SEC Charges Six Credit Rating Agencies with  Million in Penalties for Recordkeeping Failures

On 3 September 2024, the U.S. Securities and Exchange Commission (US SEC) charged six nationally recognized statistical rating organizations for failing to maintain and preserve electronic communications as required under federal securities laws. The firms, including Moody’s, S&P Global Ratings, and Fitch Ratings, admitted to the violations and agreed to pay a total of over $49 million in penalties. These charges stem from recordkeeping failures that hindered the US SEC’s ability to ensure compliance with regulatory obligations, prompting the firms to implement compliance reforms.

The SEC has imposed a $1 million fine on A.M. Best Rating Services, Inc. for failing to retain key business communications related to credit rating activities, in violation of federal securities laws. The company allowed employees, including senior staff, to use personal devices for business communication, bypassing recordkeeping rules since 2020. A.M. Best agreed to the cease-and-desist order, admitted its violations, and initiated corrective actions.

The SEC has fined Fitch Ratings, Inc. $8 million for failing to comply with federal recordkeeping requirements related to its credit rating activities. Fitch employees, including senior staff, used personal and company-issued devices to conduct business communications via unapproved messaging platforms such as WhatsApp and WeChat since at least May 2020. These communications were not retained as required by law. Fitch Ratings has agreed to a cease-and-desist order and is implementing corrective actions, including hiring a compliance.

The SEC has fined HR Ratings de México, S.A. de C.V. $250,000 for failing to comply with recordkeeping rules related to its credit rating activities. Since 2020, HR Ratings employees, including senior staff, used personal and company-issued devices to conduct business communications via unapproved messaging platforms such as WhatsApp. These communications were not preserved, violating federal securities laws. HR Ratings has agreed to a cease-and-desist order and will implement a compliance program to address these violations.

The SEC has fined Demotech, Inc. $100,000 for failing to comply with recordkeeping rules related to its credit rating activities after it became a nationally recognized statistical rating organization (NRSRO) in 2022. Demotech employees, including senior executives, used personal devices for business communications via unapproved messaging platforms. The company has agreed to a cease-and-desist order and remedial sanctions.

The SEC has fined Moody’s Investors Service, Inc. $20 million for failures to comply with federal recordkeeping rules related to credit rating activities. Since at least 2020, Moody’s employees used personal devices and unapproved platforms like WhatsApp to communicate about credit ratings, and these communications were not preserved as required by law. Moody’s has agreed to a cease-and-desist order, remediation efforts, and the hiring of an independent compliance consultant to address these violations and improve its internal policies.

The SEC has fined S&P Global Ratings $20 million for violations of federal recordkeeping requirements related to credit rating activities. Since at least 2020, S&P employees, including senior staff, used personal devices and messaging platforms like WhatsApp to discuss credit ratings without preserving these communications, as required by law. S&P has agreed to a cease-and-desist order and will implement corrective actions, including appointing a compliance consultant and improving communication monitoring and retention policies.

All the firms were found in violation of Section 17(a)(1) and Rule 17g-2(b)(7) of the Securities Exchange Act of 1934 for failing to retain crucial records. As a result, the SEC has also censured the firms, requiring them to cease future violations. Most firms—except A.M. Best and Demotech—are required to hire compliance consultants to conduct comprehensive reviews of their recordkeeping policies and address non-compliance issues related to the use of personal devices for work communications.

Sanjay Wadhwa, Deputy Director of the SEC’s Division of Enforcement, emphasized the importance of maintaining proper records, noting, “We have seen repeatedly that failures to maintain and preserve required records can hinder the staff’s ability to ensure that firms are complying with their obligations and the Commission’s ability to hold accountable those that fall short of those obligations, often at the expense of investors,” further added   “In today’s actions, the Commission once again makes clear that there are tangible benefits to firms that make significant efforts to comply and otherwise cooperate with the staff’s investigations.”

(Source: https://www.sec.gov/newsroom/press-releases/2024-114, https://www.sec.gov/files/litigation/admin/2024/34-100907.pdf, https://www.sec.gov/files/litigation/admin/2024/34-100906.pdf, https://www.sec.gov/files/litigation/admin/2024/34-100903.pdf, https://www.sec.gov/files/litigation/admin/2024/34-100904.pdf, https://www.sec.gov/files/litigation/admin/2024/34-100902.pdf, https://www.sec.gov/files/litigation/admin/2024/34-100905.pdf)