trade repositories, 20 December 2019, available at https://www.esma.europa.eu/sites/default/files/library/esma80-196-3218_follow￾up_report_on_fees_charged_by_cras_and_trs.pdf. 5 ESMA 33-5-829 Call for Evidence on availability and use of credit rating information and data, 30 March 2020, available at https://www.esma.europa.eu/sites/default/files/library/esma33-5-829_call_for_evidence_on_access_and_use_of_ratings.pdf. 30 September 2021 ESMA80-196-5819

2 bearing sources of credit ratings and related information in order to meet their regulatory reporting obligations rather than using the credit ratings disclosed on CRAs’ websites or on the European Rating Platform (ERP) in accordance with the CRA Regulation. It then recommends that legislative changes are necessary in order to improve access to and use of credit ratings in the EU. 4. The Opinion is presented in six sections. Section 2 below sets out the relevant background. It explains how credit ratings are used and notes that, in practice, only the credit ratings issued by the largest CRAs operating in the EU can be used for regulatory purposes. 6 This section then highlights the objectives and relevant provisions of the CRA Regulation regarding access to and use of credit ratings. 5. Section 3 explains the key findings of ESMA’s work on access to and use of credit ratings. In particular, it highlights that credit ratings made available free of charge through CRAs’ websites and the ERP are not used in practice for regulatory reporting purposes as they cannot be accessed in machine-readable format or downloaded in sufficient numbers. It presents the evidence collected by ESMA that in order to meet their EU regulatory reporting obligations under instruments such as the Capital Requirements Regulation7 or Solvency II 8 (referred to hereafter as ‘regulatory reporting obligations’ and ‘use for regulatory reporting purposes’ respectively), users of credit ratings almost exclusively use credit ratings provided by companies affiliated with the three largest CRAs operating in the EU (affiliates) and Information Service Providers (ISPs). The use of these credit ratings is subject to fee-bearing licence agreements with unregulated companies. 6. Section 4 presents a number of legislative changes to the CRA Regulation which are needed to improve access to and use of credit ratings in the EU and highlights alternative measures which may achieve the same outcome. Section 5 concludes with a summary of the recommendations in this Opinion. 6 For this reason, ESMA therefore focuses on the practices of these CRAs in this Opinion. 7 Regulation 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation 648/2012, OJ L 176, 27.6.2013, p. 1–337 available at http://data.europa.eu/eli/reg/2013/575/oj 8 Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II), OJ L 335, 17.12.2009, p. 1–155 as amended, available at http://data.europa.eu/eli/dir/2009/138/2021-06-30

3 2 Background 7. This section sets out how credit ratings are accessed and used by market participants and highlights the key provisions of the CRA Regulation governing access to and use of credit ratings. 8. Credit ratings are opinions about the creditworthiness of sovereign states or individual corporate entities, such as companies, banks and insurers or of the financial instruments they issue. They are qualitative and quantitative assessments made using an established and defined ranking system of rating categories. 9 9. Credit ratings play an important role in financial markets and are used by a wide range of market participants for a variety of commercial and regulatory purposes. These different groups of market participants access and use credit ratings in different ways. 10. For example, issuers may seek credit ratings from CRAs to demonstrate their creditworthiness for the purpose of raising funds or to show that their financial instruments meet the terms of an investment mandate. Individual credit ratings requested by issuers are provided under the ‘issuer-pays’ model. 11. Retail and professional investors and financial services providers such as pension funds, asset managers, banks and insurers use credit ratings as a means of assessing the level of risk associated with their or their clients’ investments and to calculate capital requirements. They may obtain individual credit ratings from CRAs under an ‘investor￾pays’ model, or they may subscribe to a CRA’s database to access multiple credit ratings (the ‘subscriber-pays’ model). 12. Most of the CRAs operating in the EU provide credit ratings under the issuer-pays model. However, once the credit ratings of a CRA are recognised by a large community of issuers and investors, the CRA may be able to issue credit ratings under the issuer-pays model and also distribute their credit ratings to subscribers.10 9 Article 3(1)(a) of the CRA Regulation. 10 See ESMA 2015-1472 Technical Advice on Competition, Choice and Conflicts of Interest in the CRA Industry at pages 34 et seq., available at: https://www.esma.europa.eu/sites/default/files/library/esma-2015- 1472_technical_advice_on_competition_choice_and_conflicts_of_int.pdf and Thematic Report on Fees Charged by Credit Rating Agencies and Trade Repositories at page 9.

