Establishment of a common securitisation framework in the Nordics

The securitisation markets in the Nordics have been less active than other markets for some time, especially in Norway after the previous rules on securitisation were discontinued back in 2016.  

Some landmark transactions were done under the previous Norwegian securitisation rules. For example, Santander's Bilkreditt transaction was the first deal to receive the PCS label (Prime Collateralised Securities (PCS)) back in 2012. 

The removal of a securitisation framework in Norway created an imbalance in funding markets for banks, as some could still access the markets with the issuance of covered bonds, supported by residential mortgage loans, whilst providers of other secured credits (e.g. car loans) were barred from accessing similar sources of funding. 

Now, with a common securitisation framework in the Nordics, this will facilitate a number of transaction structures common in other markets also across the Nordics. Our expectation is that the securitisation market in the Nordics will become increasingly active for 2025 and 2026.

The Securitisation Regulation sets out the regulatory framework for securities transactions in the EU/EEA. The Regulation was amended by Regulation (EU) 2021/557, extending the scope of STS securitisations (see Section 5 below) from traditional securitisations to synthetic securitisations (see Section 3.1 below) and remove existing regulatory barriers to the securitisation of non-performing exposures (NPEs).

The Securitisation Regulation has been adopted in Norway through Chapter 11, subchapter III of the Financial Institutions Act (Nw. finansforetaksloven av 10. April 2015 nr. 17). The Norwegian Parliament gave on 1 April 2025 its constitutional consent to the decision of the EEA Joint Committee of 12 June 2024 to include the Securitisation Regulation in the EEA Agreement and, hence, the legislation will enter into force on the date decided by the King in Council.

In Sweden, rules supplementing the Securitisation Regulation has been implemented through the Swedish Act on Supplementing Provisions to the EU Regulation on Securitisation. In Denmark no supplementing provisions to the Securitisation Regulation have been adopted.

In connection with the implementation of the Securitisation Regulation, several parts of the Norwegian financial regulatory framework have been amended:

• Acquisition of loan portfolios is considered as financing activity in Norway subject to license requirements: Before implementation of the Securitisation Regulation, this license requirement effectively prevented securitisation transactions where loan portfolios are transferred to an unlicensed special purpose entity. A specific exception from the license requirements has been adopted for special purposes entities set up in accordance with the Securitisation Regulation.

• If a loan granted by a finance institution to a consumer shall be transferred to a company which is not a finance institution, such transfer requires active consent from the consumer. An exception from this consent requirement has been adopted for transfer of loans to special purposes entities as defined in the Securitisation Regulation.

• In connection with implementation of CRD VI, it has also been proposed to exempt securitisation transactions when calculating whether a financial institution plans to conduct a significant portfolio transfer (which require regulatory approval). [Link]

The Securitisation Regulation does not regulate private law issues such as conditions for true sale of receivables or other areas of law such as insolvency law, accounting, capital adequacy, tax etc.

3.1    General

The key concept of a securitisation is to combine a portfolio of loans or other exposures and convert those to transferable securities and, hence, transform illiquid assets to liquid securities.

There are two main types of securitisations; traditional (or true sale) securitisations and synthetic securitisations.

Traditional securitisation is when a lender or originator sells loans to a special purpose entity whose business is limited to owning the loans and financing the purchase through the issuance of bonds (or short-term papers if the maturity of the securities is less than one year). The special purpose entity uses the cash flows from the loans to service the bond debt. 

Synthetic securitisation does not involve any transfer of loans. Instead, the lender or originator typically buys protection against losses in defined, hypothetical tranches of a portfolio of loans. Those who provide such protection and are paid for it can be compared to those who invest in tranches of a traditional securitisation. In such cases, the loans remain on the seller's balance sheet, but the seller does not need to set aside capital for the part of the loan portfolio that is protected. 

In the following, we focus on traditional securitisations.

3.2    Transfer of financial assets – true sale

The Securitisation Regulation defines securitisation as "a transaction or scheme, whereby the credit risk associated with an exposure or a pool of exposures is tranched" and fulfilling certain other requirements. Different tranches will have different risk. 

