The EU has established a new regulatory framework to consolidate the disparate pieces of legislation governing European securitisations. The overall objective of the EU’s legislative reform is to promote a safe, deep, liquid, and robust market for securitisation, which is able to attract a broader and more stable investor base to help allocate finance to where it is most needed in the economy. The new legislative package is comprised of:
- Regulation (EU) 2017/2402 (the “Securitisation Regulation”);
- Regulation (EU) 2017/2401 (the “CRR Amendment Legislation” and together with the “Securitisation Regulation” the “Updated Risk Retention Rules”); and
- The European Banking Authority’s (“EBA”) final draft regulatory technical standards for originators, sponsors and original lenders relating to risk retention issued on 31 July 2018 (the “Draft RTS”).
What’s Changed for Investors?
As from 1 January 2019, an “institutional investor” will have to comply with indirect risk retention obligations set down under the Securitisation Regulation. The definition of “institutional investor” to which the Securitisation Regulation will apply includes the usual suspects, namely credit institutions, insurance companies and EU alternative investment fund managers (“AIFMs”). The key change from 1 January 2019 is the applicability of the Updated Risk Retention Rules to the following investor classes which have not, until now, been subject to any risk retention obligations:
- undertakings for the collective investment in transferable securities (“UCITS”);
- institutions for occupational retirement provision (“IORPs”) or their appointed investment manager; and
- §non-EU AIFMs that market alternative investment funds (“AIFs”) into the EU.
The existing risk retention requirements laid down in various pieces of sectoral legislation will be repealed and replaced by the Securitisation Regulation, which provides that “institutional investors” can only hold an “exposure to a securitisation” where “the originator, sponsor or original lender retains [5% of that securitisation]”). This is the headline risk retention compliance obligation that, save making the rules directly applicable to the originator etc, has not been changed significantly by the Updated Risk Retention Rules (and in any event has been looked at very closely by the ABS market so is not the focus of this note).
As with the other principles of risk retention, the varied due diligence requirements laid down in various pieces of sectoral legislation will be consolidated into a framework by the Updated Risk Retention Rules. The new framework will require institutional investors to:
- Carry out due-diligence assessments prior to holding a securitisation position, to enable it to assess the risk involved. The Securitisation Regulation sets out specific factors that must be considered as part of this risk assessment, which include risk characteristics of the securitisation itself, structural features of the securitisations, and compliance with the simple, transparent and standardised (“STS”) criteria with regards to securitisations designated as STS; and
- Adopt compliance measures for the duration of the holding of the securitisation position, which include the requirement to establish written procedures to monitor the performance of the securitisation, ensure that internal reporting processes are implemented, and be able to demonstrate to the regulator that they have a comprehensive understanding of their securitisation positions.
While there is no formulaic solution that should replace old fashioned tyre-kicking due diligence, affected investors have been introducing template checklists which they can use to ensure formal compliance with the new framework.
What Will Be Affected?
Exposure to a securitisation will trigger the obligations described above on an institutional investor, which then begs the question what the terms “securitisation” and “exposure” mean.
A “securitisation” is defined as:
“a transaction or scheme, whereby credit risk associated with an exposure or a pool of exposures is tranched, having all of the following characteristics:
- payments in the transaction or scheme are dependent upon the performance of the exposure or of the pool of exposures; and
- the subordination of tranches determines the distribution of losses during the on-going life of the transaction or scheme...”
It is clear from the definition that classic securitisations (i.e. pools of loans that are delivered to different types of investors in different credit tranches such as CLOs, RMBS and CMBS) will be caught. There are, however, a number of structures that are commonly described as “securitisations” or as “asset backed securities” that, by reason of their structure, may not constitute “securitisations” for the purposes of the Securitisation Regulation. Such structures are likely to include: agency collateralised mortgage obligations; agency pass-through securities (e.g. Fannie Mae and Freddie Mac); some whole business securitisations; single tranche SPV note issuances; and credit linked notes.