4 2.1. The CRA Regulation 13. The principal aim of the CRA Regulation is to protect the stability of financial markets and investors.11 It does this by introducing a common regulatory framework that enhances the integrity, transparency, responsibility, good governance and independence of credit rating activities in a way that contributes to the quality of credit ratings issued in the European Union.12 In doing so it contributes to the smooth functioning of the internal market and ensures that credit ratings used in the EU are independent, objective and of adequate quality.13 14. Article 2 sets out the scope of the CRA Regulation, which reflects the different ways in which users can access credit ratings. It states that the CRA Regulation applies to credit ratings ‘which are disclosed publicly or distributed by subscription’.14 15. Article 4 of the CRA Regulation further explains that only credit ratings which are issued by CRAs registered with ESMA15 can be used for regulatory purposes in the EU.However, in practice, ESMA understands that only the credit ratings issued by the four largest CRAs operating in the EU16 are used to meet regulatory reporting obligations, as, for example, only the credit ratings issued by these four CRAs meet the extensive coverage requirements of the European Central Bank’s Eurosystem Credit Assessment Framework. 17 16. Article 9 of the CRA Regulation establishes the conditions under which CRAs can outsource some of the activities that they carry out. It explains that ‘important operational functions’ can only be outsourced if doing so will not ‘impair materially the quality of the credit rating agency’s internal control and the ability of ESMA to supervise the credit rating agency’s compliance with obligations under this Regulation’.18 17. Articles 10 to 13 and Annex I Section D of the CRA Regulation set out some of the information which should be disclosed about credit ratings which are published under the issuer pays model or distributed to subscribers. Article 10(1) of the CRA Regulation requires CRAs to disclose ‘any credit rating or rating outlook, as well as any decision to discontinue a credit rating, on a non-selective basis and in a timely manner’. Article 10(1) further explains that this obligation applies equally to ‘credit ratings that are distributed by subscription’. 11 Recital 7 of the CRA Regulation. 12 Article 1 of the CRA Regulation. 13 Recital 1 of the CRA Regulation. 14 Article 2(1) of the CRA Regulation. 15 Or endorsed by these CRAs. 16 As set out in ESMA33-9-382 of 14 December 2020, Report on CRA Market Share Calculation, Section 6. 17 See pages 15 and 91 of ESMA’s Technical Advice on Competition, Choice and Conflicts of Interests in the CRA Industry. 18 A non-exhaustive list of ‘important operational functions’ is set out in Article 25(2) of Commission Delegated Regulation (EU) No 449/2012 of 21 March 2012 supplementing Regulation (EC) No 1060/2009 of the European Parliament and of the Council with regard to regulatory technical standards on information for registration and certification of credit rating agencies (OJ L 140, 30.5.2012, p. 32), where it provides: ‘important operational functions shall comprise rating review, lead analysts, rating methodology development and review, rating approval, internal quality control, data storage, IT systems, IT support and accounting’.

5 18. Article 10(2) of the CRA Regulation further requires CRAs to disclose the information set out in Annex I Section D of the CRA Regulation. These provisions require CRAs to make available the following information and explain the ‘key elements underlying the credit rating’ in ‘press releases or reports’19 so that users can understand the credit rating: • an indication of all substantially material sources used to prepare the credit rating; • the principal version of the methodology used; • the meaning of each rating category; • the definition of default or recovery and appropriate risk warnings; • the date the credit rating was first released and when it was last updated; • whether the credit rating is of a newly issued instrument and whether the instrument is being rated for the first time; • the time horizon during which a change in the credit rating is expected; and • a reference to historical default rates published by ESMA on the ERP and an explanation of the meaning of those default rates. 19. Article 10(2) further states that when disclosing this information about the ratings they have issued, CRAs ‘shall not present factors other than those related to the credit ratings’. 20. Article 11a of the CRA Regulation was introduced in 2013 to provide another source of information about credit ratings. It required ESMA to establish the ERP, a public website which publishes details of the individual credit ratings issued by CRAs. The aim of the ERP was to allow users to compare the credit ratings issued by different CRAs. 20 21. Article 13 of the CRA Regulation specifies that the information on credit ratings disclosed through the ERP and on CRAs’ websites under Articles 8 to 12 of the CRA Regulation shall be made available free of charge. 22. Annex I Section B 4 explains that CRAs can also provide other services than issuing credit ratings and refers to these as ‘ancillary services’. This Section defines ancillary services to ‘comprise market forecasts, estimates of economic trends, pricing analysis and other general data analysis as well as related distribution services’. 23. Where fees are to be charged for the provision of credit rating and ancillary services, Annex I Section B 3c of the CRA Regulation provides that these must be non￾discriminatory and based on the actual costs of providing that credit rating or service. 19 Annex I Section D 5 of the CRA Regulation. 20 Recital 31 Regulation (EU) No 462/2013 of the European Parliament and of the Council of 21 May 2013 amending Regulation (EC) No 1060/2009 on credit rating agencies OJ L 146, 31.5.2013, p. 1–33 available at: http://data.europa.eu/eli/reg/2013/462/oj

