Securitization—Why the EU and UK regulatory perimeters are no longer fit for purpose and what to do about it

1. Introduction

The regulatory framework surrounding securitization in the European Union (EU)—and, since it left the EU, the UK—has undergone a fundamental transformation since its modern beginnings. The very nature of the regulation has changed, from a fairly light-touch regulatory framework designed only to create capital rules for certain regulated investors to the present reality, where the regulatory framework imposes much harsher prudential requirements as well as extensive and highly prescriptive conduct requirements.

Alongside this evolution of the regulatory paradigm was an evolution of the financial markets, both inside and outside the regulatory perimeter for securitization rules. The changes to the financial markets since the birth of securitization in the 1970s and 1980s have been extensive, but three elements of it involving securitization are relevant for purposes of this article. They are: (i) the rise of non-granular securitization, such as European-style commercial mortgage-backed securitizations (CMBS); (ii) the application of securitization ‘technology’ to single operating businesses in what is sometimes referred to as ‘whole business securitizations’; and (iii) the increased convergence between certain securitization structures and debt funds.

Meanwhile, despite these two significant changes—to the content of regulation and to market behaviour—there has been no change to the regulatory perimeter for securitization activity. In this article, we will argue that it is time for a change to the regulatory perimeter for conduct purposes by adding three exceptions to the general principles for identifying securitizations. By taking this approach, we aim to strike the right balance between preserving the benefit of market understanding developed over decades on the one hand, and pragmatic changes to reflect new realities on the other. We would also note that the three exceptions we are considering are areas of differing interpretation and practice among market participants with respect to their categorization as securitizations (or otherwise) for prudential purposes. We are not seeking in this article to resolve those prudential differences—merely to rationalize the conduct regulation of these structures.

2. History of the regulation of securitization in Europe

Modern securitization markets began in the 1970s and 1980 s.¹ For many years after that, securitization was a fairly lightly regulated type of transaction, but the scope of that regulation has grown over the years. The trend began with bank regulation and had to do with categorization of exposures for the purposes of capital calculations. The initial 1988 Basel Accords (Basel I) did not provide a specific definition of securitization, but the treatment of securitizations under Basel I nonetheless acted as an incentive to securitize low-risk loan portfolios and retain high-risk ones.²

The EU implementation of the 2002 Basel II measures came in the form of the Banking Consolidation Directive and Capital Adequacy Directive (Directives 2006/48/EC and 2006/49/EC, respectively). The purpose of Basel II was to address some of the weaknesses of Basel I—including widening its scope to introduce a specific regulatory regime for securitization—but it nonetheless created a regulatory framework that benefited securitization and, hence, boosted securitization volumes further.

Following the global financial crisis of 2008 (GFC), in which securitization was seen to play a key role,³ prudential regulation was further adjusted (Basel III); however, regulation also began to meaningfully expand beyond traditional prudential regulation. For the first time, European regulation began to extend into conduct regulation, even if it initially remained a part of the prudential regulatory framework.

As a first step in this direction, the EU introduced risk retention requirements by a 2009 amendment to the Banking Consolidation Directive⁴ (which was required to be transposed into national laws taking effect from 31 December 2010). As they were part of the banking prudential framework, those new requirements—commonly just referred to as ‘Article 122a’—applied only to credit institutions and investment firms. They required such firms—when buying securitizations—to ensure the sell-side of a securitization transaction was keeping some ‘skin in the game’ by retaining a minimum 5 per cent net economic interest in the transaction. They also contained rules setting out the types of due diligence a credit institution or investment firm needed to do before investing in a securitization. On the sell-side, Article 122a imposed broad brush disclosure rules and required parity of credit-granting standards between securitized and non-securitized assets.

