[Federal Register: December 6, 2004 (Volume 69, Number 233)]
[Notices]
[Page 70444-70456]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr06de04-37]
=======================================================================
-----------------------------------------------------------------------
FEDERAL RESERVE SYSTEM
[Docket No. OP-1207]
Bank Holding Company Rating System
AGENCY: Board of Governors of the Federal Reserve System.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The Federal Reserve has revised its bank holding company (BHC)
rating system to better reflect and communicate its supervisory
priorities and practices. The revised BHC rating system emphasizes risk
management; implements a comprehensive and adaptable framework for
analyzing and rating financial factors; and provides a framework for
assessing and rating the potential impact of the nondepository entities
of a holding company on the subsidiary depository institution(s).
DATES: The revised rating system will be applied to all BHC inspections
beginning on or after January 1, 2005, as well as to inspections opened
in 2004 and closed in 2005, at the discretion of the Reserve Bank.
FOR FURTHER INFORMATION CONTACT: Deborah Bailey, Associate Director,
(202-452-2634), Barbara Bouchard, Deputy Associate Director, (202-452-
3072), Molly Mahar, Senior Supervisory Financial Analyst, (202-452-
2568), or Anna Lee Hewko, Supervisory Financial Analyst, (202-530-
6260). For users of Telecommunications Device for the Deaf (``TDD'')
only, contact (202) 263-4869.
SUPPLEMENTARY INFORMATION:
Background
On July 23, 2004, the Federal Reserve published a notice in the
Federal Register (69 FR 43996) requesting comment on proposed revisions
to the BHC rating system. The BHC rating system is an internal rating
system used by the Federal Reserve as a management information and
supervisory tool that defines the condition of all BHCs, including
financial holding companies (FHCs), in a systematic way. First and
foremost, a BHC's rating provides a summary evaluation of the BHC's
condition for use by the supervisory community. Second, the BHC rating
forms the basis of supervisory responses and actions. Third, the BHC
rating provides the basis for supervisors' discussion of the firm's
condition with BHC management. Fourth, the BHC rating determines
whether the BHC is entitled to expedited applications processing and to
certain regulatory exemptions.
The former BHC rating system, implemented in 1979 and commonly
referred to as the BOPEC rating system, focused on the financial
condition of discrete legal entities, consolidated capital, and
consolidated earnings. It also included composite financial condition
and management ratings. Since that time, a number of changes have
occurred in the financial services industry, prompting a shift in
supervisory policies and procedures away from historical analyses of
financial condition, toward more forward looking assessments of risk
management and financial factors. In order to address this shift, the
Federal Reserve introduced a risk management rating for all bank
holding companies in the mid-1990s. Although this adjustment proved an
effective tool for assessing risk management, it was not the central
focus of the rating system. Moreover, as the banking industry has
continued to evolve over the past decade, the focus of the Federal
Reserve's examination program for bank holding companies has
increasingly centered on a comprehensive review of financial risk and
the adequacy of risk management. As a result, in order to more fully
align the rating process for BHCs with current supervisory practices,
the Federal Reserve is revising the BHC rating system to emphasize risk
management; introduce a comprehensive and adaptable framework for
analyzing and rating financial factors; and provide a framework for
assessing and rating the potential impact of the nondepository entities
of a holding company on the subsidiary depository institution(s).
Summary of the Revised Rating System
Each BHC is assigned a composite rating (C) based on an evaluation
and rating of its managerial and financial condition and an assessment
of future potential risk to its subsidiary depository institution(s).
The main components of the rating system represent: Risk Management
(R); Financial Condition (F); and potential Impact (I) of the parent
company and nondepository subsidiaries (collectively nondepository
entities) on the subsidiary depository institutions. While the Federal
Reserve expects all bank holding companies to act as a source of
strength to their subsidiary depository institutions, the Impact rating
focuses on downside risk--that is, on the likelihood of significant
negative impact by the nondepository entities on the subsidiary
depository institution. A fourth component rating, Depository
Institution (D), will generally mirror the primary regulator's
assessment of the subsidiary depository institutions. Thus, the primary
component and composite ratings are displayed:
RFI/C (D)
In order to provide a consistent framework for assessing risk
management, the R component is supported by four subcomponents that
reflect the effectiveness of the banking organization's risk management
and controls. The subcomponents are: Board and Senior Management
Oversight; Policies, Procedures, and Limits; Risk Monitoring and
Management Information Systems; and Internal Controls. The F component
is similarly supported by four subcomponents reflecting an assessment
of the quality of the banking organization's Capital; Asset Quality;
Earnings; and Liquidity. A simplified version of the rating system that
requires only the assignment of the risk management component rating
and composite rating will be applied to noncomplex bank holding
companies with assets at or below $1 billion.
Composite, component, and subcomponent ratings are assigned based
on a 1 to 5 numeric scale. A 1 numeric rating indicates the highest
rating, strongest performance and practices, and least degree of
supervisory concern, whereas a 5 numeric rating indicates the lowest
rating, weakest performance, and the highest degree of supervisory
concern.
The Federal Reserve recognizes the interrelationship between the
risk management and financial performance components of the revised
rating system, an interrelationship that is
[[Page 70445]]
inherent in all supervisory rating systems. As such, examiners are
expected to consider that a risk management factor may have a bearing
on the assessment of a financial subcomponent or component rating and
vice versa. In general, however, the risk management component and
subcomponents should be viewed as the forward-looking component of the
rating system and the financial condition component and subcomponents
should be viewed as the current component of the rating system. For
example, a BHC's ability to monitor and manage market risk (or
sensitivity to market risk) should be evaluated together with the
organization's ability to monitor and manage all risks under the R
component of the rating system. However, poor market risk management
may also be reflected in the F component if it impacts earnings or
capital.
Comments Received and Changes Made
The Federal Reserve received a total of 13 comments regarding the
proposed revisions to the BHC rating system. The comments came from
banking organizations, trade associations, several Reserve Banks and
one law firm. Commenters generally supported changes to the rating
system, stating that the move to a more forward-looking assessment of
risk management systems and the condition of the consolidated
organization is appropriate.
Many commenters recommended that the rating scale for the
subcomponents under the risk management rating be changed from a three
point qualitative scale to a five point numeric rating scale in order
to provide more granularity and consistency with the rest of the rating
system. In response, the Federal Reserve has changed the rating scale
for the risk management subcomponent ratings to a five point numeric
rating scale.