6 3 ESMA’s work on access to and use of credit ratings 24. This section provides an overview of the key findings of ESMA’s work on access to and use of credit ratings. It then sets out the key barriers to accessing and using credit ratings published on CRAs’ websites and on the ERP and highlights the concerns raised by the distribution of credit ratings and related products such as credit rating research through CRAs’ affiliates. 3.1 Overview of key findings 25. Through its Thematic Reports on fees charged for Credit Ratings and Ancillary Services, ESMA examined industry practices to see how the fees obligation set out in Annex I Section B 3c of the CRA Regulation was being implemented in practice. 26. The 2018 Thematic Report confirmed that the three largest CRAs operating in the EU were distributing their credit ratings to subscribers through their affiliates, rather than directly. ESMA found that in order to use credit ratings for regulatory purposes, users must enter into data licences to access credit ratings data feeds and platform services. The fees charged for these distribution services were not necessarily transparent or cost￾based but were instead driven by the value of the service to users of credit ratings. 27. ESMA continued to examine the concerns raised about access to and use of credit ratings and further reported on these through its 2019 Follow-up Report. Users of credit ratings continued to report concerns regarding the licencing practices of CRAs’ affiliates. CRAs stated that they accepted no responsibility for the quality or accuracy of the credit-rating related products distributed by their affiliates and had no oversight over the policies and procedures in place or the fees charged for these services. 28. In 2020, ESMA ran a Call for Evidence on Accessibility and Use of Credit Ratings (the Call for Evidence) in order to determine whether there was any further action that ESMA could take to improve access to and use of credit ratings under the CRA Regulation. 29. ESMA asked users of credit ratings to explain which sources of credit ratings they used and the reasons why they did not use the other available sources of credit ratings. Users explained that in order to be able to use credit ratings for internal and regulatory reporting purposes, they needed to be able to access the credit ratings of the three largest CRAs operating in the EU through a channel which allowed them to search and filter credit ratings by their ISIN code. They also explained that they needed to access credit ratings in a machine-readable format and be able to download a sufficient number of credit ratings to meet their regulatory reporting obligations, rather than just downloading individual ratings.

7 3.2 Barriers to accessing and using credit ratings on CRAs’ websites 30. The largest CRAs in the EU operating under the issuer-pays model fulfil the disclosure obligations set out in Articles 10 to 13 and Annex I Section D by making individual credit ratings available on their websites free of charge. The information they publish includes the letter code of the rating with the ISIN code, the date of the last rating action and a press release explaining the rationale for the rating and containing the disclosures required by the CRA Regulation. Individual credit ratings data and press releases can be exported to pdf or Excel. 31. Following the publication of the 2018 Thematic Report on Fees, ESMA conducted research into how the credit ratings published on CRAs’ websites could be accessed and used in practice. ESMA found that although users of credit ratings could view credit ratings published on the websites of the three largest CRAs operating in the EU, users were in some cases asked to register with the CRA to access the information about credit ratings. The registration process requires users to provide personal data, including details of the company they work for, their job title and address as well as what type of information they wanted to access through the CRA’s website. 32. ESMA notes that a number of other CRAs operating under the issuer-pays model also restrict access to their credit ratings by requiring users to register with the website whereas some smaller CRAs make their entire database of credit ratings searchable on their websites. 33. Through its 2020 Call for Evidence, ESMA asked CRAs to explain how credit ratings could be accessed through their websites. In their responses, two of the largest CRAs operating in the EU explained that users of credit ratings did not have to register in order to be able to access the details of credit ratings and press releases published on their websites. However, one of the largest CRAs confirmed that it only provides unrestricted access to the list of rating actions and press releases published in the last seven days on its website and that users have to register in order to access any further credit ratings or press releases. The CRA explained that these restrictions were needed to protect their intellectual property rights and to reduce the risk of their credit ratings being misused. 34. Through its 2018 research, ESMA also examined how the credit ratings published on CRAs’ websites could be used. At that time, ESMA found that the terms of use of the websites of the three largest CRAs operating in the EU prohibited the use of credit ratings for any internal or external purposes. In order to download information about credit ratings or to use a credit rating for internal or external purposes, including regulatory reporting, a user needed to subscribe to a licence agreement with the CRA’s affiliate to access credit ratings data feeds. 35. ESMA shared its concerns with the three largest CRAs operating in the EU. They stressed that their disclosures were compliant with the CRA Regulation and that the individual credit ratings published on their websites could be used in practice. However, following

