Securitisation Regulation Update: Irish Regulations; Competent Authority; Reporting
As mentioned in our previous briefings, the new EU Securitisation Regulation became directly effective across the EU on 1 January 2019.
The related Irish Securitisation Regulations were published on 18 January 2019. They designate the Central Bank of Ireland as competent authority for the purposes of the EU Securitisation Regulation, and deal with the manner in which securitisations should be notified to the Central Bank.
The Central Bank has been designated as competent authority (save in respect of compliance by IORPs (institutions for occupation retirement provision) with the due diligence requirements of the EU Securitisation Regulation – the Pensions Authority is the competent authority for those purposes only).
By way of reminder, under the EU Securitisation Regulation, originators, sponsors, and securitisation special purpose entities (SSPEs) are required to make particular information available to, among others, competent authorities.
This includes information on underlying exposures, investor reports, and underlying documentation. In the case of private securitisations (i.e. securitisations where the relevant securities are not listed on an EU regulated market), it also includes a transaction summary or overview of the key features of the securitisation.
Securitisation repositories/websites (non-‘private’ securitisations)
Other than in respect of private securitisations, the originator, sponsor and SSPE must designate one of their number to be responsible for compliance with these reporting obligations and that designated entity must make the information available via a securitisation repository. However, to date, no securitisation repository has been registered with ESMA.
To cater for situations where a securitisation repository is not yet registered, the EU Securitisation Regulation provides that the information should instead be made available via a website that meets the following requirements:
- it includes a well-functioning data quality control system;
- it is subject to appropriate governance standards and has an adequate organisational structure that ensures the continuity and orderly functioning of the website;
- it is subject to appropriate systems, controls and procedures that identify all relevant sources of operational risk;
- it includes systems that ensure the protection and integrity of the information received and the prompt recording of the information; and
- it makes it possible to keep a record of the information for at least 5 years after the maturity date of the securitisation.
Bilateral Reporting (‘Private Securitisations’)
In respect of private securitisations, the option to report via a securitisation repository (or, in the absence of such a repository, via a website meeting the above requirements) is not available. In those cases, the information on underlying exposures, investor reports, and underlying documentation together with the required transaction summary or overview of the main features of a securitisation must be made available directly to, among others, the competent authority.
In the UK, the FCA and PRA issued a joint statement on reporting of private securitisations in December 2018, confirming how information in respect of private securitisations should be notified to them, and providing a notification template.
In Ireland, the Central Bank has not yet confirmed how, and in what format, it wants information reported to it in respect of private securitisations.
Notification obligation under the Irish Securitisation Regulations
The recently-published Irish Securitisation Regulations include a notification obligation on originators, sponsors and SSPEs in respect of all securitisations where there has been a first issue of securities after 1 January 2019:
- the notification must be made within 15 working days after the first issue of securities;
- the notification must include:
- the ISIN (International Securities Identification Number) of the securitisation;
- whether the notifying party is an originator, sponsor or SSPE;
- where the originator, sponsor and SSPE have been allowed to designated one of their number to comply with the reporting obligation, that entity’s name and address;
- whether the notifying party is a corporate or non-corporate entity; and
- the name, registered office, corporate status, and LEI (Legal Entity Identifier) of the notifying party and, to the extent that they are not the notifying party, the originator, sponsor and SSPE.
NB: The Central Bank has not yet provided details of how this notification is to be made. Until those details are available, we expect that those complying with the notification obligation will use the general Central Bank email address.
In respect of non-private securitisations, where the other reporting requirements i.e. information on underlying exposures, investor reports, and underlying documentation, must be met via a suitable website until at least one securitisation repository has registered with ESMA, we recommend that the 15-day notification to the Central Bank include details of that website.
In respect of private securitisations, while the above notification obligation under the Irish Securitisation Regulation applies equally to them, the Central Bank has also not yet confirmed whether it expects to receive a transaction summary or an overview of the main features of the securitisation, and it has not yet confirmed how that (and other required information) is to be made available to it.
Separately, the Irish Securitisation Regulations also deal with the powers of the Central Bank as competent authority. As expected, it has the power to:
- give directions to the originator, sponsor, SSPE, other original lender or any other person (e.g. to take particular actions in relation to a securitisation, or to cease a breach of the EU or Irish Securitisation Regulations);
- issue a contravention notice to an originator, sponsor, SSPE or other original lender to ensure compliance with, or to prevent a breach of, the EU or Irish Securitisation Regulations, or to direct that reporting errors or omissions be corrected;
- appoint an assessor to investigate a breach by a non-regulated entity of the EU or Irish Securitisation Regulations, and impose sanctions for such a breach (including monetary sanctions); and
- apply its Administrative Sanctions Procedure to any negligent or intentional contravention of the EU or Irish Securitisation Regulations by a regulated financial services provider.
Unless there is an overriding reason not to, the Central Bank is required to publish all decisions by it to impose a sanction for breach of the EU or Irish Securitisation Regulations.
Criminal sanctions may also be imposed for the provision of false or misleading information to the Central Bank under the EU or Irish Securitisation Regulations.
The publication of the Irish Securitisation Regulations provides clarity on the implementation of the securitisation regulatory framework in Ireland. We expect further information to become available in the coming months (at both Irish and EU levels) regarding the requirements and processes for meeting ongoing reporting obligations.
Our other briefings on the EU Securitisation Regulation:
- What you need to know about the new EU Securitisation Regulation
- Simple, Transparent and Standardised (STS) Securitisations: What you need to know
- Securitisation Regulation Update: Addressing Challenges
- Securitisation Regulation: Risk Retention Summary
- The Impact of the new Securitisation Regulation on UCITS and AIFMs