Several commenters raised concerns that the new rating system is
signaling a move by the Federal Reserve to lessen its reliance on the
work of primary bank regulators and other functional nonbank regulators
in its supervision of BHCs. The revised BHC rating system was developed
to align the BHC rating process with the Federal Reserve's current
supervisory practices in carrying out consolidated or umbrella
supervision of BHCs. As such, the revised rating system and the
accompanying implementation guidance is not intended to signal a shift
in the Federal Reserve's supervisory practices of coordinating with and
relying to the greatest extent possible on the work of primary bank and
other functional nonbank regulators. This intent is clearly stated in
the final policy.
Commenters also raised concerns about the ability of the Federal
Reserve to apply the new rating system in a consistent manner due to
the large number of subcomponent ratings in the new system and the
inherent subjectivity in the rating process. As is the case with all
supervisory rating systems, there is some subjectivity inherent in the
revised BHC rating system; however, the Federal Reserve has made and
will continue to make every effort to provide appropriate examiner
guidance and training around the revised BHC rating system to ensure
that the system is applied in a consistent manner. In addition, the
Federal Reserve notes that the subcomponents under the R rating are
based on the same guidance that has been used to rate risk management
since 1995 and are therefore familiar to examination staff. Examination
staff also is very familiar with assigning capital, asset quality,
earnings, and liquidity ratings, as these components are important
elements of our existing rating systems. The Federal Reserve believes
that the subcomponents will increase consistency and transparency in
the rating process by providing a clearer basis for the component
ratings.
Commenters raised concerns about the possibility of one factor
being weighted too heavily in the composite rating due to overlap
between the component ratings and because the proposal stated that the
composite rating may not be the numerical average of the component
ratings. There is an interrelationship among the component ratings in
the revised BHC rating system that is inherent in all supervisory
rating systems. Federal Reserve examiners will consider that a risk
management factor may have a bearing on the assessment of a financial
subcomponent or component rating and vice versa, and weight that factor
proportionately in the overall composite rating. Consistent with
current rating practices for the BOPEC and CAMELS rating systems, some
components may be given more weight than others in determining the
composite rating, depending on the importance of that component in the
overall condition of the BHC. In general, assignment of a composite
rating may incorporate any factor that bears significantly on the
overall condition and soundness of the BHC. Therefore, the composite
rating is not derived by computing the arithmetic average of the
component ratings. Nevertheless, the composite rating generally bears a
close relationship to the component ratings assigned.
Commenters also raised questions about whether the Federal Reserve
intends to impose de facto capital requirements on nondepository
subsidiaries, whether the language in the proposal around the use of
market indicators is signaling more extensive use of these references
in the rating process, and whether the Federal Reserve intends to run
the BOPEC rating system in conjunction with the revised BHC rating
system for some time period of time. The Federal Reserve has clarified
in the final policy that, consistent with current practice, the revised
BHC rating system assesses the consolidated capital adequacy of the
organization and is not intended to impose de facto capital
requirements on nondepository subsidiaries. In addition, the Federal
Reserve has clarified and simplified the language around the use of
market indicators in the revised rating system to indicate that,
consistent with current practice, examination staff should use these
indicators as a source of information complementary to the examination
process. Also, the Federal Reserve is implementing a quality assurance
program around the new rating system during the first year of
implementation that includes a mechanism to collect feedback from
examination staff to address any significant implementation issues and
to discuss difficult rating decisions to ensure consistent application
of the revised rating system.
Finally, a few commenters suggested that BHC understanding of the
revised rating system would be enhanced if the Federal Reserve were to
utilize a temporary dual implementation period during which the BOPEC
rating system and the revised rating system would be applied
simultaneously and a BHC's BOPEC rating would prevail. The Federal
Reserve has determined that a direct and prompt adoption of the revised
rating system is preferable because the revised rating system better
reflects current supervisory practices and because use of a single
rating system would minimize regulatory burden on both examination
staff and institutions. To ensure that BHCs understand the revised
rating system, examination staff will be prepared to discuss the
differences and similarities between the revised rating system and the
BOPEC system with senior BHC officials during the first inspection
cycle under the revised rating system. Moreover, during the first
inspection cycle under the revised rating system, in situations in
which a BHC has received a ratings downgrade, examiners will be
prepared to discuss with senior BHC
[[Page 70446]]
officials the new ratings and how they compare with the BOPEC ratings
for that institution.
Disclosure
The numeric ratings for bank holding companies under the revised
BHC rating system will be disclosed to the bank holding company for its
confidential use, in accordance with current disclosure practices.
Under no circumstances should the bank holding company or any of its
directors, officers, or employees disclose or make public any of the
ratings.
Implementation
The revised BHC rating system becomes effective January 1, 2005,
and is to be used for all BHC inspections commencing after that date.
Inspections opened in 2004 and closed in 2005 may assign either the
BOPEC rating or the RFI/C(D) rating. Although the timing of
implementation is relatively close to the December release of the final
rating system, supervision and examination staff at all twelve Reserve
Banks and the Board of Governors have had and will continue to receive
appropriate training in the revised rating system. Moreover, the
revised rating system was developed and reviewed over a number of years
with participation from a wide range of Federal Reserve System
supervision and examination staff. Because the revised BHC rating
system incorporates factors that have been routinely considered by
examiners for years in evaluating a BHC's condition, the revised rating
system should not have a significant effect on the conduct of
inspections or on the regulatory burden of supervised institutions.
Text of the Bank Holding Company Rating System
Bank Holding Company Rating System
The bank holding company (BHC) rating system provides an assessment
of certain risk management and financial condition factors that are
common to all BHCs, as well as an assessment of the potential impact of
the parent BHC and its nondepository subsidiaries (collectively
nondepository entities) on the BHC's subsidiary depository
institutions. Under this system, the Federal Reserve endeavors to
ensure that all BHCs, including financial holding companies (FHCs), are
evaluated in a comprehensive and uniform manner, and that supervisory
attention is appropriately focused on the BHCs that exhibit financial
and operational weaknesses or adverse trends. The rating system serves
as a useful vehicle for identifying problem or deteriorating BHCs, as
well as for categorizing BHCs with deficiencies in particular areas.
Further, the rating system assists the Federal Reserve in following
safety and soundness trends and in assessing the aggregate strength and
soundness of the financial industry.