8 discussions with ESMA, the three largest CRAs operating in the EU agreed to make changes to the terms of use of their websites to clarify that individual credit ratings could be downloaded for internal use and regulatory reporting purposes. 36. Unfortunately, these changes have not improved the useability of credit ratings published on CRAs’ websites in practice. Through their responses to ESMA’s Call for Evidence, the three largest CRAs confirmed that they had not seen any increase in traffic to their websites following the changes to their terms of use. ESMA discovered that this was because users of ratings had not for the most part been aware of changes to the terms of use of CRAs’ websites. 37. However, once users had been made aware of these changes, they confirmed that they were still not able to use the credit ratings published on CRAs’ websites to meet their regulatory reporting obligations in practice. This was because they were still unable to access data in a machine-readable format. Users of ratings further explained that even if they were to manually download the credit ratings, they were not confident that the revised terms of use of CRAs’ websites permitted them to download a sufficient number of credit ratings to meet their regulatory reporting requirements without entering into a data licence. 3.3. Barriers to accessing and using credit ratings published on the European Rating Platform 38. The ERP is a public website which was launched by ESMA in 2015. Registered and certified CRAs operating under the issuer-pays model 21 report each credit rating or outlook they issue with its accompanying press release to ESMA on the day of publication.22ESMA then publishes the individual credit ratings and links to the CRAs’ press releases on the ERP the following day. 39. In order to access information about credit ratings through the ERP, users must agree to a disclaimer, similar to the terms of use on CRAs’ websites. Once they have done so, users enter the search screen of the ERP. They must then complete a captcha to be able to search for EU issued credit ratings23 by keyword or by rated entity, issuer or instrument. Information on individual credit ratings can then be viewed on the ERP. This information includes the Legal Entity Identifier (LEI) of the issuer and rated entity LEI as well as the letter code of the rating, the ISIN code of the instrument and a link to the press release announcing the issuance of the credit rating. 21 Article 11a (2) of the CRA Regulation states that the requirement to publish ratings on the ERP does not require ESMA to publish credit ratings or outlooks which are ‘exclusively produced for and disclosed to investors for a fee’. 22 In accordance with Article 8 of Commission Delegated Regulation (EU) 2015/2 of 30 September 2014 supplementing Regulation (EC) No 1060/2009 of the European Parliament and of the Council with regard to regulatory technical standards for the presentation of the information that credit rating agencies make available to the European Securities and Markets Authority (OJ L 2, 6.1.2015, p. 24): ‘credit ratings and rating outlooks issued between 20:00:00 Central European Time (CET) on one day and 19:59:59 CET on the following day shall be reported until 21:59:59 CET on the following day’. 23 Including endorsed credit ratings

9 40. The information on the ERP is not accessible in a machine-to-machine format so users of credit ratings can only use the information they have obtained from searching on the ERP by exporting the relevant LEI, the letter code of the rating and the ISIN code of the instrument in a pdf format or by printing the information exported. 41. In response to ESMA’s call for evidence, users of credit ratings explained that they did not use the ERP at all in practice because the ERP is not accessible in machine-readable format and because they are not able to search and filter credit ratings by ISIN code. Users explained that these restrictions on searching and filtering made it difficult for them to compare credit ratings on the same entity or instrument from different CRAs. 42. In terms of the usability of the credit ratings published on the ERP, users of ratings explained that, similarly to CRAs’ websites, the credit ratings published on the ERP cannot be used in practice because users cannot manually download a sufficient number of credit ratings to meet their regulatory reporting obligations. Users explained that there were several reasons for this. Firstly, because they found the terms of the disclaimer on the ERP to be unclear as to whether they were able to download individual credit ratings from the ERP without first entering into a separate data licence from the CRAs’ affiliates. Secondly, they confirmed that even if the need for data licences were to be clarified, the credit ratings published on the ERP would still not be useable in practice because they cannot be downloaded in a machine-readable format or in sufficient numbers to meet their regulatory reporting obligations. 3.4. Concerns about the distribution of credit ratings by CRAs’ affiliates and ISPs 43. The credit ratings provided by the three largest CRAs operating in the EU, as well as credit rating-related products such as research reports, are distributed to users via subscriptions to platforms and data feeds provided by CRAs’ affiliates. These CRAs’ credit ratings are also accessible through third-party ISPs. Users of credit ratings must enter into a fee bearing data licence in order to subscribe to the credit ratings distributed by one of the CRAs’ affiliates or via an ISP. 44. Many users of ratings access credit ratings through data feeds provided by the CRAs’ affiliates. In its 2019 Follow-up Report ESMA explained that credit ratings data feeds are streams of data, including credit ratings, which are in some cases bundled together with other types of market data and analysis. They are accessed in machine-readable format and can be directly integrated into users’ internal operating systems so that they can be used. The credit ratings in these data feeds may be automatically updated, or updated on a daily or monthly basis, depending on the type of data licence purchased.24 45. ESMA understands that ISPs obtain access to credit ratings under data licences from the largest CRAs operating in the EU and their affiliates in a similar way as other users of 24 Follow up Thematic Report, paragraph 74.

