Holding ABS Is Still Tricky: The EU Securitisation Regulation and its U.K. Equivalent


Nearly two years ago, we wrote a Stay Current[1] highlighting the Securitisation Regulation’s[2]impact on the ability of investors to hold asset backed securities as from its implementation date of 1 January 2019. Since that time, the U.K. has formally left the European Union and adopted and adapted EU law into U.K. law, such that, as from ‘exit day’[3] and assuming no extension to the transition period, the substance of the Securitisation Regulation will become U.K. law[4]. This note seeks to recap on these issues and look at how these restrictions are working out.


The Securitisation Regulation established a new regulatory framework to consolidate the disparate pieces of legislation governing European securitisations. The overall objective of the EU’s legislative reform purports to promote a safe, deep, liquid, and robust market for securitisation, which is able to attract a broader and more stable investor base to help allocate finance to where it is most needed in the economy. The legislative package is comprised of:

  1. Regulation (EU) 2017/2402 (the “Securitisation Regulation”);
  2. Regulation (EU) 2017/2401 (the “CRR Amendment Legislation” and together with the “Securitisation Regulation” the “Updated Risk Retention Rules”); and
  3. The European Banking Authority’s (“EBA”) final draft regulatory technical standards for originators, sponsors and original lenders relating to risk retention issued on 31 July 2018 (the “Draft RTS”).[5]

What Changed for Investors?


Prior to 1 January 2019, EU credit institutions, insurance and reinsurance companies, as well as EU AIFMs and EU AIFs were obliged in their capacity as investors to comply with certain risk retention requirements in connection with their investing in certain types of asset backed securities (“ABS”) that met the criteria of the Securitisation Regulation’s definition of “securitisation”. These risk retention obligations, that were previously covered by different EU legislation for the different types of investor[6], were brought together under this new Regulation and, as from 1 January 2019, the class of “institutional investor”[7] that would be required to comply with indirect risk retention obligations set down under the Securitisation Regulation was expanded so that all of the following investor classes are subject to any risk retention obligations (with those in italics below covered since 1 January 2019 only):

  • EU credit institutions;
  • EU investment firms;
  • EU insurance and reinsurance companies;
  • EU AIFMs;
  • Undertakings for the collective investment in transferable securities (“UCITS”);
  • Institutions for occupational retirement provision (“IORPs”)[8] or their appointed investment manager[9]; and
  • Non-EU AIFMs that market alternative investment funds (“AIFs”) into the EU.

Risk Retention

The Updated Risk Retention Rules homogenised the previously disparate risk retention obligations and provide that “institutional investors” can only hold an “exposure to a securitisation” where “the originator, sponsor or original lender retains [5% of that securitisation]”).[10] This is the headline risk retention compliance obligation that makes risk retention directly applicable to the originator etc., and (since this applicability has been looked at very closely by the ABS market) is not the focus of this note. This note focuses on the obligations imposed on the institutional investors.

Due Diligence

As with the other principles of risk retention, the varied due diligence requirements laid down in the previous and various pieces of sectoral legislation were consolidated into a framework by the Updated Risk Retention Rules. This framework requires “institutional investors” to:

  • Carry out due diligence assessments prior to holding a securitisation position, to enable it to assess the risk involved. The Securitisation Regulation sets out specific factors that must be considered as part of this risk assessment, which include risk characteristics of the securitisation itself, structural features of the securitisations, and compliance with the simple, transparent and standardised (“STS”) criteria with regards to securitisations designated as STS; and
  • Adopt compliance measures for the duration of the holding of the securitisation position, which include the requirement to establish written procedures to monitor the performance of the securitisation, ensure that internal reporting processes are implemented, and be able to demonstrate to the regulator that they have a comprehensive understanding of their securitisation positions.

While there is no formulaic solution that should replace tyre-kicking due diligence, affected investors are required to and have been introducing template checklists (the “written procedures” under Article 5(4) of the Securitisation Regulation) which they can use to ensure formal compliance with the new framework and so as to be able “to demonstrate to its competent authorities, upon request, that it has a comprehensive and thorough understanding of the securitisation position and its underlying exposures”.[11]

What Is Affected?

Exposure to a securitisation triggers the obligations described above on an institutional investor, which then begs the question what the terms “securitisation” and “exposure” mean.