Each BHC \1\ is assigned a composite rating (C) based on an overall
evaluation and rating of its managerial and financial condition and an
assessment of future potential risk to its subsidiary depository
institution(s). The main components of the rating system represent:
Risk Management \2\ (R); Financial Condition (F); and Impact (I) of the
nondepository entities on the subsidiary depository institutions. While
the Federal Reserve expects all bank holding companies to act as a
source of strength to their subsidiary depository institutions, the
Impact rating focuses on downside risk--that is, on the likelihood of
significant negative impact by the nondepository entities on the
subsidiary depository institution(s). A fourth rating, Depository
Institution(s) (D), will generally mirror the primary regulator's
assessment of the subsidiary depository institution(s). Thus, the
primary component and composite ratings are displayed:
---------------------------------------------------------------------------
\1\ A simplified version of the rating system that includes only
the R and C components will be applied to noncomplex bank holding
companies with assets at or below $1 billion.
\2\ This risk management rating replaces the risk management
rating required for BHCs by SR 95-51.
---------------------------------------------------------------------------
RFI/C (D)
In order to provide a consistent framework for assessing risk
management, the R component is supported by four subcomponents that
reflect the effectiveness of the banking organization's risk management
and controls. The subcomponents are: Board and Senior Management
Oversight; Policies, Procedures, and Limits; Risk Monitoring and
Management Information Systems; and Internal Controls. The F component
is also supported by four subcomponents reflecting an assessment of the
quality of the consolidated banking organization's Capital; Asset
Quality; Earnings; and Liquidity.
Composite, component, and subcomponent ratings are assigned based
on a 1 to 5 numeric scale. A 1 numeric rating indicates the highest
rating, strongest performance and practices, and least degree of
supervisory concern, whereas a 5 numeric rating indicates the lowest
rating, weakest performance, and the highest degree of supervisory
concern.
The following three sections contain detailed descriptions of the
composite, component, and subcomponent ratings, implementation guidance
by BHC type, and definitions of the ratings.
I. Description of the Rating System Elements
The Composite (C) Rating
C is the overall composite assessment of the BHC as reflected by
consolidated risk management, consolidated financial strength, and the
potential impact of the nondepository entities on the subsidiary
depository institutions. The composite rating encompasses both a
forward-looking and static assessment of the consolidated organization,
as well as an assessment of the relationship between the depository and
nondepository entities. Consistent with current Federal Reserve
practice, the C rating is not derived as a simple numeric average of
the R, F, and I components; rather, it reflects examiner judgment with
respect to the relative importance of each component to the safe and
sound operation of the BHC.
The Risk Management (R) Component
R represents an evaluation of the ability of the BHC's board of
directors and senior management, as appropriate for their respective
positions, to identify, measure, monitor, and control risk. The R
rating underscores the importance of the control environment, taking
into consideration the complexity of the organization and the risk
inherent in its activities.
The R rating is supported by four subcomponents that are each
assigned a separate rating. The four subcomponents are as follows: (1)
Board and Senior Management Oversight; (2) Policies, Procedures and
Limits; (3) Risk Monitoring and Management Information Systems; and (4)
Internal Controls.\3\ The subcomponents are evaluated in the context of
the risks undertaken by and inherent in a banking organization and the
overall level of complexity of the firm's operations. They provide the
Federal Reserve System with a consistent framework for evaluating risk
management and the control environment. Moreover, the subcomponents
provide a clear structure and basis for discussion of the R rating with
BHC management, reflect the principles of SR Letter 95-51, are
[[Page 70447]]
familiar to examiners, and parallel the existing risk assessment
process.
---------------------------------------------------------------------------
\3\ Another subcomponent assessing the adequacy of disclosures
relating to risk exposures, risk assessment, and capital adequacy
for BHCs using the advanced internal ratings based approach to risk-
based capital may be added once the Basel II framework has been
implemented in the United States. The Federal Reserve does not
intend to adopt such a disclosure rating without going out for
public comment.
---------------------------------------------------------------------------
Risk Management Subcomponents \4\
---------------------------------------------------------------------------
\4\ SR Letter 95-51 contains a detailed description of the four
risk management subcomponents.
---------------------------------------------------------------------------
Board and Senior Management Oversight \5\
---------------------------------------------------------------------------
\5\ The Board of Directors is considered separate from
Management.
---------------------------------------------------------------------------
This subcomponent evaluates the adequacy and effectiveness of board
and senior management's understanding and management of risk inherent
in the BHC's activities, as well as the general capabilities of
management. It also includes consideration of management's ability to
identify, understand, and control the risks undertaken by the
institution, to hire competent staff, and to respond to changes in the
institution's risk profile or innovations in the banking sector.
Policies, Procedures and Limits
This subcomponent evaluates the adequacy of a BHC's policies,
procedures, and limits given the risks inherent in the activities of
the consolidated BHC and the organization's stated goals and
objectives. This analysis will include consideration of the adequacy of
the institution's accounting and risk disclosure policies and
procedures.
Risk Monitoring and Management Information Systems
This subcomponent assesses the adequacy of a BHC's risk measurement
and monitoring, and the adequacy of its management reports and
information systems. This analysis will include a review of the
assumptions, data, and procedures used to measure risk and the
consistency of these tools with the level of complexity of the
organization's activities.
Internal Controls
This subcomponent evaluates the adequacy of a BHC's internal
controls and internal audit procedures, including the accuracy of
financial reporting and disclosure and the strength and influence,
within the organization, of the internal audit team. This analysis will
also include a review of the independence of control areas from
management and the consistency of the scope coverage of the internal
audit team with the complexity of the organization.
The Financial Condition (F) Component
F represents an evaluation of the consolidated organization's
financial strength. The F rating focuses on the ability of the BHC's
resources to support the level of risk associated with its activities.
The F rating is supported by four subcomponents: capital (C), asset
quality (A), earnings (E), and liquidity (L). The CAEL subcomponents
can be evaluated along individual business lines, product lines, or on
a legal entity basis, depending on what is most appropriate given the
structure of the organization. The assessment of the CAEL components
should utilize benchmarks and metrics appropriate to the business
activity being evaluated.
Consistent with current supervisory practices, examination staff
should continue to review relevant market indicators, such as external
debt ratings, credit spreads, debt and equity prices, and qualitative
rating agency assessments as a source of information complementary to
examination findings.