A basic requirement for the securitisation to serve its purpose is that the exposures are transferred from the original lender/originator to the special purpose entity through a true sale. As indicated above, the Securities Regulation does not set out criteria for a transfer of assets to be legally binding between the transferee and the transferor and bankruptcy remote and this will, hence, have to be decided by national contract law and insolvency law. Furthermore, legal perfection rules must be complied with to ensure protection against the transferor's creditors.

The Securitisation Regulation does not define the term "exposures". However, for STS Securitisations (See Section 5 below), certain exposures cannot be securitised (for instance defaulted loans). 

For securitisation of NPEs (securitisations backed by a pool of non-performing exposures the nominal value of which makes up not less than 90 % of the entire pool’s nominal value), the Securitisation Regulation sets out certain exemptions, inter alia by allowing the servicer to act as the risk retainer and allowing the risk retention to be calculated on the basis of the net value of the NPEs, which is the outcome of their nominal value minus any refundable purchase price discount agreed at the time of the securitisation (Article 6 Securitisation Regulation). 

3.3    Parties involved

3.3.1 Original lender

The original lender is the entity which concluded the original agreement which created the obligations of the debtor giving rise to the exposures being securitised.

3.3.2 Originator

The originator was either involved in the original agreement which created the obligations of the debtor giving rise to the exposures being securitised or purchases a third party’s exposures on its own account and then securitises them.

3.3.3 Sponsor

The sponsor is a credit institution or an investment firm that establishes a securitisation that purchases exposures from third-party entities and manages that programme or delegates the day-to-day active portfolio management involved in that securitisation to another (appropriately licensed) entity.

3.3.4 Servicer

The servicer manages the pool of purchased receivables or the underlying credit exposures on a day-to-day basis. 

In Norway, the servicer must be licensed as a bank, credit institution or financing company if the originator is a financial institution. The services shall report debt information regarding the securitised portfolio to debt registers in accordance with Section 10 of the Debt Information Act.

3.3.5 Securitisation special purpose entity

The securitisation special purpose entity (SSPE) is an entity, other than an originator or sponsor, established for the purpose of carrying out one or more securitisations, the activities of which are limited to those appropriate to accomplishing that objective, the structure of which is intended to isolate the obligations of the SSPE from those of the originator.

3.3.6 Institutional investors

Institutional investors (credit institutions, investment firms, insurers and reinsurers, managers of alternative investment funds, pension funds, UCITS management companies) must before they purchase securitisation positions (i) verify compliance by the originator/original lender of the credit granting criteria (Section 4.1 below) where the originator/original lender is not a credit institution/investment firm or is established in a third country, (ii) verify that the risk retention requirement has been met and that the retention has been disclosed (Section 4.2 below) and verify that the transparency requirements have complied with (Section 4.4 below). 

Institutional investors must also have written procedures in place to monitor compliance with its verification and due diligence procedures and to monitor the performance of the securitisation position and the underlying exposures. 

3.3.7 Securitisation repositories

For securitisations that are subject to prospectus requirements, information regarding the securitisation must be reported to a securitisation repository. The main purpose is to provide investors with a single and supervised source of the data necessary for performing their due diligence and thus make an informed assessment of the creditworthiness of the bonds, cf. Section 4.5 below.

Requirements to securitisation repositories are set out in Article 10 of the Securitisation Regulation. ESMA has so far approved two securitisation repositories, European DataWarehouse GmbH and SecRep B.V. No securitisation repositories have been established in the Nordics.

3.3.8 Other parties involved

Among other parties involved in a securitisation are investment firms structuring the transacting and marketing/placing the bonds (underwriters, placing agents), trustees acting on behalf of the bondholders (bond trustee) and security agents creating, managing and enforcing securities on behalf of the bondholders.

4.1    Credit granting

When granting, modifying, renewing or refinancing loans that shall be securities, the same criteria shall be applied as for loans that shall not be securitised. Effective systems must be in place to apply those criteria and processes in order to ensure that credit granting complies with applicable requirements. 