A “securitisation” is defined as:

“a transaction or scheme, whereby credit risk associated with an exposure or a pool of exposures is tranched, having all of the following characteristics:

  • Payments in the transaction or scheme are dependent upon the performance of the exposure or of the pool of exposures;
  • The subordination of tranches determines the distribution of losses during the on-going life of the transaction or scheme; and
  • The transaction or scheme does not create exposures which possess all of the characteristics listed in Article 147(8) of Regulation (EU) No 575/2013”.[12]

It is clear from the definition that classic securitisations (i.e. pools of loans that are delivered to different types of investors in different credit tranches such as CLOs, RMBS and CMBS) are invariably captured. There are, however, a number of structures that are commonly described as “securitisations” or as “asset backed securities” that, by reason of their structure, may not constitute “securitisations” for the purposes of the Securitisation Regulation. Such structures are likely to include: agency collateralised mortgage obligations; agency pass-through securities (e.g. Fannie Mae and Freddie Mac); some whole business securitisations; single tranche SPV note issuances; and credit-linked notes. In particular, “physical asset securitisations” are exempted by reason of the third limb of the definition of “securitisation”.[13]


The obligation in relation to institutional investors applies where there is “exposure to a securitisation”. Significantly and perhaps deliberately, “exposure” is not defined leaving the institutional investor to consider whether it needs to “look-through” at indirect holdings of “securitisations”. In addition, the Securitisation Regulation implicitly draws a distinction between “investment” and “exposure” as being different[14] making it difficult to argue plausibly that “exposure” only means direct investment.

There are a number of legislative and regulatory interpretations of “exposure” that could shed light on its meaning and how broadly the spectrum of “exposure” should be interpreted in this Securitisation Regulation context.[15] In addition there has been a fair amount of industry discussion about whether, for example, there is a de minimis amount of non-compliant securitisations to which an “institutional investor” can be exposed on an indirect basis.[16] We believe that there are a number of conclusions to be drawn in relation to indirect holdings of “securitisations” by “institutional investors”:

  • Where the “institutional investor” is in receipt of regulatory reporting[17]that impacts their regulatory capital requirements and that investor can see their indirect holding of investments on a line-by-line basis, it will likely be difficult for such an investor to maintain that it is not “exposed” to those investments;
  • Where an “institutional investor” has some form of control over the indirect investment in non-compliant “securitisations” (because, for example, an EU AIF is investing in an exempt AIF that is managed by the same group) that too will be difficult to maintain is not an “exposure”; we believe that a threshold approach (see footnote 16) is likely to be most plausible where the investment is made in funds whose investment objective is not for example non-compliant “securitisations” and where the in-scope AIF’s manager has no form of control over the secondary fund; and
  • In the case of UCITS, while it remains the case that there has been no formal guidance on the topic and while it might be reasonable to follow the basic principles established under the UCITS Eligible Assets Directive[18](that have developed under this Directive which allow a line to be drawn in relation to indirect investment (exposure) to assets that might otherwise be ineligible under UCITS), this does not appear to be consistently applied in relation to indirectly held non-compliant securitisations.[19]

Impact of the Risk Retention Obligations on Pre- 2019 Securitisation Holdings

As set out in the previous note, there are some transitional arrangements for the “institutional investor” introduced by the Securitisation Regulation in relation to securitisations issued prior to 1 January 2019; and those new classes of “institutional investor” are provided with a “corrective action” roadmap (for inadvertent acquisition of non-compliant securitisations).

Other Observations


While IORPs have, since January 2019, also been subject to a general requirement to implement risk management controls that cover investment in securitisations under the IORPS II Directive, the Securitisation Regulation has also imposed these specific risk retention obligations. Reflecting the fact that most investment activity conducted by IORPs is outsourced, the Securitisation Regulation provides that any “investment manager or an authorised entity appointed by the [IORP] under Article 32 of the [IORP II Directive]” fall into the definition of “institutional investor”, and so will also be subject to the Updated Risk Retention Rules. This essentially means that an investment manager appointed by an IORP may also be bound into that IORP’s compliance with the Updated Risk Retention Rules. We do not think, however, that this means an investment manager would be liable for an IORP’s compliance if the IORP has invested (either at its own or at another Article 32 manager’s direction) in a fund or other vehicle managed by a separate investment manager that is not directly contracted to the IORP.

In addition, the Securitisation Regulation is silent as to whether “corrective action” needs to be taken by this class of institutional investor when it may come into possession of a non-compliant securitisation and/or whether there may be sanctions imposed on IORPs holding non-compliant securitisations.


Under the Securitisation Regulation the definition of “institutional investor” also now includes: “an [AIFM] defined in point (b) of Article 4(1) of [AIFMD] that manages and/or markets alternative investment funds in the Union[20] (our emphasis).

This expanded the scope of the existing sectoral legislation (i.e. AIFMD and the Level 2 Delegated Regulation) in that the Updated Risk Retention Rules now apply to AIFMs which have not opted into the full AIFMD and non-EU AIFMs which manage and/or market AIFs into the EU.