Financial Condition Subcomponents (CAEL)
Capital Adequacy
C reflects the adequacy of an organization's consolidated capital
position, from a regulatory capital perspective and an economic capital
perspective, as appropriate to the BHC.\6\ The evaluation of capital
adequacy should consider the risk inherent in an organization's
activities and the ability of capital to absorb unanticipated losses,
to provide a base for growth, and to support the level and composition
of the parent company and subsidiaries' debt.
---------------------------------------------------------------------------
\6\ Of course, the regulatory minimum capital ratios for BHCs
are eight percent total risk-based capital, four percent tier 1
risk-based capital, three percent tier 1 leverage for BHCs rated
strong, and four percent tier 1 leverage for all other BHCs. See 12
CFR 225, Appendices A and D.
---------------------------------------------------------------------------
Asset Quality
A reflects the quality of an organization's consolidated assets.
The evaluation should include, as appropriate, both on-balance sheet
and off-balance sheet exposures, and the level of criticized and
nonperforming assets. Forward-looking indicators of asset quality, such
as the adequacy of underwriting standards, the level of concentration
risk, the adequacy of credit administration policies and procedures,
and the adequacy of management information systems for credit risk may
also inform the Federal Reserve's view of asset quality.
Earnings
E reflects the quality of consolidated earnings. The evaluation
considers the level, trend, and sources of earnings, as well as the
ability of earnings to augment capital as necessary, to provide ongoing
support for a BHC's activities.
Liquidity
L reflects the consolidated organization's ability to attract and
maintain the sources of funds necessary to support its operations and
meet its obligations. The funding conditions for each of the material
legal entities in the holding company structure should be evaluated to
determine if any weaknesses exist that could affect the funding profile
of the consolidated organization.
The Impact (I) Component
Like the other components and subcomponents, the I component is
rated on a five point numerical scale. However, the descriptive
definitions of the numerical ratings for I are different than those of
the other components and subcomponents. The I ratings are defined as
follows:
1--Low likelihood of significant negative impact;
2--Limited likelihood of significant negative impact;
3--Moderate likelihood of significant negative impact;
4--Considerable likelihood of significant negative impact; and
5--High likelihood of significant negative impact.
The I component is an assessment of the potential impact of the
nondepository entities on the subsidiary depository institution(s). The
I assessment will evaluate both the risk management practices and
financial condition of the nondepository entities--an analysis that
will borrow heavily from the analysis conducted for the R and F
components. Consistent with current practices, nondepository entities
will be evaluated using benchmarks and analysis appropriate for those
businesses. In addition, for functionally regulated nondepository
subsidiaries, examination staff will continue to rely, to the extent
possible, on the work of those functional regulators to assess the risk
management practices and financial condition of those entities. In
rating the I component, examination staff is required to evaluate the
degree to which current or potential issues within the nondepository
entities present a threat to the safety and soundness of the subsidiary
depository institution(s). In this regard, the I component will give a
clearer indication of the degree of risk posed by the nondepository
entities to the federal safety net than does the current rating system.
The I component focuses on the aggregate impact of the
nondepository entities on the subsidiary depository institution(s). In
this regard, the I rating
[[Page 70448]]
does not include individual subcomponent ratings for the parent company
and nondepository subsidiaries. An I rating is always assigned for each
BHC; however, as is currently the case, nonmaterial nondepository
subsidiaries\7\ may be excluded from the I analysis at examiner
discretion. Any risk management and financial issues at the
nondepository entities that potentially impact the safety and soundness
of the subsidiary depository institution(s) should be identified in the
written comments under the I rating. This approach is consistent with
the Federal Reserve's objective not to extend bank-like supervision to
nondepository entities.
---------------------------------------------------------------------------
\7\ As a general rule, nondepository subsidiaries should be
included in the I analysis whenever their assets exceed five percent
of the BHC's consolidated capital or $10 million, whichever is
lower.
---------------------------------------------------------------------------
The analysis of the parent company for the purpose of assigning an
I rating should emphasize weaknesses that could directly impact the
risk management or financial condition of the subsidiary depository
institution(s). Similarly, the analysis of the nondepository
subsidiaries for the purpose of assigning an I rating should emphasize
weaknesses that could negatively impact the parent company's
relationship with its subsidiary depository institution(s) and
weaknesses that could have a direct impact on the risk management
practices or financial condition of the subsidiary depository
institution(s). The analysis under the I component should consider
existing as well as potential issues and risks that may impact the
subsidiary depository institution(s) now or in the future. Particular
attention should be paid to the following risk management and financial
factors in assigning the I rating:
Risk Management Factors
Strategic Considerations: The potential risks posed to the
subsidiary depository institution(s) by the nondepository entities'
strategic plans for growth in existing activities and expansion into
new products and services;
Operational Considerations: The spillover impact on the
subsidiary depository institution(s) from actual losses, a poor control
environment, or an operational loss history in the nondepository
entities;
Legal and Reputational Considerations: The spillover
effect on the subsidiary depository institution(s) of complaints and
litigation that name one or more of the nondepository entities as
defendants, or violations of laws or regulations, especially pertaining
to intercompany transactions where the subsidiary depository
institution(s) is involved; and
Concentration Considerations: The potential risks posed to
the subsidiary depository institution(s) by concentrations within the
nondepository entities in business lines, geographic areas, industries,
customers, or other factors.
Financial Factors
Capital Distribution: The distribution and transferability
of capital across the legal entities;
Intra-Group Exposures: The extent to which intra-group
exposures, including servicing agreements, have the potential to
undermine the condition of subsidiary depository institution(s); and,
Parent Company Cash Flow and Leverage: The extent to which
the parent company is dependent on dividend payments, from both the
nondepository subsidiaries and the subsidiary depository
institution(s), to service debt and cover fixed charges. Also, the
effect that these upstreamed cash flows have had, or can be expected to
have, on the financial condition of the BHC's nondepository
subsidiaries and subsidiary depository institution(s).
The Depository Institutions (D) Component
The (D) component will generally reflect the composite CAMELS
rating assigned by the subsidiary depository institution's primary
supervisor. In a multi-bank BHC, the (D) rating will reflect a weighted
average of the CAMELS composite ratings of the individual subsidiary
depository institutions, weighted by both asset size and the relative
importance of each depository institution within the holding company
structure. In this regard, the CAMELS composite rating for a subsidiary
depository institution that dominates the corporate culture may figure
more prominently in the assignment of the (D) rating than would be
dictated by asset size, particularly when problems exist within that
depository institution.
