Skip to main content

The SEC’s Office of Credit Ratings and NRSRO Regulation: Past, Present, and Future

Jessica Kane
Director, Office of Credit Ratings

Las Vegas, NV

Feb. 24, 2020

Good morning.  Thank you, Kristi, for the kind introduction and for the invitation to join you here today.[1]

I’m pleased to speak to you about the work that the SEC’s Office of Credit Ratings or “OCR” has been doing in an area of critical importance to the financial markets—that is, the regulation of credit rating agencies.  The credit rating agencies we regulate are those that register with the Commission as nationally recognized statistical rating organizations, or “NRSROs”.

Before I continue, I would like to provide the standard SEC disclaimer that the views I express today are my own and do not necessarily reflect those of the Commission, any of the Commissioners, or any of my colleagues on the staff of the Commission.


Although credit rating agencies have existed for over a century, NRSRO regulation is relatively new.  Congress first authorized the Commission to establish a voluntary registration and oversight program for rating agencies in the Credit Rating Agency Reform Act of 2006.[2]

Not long after the 2006 Act, a financial crisis of a magnitude not seen for generations intervened and led to the adoption of the Dodd-Frank Act in 2010.[3]

Rating agencies were a prime focus of Dodd-Frank, having come under criticism for the integrity of their ratings in the run-up to the crisis.  A Senate report on Dodd-Frank attributed their errors to conflicts of interest in the process of rating complex structured securities as well as overreliance on mathematical risk models based on inadequate data.[4]  Congress found that credit rating agencies play a “gatekeeper” role in the debt market, and increased public oversight and accountability was thereby warranted.[5]  As a result, Dodd-Frank mandated the creation of OCR and increased regulatory focus on NRSROs.

Much has changed in the financial markets and at the NRSROs since Dodd-Frank’s passage nearly a decade ago.  Yet through all these changes, the demand for accurate, reliable, and widely disseminated credit ratings has remained a constant feature of our debt markets.

The Commission is actively engaged in oversight of NRSROs.  This work is making a difference.  It is leading to meaningful changes in conduct by the entities and individuals OCR oversees, and has resulted in structural improvements by NRSROs in internal controls, governance, and policies and procedures that bolster regulatory compliance.  We are, however, mindful that we must be ever vigilant.

Today I would like to share with you my perspective on OCR’s impact in regulating NRSROs and our work to ensure that NRSROs build strong internal compliance programs and improve rating agency conduct for the protection of investors and the securities markets.  I will share some observations about trends in compliance by NRSROs over the past nine years, and the importance of OCR’s risk assessment function to current and future NRSRO regulation.  I will also update you on the Commission’s recent NRSRO rulemaking and welcome your input to help inform OCR’s response to a Commission directive.  Lastly, I will be looking ahead to the future of OCR and NRSRO regulation. 

NRSRO Regulatory Framework

Before I describe the specific work of OCR, I thought it would be useful to briefly describe the regulatory framework that OCR oversees.

As I mentioned earlier, the 2006 Act and the Dodd-Frank Act form the cornerstone of NRSRO regulation by statute.  Both Acts authorized and directed the Commission to implement rules concerning NRSROs.

At the heart of the regulation is a view that effective internal control structures, good governance, transparency, and robust disclosures will promote greater integrity in the rating process, mitigate potential conflicts of interest, enhance ratings quality, and foster greater accountability by rating agencies for their ratings.

An additional regulatory objective is competition among NRSROs.  The 2006 Act includes Congress’ finding that additional NRSRO competition is in the public interest.  The registration system, favoring no particular business model, was intended to enhance competition and provide investors with more choices, higher quality ratings, and lower costs.[6]

I want to note one important aspect of the regulatory framework. Under the statutes, the Commission is not permitted to regulate the substance of credit ratings or the procedures and methodologies by which an NRSRO determines ratings.[7]  For example, the Commission may not prescribe components for an NRSRO to include in its ratings criteria.