The question of whether an investor will need to “look-through” largely depends on the interpretation of “exposure” in the context of the Securitisation Regulation. Significantly and perhaps deliberately, “exposure” is not defined. There is, however, some discussion about liquidity providers and credit derivative counterparties to securitisations being “exposed” to those securitisations in the Draft RTS. In addition, the Securitisation Regulation implicitly draws a distinction between “investment” and “exposure” as being different, but without any clarity about the qualities that would make an indirect investment an “exposure”—if for example you have no control of that indirect investment, it would be hard to conclude that it amounts to an “exposure”: not because logically that would not make sense but because it would be impractical.
The lack of guidance to date, at an EU level, as to the meaning of “exposure” in this context indicates that the authorities are unwilling to define how deep investors must drill when establishing whether their indirect holdings of securitisation positions are caught by risk retention requirements. This is not helpful to affected market participants but may have been intentional as a way of allowing the regulators a certain amount of flexibility as to how they will seek to regulate those holding securitisation positions.
There are a number of legislative and regulatory interpretations of “exposure” that could shed light on its meaning and how broadly the spectrum of “exposure” should be interpreted in this Securitisation Regulation context. In summary, we believe that it would be reasonable to follow the basic principles established under the UCITS Eligible Assets Directive and the principles that have developed under this Directive which allow a line to be drawn in relation to indirect investment (exposure) to assets that might otherwise be ineligible under UCITS.
Impact of the Risk Retention Obligations on Current Securitisation Holdings
The Securitisation Regulation stipulates that “where [UCITS] are exposed to a securitisation that no longer meets the requirements provided for in the [Securitisation Regulation], they shall, in the best interest of the investors in the relevant UCITS, act and take corrective action”.
We do not believe the Securitisation Regulation to be prescriptive as to the corrective action the UCITS exposed to a non-compliant securitisation must take, which creates ambiguity as to the level of action required by a UCITS fund in relation to its legacy non-compliant securitisation positions. Note the contradiction in the apparent obligation to act (i.e. sell the offending position) but also to act in the best interests of investors (whose interests may not be best served by a sale).
The general position is that these requirements will apply to all securitisations which are issued on or after 1 January 2019. Existing sectoral due diligence requirements will continue to apply to specific categories of “institutional investor” (but not UCITS). This creates an interesting position for UCITS, which are not currently subject to the same due diligence requirements as other “institutional investors”.
While we do not believe that the market has determined a standard response our view is that, in practice, as at 1 January 2019, a UCITS should not be required to sell its non-compliant securitisation holdings (or consider selling—taking “corrective action” in relation to—those holdings). After 1 January 2019, a UCITS should also be able to purchase non-compliant securitisations that were issued before 1 January 2019, but cannot purchase non-compliant securitisations issued after 1 January 2019. Should a formerly compliant securitisation cease to be compliant after 1 January 2019, then the UCITS fund will be obliged to consider “corrective action”.
While IORPs will, from January 2019, also be subject to a general requirement to implement risk management controls that cover investment in securitisations under the IORPS II Directive, the Securitisation Regulation will impose more onerous requirements by way of the Updated Risk Retention Rules. Interestingly, any “investment manager or an authorised entity appointed by the [IORP] under Article 32 of the [IORP II Directive]” will also be caught by the definition of “institutional investor”, and so will also be subject to the Updated Risk Retention Rules. This essentially means that an investment manager appointed by an IORP will also be bound into that IORP’s compliance with the Updated Risk Retention Rules. We do not think, however, that this means an investment manager would be liable for an IORP’s compliance if the IORP has invested (either at its own or at another Article 32 manager’s direction) in a fund or other vehicle managed by a separate investment manager that is not directly contracted to the IORP.
In addition, the Securitisation Regulation is silent as to whether “corrective action” will need to be taken so the position on IORPs holding non-compliant securitisations is perhaps even more unclear than is the case with UCITS. That said, the options for UCITS set out above are likely to be as applicable for IORPs.