The (D) component conveys important supervisory information,
reflecting the primary supervisor's assessment of the legal entity. The
(D) component stands outside of the composite rating although
significant risk management and financial condition considerations at
the depository institution level are incorporated in the consolidated R
and F ratings, which are then factored into the C rating.
Consistent with current practice, if, in the process of analyzing
the financial condition and risk management programs of the
consolidated organization, a major difference of opinion regarding the
safety and soundness of the subsidiary depository institution(s)
emerges between the Federal Reserve and the depository institution's
primary regulator, then the (D) rating should reflect the Federal
Reserve's evaluation.
To highlight the presence of one or more problem depository
institution(s) in a multi-bank BHC whose depository institution
component, based on weighted averages, might not otherwise reveal their
presence (i.e., depository institution ratings of 1, 2 or 3), a problem
modifier, ``P'' would be attached to the depository institution rating
(e.g., 1P, 2P, or 3P). Thus, 2P would indicate that, while on balance
the depository subsidiaries are rated satisfactory, there exists a
problem depository institution (composite 4 or 5) among the subsidiary
depository institutions. The problem identifier is unnecessary when the
depository institution component is rated 4 or 5.
II. Implementation of the BHC Rating System by Bank Holding Company
Type
The Federal Reserve revised the BHC rating system to align the
rating system with current Federal Reserve supervisory practices. The
rating system will require analysis and support similar to that
required by the former BOPEC rating system for BHCs of all sizes.\8\ As
such, the level of analysis and support will vary based upon whether a
BHC has been determined to be ``complex'' or ``noncomplex.'' \9\ In
addition, the resources dedicated to the inspection of each BHC will
continue to
[[Page 70449]]
be determined by the risk posed by the subsidiary depository
institution(s) to the federal safety net \10\ and the risk posed by the
BHC to the subsidiary depository institution(s).
---------------------------------------------------------------------------
\8\ As described in the BHC inspection manual, SR 95-51, SR 97-
24, SR 99-15, and SR 02-01.
\9\ The determination of whether a holding company is
``complex'' versus ``noncomplex'' is made at least annually on a
case-by-case basis taking into account and weighing a number of
considerations, such as: The size and structure of the holding
company; the extent of intercompany transactions between depository
institution subsidiaries and the holding company or nondepository
subsidiaries of the holding company; the nature and scale of any
nondepository activities, including whether the activities are
subject to review by another regulator and the extent to which the
holding company is conducting Gramm-Leach-Bliley authorized
activities (e.g., insurance, securities, merchant banking); whether
risk management processes for the holding company are consolidated;
and whether the holding company has material debt outstanding to the
public. Size is a less important determinant of complexity than many
of the factors noted above, but generally companies of significant
size (e.g., assets of $10 billion on balance sheet or managed) would
be considered complex, irrespective of the other considerations.
\10\ The federal safety net includes the federal deposit
insurance fund, the payments system, and the Federal Reserve's
discount window.
---------------------------------------------------------------------------
Noncomplex BHCs with Assets of $1 Billion or Less (Shell Holding
Companies)
Rating: R and C
Consistent with SR 02-1, examination staff will assign only an R
and C rating for all companies in the shell BHC program (noncomplex
BHCs with assets under $1 billion). The R rating is the M rating from
the subsidiary depository institution's CAMELS rating. To provide
consistent rating terminology across BHCs of all sizes, the terminology
is changed to R from the former M. The C rating is the subsidiary
depository institution's composite CAMELS rating.
Noncomplex BHCs With Assets Greater Than $1 Billion
One-Bank Holding Company
Rating: RFI/C (D)
For all noncomplex, one-bank holding companies with assets of
greater than $1 billion, examination staff will assign all component
and subcomponent ratings; however, examination staff should continue to
rely heavily on information and analysis contained in the primary
regulator's report of examination for the subsidiary depository
institution to assign the R and F ratings. If examination staff have
reviewed the primary regulator's examination report and are comfortable
with the analysis and conclusions contained in that report, then the
BHC ratings should be supported with concise language that indicates
that the conclusions are based on the analysis of the primary
regulator. No additional analysis will be required.
Please note, however, in cases where the analysis and conclusions
of the primary regulator are insufficient to assign the ratings, the
primary regulator should be contacted to ascertain whether additional
analysis and support may be available. Further, if discussions with the
primary regulator do not provide sufficient information to assign the
ratings, discussions with BHC management may be warranted to obtain
adequate information to assign the ratings. In most cases, additional
information or support obtained through these steps will be sufficient
to permit the assignment of the R and F ratings. To the extent that
additional analysis is deemed necessary, the level of analysis and
resources spent on this assessment should be in line with the level of
risk the subsidiary depository institution poses to the federal safety
net. In addition, any activities that involve information gathering
with respect to the subsidiary depository institution should be
coordinated with and, if possible, conducted by, the primary regulator
of that institution.
Examination staff are required to make an independent assessment in
order to assign the I rating, which provides an evaluation of the
impact of the BHC on the subsidiary depository institution. Analysis
for the I rating in non-complex one-bank holding companies should place
particular emphasis on issues related to parent company cash flow and
compliance with sections 23A and 23B of the Federal Reserve Act.
Multi-Bank Holding Company
Rating: RFI/C (D)
For all noncomplex BHCs with assets of greater than $1 billion and
more than one subsidiary depository institution, examination staff will
assign all component and subcomponent ratings of the new system.
Examiners should rely, to the extent possible, on the work conducted by
the primary regulators of the subsidiary depository institutions to
assign the R and F ratings. However, any risk management or other
important functions conducted by the nondepository entities of the BHC,
or conducted across legal entity lines, should be subject to review by
Federal Reserve examination staff. These reviews should be conducted in
coordination with the primary regulator(s). The assessment for the I
rating requires an independent assessment by Federal Reserve
examination staff.
Complex BHCs
Rating: RFI/C (D)
For complex BHCs, examination staff will assign all component and
subcomponent ratings of the new rating system. The ratings analysis
should be based on the primary and functional regulators' assessment of
the subsidiary entities, as well as on the examiners' assessment of the
consolidated organization as determined through off-site review and the
BHC inspection process, as appropriate. The resources needed for the
inspection and the level of support needed for developing a full rating
will depend on the complexity of the organization, including structure
and activities (see footnote 7), and should be commensurate with the
level of risk posed by the subsidiary depository institution(s) to the
federal safety net and the level of risk posed by the BHC to the
subsidiary depository institution(s).