Certain Regulatory Requirements

Within the statutory bounds, there are several measures we can take to help ensure that credit rating activity benefits our markets and our investors.  Most notably, we can examine whether an NRSRO adheres to its policies, procedures, and methodologies.  We also examine for compliance with other regulatory requirements.  I would like to highlight a few that may be of interest to you.

  • NRSROs must have an effective internal control structure governing their policies, procedures, and methodologies for determining credit ratings.  The structure must take into consideration 17 specific factors, as well as any other factors applicable to the NRSRO’s particular business.[8]
  • NRSROs must address and manage conflicts of interest arising from their business.[9]
  • An NRSRO’s board of directors must oversee four specific regulatory areas, including policies and procedures for determining credit ratings.  The boards, which must comprise a certain number of independent directors, are also required to approve the NRSRO’s procedures and methodologies to determine ratings.[10]
  • An NRSRO must designate a compliance officer to administer its policies and procedures and ensure compliance with the securities laws.[11]
  • With each rating action, an NRSRO is required to provide disclosures of 14 items of information.  These include the version of the methodology used to determine the credit rating, a description of the types of data relied on, an assessment of the quality of information considered, an explanation of the potential volatility of the rating, and information on the sensitivity of the rating to the NRSRO’s assumptions.  These disclosures must be available to the same persons who can receive or access the relevant credit rating.[12]
  • NRSROs are required to make certain public disclosures on Form NRSRO, including information such as performance measurement statistics consisting of transition and default rates for ratings classes.[13]
  • NRSROs must have standards of training, experience, and competence for their staff that determines ratings.[14]

OCR’s Role in NRSRO Oversight

I would now like to turn to OCR’s responsibility for administering this regulatory framework.  OCR was created in 2012 as a stand-alone office at the SEC and has a three-part mission to (1) protect users of credit ratings and the public interest; (2) promote ratings accuracy; and (3) ensure that ratings are not unduly influenced by conflicts of interest.[15]  We combine in a single office the functions of examinations, monitoring, and legal and policy.

OCR’s Examination Function

Examinations are central to the fulfillment of OCR’s mission.  Annual exams are the primary tool for the Commission to supervise NRSROs and assess regulatory compliance.

OCR is required by statute to examine each NRSRO – at least annually – in eight specific review areas.  These areas are:  adherence to the NRSRO’s policies, procedures, and rating methodologies; management of conflicts of interest; implementation of ethics policies; internal supervisory controls; governance; activities of the designated compliance officer; processing of complaints; and policies governing post-employment activities of NRSRO staff.[16]  In addition to the annual exams, OCR staff may conduct targeted exams based on specific risk areas.

During the exam process, OCR examiners strive to maintain an open and constructive dialogue with NRSROs.  This facilitates discussion of compliance expectations and any interpretive issues that may arise.  It can also lead to the early identification and remediation of compliance issues.

Both the frequency of annual exams and the way they are conducted promote NRSRO responsiveness and accountability.  When appropriate, staff refers potential violations of the federal securities laws to the Division of Enforcement for further investigation.

OCR staff prepares an annual exam report that includes valuable information to enable investors and other market participants to evaluate NRSRO regulatory compliance.  The report summarizes the essential findings of the annual exams and indicates whether the NRSROs have appropriately addressed recommendations from prior exams.  The 2019 Examination Report was issued last month.[17]

OCR’s Monitoring Function

OCR also monitors trends and developments in the credit rating industry. OCR staff gathers and analyzes relevant information from a wide variety of sources.  We may meet with market participants to discuss matters relevant to the industry.

We use this information in our risk assessment function for examination purposes and to develop policy and rulemaking recommendations for the Commission’s consideration.  We may share this information with other SEC offices and divisions, and they may also share with us information from their regulatory perspectives about potential risks affecting NRSROs.