Over the following years, Article 122a was moved to the new Capital Requirements Regulation⁵ (CRR), and additional regulated investors had similar—but not identical—regulatory due diligence rules imposed on them in respect of securitization exposures. These included alternative investment fund managers (AIFMs) in relation to their managed funds’ investments,⁶ and later insurers and reinsurers.⁷

The most recent major change to the regulation of securitization in the EU came with the approval of the EU Securitization Regulation⁸ (EUSR), which came into effect at the beginning of 2019. The EUSR, for the first time, explicitly treated securitization as an activity to be regulated, rather than simply an activity that would have differential prudential consequences for certain types of regulated entity. On the buy side, both UCITS (Undertakings for Collective Investment in Transferable Securities) funds and pension funds⁹ were brought into scope as ‘institutional investors’ subject to due diligence obligations. The due diligence obligations were also harmonized so all institutional investors would be subject to identical regulatory due diligence obligations. On the sell side, originators and original lenders had direct risk retention and disclosure obligations, regardless of their regulated status (including if they were otherwise unregulated).

There has, then, been a significant qualitative shift in the nature of regulation applicable to securitization over a number of years. It has evolved from the initial situation of relatively light-touch prudential regulation, designed to assign risk-based capital charges to securitization exposures for regulated investors, to the current situation, where there is relatively harsh capital treatment for both banks and insurers, as well as highly prescriptive and generally applicable conduct regulation. At no point was the definition of securitization meaningfully revisited in light of its new application to define the regulatory perimeter for the purposes of conduct rules.

In the process of this evolution, the direction of the regulatory incentives has changed, going from a framework that generally encouraged securitization to one that generally discourages it. The magnitude of the regulatory incentives has also changed, going from a relevant but minor consideration in most cases to a sufficiently significant one that often determines the viability of a transaction in securitization form. Finally, and perhaps most significantly, the scope of actors subject to regulatory incentives has also changed, going from just credit institutions and investment firms to virtually all market participants in what is predominantly a wholesale product.

One can have a debate about the merits of the current regulation in the EU and the UK, but this article does not seek to go further than necessary into the substance of the regulation itself. For the purposes of this article, we need only acknowledge (as we think is obvious) that policymakers have a legitimate interest in regulating securitization as a conduct matter for the purpose of addressing some of the securitization market failures involved in the GFC and that the policy interventions chosen are designed with the intention of doing so.

3. Market changes since the 1980s

In the same timeframe, the financial markets have evolved significantly. Having started with granular consumer assets such as residential mortgage loans in the 1970s, it was in some ways inevitable that the legal and financial ‘technology’ thus developed would be applied to other assets producing regular income streams.

Thus, in the late 1990s, the first European CMBS were issued.¹⁰ Unlike consumer asset securitizations, European CMBS typically features a very small number of underlying loans—typically fewer than 10, and sometimes only one. The securitization of non-granular assets like this requires a very different approach to the assessment of the transaction. Where one would typically—and quite properly—rely on pool features (eg eligibility criteria, weighted average life, constant prepayment rates) and stratified data (eg value of loans in certain loan-to-value ratio ranges, to obligors with certain tranches of credit score, or where payments are 30, 60 or 90 days overdue) to assess the credit and cash flows of a granular pool that approach becomes inappropriate where the performance of an individual asset would have a material effect on the performance of the overall transaction. If one is dealing with a securitization backed by three loans, rather than 3000 loans, it becomes necessary to look at each loan in detail and understand its features, the situation of the obligor(s), the value of the collateral, etc. The balance of information between the originator of the loan and the investor in the securitization is then, of necessity, generally much more even than it would be for a highly granular pool. In other words, asymmetry of information is much reduced. There is also a significant issue around uneven regulatory treatment, since there is often significant uncertainty about whether a financing structure is a securitization (especially single-loan CMBS and agency CMBS), and small changes to the structure can result in radically different regulatory outcomes. This can, of course, encourage regulatory arbitrage.

Also in the late 1990s, the first European whole business securitizations (WBS) began to be issued.¹¹ Despite the name, WBS are not really securitizations in that the ‘underlying assets’ consist of the revenue stream from one operating business. In WBS, securitization technology is used to isolate the assets and revenues from a business (away from the rest of the corporate group, where appropriate), take security over it, and issue highly structured, tranched debt at a higher rating than would otherwise be achievable for the wider business itself. As with CMBS (but for different reasons), WBS is a fundamentally different product from a traditional securitization of granular loans in that the credit invested in is that of a single business. For this very reason, the market has in the recent times more often referred to these transactions as ‘secured corporate’ transactions rather than WBS.