4.2 Risk retention

The originator, sponsor or original lender must retain a financial interest in the securitised portfolio of at least 5 per cent. The purpose of the withholding requirement is to ensure that the interests of investors and those who securitise are aligned. The Securitisation Regulation lists five alternative methods for the requirement of net economic interest of 5 per cent to be considered met, including the retention of 5 per cent of the nominal value of each individual tranche or the retention of the first-loss tranche.

EBA issued on 12 April 2022 draft technical standards on the risk retention requirements for securitisations. [Link]

4.3    Transfer of assets to the SSPE

It cannot be transferred loans to the SSPE that are assumed to result in higher losses than on corresponding loans retained on the securitiser's balance sheet, based on the maturity of the bond. However, if necessary information is provided to potential investors assets that ex ante have a higher credit risk profile than the average in the loan portfolio may be transferred to the SSPE.

4.4 Transparency

Information about the securitisation shall be made available to investors in the bonds, supervisory authorities and, upon request, to potential investors. Information shall be provided on inter alia the following: (i) information on the underlying exposure, (ii) all underlying documentation that is essential for the understanding of the transaction, (iii) transaction summary or overview of the main features of the securitisation in the absence of a prospectus, (iv) STS notification in the case of STS securitisation, (v) investor reports that shall deal with credit quality and developments in the underlying exposures, (vi) inside information relating to the securitisation that the originator, sponsor or SSPE is obliged to make public in accordance with Article 17 of MAR or – outside the scope of MAR information about other significant events.

The information set out in (ii), (iii) and (vi) in the preceding paragraph shall be made available before the pricing of the bonds is determined. If the securitisation is covered by a prospectus, the information shall be made available by means of a securitisation repository (see Section 3.3.7 above).

ESMA has issued Technical standards on disclosure requirements under the Securitisation Regulation. [Link]

4.5    Due diligence

Institutional investors must verify (i) the quality of lending procedures and criteria for granting loans (where the originator or original lender is not a credit institution or investment firm established in the EEA), (ii) that risk retention requirement is complied with and (iii) that the transparency requirements are met in the case of securitisations that are subject to prospectus requirements. 

Furthermore, institutional investors shall have procedures in place to monitor compliance with relevant requirements of the Securitisation Regulation and to conduct stress tests of cash flows and any collateral provided for the underlying exposures on an ongoing basis. 

4.6    Ban on resecuritisation

The securitised portfolio should not contain securitised positions. The prohibition does not apply to re-securitisation to be used for legitimate purposes as further defined, conditional upon permisson from the supervisory authority of the relevant institution after having consulted with the resolution authority and other relevant authorities. The supervisory authorities shall inform ESMA of such permissions.

4.7 Investor universe

Neither the Securities Regulation, nor statutory provisions in Sweden, Denmark or Norway prohibit certain investors from investing in securities issued by SSPEs. However, the Ministry of Finance in Norway stated in the white paper that such bonds and certificates in most cases will not be suitable investment products for consumers, cf. Prop. 57 LS (2020-2021) page 36. [Link]

5.1    General

Traditional securitisations that are simple, transparent and standardised as further defined may use the designation "STS" securitisation, provided that the securitisation has been notified to ESMA and included in ESMA's register of such securitisations and provided also that the originator, sponsor and SSPE involved shall be established in the EU/EEA.

STS securitisations are divided in ABCP (Asset-Backed Commercial Paper) og non-ABCP. Loans that may be included in ABCP shall have a weighted average remaining maturity of up to one year and at the outset none of the loans shall have a remaining maturity of more than three years. 

The provisions on STS are largely the same for ABCP and non-ABCP. The rules for non-ABCP are formulated as requirements for simplicity, transparency and standardisation, see Section 5.2 below, while the rules for ABCP are formulated as requirements for transaction-level, sponsor and programme-level, see Section 5.3 below. 

