The collapse of Greensill Capital and the subsequent enforcement proceedings against Credit Suisse by the Swiss Financial Market Supervisory Authority (FINMA) offer a stark warning to the global banking sector. The comprehensive FINMA report, which details severe organizational failures and risk blind spots within Credit Suisse Asset Management (CSAM), raises a fundamental question: should large banks continue to depend heavily on external credit ratings, or does the future demand stronger internal credit assessment capabilities?
A System Built on External Validation
One of the most critical flaws highlighted in FINMA’s report was the overreliance on Greensill as a sole originator of financial products—specifically, notes backed by trade receivables—without adequate internal credit scrutiny. Despite structural complexities and clear indicators of elevated credit risk, Credit Suisse proceeded with investments largely based on Greensill’s assurances and third-party ratings.
A particularly alarming point was the acknowledgement that:
“No due diligence will be completed […] in respect of any […] Relevant Obligor (including as to their creditworthiness) or any Accounts Receivable” – especially concerning the securitization of future receivables, which may never materialize into enforceable obligations.
In short, Greensill was allowed to feed assets into the funds without the bank performing proper credit checks, relying instead on insurance structures and presumed counterparty strength.
FINMA’s Expectation: Risk Assessment Must Be Internalized
FINMA was explicit in its expectations regarding risk control. In several sections, it noted that the Asset Manager had not sufficiently challenged Greensill’s documentation or creditworthiness and instead had passively accepted the risk premia embedded in the structured notes. The regulator criticized Credit Suisse’s weak response mechanisms and lack of “critical scrutiny” from both compliance and risk management:
“In functional terms, risk control was still (also) the responsibility of the AIFM.” Yet, the structure allowed Greensill to act unchecked as a quasi-delegate of risk assessment .
FINMA’s decision implies that it is not sufficient for banks to rely on contractual protections, external service providers, or the existence of an insurer. Instead, risk must be understood, modeled, and monitored internally.
Implications: Pressure to Reduce Dependency on Rating Agencies
This case amplifies broader regulatory sentiment—shared across jurisdictions—that banks cannot outsource creditworthiness judgment to external agencies or third parties. The traditional model where credit ratings from firms like S&P, Moody’s, or Fitch serve as the cornerstone of portfolio approval is no longer enough in complex, structured, or opaque markets.
Credit Suisse’s case shows what happens when banks lack the will or capability to independently verify credit quality. For example:
“Contradictory information regarding the insurance cover was not questioned by the bank… Nor are there any findings or enquiries from the bank regarding Greensill’s answers to questions that would have been relevant to the assessment of relevant risks.”
In light of this, it’s evident that FINMA expects banks to move toward independent credit research, robust due diligence frameworks, and well-documented risk governance—especially for non-standard assets or when counterparties are lightly regulated.
Conclusion: A Paradigm Shift Ahead
Subscribe to get access
Read more of this content when you subscribe today.
As structured finance products continue to evolve, the demand for internal risk competency is no longer optional. For global banks, the message is clear: know your risk—or regulators will hold you accountable for not knowing it.
^^^ RATING EVIDENCE GmbH 
Leave a comment