OCR’s Legal and Policy Function

OCR’s legal and policy function is responsible for interpreting NRSRO regulations, assessing whether the regulations are functioning as intended, and developing policy and rulemaking recommendations for the Commission’s consideration.

The legal and policy group also reviews applications for NRSRO registration and exemptions requested by registrants, and prepares an annual report required under the 2006 Act.  The report discusses applications for NRSRO registration and the state of competition, transparency, and conflicts of interest among NRSROs.  The 2019 Annual Report was issued last month.[18]

These reports, together with the exam reports, afford the public a window into the Commission’s oversight of NRSROs.

Observed Trends in NRSRO Compliance

I now want to share some observations based on the annual exam reports from 2011 through 2019.

Of the essential findings mentioned in these reports since 2011, three review areas together account for nearly 75% of all findings:  internal supervisory controls; adherence to policies and procedures; and conflict of interest management.[19]  Certain other review areas, such as complaints processing and ethics policy implementation - which are required by statute - account for very few findings.

These trends are not surprising.  The three review areas with the highest number of findings relate to a large part of the ratings business and are a focal point of the regulations.  Continued findings in these areas underscore the importance of a vigorous exam function to monitor ongoing regulatory compliance.

As you might expect, findings in the early reports reflected NRSROs adjusting to substantial, relatively new legal and regulatory requirements.  The first report in 2011 noted that, while NRSROs began making efforts to comply, all NRSROs failed to follow their rating procedures in some respects.  In the early reports, compliance with basic regulatory requirements was found to be lacking or weak at various NRSROs.

For the first time, the 2013 report highlighted a noticeable positive shift in the compliance culture of NRSROs.  Among the noted improvements were increased prominence of the designated compliance officer’s role, increased board oversight of methodologies, and enhanced documentation and disclosure.

Annual exam reports since 2013 indicate that NRSROs have maintained these improvements and, in some instances, have enhanced them—for example, in the functions of compliance monitoring, internal audit and risk assessment, and in the refinement of policies, procedures, and controls.  We also note an increase in self-reporting of compliance issues and more frequent communication between NRSROs and OCR staff.

While observing improvements, however, the reports also continue to identify instances of non-compliance.  The 2019 report included findings related to internal supervisory controls, adherence to policies and procedures, and conflict of interest management.

Improvements are a positive sign of the effects of regulation, but progress is not always uniform or linear.  And the fast pace of changes affecting the credit rating industry, capital markets, and technology raises new compliance issues and challenges.  That is why the continuation of OCR’s rigorous exam process, vigilant monitoring, and thorough risk assessment is essential for effective regulation of NRSROs.

The Importance of Risk Assessment

Since OCR’s flexibility in examinations is limited by the statutory requirement to cover eight specific review areas in our annual exams of NRSROs, risk assessment is all the more vital to our regulatory mission.  Risk assessment enables OCR to identify areas perceived to have the greatest risk for ratings users, and to direct and align exam resources to the risk profile of each NRSRO.

While our exam process is nimble so that we can be responsive to areas of changing risk for each NRSRO, a statutory change would permit OCR to focus on the review areas we determine to be of greater risk and further align our resources with our regulatory mission. 

OCR’s risk assessment considers factors such as the NRSRO’s rating activities, operations, and compliance history; the impact of internal control or compliance failures; its filings and disclosures; and tips, complaints, and referrals received by the Commission.  OCR also reviews a vast array of information throughout the year from a variety of sources regarding industry developments affecting NRSROs and ratings.

OCR’s risk assessments have led to the incorporation of specific topics into our exams.  Examples of these are: CLOs; the increase in corporate debt rated at the lowest investment grade level; and governance oversight and risk management for IT and cybersecurity.

We continually add to and refine the expertise, tools, and information sources that are important for effective risk assessment.  

Input on Rule 17g-5(a)(3)

I want to draw your attention to an August 2019 Commission release on Rule 17g-5(a)(3)[20] and welcome your input on this rule as well as other issues impacting NRSRO regulation.