The final relevant change to the financial markets for our purposes is the rise of both collateralized loan obligations (CLOs) and leveraged debt funds (LDFs). Both CLOs¹² and LDFs first became features of the European financial markets in the early 2000s. Although these are two recognizably different products, both are fundamentally vehicles for a regulated asset manager to raise money to invest in debt using a structure that tranches (in the economic sense) the credit exposure to the underlying assets and allows the manager a level of discretion to trade assets in and out of the portfolio during the life of the deal. Despite these similarities, a CLO is universally treated as a securitization, whereas an LDF may or may not be treated as one, depending on where the structure falls on a series of spectra (around features such as the amount of discretion the manager has to trade the portfolio, the extent to which the ‘equity’ in the deal has equity- versus debt-like features, etc), meaning that the correct categorization of deals is often subject to significant uncertainty, and that subtle changes to features can result in disproportionately large changes to regulatory consequences—especially on the conduct side of things.

4. The historical regulatory perimeter is no longer fit for purpose

The definition of securitization included in the Banking Consolidation Directive derives from Basel II and has not fundamentally changed since its introduction.¹³ That definition is as follows:

‘securitization’ means a transaction or scheme, whereby the credit risk associated with an exposure or pool of exposures is tranched, having the following characteristics:

• payments in the transaction or scheme are dependent upon the performance of the exposure or pool of exposures and

• the subordination of tranches determines the distribution of losses during the ongoing life of the transaction or scheme.

This test essentially requires three elements: the presence of underlying credit risk exposure(s), which are the source of payment (the ‘credit risk test’); that the transaction or scheme tranches¹⁴ that credit risk (the ‘tranching test’); and that the tranching determines the distribution of losses on the underlying credit during the ongoing life of the transaction or scheme (the ‘ongoing life’ test).

The credit risk test requires that securitization be dealing with debt, and the tranching test requires that that debt bear different, tiered levels of risk (and, presumably, reward). Under the ongoing life test, the implication is that the different tranches must necessarily have different probabilities of default (PD), and not just different levels of loss given default (LGD).¹⁵ It is unsurprising, given the historical purpose of the rules, that all of this seems geared to focus on the ‘slicing and dicing’ of credit risk—and therefore creating an analytical framework for allocating risk-weights for capital purposes—rather than on the features that were most problematic in the GFC. The latter include misaligned incentives and differential access to information between buy- and sell-side (ie significant asymmetry of information), excessive opacity and complexity of securitization products, and the phenomenon of rate buyers investing in securitization products without properly understanding those products (especially problematic when paired with market participants arbitraging credit rating agency methodologies to achieve unrealistically high ratings).

5. Reassessing the regulatory perimeter

We think it clear, therefore, that the changes to the regulatory framework surrounding securitization and to financial market activity set out above justify a reassessment of what it is that should be regulated as a ‘securitisation’. It is arguable that a fundamental reassessment should be undertaken to fix the misalignment between the definition of a securitization and the regulatory consequences that flow from it. Alternatively, one might suggest that the definition of securitization remains appropriate for capital purposes (for which it was designed), but a different definition, focused on incentive alignment and transparency, ought to be used for conduct rules. Each of these approaches has its virtues, but also has serious drawbacks. While it might be possible to rethink the regulatory definition of securitization entirely to achieve a more sensible regulatory perimeter, we are concerned about losing the market understanding developed over decades of working with the current definition. Different definitions for different purposes would be cumbersome and confusing, but we are not aware of any evidence that the current definition of securitization has ceased to work appropriately for prudential purposes—a matter that would need separate analysis. Consequently, we are reluctant to suggest that the definition be changed for those purposes.

However, the reassessment, when it is done, ought to be guided by the principle of regulatory restraint. That is, the regulatory perimeter ought to be drawn such that it covers the minimum amount of ground necessary to achieve its objectives. As a result, if a transaction type does not involve the potential for mischief sought to be addressed by the policy intervention, then it ought to be outwith the scope of that intervention. Likewise, if the potential mischief is already addressed by some other regulatory means, then the transaction ought to be caught by only one regulatory scheme.