10 credit ratings. 25 They pay fees to licence the credit rating data so that they can display CRAs’ credit ratings on their platforms, presenting the credit ratings either by CRA or as part of composite credit ratings created by blending together the ratings published by the four largest CRAs operating in the EU. However, in order to be able to use these credit ratings in practice, ISPs’ users must enter into a data licence which allows them to download and integrate credit ratings into their internal systems and processes and permits the copying and use of data for the purposes of calculating capital requirements or for regulatory reporting. ESMA understands that this licence may be entered into via the ISP or with the CRA’s affiliate directly.26 46. ESMA understands that the three largest CRAs operating in the EU provide their credit ratings to their affiliates and to ISPs27 but do not exercise any oversight over credit ratings distributed by them in practice. 28 These services are not currently supervised by ESMA as they are not provided by registered CRAs or outsourced by them in accordance with Article 9 of the CRA Regulation. However, in practice, users of credit ratings view the distribution of credit ratings by affiliates as forming part of the credit rating activities and ancillary services carried out by the CRA. They do not see a distinction between the different companies within the CRAs’ corporate groups in practice and expect ESMA to supervise the primary distribution of credit ratings to subscribers accordingly. 47. In response to the Call for Evidence, two of the largest CRAs operating in the EU did confirm that they had implemented controls in the agreements licencing their affiliates to use their credit ratings which were designed to ensure the quality, accuracy and timely provision of credit ratings to their affiliates. One CRA explained that they use technology to confirm that the credit ratings data being used by the affiliate matches the information provided by the CRA and another noted that their affiliate extracts credit ratings directly from the CRA’s credit rating database, so that they are subject to all of the quality controls applied in the production of the credit ratings. 48. Nevertheless, ESMA understands that situations arise where the credit ratings published through CRAs’ websites are not the same as the credit ratings available through affiliates data feeds, as changes to an issued credit rating have been updated in the data feeds before the update has been published on the CRAs’ websites, and vice versa. This raises clear investor protection concerns for ESMA as the lack of consistency could cause considerable confusion and market disruption if the credit ratings from the data feed used for regulatory reporting are not accurate. 25 In response to the Call for Evidence, ESMA understands that the largest CRAs operating globally enter into licence agreements with ISPs for the display of their credit ratings whereas some smaller CRAs provide their ratings for display free of charge. 26 Follow up report paragraph 75. For this reason, the concerns raised regarding affiliates licencing practices also apply to users accessing credit ratings through ISPs. This is why ESMA believes it is important to distinguish between the primary distribution of credit ratings to subscribers which is carried out by CRAs and their affiliates and the redistribution of credit ratings carried out by ISPs and CRAs affiliates as explained in more detail in Section 4 below. 27 Either directly or through their affiliates. 28 See Follow up Report on Fees Charged by CRAs and TRs of 20 December 2019, paragraph 85 where ESMA noted that ‘not all CRAs distribute credit ratings through separate companies […], ESMA is of the view that CRAs should be clearly responsible for the distribution of the credit ratings they produce. For instance, this could be achieved if credit rating distribution was carried out by the CRAs themselves or, when offered by the related companies, it would be covered by formal outsourcing arrangements.

11 49. In addition to concerns raised by users about the lack of oversight, ESMA has received a number of complaints about the licencing practices of CRAs’ affiliates and the high fees charged for credit ratings data licences, as explained in more detail in its Thematic Reports on Fees.29 50. Users of credit ratings have reported that the licences to use credit ratings that they obtain from CRAs’ affiliates are subject to renewal every year and that there is little or no scope to negotiate the terms of these licence agreements, particularly as regards fees. Users of ratings also reported a lack of transparency around pricing models and fee increases. They explained that they are notified of increases in fees every year but are not routinely presented with individual product prices in advance of discussions about the terms of their licence renewal. Some users of ratings have reported that CRAs’ affiliates threaten to suspend access to credit rating data feeds which are critical to their businesses if they do not agree to the fee increases proposed. 51. Users also note that CRAs’ affiliates frequently seek to change the terms of their credit rating data licences so that additional licences for extra users, sites or products need to be entered into in order to maintain the same level of data usage over time. 30 52. Furthermore, ESMA is not aware of situations where users have been able to negotiate licences which cover just the individual credit ratings or asset classes of credit ratings and research reports they need in order to service their portfolios, finding that they must instead licence credit ratings data feeds which are bundled with lots of other market data, even if they do not want this additional data.31 53. In response to ESMA’s Call for Evidence, users provided more examples of these practices. They reported that they are currently spending between €20,000 and over €3,000,000 a year on credit ratings from the affiliates of the three largest CRAs operating in the EU. 32 Users confirmed that price increases have remained significant in recent years, in some cases increasing to five times the amount charged for the same data compared to the fees charged five years ago. One trade association representing insurers reported that one of their members had seen an average increase in the fees charged for their credit ratings subscription services of approximately 60% from the three largest CRAs operating in the EU in the period 2016-2020. 54. Users also highlighted that CRAs’ affiliates are now carrying out audits, in the same way as other market data vendors to check whether users are using credit ratings in 29 See for example, Follow-up to Thematic Report, Section 2.4. 30 See in particular, the introduction of additional licences for regulatory reporting under Solvency II, on which ESMA expressed a negative opinion in paragraph 79 of its 2019 Follow up Thematic Report. 31 ESMA understands that some CRAs offer bespoke data feed services which would allow users to purchase access to the individual credit ratings that they need to service their portfolios, but that these services are even more expensive than paying the fees charged for the bigger bundles of credit rating data. 32 This wide variation reflects the differing sizes of the users of ratings responding to the Call for Evidence, from small asset managers and insurers to large banking groups.

