SEC hits Moody’s with a $16.25 million penalty for rating symbol deficiencies

One of the largest credit rating agencies in the US, Moody’s Investors Services Inc. has agreed to pay a total of $16.25 million in penalties to settle charges involving internal control failures and failing to clearly define and consistently apply credit rating symbols. This marks the first time the SEC has filed an enforcement action involving rating symbol deficiencies.

Moody’s is paying $15 million to settle charges of internal controls failures involving models it used in rating U. residential mortgage-backed securities (RMBS) and has agreed to retain an independent consultant to assess and improve its internal controls. Separately, the rating agency has agreed to pay $1.25 million and to review its policies, procedures, and internal controls regarding rating symbols.

According to the SEC’s order in the internal controls proceeding, Moody’s failed to establish and document an effective internal control structure for models it had outsourced from a corporate affiliate and used in rating RMBS from 2010 through 2013. Moreover, the agency failed to maintain and enforce existing internal controls that should have been applied to those models. At issue was Moody’s had to correct more than 650 RMBS ratings with a notional value exceeding $49 billion, due, in part, to errors in the models. Additionally, in 54 instances, Moody’s failed to document its rationale for issuing final RMBS ratings that deviated materially from model-implied ratings.

How did Moody’s change its approach to rating RMBS?

Prior to the 2007 financial crises and continuing until 2010, Moody’s Structured Finance group had used a “static” approach for projecting expected losses, including those from RMBS. This structure enabled Moody’s to measure a specific RMBS deal’s performance at a specific point in time by evaluating the transaction structure default triggers and credit enhancements in relation to expected loss scenarios.

In December 2006, Moody’s Corporation acquired a software company specializing in structured finance called Wall Street Analytics. The renamed company Moody’s Wall Street Analytics became a subsidiary of Moody’s Corporation and an affiliate of Moody’s Investors Service, Inc.

Cutting to the chase, the end result was a unit which developed and marketed, among other things, tools for modeling and valuing various components of structured finance transactions, including RBMS. The process of coding required financial engineers to read and code the highly complex terms of the voluminous deal documents that governed each RMBS into computer script. From 2007-2009, between 5,000 and 6,000 RBMS offerings received “coded waterfall models.” The complexity of the transaction structures and the difficulty in coding meant the risk of error was high, which made it necessary that the models undergo rigorous quality control prior to being marketed. That did not happen.

According to the SEC, Moody’s did not establish a consistent or rigorous quality control process over the coding of the waterfall models. Nor were its engineers formally tested or evaluated prior to training, and written guidelines on suggested processes for quality control were considered only informal guidance. In mid-2009, Moody’s became aware of red flags that its waterfall models had errors and one of its engineers expressed concern about the accuracy of the waterfall models, commenting that one “cannot open a deal from the deal library [sic] with any confidence.”

Locking the barn door after…

The firm hired an independent consulting firm in the fall of 2009 to draft a “customer assurance report.” However, the report was never finalized and in a September 2009 email, one of the independent consulting firm’s engagement team noted, “On the surface, there appear to be decent control activities, but many are relatively informal and potentially incomplete.”

The SEC was not amused

According to Antonia Chion, Associate Director of the SEC’s Division of Enforcement, “Rating agencies play a critical role in our capital markets and need to have effective controls over their rating processes. As our order notes, the SEC put Moody’s on notice about its internal controls obligations yet it did not develop an effective process to ensure the accuracy of the models it relied upon when rating residential mortgage-backed securities.”

In the SEC’s order relating to rating symbols, for 26 ratings of securities known as “combo notes” with a total notional value of about $2 billion, Moody’s assigned ratings to combo notes in a manner that was inconsistent with other types of securities that used the same rating symbols.

“Investors expect and the law requires that symbols used by rating agencies be clearly defined and consistently applied,” added Reid Muoio, Deputy Chief of the Enforcement Division’s Complex Financial Instruments Unit. “Today’s proceeding is the SEC’s first enforcing the Universal Ratings Symbol requirement and we will continue to pursue failures that render rating symbols unclear or inconsistent.”

Bottom line, don’t just try to be compliant…BE compliant

The SEC didn’t care that Moody’s was trying to be compliant. It did care that red flags were insufficiently addressed and that the firm lacked sufficient oversight of processes and procedures. This is where Patrina can help. We’ve built a business on helping organizations stay on the “straight and narrow” efficiently and cost-effectively. So, let’s talk. Call 212-233-1155 to ask about Patrina’s cost-effective and comprehensive, 8-module compliance solution, and compliant data capture, file storage, and records archiving specifically designed for the financial services community. Be smart. Be covered.