SEC finds deficiencies in credit rating processes of Fitch, Moody's and S&P.

A few weeks back, this blog had talked about a proposal by the SEC to regulate the credit rating industry. In addition to this proposal, the SEC today released the findings of an investigation into the rating procedures followed by by 3 major credit rating agencies (Fitch, S&P and Moody's). Some very disturbing facts have come to light at the conclusion of this investigation:

1.The SEC staff's examinations found that rating agencies struggled significantly with the increase in the number and complexity of subprime residential mortgage-backed securities (RMBS) and collateralized debt obligations (CDO) deals since 2002.

2. None of the rating agencies examined had specific written comprehensive procedures for rating RMBS and CDOs.

3. Significant aspects of the rating process were not always disclosed or even documented by the firms, and conflicts of interest were not always managed appropriately.

4. The internal audit processes followed at these firms varied substantially.Out of the 3 credit rating agencies, only one had adequate internal audit processes and management follow up. Out of the other 2, one had an inadequate one page check list kind of an audit that appeared inadequate and the other agency's internal audit resulted in plenty of critical findings but were never acted upon by the management.

5. Significant aspects of the ratings process were not always disclosed

6.The rating agencies did not always document significant steps in the ratings process - including the rationale for deviations from their models and for rating committee actions and decisions - and they did not always document significant participants in the ratings process.

The investigation also had access to emails and other communication between analysts at these firms. In one exchange, dated April 5, 2007, an analyst said the ratings model didn't capture "half" of the deal's risk but that "it could be structured by cows and we would rate it," according to the report.

With a virtual collapse of its internal control system(computer 'glitches', weak internal audits, conflicts of interest, inadequate documentation of the rating process coupled with zero public disclosure), it's a wonder there is even a shred of confidence left in the ratings produced by these three credit rating agencies. The SEC plans to take up a similar investigation for another seven agencies in the next few months.

SEC regulatory proposal for Credit Rating Agencies.

After a tumultous year or two in the financial markets, finally some regulatory action. In mid June, the SEC invited comments to a planned proposal to reduce the influence of credit rating agencies (CRA) in the financial markets. The central theme of such a proposal is 'to address concerns about the integrity of their credit rating procedures and methodologies in the light of the role they played in determining credit ratings for securities collateralized by or linked to subprime residential mortgages' No surprises there... Following the recent market turmoil (everybody's favorite phrase),the Senate Banking Committee held a hearing on the role of the credit rating agencies in the mortgage mess. They directed that the Securities and Exchange Commission (SEC) impose tough regulations on the rating industry.

The SEC plans to propose new rules that would be aimed at enhancing disclosure, comparability as well as provide more detailed information on the processes and methodologies behind the credit ratings. These rules would also add reporting requirements and address conflicts of interest that may arise in the structured products rating process.

According to the Wall Street Journal, the SEC will propose new rules that may 'diminish the importance of credit ratings in determining the amount of capital that investment banks are required to hold'. Floyd Norris of the New York Times, says that credit rating agencies are being made the scapegoats in a crisis that seems to have no end to it. Besides rating agencies, weak regulations that let borrowers with poor credit history borrow money are also to blame.

While that may be true, lets not forget Moody's credit rating 'computer glitches' reported by the Financial Times a few weeks back followed by a 'confession' by S&P reporting its own rating 'glitch'.

XBRL tagged financial reporting to be made mandatory.

The SEC has announced a proposal that would require all U.S. public companies that follow the U.S. Generally Accepted Accounting Principles, to provide financial information using the 'interactive data' format.Specifically, for companies whose market capitalization is more than $5 billion this requirement would become effective from fiscal years ending in late 2008 and the remaining companies would be expected to comply over the next two years. The first set of financial statements in the new format would be available to the public starting 2009.

The interactive financial data would be in the e(X)tensible Business Reporting Language (XBRL). XBRL is from the family of 'XML' languages. It is a language that is used for transmitting information.

Imagine if you were to download a company's annual report. The way things stand today, this data would be a block of text. However, using XBRL, computer tags would be attached to this data such that each individual financial information would have its own tag that is computer readable. For eg: inventories would have its own tag. A tag would serve the purpose of not only an identifier but also provide information on the tagged item such as whether it is a percentage, fraction or a monetary item. As a result, it would be possible to efficiently collect data from different business units (they may even have different accounting systems) and generate internal management reports as well regulatory filing reports such as financial statements. Instead of wasting effort and money over time consuming data entry, companies can simply validate the received XBRL data through available software and speed up their research and analysis of this data. XBRL tagged data would have particular use not only for companies looking to simplify their financial reporting process but also for analysts, researchers and lenders.

XBRL is a standard that is being adopted worldwide. The most important information- XBRL is free of cost and there are no license fees.Obviously, different XBRL taxonomies would be required for different financial reporting purposes as well as for different national jurisdictions.