12 accordance with the terms of their licence agreements. Users of credit ratings reported that these audits regularly lead to claims of insufficient licensing because the licences purchased do not cover the full range of users or offices using the data in practice. As a result of such audits, some users reported that they had been forced to pay additional fees of approximately €800,000 by the affiliate of one of the largest CRAs operating in the EU. 55. Some users of credit ratings who responded to ESMA’s Call for Evidence noted that, faced with any further annual increases in the fees charged to use credit ratings by CRAs’ affiliates, they may seek to rely on the changes to the terms of use of the three largest CRAs’ websites to manually access and download individual credit ratings from their websites and/or the ERP, even if they cannot do this in a machine-to-machine format. They reasoned that it would be cheaper for them to pay a junior member of staff to do this than to continue paying the high fees demanded by CRAs’ affiliates.33 56. In response to ESMA’s Call for Evidence, some CRAs stated that only sophisticated users of credit ratings need to access credit ratings in machine readable format. They further argued that anyone needing to use credit ratings for regulatory reporting purposes, from small insurers and asset managers to global banks, should be required to purchase these services from CRAs’ affiliates. 4. Changes needed to remove barriers to access and use of credit ratings under the CRA Regulation 57. In order to achieve its objective of ensuring high levels of investor and consumer protection to users of credit ratings in the EU, ESMA finds that the CRA Regulation must be amended to enable the use of credit ratings in practice. This can be achieved by either changing the scope of the CRA Regulation to expressly include the distribution of machine-readable and downloadable credit ratings to subscribers, or by further developing the disclosure requirements of the CRA Regulation so that published credit ratings can be used for regulatory reporting purposes34 without entering into a fee-paying data licence. These options, as well as alternative legislative action which may achieve the same result, are presented in the sections below for consideration by the legislators. Whilst drawing on evidence collected by ESMA, the analysis set out below should not replace a legislative consultation and detailed cost-benefit analysis. 4.1 Include the distribution of machine-readable and downloadable credit ratings within the scope of the CRA Regulation 58. The legislators may remove the barriers to accessing and using credit ratings for regulatory reporting purposes in the EU by broadening the scope of the CRA Regulation 33 In this respect, it appears that the credit ratings published on CRAs’ websites and the ERP may prove to be a competitive constraint against further significant price increases for data licences, even if they are not currently being used in practice. 34 For example, for a limited time

13 to cover the distribution of credit ratings to subscribers in a machine-readable, downloadable manner. This could be achieved by including these activities within the scope of the credit rating activities covered by Article 2(1) of the CRA Regulation or within the definition of ancillary services under Annex I Section B 4 of the CRA Regulation. 59. In reflecting on the scope of the definitions of credit rating activities and ancillary services, and in order to avoid unintended consequences for the commercial activities of CRAs’ affiliates and ISPs, ESMA notes that it is important to distinguish between the primary provision of credit ratings and the secondary re-distribution of issued credit ratings. 60. ESMA strongly believes that the primary provision of credit ratings should fall within the scope of the CRA Regulation so that the initial distribution of credit ratings to subscribers is subject to the quality, accuracy and timeliness requirements of the CRA Regulation. Furthermore, individual credit ratings distributed in this way should only be provided with the related market data, such as the LEIs and ISIN codes needed for regulatory reporting. 61. However, in order to ensure the proportionality of any potential legislative amendments, ESMA believes that this primary provision of credit ratings to subscribers must be differentiated from the secondary re-distribution of credit ratings, which is currently commercialised by CRAs’ affiliates and third-party ISPs through data feeds which bundle credit ratings with other market data or via platforms which provide a composite view of the credit ratings provided by multiple CRAs. 62. In order to ensure that the primary distribution of credit ratings or ancillary services to issuers and subscribers enables regulatory reporting, the legislators would also need to include consequential amendments to the CRA Regulation to: • Clarify whether the primary distribution of credit ratings and related information such as credit ratings research reports can be outsourced by CRAs in accordance with Article 9 of the CRA Regulation; • Clarify the nature, format and extent of the information which should be disclosed free of charge on a non-selective basis and in a timely manner on CRAs’ websites in accordance with Articles 10, 11 and 13 and Annex I Section D for CRAs operating under the issuer-pays and the investor and subscriber-pays models, both in respect of those CRAs using only one business model and those using several business models simultaneously; • Clarify which credit ratings information can be charged for as credit ratings or ancillary services, in accordance with the provisions of Annex I Section B 3c and 4 of the CRA Regulation; • Clarify that the provisions of the CRA Regulation regarding quality, timeliness and accuracy of credit ratings should equally apply to ancillary services related to credit ratings, such as research reports accompanying credit ratings;