The Commission adopted Rule 17g-5(a)(3) in 2009[21] to address the issuer-pay conflict of interest relating to structured finance products.  The rule established a program designed to provide NRSROs who are not hired to rate a particular structured finance product with the same information that is given to hired NRSROs to determine or monitor the credit rating.  The purpose of the program is to enable non-hired NRSROs to use the information to produce unsolicited ratings on structured finance products, thereby providing the market with more credit views and potentially identifying ratings that may have been influenced by the issuer-pay conflict of interest.

Last year, the Commission codified an exemption to Rule 17g-5(a)(3)[22] that relates to structured finance products issued by non-U.S. issuers in transactions outside the United States.  In light of comment received suggesting that the program is not achieving the Commission’s goals,[23] the Commission directed staff to further evaluate the effectiveness of the program overall.  While we have received some input over time on the rule’s effectiveness, I welcome input and engagement from all interested parties on this issue.  For example:  Is the rule fulfilling its intended purpose?  What changes to the rule could enhance its effectiveness?  Should NRSROs be able to access the 17g-5 website data to produce commentaries?  What burdens and benefits are associated with rule compliance?  Are there other ways to address the issuer-pay conflict of interest?

Looking Ahead

In the span of fifteen years, the credit rating industry has gone from being largely unregulated to being subject to a robust disclosure and examination regulatory regime. 

As I mentioned at the outset of my remarks, much has changed at NRSROs since the financial crisis.  We will continue to monitor the credit rating industry, maintain an open dialogue with NRSROs to communicate expectations and resolve interpretive issues, and hold NRSROs accountable through the examination process.

Nearly a decade has passed since the Commission began its annual exams of NRSROs.  As we look to the future, we are enhancing our examination program and engaging with our colleagues across the Commission to inform policy and market oversight.  One way we are achieving this objective is through our continued collaboration with the Division of Economic and Risk Analysis.  Our work together bolsters our analytical capabilities to inform our examinations, support our rulemaking, and help identify market trends.

An important part of OCR’s future includes continued engagement with market participants, outside experts, and advisory panels on improvements to regulation and oversight.  In this regard, I note that the credit ratings subcommittee of the Fixed Income Market Structure Advisory Committee or “FIMSAC” [24] is considering whether there are alternative payment models[25] for NRSROs that would better align the interests of rating agencies with investors in one or more segments of the ratings market.  I look forward to further engagement with FIMSAC and I hope that any FIMSAC recommendation will take into account changes in our credit markets, the various types of rated securities, such as corporates (both investment grade and high yield) and an array of different asset-backed securities, the different ways investors use ratings, and the potential costs to investors as a result of any proposed changes.  This is clearly an area where “one size may not fit all.”

As OCR engages with users of credit ratings and other market participants regarding improvements to regulation, we are also considering the following specific issues:

  • Whether additional disclosures would lead to more informed investment decisions by retail and institutional investors, for example, more tailored disclosures by asset class or type of rated security, and disclosure regarding economic stress assumptions.
  • Whether more timely NRSRO disclosure around performance of rated bonds and/or structured products, such as through performance scorecards or other indicators of performance, would improve information quality and make it easier to assess the quality of NRSRO ratings.
  • Whether additional disclosures about methodologies and deviations from those methodologies would help in assessing credit ratings.

My OCR colleagues and I look forward to pursuing our goals for the future and continuing our engagement on matters relating to NRSROs and credit ratings. 

Progress is real, and I recognize that continued focus and engagement are necessary for progress to continue.  Please do not hesitate to reach out if you are interested in talking with us.

Thank you.


[1] The Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner.  This speech expresses the author's views and does not necessarily reflect those of the Commission, the Commissioners, or members of the staff.

