Investigations and Inspections
When there is a risk that an entity may not be compliant with a relevant legislation, ESMA may decide to open an investigation. In this scope, ESMA uses its investigatory powers to assess potential regulatory breaches, including investigations and on-site inspections.
Investigations and on-site inspections aim to provide an in-depth analysis of various risks and ascertain compliance with the relevant legislation. These activities are conducted with a predefined scope and timeframe and generally they are risk-based, proportionate, forward looking and action oriented.
In the course of investigations and on-site inspections, ESMA collects relevant evidence through requesting information from and interviewing supervised entities. ESMA may also contact third parties such as third persons to whom supervised entities have outsourced certain functions or activities to obtain information necessary for the investigation. ESMA not always gives prior notice of its on-site inspections. This is the case where ESMA believes that announcing the opening of an on-site inspection may impair the effectiveness of the gathering of information.
ESMA leverages digital forensics tools and data analysis skills to collect/extract, correlate and contextualize a myriad of data points across information requested from supervised entities, engagement with key stakeholders, regulatory reporting as well as information extracted from past and on-going supervisory actions.
When collecting and analysing data, ESMA adopts arrangements to ensure the protection of personal data in accordance with the EU rules and exclusion of documents covered by legal privilege (in accordance with the case law of the court of justice of the EU).
Thematic reviews
Thematic reviews are generally exploratory activities in areas where ESMA does not have sufficient information to establish firm practice norms, market-wide risks, or its own expectations. They are often triggered by amounting risks, macroeconomic developments or new trends in a particular process or area. The purpose of this supervisory activity is to gather further information and enable ESMA to compare industry practices and to reflect on potential policy evolutions. The risks and trends identified in a review feed into the risk framework of each supervised entity. Thematic reviews might trigger follow-up targeted investigations on particular supervised entities or areas, and/or the publication of a report flagging risks to the market.
Referral of potential breaches to an Independent Investigating Officer (IIO) for enforcement purposes
When, as part of ESMA’s supervisory activities, ESMA identifies that there are serious indications of a potential breach of a rule, ESMA’s Executive Director appoints an Independent Investigating Officer (IIO) for further enforcement action.
The IIO conducts an independent review of the case and submits his/her findings on potential infringements to the Board of Supervisors, who is the ultimate decision maker. ESMA’s enforcement actions typically consist of fines and public notices. For further information on ESMA’s enforcement activities, please visit the dedicated section.
Perimeter monitoring
Through Perimeter monitoring ESMA seeks to identify companies that are providing credit ratings without having registered with ESMA. This is done via Internet searches, as well as referrals from outside entities and other stakeholders. If a company is found to be issuing credit ratings as defined by the CRA Regulation, it will be compelled to apply for registration, and the case can then be referred for potential enforcement actions.