14 • Introduce a corresponding infringement for Article 10(1) of the CRA Regulation so that ESMA can act to ensure that information disclosed in relation to credit ratings and ancillary services including credit ratings is accurate, provided on a non-selective basis and in a timely manner; • Clarify the requirements of Article 10(2), in particular that credit ratings distributed to subscribers must not be bundled with related market data save to the extent necessary for use in regulatory reporting; • Introduce further provisions to ensure that where data licences are necessary to distribute credit ratings to subscribers, these data licences are granted on fair, reasonable and non-discriminatory (FRAND) terms; • Introduce corresponding infringements for these data licencing provisions so that ESMA can take action to ensure compliance with FRAND terms, including the fees charged for credit ratings and ancillary services distributed to subscribers. 63. The responses to ESMA’s Call for Evidence provided some insights into the potential costs and benefits of implementing such amendments. In principle, this option would benefit both CRAs and users of credit ratings. Users of credit ratings would benefit from having access to credit ratings in a format that they can use for regulatory reporting purposes which are not provided as part of larger credit ratings datasets than they need. CRAs would benefit from being able to compete on a level playing field, whether they are distributing credit ratings under the issuer pays or subscriber pays model or are operating under both business models simultaneously. 64. These amendments would improve investor protection by ensuring that the source of credit rating information relied on by users of credit ratings for regulatory reporting is subject to regulation and supervision. This would allow users of credit ratings to feel confident about the quality and accuracy of the credit ratings they rely on and to ensure that they are treated fairly when negotiating data licences for these must-have products. Importantly, these amendments would also provide users of credit ratings with a means of redress in the event that credit ratings are not disclosed correctly and in a timely manner or licenced on FRAND terms.35 65. These amendments would clarify how the CRA Regulation applies to the distribution of credit ratings and would deliver clear benefits for smaller CRAs and new market entrants, in terms of ensuring the equal treatment of CRAs operating under different business models. These changes could encourage more CRAs to distribute credit ratings to subscribers in the future as both established CRAs and new market entrants look to 35 By availing themselves of the civil liability provisions set out in Article 35a of the CRA Regulation.

15 innovate in order to challenge the dominance of the largest CRAs operating in the EU and globally. 66. While ESMA has not carried out a comprehensive analysis of the costs of implementing these amendments, ESMA recognises that they would create additional compliance costs for CRAs distributing credit ratings to subscribers. These costs would stem from the need to put in place appropriate outsourcing and oversight arrangements, or from arranging for basic unbundled credit ratings to be distributed to subscribers by the CRA directly. ESMA recognises that these increased costs would be most relevant for the largest CRAs operating in the EU and their affiliated entities. 67. It is likely that these CRAs would also need to reflect any such organisational changes in their accounts on the basis that classifying data feeds as either credit rating activities or ancillary services would mean that such revenues should be included in the accounts of the CRA which are reported to ESMA for the purposes of allocating the supervisory fees charged by ESMA. 36 68. ESMA would also expect to see a consequential reduction in CRAs’ affiliates’ revenues once data licences for the primary distribution of credit ratings and ancillary services must be entered into on FRAND terms.37 4.2 Require published credit ratings to be accessed and used free of charge for regulatory reporting purposes 69. ESMA considers that alternatively, the legislators could improve access to and use of credit ratings by either further developing the requirements of the CRA Regulation regarding the publication of credit ratings on CRAs’ websites or on the ERP or by including credit ratings within the European Single Access Point (ESAP) so that credit ratings can be accessed and used free of charge for regulatory reporting purposes. 38 Each of these three options is explained in the subsections below. 70. Although ESMA has not carried out a comprehensive analysis of the costs and benefits associated with implementing these amendments, it is clear that there are a number of benefits and costs which are common to all three options. Each of these three options has clear benefits to users of ratings, who would be able to access the credit rating data they need to use to be able to comply with their EU regulatory reporting obligations without having to subscribe to packages of market data under data licences from CRAs’ 36 Commission Delegated Regulation 272/2012 of 7 February 2012 with regard to fees charged by the European Securities and Markets Authority to credit rating agencies (OJ L 90, 28.3.2012, p. 6). 37 See pages 32 and 33 of ESMA’s Technical Advice on Competition, Choice and Conflicts of Interest in the CRA Industry. 38 This may be for a limited time period only. See for example the requirement under Articles 64 and 65 of the revised Markets in Financial Instruments Directive that transaction data shall be made available free of charge 15 minutes after its publication as explained Section 5.8 of ESMA 70-156-4305 of 1 June 2021, Guidelines on the MiFID II/MiFIR obligations on market data, available at: https://www.esma.europa.eu/sites/default/files/library/esma70-156- 4305_final_report_mifid_ii_mifir_obligations_on_market_data.pdf