Finally, another principle that ideally would underlie any adjustments to the regulatory perimeter is one of maximizing certainty and limiting the scope for regulatory arbitrage by avoiding a situation where small changes in transaction structure or features could lead to radically different regulatory outcomes (ie regulatory cliff effects).

We would argue that modern European CMBS, WBS, CLOs, and LDFs are all examples where the regulatory perimeter is incorrectly drawn, either because the transaction type does not contain the potential for mischief of pre-GFC securitization or because it is already regulated by other means. Given that we have these concrete examples of inappropriate outcomes from the current system, we would submit that the right balance can be struck not by either of the two more radical approaches contemplated above (a fundamental rethink or a different definition for a different purpose) but by incrementalism. Consequently, we believe it would be helpful to adjust the regulatory perimeter by abstracting the principled reasons why the above-described transactions are not properly conduct-regulated as securitizations. One could then carve them out of the regulatory perimeter for the conduct rules applicable to securitization using the ‘scope’ provisions (eg Article 1 of the EU Securitization Regulation) without changing the definition of securitization itself, which is cross-referred to in many other pieces of—mainly prudential—legislation. This ‘exception’ approach, as historically applied to specialized lending, has generally been regarded as having worked well for both prudential and conduct purposes. We would therefore propose extending that approach, but only on the conduct side.

The above considerations point to the current regulatory perimeter for ‘securitization’ being problematic for conduct purposes in that it can be read broadly enough to capture:

• A tranched financing of a small number of large assets where investors have the means to (and any reasonable investor would) conduct individual assessments of each underlying loan. This situation is materially different from the situation targeted by the securitization regulatory framework for conduct, which focuses on granular pools where there is a natural information imbalance (asymmetry), and investors are forced to rely on the originator’s credit underwriting practices and reported pool characteristics because it is impractical for investors to do individual assessments of each asset, even if they did have the information.

  • We therefore propose to exclude from the scope of securitization conduct regulation any non-granular transaction with fewer than a small number (perhaps 10) of underlying exposures where the investors in the transaction have access to information rendering them capable of undertaking their own independent credit assessment of each individual underlying exposure.

• A highly structured, secured financing of what is fundamentally one enterprise. In these cases, investors are not being sold a portfolio of underlying assets with independent (if sometimes correlated) credit risk. Rather, they are investing in a single ongoing business. While the market has settled in many cases on the conclusion that such transactions are not securitizations because they fail the ongoing life test,¹⁶ this remains subject to uncertainty in some cases and would benefit from a more definitive clarification. In particular, material uncertainty can arise in tranched, secured financing transactions for financial asset-rich businesses, particularly where the business is newly established.

  • We therefore propose to exclude from the scope of securitization conduct regulation any transaction where the underlying credit risk is that of a single enterprise.

• An investment managed by a regulated asset manager where the underlying assets are debt instruments and the structure tranches (in the broad economic sense) the credit risk of those underlying assets. These are perhaps the most difficult cases. While one might (and we often currently do) construct arguments in individual cases around the extent to which investors are relying on the manager’s judgment rather than the passive performance of underlying assets, this is an unsatisfying approach and leads to regulatory cliff effects, where economically very similar transactions have fundamentally different regulatory treatment for what amount to somewhat arbitrary and uncertain distinctions. It must be acknowledged, however, that in this case, many of the features are similar to securitizations and some of the same potential for mischief is present. Focusing on an argument that the economic substance is different is a red herring. However, we would submit that this is a case where the same activity is unnecessarily being regulated in multiple ways. In both the EU and the UK, asset managers are subject to significant regulation, which varies depending on the particular kind of asset management they are doing (one client or multiple, open- or closed-ended, open to retail clients or professional clients only, etc). In each case, however, there is a carefully designed regulatory framework designed to address the potential for misaligned incentives, differing levels of market power and sophistication, and other mischiefs. There are also often separately developed mechanisms for helping to align incentives, such as success-based management fees. Layering securitization regulations on top of these existing frameworks is unnecessary and excessive.