Nontraditional BHCs
Rating: RFI/C (D)
Examination staff are required to assign the full rating system for
nontraditional BHCs. Nontraditional BHCs include BHCs in which most or
all nondepository entities are regulated by a functional regulator and
in which the subsidiary depository institution(s) are small in relation
to the nondepository entities. The rating system is not intended to
introduce significant additional work in the rating process for these
organizations. As discussed above, the level of analysis conducted and
resources needed to inspect the BHC and to assign the consolidated R
and F ratings should be commensurate with the level of risk posed by
the subsidiary depository institution(s) to the federal safety net and
the level of risk posed by the BHC to the subsidiary depository
institution(s). The report of examination by, and other information
obtained from, the functional and primary bank regulators should
provide the basis for the consolidated R and F ratings. On-site work,
to the extent it involves areas that are the primary responsibility of
the functional or primary bank regulator, should be coordinated with
and, if possible, conducted by, those regulators. Examination staff
should concentrate their independent analysis for the R and F ratings
around activities and risk management conducted by the parent company
and non-functionally regulated nondepository subsidiaries, as well as
around activities and risk management functions that are related to the
subsidiary depository institution(s), for example, audit functions for
the depository institution(s) and compliance with sections 23A and 23B.
Examination staff are required to make an independent assessment of
the impact of the nondepository entities on the subsidiary depository
institution(s) in order to assign the I rating.
III. Rating Definitions for the RFI/C (D) Rating System
All component and subcomponent ratings are rated on a five point
numeric scale. With the exception of the I component, ratings will be
assigned in ascending order of supervisory concern as follows: 1--
Strong; 2--Satisfactory; 3--Fair; 4--Marginal; and 5--Unsatisfactory.
[[Page 70450]]
A description of the I component ratings is in the I section below.
As is current Federal Reserve practice, the component ratings are
not derived as a simple numeric average of the subcomponent ratings;
rather, weight afforded to each subcomponent in the overall component
rating will depend on the severity of the condition of that
subcomponent and the relative importance of that subcomponent to the
consolidated organization. Similarly, some components may be given more
weight than others in determining the composite rating, depending on
the situation of the BHC. Assignment of a composite rating may
incorporate any factor that bears significantly on the overall
condition and soundness of the BHC, although generally the composite
rating bears a close relationship to the component ratings assigned.
Composite Rating
Rating 1 (Strong). BHCs in this group are sound in almost every
respect; any negative findings are basically of a minor nature and can
be handled in a routine manner. Risk management practices and financial
condition provide resistance to external economic and financial
disturbances. Cash flow is more than adequate to service debt and other
fixed obligations, and the nondepository entities pose little risk to
the subsidiary depository institution(s).
Rating 2 (Satisfactory). BHCs in this group are fundamentally sound
but may have modest weaknesses in risk management practices or
financial condition. The weaknesses could develop into conditions of
greater concern but are believed correctable in the normal course of
business. As such, the supervisory response is limited. Cash flow is
adequate to service obligations, and the nondepository entities are
unlikely to have a significant negative impact on the subsidiary
depository institution(s).
Rating 3 (Fair). BHCs in this group exhibit a combination of
weaknesses in risk management practices and financial condition that
range from fair to moderately severe. These companies are less
resistant to the onset of adverse business conditions and would likely
deteriorate if concerted action is not effective in correcting the
areas of weakness. Consequently, these companies are vulnerable and
require more than normal supervisory attention and financial
surveillance. However, the risk management and financial capacity of
the company, including the potential negative impact of the
nondepository entities on the subsidiary depository institution(s),
pose only a remote threat to its continued viability.
Rating 4 (Marginal). BHCs in this group have an immoderate volume
of risk management and financial weaknesses, which may pose a
heightened risk of significant negative impact on the subsidiary
depository institution(s). The holding company's cash flow needs may be
being met only by upstreaming imprudent dividends and/or fees from its
subsidiaries. Unless prompt action is taken to correct these
conditions, the organization's future viability could be impaired.
These companies require close supervisory attention and substantially
increased financial surveillance.
Rating 5 (Unsatisfactory). The critical volume and character of the
risk management and financial weaknesses of BHCs in this category, and
concerns about the nondepository entities negatively impacting the
subsidiary depository institution(s), could lead to insolvency without
urgent aid from shareholders or other sources. The imminent inability
to prevent liquidity and/or capital depletion places the BHC's
continued viability in serious doubt. These companies require immediate
corrective action and constant supervisory attention.
Risk Management Component
Rating 1 (Strong). A rating of 1 indicates that management
effectively identifies and controls all major types of risk posed by
the BHC's activities. Management is fully prepared to address risks
emanating from new products and changing market conditions. The board
and management are forward-looking and active participants in managing
risk. Management ensures that appropriate policies and limits exist and
are understood, reviewed, and approved by the board. Policies and
limits are supported by risk monitoring procedures, reports, and
management information systems that provide management and the board
with the information and analysis that is necessary to make timely and
appropriate decisions in response to changing conditions. Risk
management practices and the organization's infrastructure are flexible
and highly responsive to changing industry practices and current
regulatory guidance. Staff has sufficient experience, expertise and
depth to manage the risks assumed by the institution.
Internal controls and audit procedures are sufficiently
comprehensive and appropriate to the size and activities of the
institution. There are few noted exceptions to the institution's
established policies and procedures, and none is material. Management
effectively and accurately monitors the condition of the institution
consistent with the standards of safety and soundness, and in
accordance with internal and supervisory policies and practices. Risk
management processes are fully effective in identifying, monitoring,
and controlling the risks to the institution.
Rating 2 (Satisfactory). A rating of 2 indicates that the
institution's management of risk is largely effective, but lacking in
some modest degree. Management demonstrates a responsiveness and
ability to cope successfully with existing and foreseeable risks that
may arise in carrying out the institution's business plan. While the
institution may have some minor risk management weaknesses, these
problems have been recognized and are in the process of being resolved.
