On 1 January 2019, the new EU framework for securitisations became directly applicable in EU member states. The core instrument of this new regime is Regulation (EU) 2017/2402, also known as the EU Securitisation Regulation.
As of 1 January 2019, the European Union (General Framework for Securitisation and Specific Framework for Simple, Transparent and Standardised Securitisation) Regulations 2018 (S.I. No. 656 of 2018) (the Irish Securitisation Regulations) also came into operation.
Of particular note under the Irish Securitisation Regulations, is the fact that:
- The Central Bank of Ireland is appointed as the ‘competent authority’ responsible, in most instances, for ensuring compliance with the EU Securitisation Regulation in Ireland.
- Supplemental notification requirements were imposed on originators, sponsors and Securitisation Special Purpose Entities (SSPEs) for securitisations making their first issuance after 1 January 2019.
- Detailed criminal and administrative sanctions were outlined in case of contravention of both the EU and Irish regulations.
Competent authority
The Irish Securitisation Regulations designate the Central Bank as the competent authority in most instances. As such, the Central Bank is responsible for carrying out the functions referred to in the EU Securitisation Regulation. These relate to ensuring compliance with the EU Securitisation Regulation’s requirements in respect of:
- Due diligence.
- Risk retention.
- Transparency and disclosure.
- Credit granting criteria.
- The ban on resecuritisation.
In relation to institutions for occupational retirement provision, it is the Pensions Authority that is the competent authority for ensuring compliance with due diligence requirements.
To date, the Central Bank has only published very limited guidance on the EU Securitisation Regulation in its role as a competent authority. In this regard, it has stated that:
“any entity acting as an institutional investor, originator, sponsor, original lender or SSPE should be prepared to evidence the arrangements, processes and mechanisms it has in place to ensure compliance with all relevant requirements of the EU Securitisation Regulation.”
Notification and disclosure requirements
The Irish Securitisation Regulations impose an obligation on originators, sponsors and SSPEs to notify specified information to the Central Bank for securitisations making their first issuance after 1 January 2019. These obligations are additional to the disclosure requirements in Article 7 of the EU Securitisation Regulation.
The notification must be made within 15 working days from the issue of securities in the SSPE and must include:
- The International Securities Identification Number of the securitisation.
- Whether the notifying party is an originator, sponsor or SSPE.
- The name and registered address of the person required to comply with a requirement under the EU Securitisation Regulation where it provides a discretion as to who (the originator, sponsor or SSPE) should comply with that requirement.
- The name, registered office, corporate status, and Legal Entity Identifier of the notifying party and the originator, sponsor and SSPE, except where any of those entities is the notifying party.
On its website, the Central Bank sets out how the notifications must be made to it in practice.
Implementing measures
In relation to the disclosure requirements in Article 7 of the EU Securitisation Regulation, there is some doubt as to how to comply with these in practice, particularly in relation to private securitisations. A private securitisation is one for which a prospectus is not required in accordance with the EU’s prospectus regime.
The European Securities and Markets Authority (ESMA) is mandated to produce a set of draft regulatory and implementing technical standards (RTS and ITS) which will specify the details and provide templates for the disclosures. Drafts of these have been prepared and, while progressing, are not finalised or in effect yet. In the interim, originators, sponsors and SSPEs should use the templates in Delegated Regulation 2015/3 (designed for the Credit Rating Agency Regulation 1060/2009) for the purpose of making the required disclosures.
In the UK, their implementing regulation specifies that all UK established originators, sponsors or SSPEs of a private securitisation must provide the information set out in Article 7(1) of the EU Securitisation Regulation to the competent authorities in that jurisdiction (i.e. the FCA and the PRA) in such a manner as they may direct.
The FCA and PRA published a joint statement in December 2018 which directs that the full set of information must only be made available to the UK competent authorities on request. This approach appears to soften the requirement set out in Article 7(1).
In Ireland, the Irish Securitisation Regulations are silent on how the disclosure requirements must be addressed in practice. This is in contrast to the UK position. It remains to be seen if the Central Bank will take the same approach for private securitisations in Ireland.
Sanctions and enforcement by the Central Bank
The Irish Securitisation Regulations build on the EU Securitisation Regulation by detailing the powers of the Central Bank regarding enforcement and the imposition of sanctions in cases of breach.
Contravention notices
The Irish Securitisation Regulations specify that the Central Bank has the power to issue a contravention notice to an originator, sponsor, original lender or SSPE for the purpose of ensuring compliance with, or preventing an infringement of, the EU or Irish regulations. The Central Bank may also issue a similar notice to direct resubmission of details that are considered erroneous or incomplete and which had originally been made available to the securitisation repository
Enforcement in relation to financial service providers
The Central Bank may appoint an assessor to investigate a contravention of the EU or Irish regulations, and impose sanctions for a breach. Sanctions for an adverse assessment include:
- An order to cease and desist from repetition of the contravening conduct.
- A public statement identifying the entity responsible and the nature of the breach.
- A restriction on any person who is responsible for a prescribed contravention, from exercising management functions in an originator, sponsor or SSPE.
- The imposition of financial penalties.
For regulated financial service providers, sanction pursuant to the Central Bank’s Administrative Sanctions Procedure is also an option.
In applying the sanctions, the Central Bank must consider the extent to which the breach is intentional or results from negligence. Criminal sanctions may also be imposed where false or misleading information is provided to the Central Bank under the EU or Irish regulations.
Conclusion
The publication of the Irish Securitisation Regulations is a welcome development for securitisations and participants in Ireland. It provides some detail on the implementation of the EU’s new regulatory framework and the sanctions that can result from a contravention. To date, the Central Bank has not issued much guidance on how it will operate in its role as a designated competent authority. However, more detail is expected in due course.
For more information on the impact of the Irish Regulations on any contemplated securitisations activity, please contact a member of our Debt Capital Markets & Structured Finance team.
The content of this article is provided for information purposes only and does not constitute legal or other advice.