  • We would therefore propose to exclude from the scope of securitization conduct regulation any transaction or scheme where the underlying assets of the transaction or scheme are managed by a regulated asset manager with legal responsibilities to manage the assets in the best interest of its investor client(s).

6. Some possible legislative drafting

We would propose that the scope provisions of the relevant conduct rules could be narrowed from the broad prudential definition using the concept of an ‘excluded scheme’. The scope provisions would be amended as follows (using Article 1(2) of the EU Securitization Regulation, but similar wording could be applied in the UK):

This Regulation applies to institutional investors and to originators, sponsors, original lenders and securitisation special purpose entities. It applies in respect of securitisations other than excluded schemes.

We would then draft the definition of an excluded scheme based on the above-described principles making certain types of transactions inappropriate for conduct regulation as securitizations. Some possible drafting is below. This drafting assumes EU legislation, but relatively little change would be required to make it appropriate for UK legislation. We are further assuming that the specialized lending exemption—which originates from prudential legislation—should stay excluded for both conduct and prudential purposes as it currently is. The drafting is as follows:

‘excluded scheme’ means any of the following:

• the transaction or scheme meets both of the following requirements:

  • the number of underlying exposures in the transaction or scheme is 10 or fewer; and

  • all materially relevant information on each underlying exposure is made available to investors and potential investors in the transaction or scheme, such that a reasonable investor would be in a position to undertake its own due diligence assessment of each underlying exposure;

• the underlying credit of the transaction or scheme represents the credit risk of a single enterprise, such that the tranching in the transaction or scheme only determines the distribution of losses on termination or default of the transaction or scheme;

• the exposures in the transaction or scheme:

  • are held by an AIF, as defined in Article 4(1)(a) of Directive 2011/61/EU, and managed by an AIFM, as defined in Article 4(1)(b) of Directive 2011/61/EU [who is subject to the requirements of that Directive]¹⁷;

  • the exposures in the transaction or scheme are held by a UCITS contemplated by Article 1 of Directive 2009/65/EC which is either managed by a UCITS management company as defined in Article 2(1)(b) of Directive 2009/65/EC or is an internally managed UCITS, which is an investment company authorized in accordance with Directive 2009/65/EC and which has not designated a management company authorized under that Directive for its management¹⁸; or

  • the exposures in the transaction or scheme are managed on a discretionary basis by an investment firm as defined in Article 4(1)(1) of Directive 2014/65/EU, which is authorized under that Directive.¹⁹

7. Conclusion

Securitization and its associated legal and financial ‘technology’ are complex, and its regulation is no less so: probably unavoidably. While there is a broad consensus that there is a need for regulation to prevent a recurrence of the problems we saw with pre-GFC securitization, the goal should not be to eliminate all risk from financial markets. Conduct rules should be designed to ensure that risk is efficiently distributed to those best placed to bear it, using market mechanisms that ensure those taking risks do so with their eyes open.

In order to achieve the best balance between safety and stability on the one hand, and reaping the economic benefits of a vibrant financial market on the other hand, it is necessary to take a proportionate approach. Regulation should be targeted and not overbroad. The application of multiple layers of regulation should be avoided where it is fundamentally addressing the same risks in different ways.

Given the history of the regulation of securitization and financial regulation more broadly, it is clear that the securitization regulatory perimeter is currently set too widely in respect of conduct matters. To address this, while limiting the added complexity and uncertainty in the financial regulatory system, we have identified three areas where simple exclusions could be added to the scope provisions of securitization rules, thereby tailoring the regulatory perimeter for conduct rules more appropriately to the mischief sought to be addressed by those rules in the EU and the UK.

If not already declared, please include details of any funding in a footnote at the beginning of the article, including funder name and grant/award number. (Ideally the Funder Name should be spelled exactly as it appears on the Open Funder Registry. A copy of which can be found (In several formats) at the following location: https://www.crossref.org/services/funder-registry/.)

Footnotes