Overall, board and senior management oversight, policies and limits,
risk monitoring procedures, reports, and management information systems
are considered satisfactory and effective in maintaining a safe and
sound institution. Risks are controlled in a manner that does not
require more than normal supervisory attention.
The BHC's risk management practices and infrastructure are
satisfactory and generally are adjusted appropriately in response to
changing industry practices and current regulatory guidance. Staff
experience, expertise and depth are generally appropriate to manage the
risks assumed by the institution.
Internal controls may display modest weaknesses or deficiencies,
but they are correctable in the normal course of business. The examiner
may have recommendations for improvement, but the weaknesses noted
should not have a significant effect on the safety and soundness of the
institution.
Rating 3 (Fair). A rating of 3 signifies that risk management
practices are lacking in some important ways and, therefore, are a
cause for more than normal supervisory attention. One or more of the
four elements of sound risk management\11\ (active board and senior
management oversight; adequate policies, procedures, and limits;
adequate risk management monitoring and management information systems;
comprehensive internal controls) is considered less than acceptable,
and has precluded the institution from fully addressing one or more
significant risks to its operations. Certain risk
[[Page 70451]]
management practices are in need of improvement to ensure that
management and the board are able to identify, monitor, and control all
significant risks to the institution. Also, the risk management
structure may need to be improved in areas of significant business
activity, or staff expertise may not be commensurate with the scope and
complexity of business activities. In addition, management's response
to changing industry practices and regulatory guidance may need to
improve.
---------------------------------------------------------------------------
\11\ Framework for Risk-Focused Supervision of Large Complex
Institutions, August 1997; SR Letter 95-51, Rating the Adequacy of
Risk Management Processes and Internal Controls at State Member
Banks and Bank Holding Companies.
---------------------------------------------------------------------------
The internal control system may be lacking in some important
aspects, particularly as indicated by continued control exceptions or
by a failure to adhere to written policies and procedures. The risk
management weaknesses could have adverse effects on the safety and
soundness of the institution if corrective action is not taken by
management.
Rating 4 (Marginal). A rating of 4 represents deficient risk
management practices that fail to identify, monitor, and control
significant risk exposures in many material respects. Generally, such a
situation reflects a lack of adequate guidance and supervision by
management and the board. One or more of the four elements of sound
risk management is deficient and requires immediate and concerted
corrective action by the board and management.
The institution may have serious identified weaknesses, such as an
inadequate separation of duties, that require substantial improvement
in internal control or accounting procedures, or improved adherence to
supervisory standards or requirements. The risk management deficiencies
warrant a high degree of supervisory attention because, unless properly
addressed, they could seriously affect the safety and soundness of the
institution.
Rating 5 (Unsatisfactory). A rating of 5 indicates a critical
absence of effective risk management practices with respect to the
identification, monitoring, or control over significant risk exposures.
One or more of the four elements of sound risk management is considered
wholly deficient, and management and the board have not demonstrated
the capability to address these deficiencies.
Internal controls are critically weak and, as such, could seriously
jeopardize the continued viability of the institution. If not already
evident, there is an immediate concern as to the reliability of
accounting records and regulatory reports and the potential for losses
if corrective measures are not taken immediately. Deficiencies in the
institution's risk management procedures and internal controls require
immediate and close supervisory attention.
Risk Management Subcomponents
Board and Senior Management Oversight
Rating 1 (Strong). An assessment of Strong signifies that the board
and senior management are forward-looking, fully understand the types
of risk inherent in the BHC's activities, and actively participate in
managing those risks. The board has approved overall business
strategies and significant policies, and ensures that senior management
is fully capable of managing the activities that the BHC conducts.
Consistent with the standards of safety and soundness, oversight of
risk management practices is strong and the organization's overall
business strategy is effective.
Senior management ensures that risk management practices are
rapidly adjusted in accordance with enhancements to industry practices
and regulatory guidance, and exposure limits are adjusted as necessary
to reflect the institution's changing risk profile. Policies, limits,
and tracking reports are appropriate, understood, and regularly
reviewed.
Management provides effective supervision of the day-to-day
activities of all officers and employees, including the supervision of
the senior officers and the heads of business lines. It hires staff
that possess experience and expertise consistent with the scope and
complexity of the organization's business activities. There is a
sufficient depth of staff to ensure sound operations. Management
ensures compliance with laws and regulations and that employees have
the integrity, ethical values, and competence consistent with a prudent
management philosophy and operating style.
Management responds appropriately to changes in the marketplace. It
identifies all risks associated with new activities or products before
they are launched, and ensures that the appropriate infrastructure and
internal controls are established.
Rating 2 (Satisfactory). An assessment of Satisfactory indicates
that board and senior management have an adequate understanding of the
organization's risk profile and provide largely effective oversight of
risk management practices. In this regard, the board has approved all
major business strategies and significant policies, and ensures that
senior management is capable of managing the activities that the BHC
conducts. Oversight of risk management practices is satisfactory and
the organization's overall business strategy is generally sound.
Senior management generally adjusts risk management practices
appropriately in accordance with enhancements to industry practices and
regulatory guidance, and adjusts exposure limits as necessary to
reflect the institution's changing risk profile, although these
practices may be lacking in some modest degree. Policies, limits, and
tracking reports are generally appropriate, understood, and regularly
reviewed, and the new product approval process adequately identifies
the associated risks and necessary controls.
Senior management's day-to-day supervision of management and staff
at all levels is generally effective. The level of staffing, and its
experience, expertise, and depth, is sufficient to operate the business
lines in a safe and sound manner. Minor weaknesses may exist in the
staffing, infrastructure, and risk management processes for individual
business lines or products, but these weaknesses have been identified
by management, are correctable in the normal course of business, and
are in the process of being addressed. Weaknesses noted should not have
a significant effect on the safety and soundness of the institution.
Rating 3 (Fair). An assessment of Fair signifies that board and
senior management oversight is lacking in some important way and,
therefore, is a cause for more than normal supervisory attention. The
weaknesses may involve a broad range of activities or be material to a
major business line or activity. Weaknesses in one or more aspect of
board and senior management oversight have precluded the institution
from fully addressing one or more significant risks to the institution.