[2] Pub. L. No. 109-291, 120 Stat. 1327 (2006).  The Credit Rating Agency Reform Act of 2006, among other things, added Section 15E to the Securities Exchange Act of 1934 to establish self-executing requirements on NRSROs and provide the Commission with the authority to implement a registration and oversight program for NRSROs.  In June 2007, the Commission approved rules implementing such a program. See Oversight of Credit Rating Agencies Registered as Nationally Recognized Statistical Rating Organizations, Release No. 34-55857 (Jun. 5, 2007), 72 FR 33564 (Jun. 18, 2007), available at

[3] See Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, 124 Stat. 1376 (2010).

[4] See S. Rep. No. 111-176, at 36 (2010).

[5] See Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, § 931(3), 124 Stat. 1376, 1872.

[6] See S. Rep. No. 109-326, at 7 (2006).

[7] See Section 15E(c)(2) of the Securities Exchange Act of 1934, 15 U.S.C. § 78o-7(c)(2).

[8] See Section 15E(c)(3) of the Securities Exchange Act of 1934, 15 U.S.C. § 78o-7(c)(3), and Rule 17g-8(d) of the Securities Exchange Act of 1934, 17 C.F.R. § 240.17g-8(d).

[9] See Section 15E(h) of the Securities Exchange Act of 1934, 15 U.S.C. § 78o-7(h), and Rule 17g-5 of the Securities Exchange Act of 1934, 17 C.F.R. § 240.17g-5.

[10] See Sections 15E(t)(1) through 15E(t)(3) of the Securities Exchange Act of 1934, 15 U.S.C. §§ 78o-7(t)(1) through (t)(3), and Rule 17g-8(a)(1) of the Securities Exchange Act of 1934, 17 C.F.R. § 240.17g-8(a)(1).

[11] See Section 15E(j) of the Securities Exchange Act of 1934, 15 U.S.C. § 78o-7(j).

[12] See Rule 17g-7(a) of the Securities Exchange Act of 1934, 17 C.F.R. § 240.17g-7(a).

[14] See Rule 17g-9 of the Securities Exchange Act of 1934, 17 C.F.R. § 240.17g-9.

[15] See Section 15E(p)(1) of the Securities Exchange Act of 1934, 15 U.S.C. § 78o-7(p)(1).

[16] See Section 15E(p)(3) of the Securities Exchange Act of 1934, 15 U.S.C. § 78o-7(p)(3).

[17] The annual exam summary reports can be found under “Summary Examination Reports” in the “Reports and Studies” section of the Office of Credit Ratings webpage, available at

[18] The annual NRSRO reports can be found under “Annual Reports to Congress” in the “Reports and Studies” section of the Office of Credit Ratings webpage, available at

[19] See supra note 17.

[20] See Amendments to Rules for Nationally Recognized Statistical Rating Organizations, Release No. 34-86590 (Aug. 7, 2019), 84 FR 40247 (Aug. 14, 2019).

[21] See Amendments to Rules for Nationally Recognized Statistical Rating Organizations, Release No. 34-61050 (Nov. 23, 2009), 74 FR 63832 (Dec. 4, 2009).

[22] See supra note 20.

[23] See id. at 40250. 

[24] FIMSAC was formed in November 2017 to provide diverse perspectives to the Commission on the structure and operations of the U.S. fixed income markets, as well as advice and recommendations on matters related to fixed income market structure.  For further information about FIMSAC and its credit ratings subcommittee, including annual SEC staff reports summarizing FIMSAC’s activities, see

[25] Cf. Report to Congress on Assigned Credit Ratings issued by SEC staff in December 2012, available at  The report, mandated by Section 939F of the Dodd-Frank Act, includes a study of matters such as alternative means for compensating NRSROs that would create incentives for accurate ratings.  The report recommended that the Commission convene a credit ratings roundtable to discuss, among other topics, alternatives to the issuer-pay business model.  The roundtable was held on May 14, 2013.  A webcast of the roundtable is available at

Return to Top