5.2 STS securitisations

5.2.1 Simple

The main criteria for a securitisation to be considered as simple, are pursuant to Article 20 of the Securitisation Regulation that (i) the underlying exposures shall be acquired by the SSPE by means of a true sale, (ii) the transfer shall not be subject to severe clawback provisions, (iii) the seller must declare that the exposures have no encumbrances or otherwise in a condition that can adversely affect the enforceability of the true sale, (iv) the exposures shall meet predetermined, clear and documented eligibility criteria, (v) the pool of underlying exposures shall comprise only one asset type and the obligations must be contractually binding and enforceable, (vi) the exposures shall not include any securitisation position, (vii) the exposures shall be originated in the ordinary course pursuant to underwriting standards that are no less stringent than those applied to similar exposures that are not securitised, (viii) the exposures shall be transferred after selection without undue delay and shall not include exposures in default or exposures to a credit-impaired debtor, (ix) the debtors shall at the time of transfer have made at least one payment and (x) repayment to the bondholders shall not be conditional on the sale of the securitised loans.

5.2.2 Standardised

In order for the securitisation to be considered as standardised it must fulfil the criteria set out in Article 21 of the Securitisation Regulation, dealing in particular with treatment of interest rate and currency risk and how the payment flows are to be distributed to investors in the event of demand or termination of the loan agreements.

The risk-retention requirement must be complied with.

Interest rate and currency risk arising from the securitisation must be appropriately mitigated and the SSPE's measures to that effect shall be disclosed. The SSPE may only enter into derivative contracts if the agreements are intended to cover interest rate and currency risk. Underlying exposures in the form of derivatives may not be included in the portfolio being securitised. Interest payments must follow general market or sector-specific interest rates, and the interest rates must reflect financing costs.

Upon redemption of securitised loans by the debtor, the amount shall be transferred to the bondholders, unless withoholding is necessary to ensure the operational functioning of the SSPE.

Repayments on the loans shall be paid to the investors in sequential instalments in accordance with the securitisation ranking. The ranking of investors cannot be changed. The transaction documentation shall include appropriate early amortisation provisions or triggers for termination of the revolving period where the securitisation is a revolving securitisation.

The agreements shall specify the contractual obligations, duties and responsibilities of the servicer. The servicer shall have expertise in servicing the securitised loans and policies, procedures and risk-management controls relating to the servicing of exposures.

The agreements shall regulate the consequences if the servicer becomes insolvent or breaches its obligations. Furthermore, the agreements shall contain provisions that ensure that derivative counterparties, liquidity providers and the account bank can be replaced in the event of insolvency or other events that result in them not being able to perform the assignment.

The securitisation agreement shall regulate the breach of debtors' obligations. These may include provisions on debt restructuring, debt forgiveness, forbearance, payment holidays, losses, charge offs, recoveries etc. The order of priority for payments must also be regulated in the agreement.

5.2.3 Transparent

The transparency requirements are set out in Article 22 of the Securitisation Regulation. Prior to the determination of the price of the bond, the originator and the sponsor shall make available to potential bondholders historical data on default and loss performance (over a period of at least five years) for loans that are substantially similar to those being securitised.

An independent party must carry out an external verification before the bonds are issued, including verification that the data disclosed in respect of the underlying exposures are accurate.

The originator or the sponsor shall, before pricing of the securitisation inform potential investors about the payment flow model that has been agreed. In the case of securitisation of residential mortgages, car loans or car leasing agreements, information must be disclosed on the impact of these exposures on the environment.

On 12 December 2018, the EBA adopted guidelines on STS criteria for non-ABCP securitisations. [Link 1], [Link 2]

5.3    ABCPs

5.3.1 Transaction-level requirements

ABCPs have a maturity of up to one year and are usually used to cover the short-term financing needs of credit institutions and business enterprises. Different from commercial papers etc. ABCP has a loan portfolio, typically credit card debt, car loans, student loans etc. as underlying exposures.

The Securitisation Regulation contains provisions on transfers to the SSPE, requirements for the underlying portfolio, treatment of interest rate and foreign exchange risk, payment flows and settlement to investors in connection with debtors' defaults, as well as transaction documentation. The requirements are largely the same as for non-ABCPs, see Section 5.2 above. However, certain specific requirements have been imposed on the loan portfolios to ensure that ABCPs have a maturity of less than one year. These provisions are discussed in more detail below. 

