* ESMA finds poor confidentiality controls at agencies
* ESMA may take enforcement action, such as fines
* Three big agencies say committed to improvements
By Huw Jones
LONDON, Dec 2 (Reuters) - The "Big Three" agencies that rate European Union government debt could be fined after failing to fix poor practices from the past, the sector's regulator said on Monday.
Credit ratings are a key part of the financial system, helping investors assess the likelihood that they will recoup their money. But the financial crisis led to unease that the market is relying to heavily upon them.
The European Securities and Markets Authority (ESMA) on Monday published results of an investigation into how Moody's , Standard & Poor's and Fitch compiled ratings on sovereign bonds between February and October this year.
ESMA is the EU agency responsible for authorising and supervising rating agencies in EU countries, some of which have objected strongly to their ratings by agencies.
In its report, ESMA criticised delays in the publication of rating changes and poor confidentiality controls at the agencies.
Sovereign ratings became politically charged at the height of the euro zone crisis when S&P infuriated Greece in 2011 by cutting the rating of its debt while the country's EU bailout was being renegotiated.
This led to the third of three EU laws to regulate rating agencies in as many years. From next month, the agencies can only release changes to sovereign ratings according to a pre-set calendar to improve transparency.
"ESMA's investigation revealed shortcomings in the sovereign ratings process which could pose risks to the quality, independence and integrity of the ratings and of the rating process," ESMA Chairman Steven Maijoor told reporters.
"They should speed up their processes and make sure they get their house in order."
S&P said it was committed to the highest standards and was continually enhancing its operations, while Moody's said it was committed to complying with the EU rules.
Fitch said it was confident all its policies and procedures met regulatory standards and was moving swiftly to address any issues identified in the report.
ESMA said it would not assess the actual ratings themselves.
The three agencies will have to carry out "remedial plans" to ensure full compliance with EU law and to eradicate inadequate practices form the past, Maijoor said.
ESMA has not determined yet if any rules have been broken and so whether fines might be appropriate, but its officials are looking into possible action based on an earlier report.
ESMA said the failings might compromise the independence of the ratings process. It cited the risks of senior management or even board members driving ratings changes rather than an agency's lead analyst, increasing the possibility of ratings being influenced by commercial incentives.
It was also looking further into how an upcoming rating change was disclosed to an unauthorised third party before being released to the market.
The watchdog found poor controls around the use of external communication consultants as well.
The investigation was prompted partly by rumours in the market ahead of past rating changes that had caused volatility.
In some cases, ESMA uncovered delays to publication of more than five days after the rating decision was taken, and in one case the delay stretched to two weeks. Ratings must be published in a timely manner after giving the issuer at least 24 hours to challenge any errors.
Agencies were also assigning lead analyst responsibilities to junior or newly-hired staff, ESMA said.
But its report, its third so far into the sector, also found good practices such as more challenges to the rating recommendation made by the lead analyst.
In March, ESMA criticised the Big Three agencies for a lack of transparency over how they evaluate banks and demanded more robust internal reviews of their methods.
Maijoor said it was not surprising that deficiencies had been uncovered as the sector moves from being nearly unregulated to being heavily supervised.