By Anne Sherry, J.D.
The SEC may move forward on several claims involving Morningstar’s disclosure of, and internal controls concerning, its methodologies for determining credit ratings for commercial mortgage-backed securities (CMBS). The Commission sued the credit rating agency last February alleging that it violated several provisions of the Credit Rating Agency Reform Act. While the Southern District of New York dismissed the claim that Morningstar failed to identify what version of its methodology it used, the SEC can proceed on claims that it failed to provide a general description of its methodology and that it lacked effective internal controls (SEC v. Morningstar Credit Ratings, LLC, January 5, 2022, Abrams, R.).
Adjustments to ratings. Morningstar published two documents describing its rating methodology: a short overview and a more detailed description of the model. The SEC alleged that the longer document, while purporting to contain all the “primary features” of the rating methodology, failed to disclose that analysts had discretion to adjust the key stresses in the model. According to the complaint, analysts made these adjustments “overwhelmingly” in the direction of reducing the stress applied in the model, thereby lowering the credit enhancement required for many of the ratings awarded. Morningstar could thereby assign higher credit ratings, which benefitted its issuer-clients. The complaint also alleges a failure of internal controls governing the adjustments in at least 31 transactions in commercial mortgage-backed securities.
Alleged violations. The SEC alleged that Morningstar violated the requirement that NRSROs make available to the public a “general description” of procedures and methodologies for determining credit ratings that allows users of credit ratings to understand the process for determining those ratings. The complaint also alleged that Morningstar failed to identify the version of the methodology used to determine individual credit ratings. Finally, it alleged that Morningstar failed to establish, maintain, and enforce an effective internal control structure over its rating methodologies. While the court granted Morningstar’s motion to dismiss on the second allegation, it found that the SEC stated a claim as to the first and third.
Motion to dismiss. As a matter of apparent first impression, the court analyzed the plain text of the statutes, regulations, and form instructions at issue. The SEC plausibly alleged that Morningstar’s descriptions of its rating methodology failed to provide users with an understanding of that methodology. While Morningstar keyed in on the phrase “general description” in the introduction to the relevant instruction to the form, that term had to be interpreted in context with the additional requirement that an NRSRO furnish enough information that a user be able to understand the process by which it determines ratings. Taking inferences in the SEC’s favor, the disclosures did not discuss the stress adjustments that Morningstar elsewhere called a “central feature” of its methodology, and thus failed to give users enough information to glean how ratings were determined.
The court would not, however, allow the SEC to leverage those same allegations into a separate violation. Specifically, the SEC contended that because Morningstar’s disclosures failed to accurately describe its methodology, it necessarily failed to accurately identify the version of its methodology used to determine the credit ratings at issue. Here, the court read that statutory requirement as requiring nothing more than an identification, and it is possible to identify an item or procedure while failing to accurately or fully describe that item or procedure. The requirements to describe and to identify are “two different regulations, and the SEC does not explain why they should be read to impose the same requirements, much less do so persuasively.”
Finally, the court addressed the SEC’s claim that Morningstar’s internal control structure contained material weaknesses that allowed loan-level adjustments to run afoul of Morningstar’s policies and methodologies. Morningstar countered that the requirement is only that an NRSRO maintain an internal control structure and not that the controls themselves be effective as to each component of a rating methodology. The court was unpersuaded: “If a buyer discovers that her new car’s engine is dead, or that its brakes are shot, she will not be appeased by a response that the car itself is not defective because the engine and brakes are merely components of the car. A control structure governing adherence to a methodology cannot be said to exist or be effective if the controls that govern adherence to the components of that methodology are themselves nonexistent or ineffective—after all, what is a control structure made of if not one or more individual controls?”
The case is No. 21-cv-1359.