Requirements for loans that may be included in ABCPs are set out in Article 24(15) of the Securitisation Regulation. In the same way as for non-ABCPs, ABCPs must be secured with a loan portfolio that is homogeneous. The main rule is that the loans must have an average remaining maturity of a maximum of one year and that no loans can have a remaining maturity of more than three years. Exceptions have been made for pools of auto loans, auto leases and equipment lease transactions. For such loans, the average remaining maturity must be a maximum of three and a half years, and no loan can have a remaining maturity of more than six years. The underlying exposures shall not contain loans secured by residential or commercial mortgages or fully guaranteed residential loans, as referred to Article 129(1)(e) of CRR.

5.3.2 Sponsor

The sponsor for an ABCP programme shall be a credit institution supervised under CRD IV. The role of the sponsor is to provide guarantees to cover all liquidity and credit risks and any material dilution risks of the securitised exposures as well as any other transaction- and programme-level costs if necessary to guarantee to the investor the full payment of any amount under the ABCP with such support. 

The credit institution shall demonstrate to the supervisory authority that its role as sponsor will not jeopardise its solvency or liquidity, even in an extreme stress situation in the market. The sponsor shall conduct due diligence in accordance with the provisions of Article 5(1) and (3) of the Securitisation Regulation, see Section 4.5 above. The entity shall also verify that the originator or original lender has contractual provisions on debt settlement and recovery procedures in accordance with the provisions of the CRR. If the sponsor does not renew its funding commitment of the liquidity facility before its expiry, the liquidity facility shall be drawn down and the maturing securities shall be repaid.

5.3.3 Programme-level requirements

Pursuant to Article 26(1) of the Securitisation Regulation, up to 5 per cent of the loan portfolio on which ABCPs are based may temporarily deviate from the requirements of Article 24(9), (10) and (11) of the Securitisation Regulation. This applies inter alia to the provisions stipulating that non-performing exposures or exposures from credit-impaired debtors shall not be transferred, or that at least one repayment of the loan must have been made before it is transferred to the SSPE. 

A sample of the underlying exposures shall regularly be subject to external verification of compliance by an independent party. The weighted average remaining maturity of the underlying assets in an ABCP may not exceed two years. 

ABCPs may not contain call options, extension clauses or other clauses that affect the final expiration date. Interest rate and currency risk in ABCPs shall be appropriately mitigated in the same way as for non-ABCPs. 

The agreements on ABCPs shall include inter alia provisions concerning: (i) liability of the management undertaking and other service providers, (ii) contractual obligations, tasks and responsibilities of the sponsor (iii) provisions to ensure that a default or insolvency of the servicer does not result in a termination of servicing, (iv) replacement of derivative counterparties and the account bank in the event of default, insolvency or other specified events.

Pursuant to Article 243(1) of CRR, the originator being a financial institution may exclude securitised exposures from the calculation of risk-weighted exposure amounts and expected loss amounts if either of the following conditions is fulfilled: 

1. significant credit risk associated with the securitised exposures is considered to have been transferred to third parties; 
    
2. the originator institution applies a 1 250 % risk weight to all securitisation positions it holds in this securitisation or deducts these securitisation positions from Common Equity Tier 1 items in accordance with Article 36(1)(k).
    

If the credit risk is considered to have been transferred, the originator shall only calculate capital requirements for positions/bonds that the institution itself has in the securitisation.

Whether a significant credit risk has been transferred shall be decided based on the criteria set out in Article 243(2)-(5) of the CRR. Where the possible reduction in risk weighted exposure amounts is not justified by a commensurate transfer of credit risk to third parties, national competent authorities (Finansinspektionen/Finanstilsynet) may decide on a case-by-case basis that significant credit risk shall not be considered to have been transferred to third parties. If, however, the originator is able to demonstrate that the reduction of own funds requirements which the originator achieves by the securitisation is justified by a commensurate transfer of credit risk to third parties, competent authorities shall grant such permission.