16 affiliates, confident that the credit ratings they are using are supervised by ESMA and so meet the investor protection requirements set out in the CRA Regulation. 71. In financial terms, ESMA understands from the responses received to the Call for Evidence that some smaller users of credit ratings could generate significant cost savings from no longer having to purchase credit ratings data from CRAs’ affiliates. For this reason, each of these options would have an impact on the revenues of CRAs’ affiliates, as they will lose some of their data feed revenues from smaller users of credit ratings who only subscribe for the purpose of using credit ratings for regulatory reporting. However, other users of credit ratings would continue to pay to access credit rating data feeds in order to receive the credit ratings in a bundle with other market data for commercial use. In fact, in response to the Call for Evidence, even smaller users of credit ratings noted that they would likely still buy some services from CRAs’ affiliates, such as analytical models or sector specific research not linked to individual credit ratings. 4.2.1 Changes to CRAs’ websites 72. The legislators could improve access to and use of credit ratings by specifying that the credit ratings published on CRAs’ websites must be accessible in a machine-readable format and downloadable for use in regulatory reporting for a limited time without the need to enter into a fee-bearing data licence. This would require the clarification of Articles 10, 11 and 13 of the CRA Regulation as well as Annex I Section D to ensure that credit ratings and related data can be accessed and downloaded in bulk. 73. In order for these changes to be effective, the legislators would also need to introduce a corresponding infringement for Article 10(1) of the CRA Regulation so that ESMA can act to ensure that information disclosed in relation to credit ratings is accurate, provided on a non-selective basis and in a timely manner. 74. ESMA believes that the overall costs of implementing this option would be quite low. ESMA understands that CRAs would be likely to incur some costs in adapting their websites to allow machine-readable access and downloadability of credit ratings. However, in response to the Call for Evidence, CRAs did not quantify these costs. Some of the largest CRAs operating in the EU noted that the one-off costs incurred in adapting their websites would recur over time as the technology used to create interfaces that allow machine-to-machine readability and downloading continues to evolve. ESMA does not believe that these costs would be prohibitive in practice, as CRAs’ affiliates are already making use of this technology. Furthermore, in response to ESMA’s Call for Evidence, some smaller CRAs operating both in the EU and globally noted that they did not see significant costs or risks associated with making credit ratings accessible and downloadable in a machine-readable format. 75. ESMA further understands that CRAs may prefer to make their credit ratings accessible themselves through this option rather than through the proposed changes to the ERP set out under option 4.2.2 below. This is because this option gives them control over the

17 implementation of these changes and therefore the freedom to invest in technology which may help prevent website scraping or allow user tracking to minimise the scope for use of their credit ratings for purposes other than regulatory reporting. 4.2.2 Changes to the ERP 76. Alternatively, the legislators could introduce amendments to Article 11a of the CRA Regulation to specify that the credit ratings published on the ERP shall be made accessible in a machine-readable format and downloadable for use in regulatory reporting. 77. ESMA estimates that the additional costs it would incur in adapting the ERP to enable machine-to-machine access which allows downloading of multiple credit ratings would be quite low when compared to the current running costs of the ERP. Furthermore, whilst CRAs may incur some costs in ensuring that their credit ratings data is submitted to the ERP in the correct format, ESMA does not anticipate that its credit rating reporting instructions to CRAs would need to change significantly to accommodate the changes proposed under this option. 78. As noted in Section 3.3 above, ESMA’s Call for Evidence found that the ERP is not being used in practice due to the limitations of its search and download functions. For this reason, should the legislators decide not to introduce these proposed changes to the ERP, ESMA requests that its obligation to maintain the ERP as a public source of credit ratings be removed. 4.2.3 European Single Access Point 79. Should the legislators wish to consider alternative legislative action to address the concerns raised in this Opinion, they may consider including credit ratings within the scope of the information to be published through the ESAP, proposed as part of the 2020 Capital Markets Union Action Plan. 39 ESMA notes that this platform aims to consolidate the information companies publish pursuant to EU financial services legislation in order to increase transparency and reduce asymmetry of information between market participants. In response to the Commission’s public consultation on this proposal, more than a third of respondents stated that that it was important that credit ratings should be made available through the ESAP 40 39 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions A Capital Markets Union for people and businesses-new action plan COM/2020/590 final of 24.09.2020 available at: https://eur-lex.europa.eu/legal-content/en/ALL/?uri=COM:2020:590:FIN 40 Targeted consultation on the establishment of a European single access point (ESAP) for financial and non-financial information publicly disclosed by companies - summary of responses (europa.eu). To demonstrate the importance of credit ratings in this respect, ESMA notes that this number was similar to the proportion of respondents who asked for information required to be used pursuant to the Capital Requirements legislation to be included in the ESAP.

18 5. Conclusion 80. In order to achieve the objectives of the CRA Regulation of ensuring that the ‘credit ratings used in the [EU] are independent, objective and of adequate quality,’41 ESMA finds that legislative amendments are needed to establish the conditions under which CRAs’ credit ratings can be accessed and used for regulatory reporting purposes. Amendments should be made either to the CRA Regulation or to alternative legislation for this purpose. 81. In particular, the CRA Regulation should be amended either to clarify how the primary distribution of credit ratings and ancillary services by CRAs’ affiliates described in this Opinion falls within its scope or instead to require the credit ratings published on CRAs’ websites or the ERP to be accessible in machine-readable format and to be downloadable for use in regulatory reporting. 82. In the event that the legislators do not wish to make changes to the ERP, ESMA highlights that Article 11a of the CRA Regulation has not achieved its stated objective of improving the comparability of credit ratings available in the EU and requests that the obligation for ESMA to maintain the ERP should be removed. 83. ESMA notes that the concerns raised in this Opinion regarding the distribution of credit ratings to subscribers could also be addressed by the adoption of alternative regulation at EU level, for example which requires credit ratings to be published on the ESAP in a format that allows them to be accessed and used for regulatory reporting purposes. 41 Recital 1 of the CRA Regulation.