The fact that SEC is making XBRL filings mandatory for U.S. public companies is a very important development for vendors of accounting software as well as for outsourced data processing companies. With XBRL tagged information easily available, the need to outsource data entry of financial information or the need to outsource the preparation of financial filings could potentially drop.

Sensitive Information Breach at Walter Reed Army Medical Center.

Sensitive information related to approximately 1000 patients has been breached at Walter Reed Army Medical Center and other military hospitals. Although the compromised information did not include health related information such as diagnosis, prognosis or medical records, information related to names, addresses, social security information and other data has been compromised. Walter Reed officials were informed of this breach on May 21st by an outside company. The details on how this breach occurred has not yet been disclosed.

Data security has been a critical issue for government organizations. In 2006, the Committee on Government Reform had issued a detailed report on the government agencies that had faced some kind of data breach between 2003 and 2006. According to that report, all 19 Departments and agencies reported at least one loss of personally identifiable information since January 2003.

Agency/Department- Number of data breach incidents between 2003 and 2006
Social Security Administration- 3
Office of Personnel Management- 3
Veteran Affairs- hundreds of security and privacy incidents
Treasury- 340 incidents involving loss or compromise of sensitive personal information
Transportation- 1
State- 1
Labor- 3
Justice- 2
Interior- 8
Housing and Urban Development- 1
Homeland Security- 6
Health and Human Services- 24
Energy- 7
Education- 41
Defense- 43
Commerce- 297
Agriculture- 8

The letters received by the Committee from these departments showed that, in many cases, agencies did not know what information had been lost or how many individuals could be impacted by a particular data loss. The report also pointed out that in many cases the private contractors that many federal government agencies had come to depend on especially for information management services were responsible for the data breaches.

Delisting: A solution to SOX woes...or not.

The current mortgage and overall credit market crisis can be partly attributed to the lack of adequate regulation. Even when regulation is put in place it is not always effective. The increasing number of disclosures related to write offs and losses that once seemingly invincible companies are making today ultimately point towards weak internal controls . The Sarbanes Oxley Act was put into place in order to prevent lapses in the internal control environment of a company that could potentially have an adverse impact on a company’s financial statements. There have been cases of companies exiting the U.S. stock exchanges only to rid themselves of the ‘high SOX compliance cost’. Recently, I talked to a senior employee of a foreign company who happened to mention that his company (of U.K. origin) was contemplating delisting from the stock exchange in the U.S., solely attributing this decision to the high cost of SOX compliance. Christian Leuz, an accounting professor at the University of Chicago’s Graduate School of Business found 484 firms that had delisted from a major U.S. exchange between 1998 and 2004. Out of the total companies that delisted, 370 delisted between 2002 and 2004. According to Leuz, not every delisting can be attributed to SOX, yet most companies have citied high SEC reporting costs as the primary motivator behind the delisting.

Basically, there are two ways in which a foreign company can get listed on any U.S. exchange.
1. They can issue shares by registering with the SEC thereby listing their shares either exclusively or primarily on U.S. exchanges.
2. A foreign company can issue an American Depository Receipt (ADR) backed by shares issued in their home country.

According to Steven Siesser, chairman of the Lowenstein Sandler’s specialty finance group, overseas companies are staying out of the U.S. stock market because of SOX related concerns citing high compliance costs, officer liabilities and burdensome internal control requirements.

However, a deeply contrary view has been presented in a paper by a group of researchers from Northwestern University, The Chinese University of Hong Kong, USC and the University of Massachusetts. Their research indicated that foreign companies that ultimately delisted from the U.S. stock exchanges had weak governance characteristics to begin with. Good governance is measured by the number of independent directors on the board, nature of their shareholding, segregation of voting and ownership rights. They have also concluded through their analysis that foreign companies that delisted from the U.S. stock exchanges ultimately suffered a sharper decline in their share price. Shareholders perceived compliance with SOX as a form of an enhanced investor protection tool. A direct result of delisting was a sharper decline in their share price given the negative perception that the delisting had in the minds of their shareholders. This ultimately lends credence to the theory that if the delisting from U.S. stock exchanges was motivated by cost considerations (i.e. increased SOX compliance) there would have been an expected price increase as a result of the delisting and not the opposite effect.

The authors of this paper were also driven to conclude that the delisting decision was driven to a larger extent by the controlling manager’s or controlling shareholders desire to protect their interests that would not have been possible due to the internal control requirements that SOX stipulated. Their research indicates that U.S. capital markets have not lost their competitiveness due to large SOX compliance costs but possibly due to SOX requirements that take away sole control from ‘corporate insiders’.

Please feel free to send in your comments on this post and thoughts on delisting as a way to get away from SOX.