ESMA ·

ESMA fines Moody's Germany €2,145,000 for four CRA-Regulation reporting breaches

EU-registered credit rating agencies must report complete, accurate rating data to ESMA and hold reporting policies, error-correction processes and internal controls to match — ESMA fined Moody's Germany €2,145,000 for failing all four

Change
On 2 July 2026 the European Securities and Markets Authority (ESMA) fined Moody's Deutschland GmbH (Moody's Germany) EUR 2,145,000 and issued a public notice for four negligent breaches of the Credit Rating Agencies (CRA) Regulation, covering incorrect European Rating Platform submissions, incomplete central-repository data, deficient reporting policies and procedures, and weak internal controls over its reporting obligations.
Why it matters
ESMA penalised the reporting framework as much as the errors: the two largest sub-fines (EUR 825,000 each) were for deficient reporting policies and procedures and for weak internal control, not for the data mistakes themselves (EUR 292,500 for European Rating Platform errors and EUR 202,500 for central-repository data). The policy failure turned on the absence of clear responsibility allocation, submission validation, and — notably — any established process to correct reporting errors; the control failure on inadequate checks and unclear roles. The errors touched only data reported to ESMA and shown on its central platform, not Moody's published ratings, but ESMA treats complete, accurate CRA reporting as essential to detecting risk and market transparency. The action bound Moody's Germany's reporting for itself and for other EU CRAs in its group.
Implications
  • EU-registered credit rating agencies must ensure the credit-rating and rating-outlook data they submit to ESMA and the European Rating Platform is complete and correct — including capturing rating actions, withdrawing ratings when due, and submitting accurate historical performance data — because ESMA fined Moody's Germany EUR 495,000 across two breaches for missing, non-withdrawn and erroneous submissions.
  • CRA compliance functions must maintain reporting policies and procedures that clearly allocate responsibility, validate submissions, are kept reviewed and updated, and include a defined process to correct reporting errors — ESMA imposed its largest single sub-fine (EUR 825,000) for the absence of these, treating a missing error-correction process as a standalone breach.
  • CRA senior management and internal-control functions must operate an internal-control and risk-assessment framework over reporting obligations with adequate checks and clearly assigned roles — ESMA fined Moody's Germany a further EUR 825,000 for control-framework shortcomings, showing it penalises the control gap independently of the underlying data errors.
  • Any CRA reporting to ESMA on behalf of other group entities must ensure those group-level submissions meet the same standard — the breaches covered data Moody's Germany reported both on its own behalf and for other EU CRAs within its group, so a group reporting entity's failures expose it across the whole submission.
Who is affected
  • EU-registered credit rating agencies reporting to ESMA and the European Rating Platform
  • CRA compliance functions responsible for regulatory reporting policies and error correction
  • CRA senior management and internal-control functions overseeing reporting obligations
  • CRAs submitting reports to ESMA on behalf of other group entities
View on ESMA
Clarify with AI

Grounded in this brief. 10 free questions left this month.

Clarify with AI — Pro only

You asked:

Clarify turns any brief into answers specific to your role and exposure.

Pro includes

Implications — what this change may force you to review
Who is affected — which people, workflows, or obligations are touched
What to watch — dates, deadlines, and triggers that matter next
Real-time alerts — delivered when a decision-forcing change is published
Clarify with AI — ask what this change means for you

$29/month · Founding rate, locked for life. Cancel anytime.

Create a free account to keep clarifying

You asked:

You've used your free guest questions for now. A free account gives you more every month and saves your history — or start a Pro trial for unlimited Clarify and real-time alerts.

Pro includes

Implications — what this change may force you to review
Who is affected — which people, workflows, or obligations are touched
What to watch — dates, deadlines, and triggers that matter next
Real-time alerts — delivered when a decision-forcing change is published
Clarify with AI — ask what this change means for you

Free account: no card, ever. Pro trial: $29/month after 14 days, no card to start, cancel anytime.

Awareness was never the problem. Translation is.

Your team doesn't miss the change — it loses hours turning a 60-page regulator notice into “what do we actually do.” OwlBrief delivers that as a sourced, decision-ready brief the moment a change publishes.

Get the next brief free →
Similar briefs