The result of this has been that non-EU AIFs that may or can hold non-compliant ABS have generally ceased any marketing into the EEA and that non-EEA managers with ambitions to launch AIFs that will hold any non-compliant ABS are not attempting to market their offerings into the EEA or are considering structural solutions to ensure that their AIFs are compliant. In theory, such entities can rely on “reverse solicitation” but, should another EU institutional investor find itself invested in a fund based outside of the EU that has not been marketed into the EEA, that “institutional investor” may still be required to consider whether it is exposed to any non-compliant securitisations in breach of the Updated Risk Retention Rules.

In our previous note on this topic, we drew attention to the most anomalous consequence of the Securitisation Regulation’s expanded definition of AIFs as institutional investors that on a strict reading, brings a non-EU AIFM’s entire portfolio of AIFs within the scope of the Updated Risk Retention Rules by virtue of marketing a single AIF into the EU (and, bizarrely, a single AIF that holds no ABS at all). The market generally considers that this was not intended and will be clarified; to that end, in November 2018 AIMA sought to persuade ESMA to issue guidance clarifying this point but, more than eighteen months on, is yet to receive a reply.

Next Steps/Conclusion

There are clearly a number of areas that remain unclear or are unsatisfactory in relation to an institutional investor’s engagement with the Securitisation Regulation and these Updated Risk Retention Rules (in particular, the meaning of “exposure” and the breadth of applicability to AIFMs), the basic principles are now reasonably well established and have generally made all EU institutional investor participants in the ABS market take notice of its effects and seek more effectively to manage their holdings of securitisations if only by way of on-going and additional compliance focus on this investment class.

1 “Why Holding ABS Just Got Trickier: The EU Securitisation Regulation’s Impact on EU and Non-EU Investors”.

2   Regulation (EU) 2017/2402 (the “Securitisation Regulation”).

3  1 January 2021.

4  The Securitisation (Amendment) (EU Exit) Regulations 2019.

5  Notwithstanding that this RTS was issued nearly two years ago it remains in draft form. Although this Draft RTS has not been transformed into a final form (and there is no evidence of any regulatory will to do so any time soon), the market has come to rely on the added colour it provides in relation to the Securitisation Regulation.

6 Regulation (EU) no. 575/2013 (the “Capital Requirements Regulation”) for credit institutions and investment firms, Directive 2009/138/EC (the “Solvency II Directive”) for insurance and reinsurance companies, and Directive 2011/61/EU foe EU AIFMs and AIFs.

7 Article 2(12) of the Securitisation Regulation defines “institutional investors” as further described in this paragraph. Note that the definition is problematic particularly in relation to the applicability of risk retention obligations to AIFMs and AIFs wherever located—whereas the Securitisation Regulation appears to have effectively (and inadvertently) exempted AIFs from these risk retention obligations, this note assumes the consensus position that AIF investors should be treated as “institutional investors”.

8 That falls within scope of the Directive (EU) 2016/2341.

9 Note that the definition adds “[any] investment manager” appointed by the IORP under Article 32 of the IORP II Directive; this essentially means that the IORP’s asset manager could also be bound into that IORP’s compliance with the Securitisation Regulation—but should not mean that such an asset manager would potentially be liable for that IORP’s compliance if the IORP has invested (at its own or an Article 32 manager’s direction) in a fund or other vehicle managed by that asset manager.

10 Article 5 (d) Securitisation Regulation.

11 Article 5(4)(e) of the Securitisation Regulation.

12 Article 2(1) of the Securitisation Regulation.

13 This exemption is somewhat convoluted but, in essence, boils down to a structure that might otherwise being a “securitisation” being exempt if it does not possess all of the following characteristics: (1) The issuer was created specifically to finance or operate physical assets or economically comparable exposures; (2) The contractual arrangements give one or more investors a substantial degree of control over the underlying obligations and their income; and (3) The primary source of repayment of the investment is the income generated by the underlying obligations, rather than a broader commercial enterprise.

14 Recital 9 Securitisation Regulation.

15 The FCA Glossary, the CRR and the Solvency II Delegated Regulation all address “exposure” in slightly different ways and are not satisfactory for the purposes of the Securitisation Regulation. .

16 The threshold (for a fund) is variously discussed as being between 5-25 per cent. of a fund’s net asset value. There is no legal basis for any such threshold.

17 That is, “CRR/Solvency II reporting” provided to credit institutions and insurance companies.

18 EU Directive 2007/16/EC.

19 It has long been market practice in the UCITS context that the acquisition of CLO securities was permissible notwithstanding that the underlying assets (loans) of a CLO are ineligible to be held directly by a UCITS; however, in relation to compliance with the Securitisation Regulation, market practice seems to require that UCITS avoid indirect exposure to non-compliant securitisations (for example by holding U.S. fund investments that may contain some non-compliant securitisations).

20 Article 2 (12) Securitisation Regulation.

Click here for a PDF of the full text