Under the Securitisation Regulation the definition of “institutional investor” will also now include: “an [AIFM] defined in point (b) of Article 4(1) of [AIFMD] that manages and/or markets alternative investment funds in the Union” (our emphasis).
This expands the scope of the existing sectoral legislation (i.e. AIFMD and the Level 2 Delegated Regulation) in that the Updated Risk Retention Rules seem now to apply to AIFMs which have not opted into the full AIFMD and non-EU AIFMs which manage and/or market AIFs into the EU. This is a significant development as prior to 1 January 2019 only authorised AIFMs were in scope and only EU AIFMS are able to be authorised.
The immediate consequence, as from 1 January 2019, is that existing AIFs that hold non-compliant ABS should cease any marketing into the EEA and that those non-EEA managers with ambitions to launch AIFs that will hold any non-compliant ABS should either not attempt to market their offerings into the EEA or consider structural solutions to ensure that their AIFs are compliant. However, as a result of the transitional provisions, it is our view that were a non-EU AIFM to market a non-EU AIF in the EU after 1 January 2019 that was committed to only purchasing securitisations (including non-compliant securitisations) issued before that date then in theory such an AIFM would not be required to be compliant with the Updated Risk Retention Rules.
Perhaps the most anomalous consequence of this expanded definition is that on a strict reading, a non-EU AIFM appears to be caught if it markets a single AIF into the EU. In other words, a non-EU AIFM will bring its entire portfolio of AIFs within the scope of the Updated Risk Retention Rules by virtue of marketing a single AIF into the EU (and, bizarrely, a single AIF that holds no ABS at all). While it is not clear whether this was the intention of the legislator, it is clear that such an extension would have far-reaching consequences if the Updated Risk Retention Rules could be enforced against non-EU AIFMs for AIFs that are not managed or marketed into the EU. In reality, it is difficult to see how the regulator would regulate or supervise this extra-territorial application of the rules and, in practice, it is unlikely that EU regulators will pursue this angle; we hope that guidance will be issued at an EU level to clarify the position.
A further consequence of this expanded reach might be that we see a notable decrease in AIFMs registering under the national private placement regime (“NPPR”) in order to market into EU jurisdictions (in light of the fact that non-EU AIFMs have until now largely registered under the NPPR on the basis they were not caught by the risk retention rules).
While the Updated Risk Retention Rules might have been more clearly drafted, the basic principles are now reasonably well established and should make a number of participants in the ABS market ranging from UCITS and non-EU AIFs that invest in U.S. ABS through U.S. arrangers that sell ABS in the EU, sit up and take notice of its effects. In each case, it is clear that the newly affected “institutional investors” should be considering the establishment of a long term plan in order to manage their on-going compliance risk vis-à-vis the Updated Risk Retention Rules.
 Article 2 (12) Securitisation Regulation.
 That falls within scope of the Directive (EU) 2016/2341.
 Note that the definition adds “[any] investment manager” appointed by the IORP under Article 32 of the IORP II Directive; this essentially means that the IORP’s asset manager could also be bound into that IORP’s compliance with the Securitisation Regulation—but should not mean that such an asset manager would potentially be liable for that IORP’s compliance if the IORP has invested (at its own or an Article 32 manager’s direction) in a fund or other vehicle managed by that asset manager.
 Article 5 (d) Securitisation Regulation.
 Article 5 (c) Securitisation Regulation.
 Recital 9 Securitisation Regulation.
 The FCA Glossary, the CRR and the Solvency II Delegated Regulation all address “exposure” in slightly different ways and are not satisfactory for the purposes of the Securitisation Regulation.
 EU Directive 2007/16/EC.
 Article 38 Securitisation Regulation amending Article 50a of the UCITS IV Directive 2009/65/EC.
 Article 43 (1) Securitisation Regulation.
 Member states must implement the IORPS II Directive into national law by 13 January 2019.
 Article 2 (12) Securitisation Regulation.