The deficiencies may include a lack of knowledge with respect to the
organization's risk profile, insufficient oversight of risk management
practices, ineffective policies or limits, inadequate or under-utilized
management reporting, an inability to respond to industry enhancements
and changes in regulatory guidance, or failure to execute appropriate
business strategies. Staffing may not be adequate or staff may not
possess the experience and expertise needed for the scope and
complexity of the organization's business activities. The day-to-day
supervision of officer and staff activities, including the management
of senior officers or heads of business lines, may be lacking. Certain
risk management practices are in need of improvement to ensure that
management and the board is able to
[[Page 70452]]
identify, monitor, and control all significant risks to the
institution. Weaknesses noted could have adverse effects on the safety
and soundness of the institution if corrective action is not taken by
management.
Rating 4 (Marginal). An assessment of Marginal represents deficient
oversight practices that reflect a lack of adequate guidance and
supervision by management and the board. A number of significant risks
to the institution have not been adequately addressed, and the board
and senior management function warrants a high degree of supervisory
attention. Multiple board and senior management weaknesses are in need
of immediate improvement. They may include a significant lack of
knowledge with respect to the organization's risk profile, largely
insufficient oversight of risk management practices, ineffective
policies or limits, inadequate or considerably under-utilized
management reporting, an inability to respond to industry enhancements
and changes in regulatory guidance, or failure to execute appropriate
business strategies. Staffing may not be adequate or possess the
experience and expertise needed for the scope and complexity of the
organization's business activities, and the day-to-day supervision of
officer and staff activities, including the management of senior
officers or heads of business lines, may be considerably lacking. These
conditions warrant a high degree of supervisory attention because,
unless properly addressed, they could seriously affect the safety and
soundness of the institution.
Rating 5 (Unsatisfactory). An assessment of Unsatisfactory
indicates a critical absence of effective board and senior management
oversight practices. Problems may include a severe lack of knowledge
with respect to the organization's risk profile, insufficient oversight
of risk management practices, wholly ineffective policies or limits,
critically inadequate or under-utilized management reporting, a
complete inability to respond to industry enhancements and changes in
regulatory guidance, or failure to execute appropriate business
strategies. Staffing may be inadequate, inexpert, and/or inadequately
supervised. The deficiencies require immediate and close supervisory
attention, as management and the board have not demonstrated the
capability to address them. Weaknesses could seriously jeopardize the
continued viability of the institution.
Policies, Procedures and Limits
Rating 1 (Strong). An assessment of Strong indicates that the
policies, procedures, and limits provide for effective identification,
measurement, monitoring, and control of the risks posed by all
significant activities, including lending, investing, trading, trust,
and fiduciary activities. Policies, procedures, and limits are
consistent with the institution's goals and objectives and its overall
financial strength. The policies clearly delineate accountability and
lines of authority across the institution's activities. The policies
also provide for the review of new activities to ensure that the
infrastructure necessary to identify, monitor, and control the
associated risks is in place before the activities are initiated.
Rating 2 (Satisfactory). An assessment of Satisfactory indicates
that the policies, procedures and limits cover all major business
areas, are thorough and substantially up-to-date, and provide a clear
delineation of accountability and lines of authority across the
institution's activities. Policies, procedures, and limits are
generally consistent with the institution's goals and objectives and
its overall financial strength. Also, the policies provide for adequate
due diligence before engaging in new activities or products. Any
deficiencies or gaps that have been identified are minor in nature and
in the process of being addressed. Weaknesses should not have a
significant effect on the safety and soundness of the institution.
Rating 3 (Fair). An assessment of Fair signifies that deficiencies
exist in policies, procedures, and limits that require more than normal
supervisory attention. The deficiencies may involve a broad range of
activities or be material to a major business line or activity. The
deficiencies may include policies, procedures, or limits (or the lack
thereof) that do not adequately identify, measure, monitor, or control
the risks posed by significant activities; are not consistent with the
experience of staff, the organization's strategic goals and objectives,
or the financial strength of the institution; or do not clearly
delineate accountability or lines of authority. Also, the policies may
not provide for adequate due diligence before engaging in new
activities or products. Weaknesses noted could have adverse effects on
the safety and soundness of the institution unless corrective action is
taken by management.
Rating 4 (Marginal). An assessment of Marginal indicates deficient
policies, procedures, and limits that do not address a number of
significant risks to the institution. Multiple practices are in need of
immediate improvement, which may include policies, procedures, or
limits (or the lack thereof) that ineffectively identify, measure,
monitor, or control the risks posed by significant activities; are not
commensurate with the experience of staff, the institution's strategic
goals and objectives, or the financial strength of the institution; or
do not delineate accountability or lines of authority. Moreover,
policies may be considerably lacking with regards to providing for
effective due diligence before engaging in new activities or products.
These conditions warrant a high degree of supervisory attention
because, unless properly addressed, they could seriously affect the
safety and soundness of the institution.
Rating 5 (Unsatisfactory). An assessment of Unsatisfactory
indicates a critical absence of effective policies, procedures, and
limits. Policies, procedures, or limits (or the lack thereof) are
largely or entirely ineffective with regard to identifying, measuring,
monitoring, or controlling the risks posed by significant activities;
are completely inconsistent with the experience of staff, the
organization's strategic goals and objectives, or the financial
strength of the institution; or do not delineate accountability or
lines of authority. Also, policies may be completely lacking with
regard to providing for effective due diligence before engaging in new
activities or products. Critical weaknesses could seriously jeopardize
the continued viability of the institution and require immediate and
close supervisory attention.
Risk Monitoring and MIS
Rating 1 (Strong). An assessment of Strong indicates that risk
monitoring practices and MIS reports address all material risks. The
key assumptions, data sources, and procedures used in measuring and
monitoring risk are appropriate, thoroughly documented, and frequently
tested for reliability. Reports and other forms of communication are
consistent with activities, are structured to monitor exposures and
compliance with established limits, goals, or objectives, and compare
actual versus expected performance when appropriate. Management and
board reports are accurate and timely and contain sufficient
information to identify adverse trends and to thoroughly evaluate the
level of risk faced by the institution.
Rating 2 (Satisfactory). An assessment of Satisfactory indicates
that risk
[[Page 70453]]
monitoring practices and MIS reports cover major risks and business
areas, although they may be lacking in some modest degree. In general,
the reports contain valid assumptions that are periodically tested for
accuracy and reliability and are adequately documented and distributed
to the appropriate decision-makers. Reports and other forms of
communication generally are consistent with activities; are structured
to monitor exposures and compliance with established limits, goals, or
objectives; and compare actual versus expected performance when
appropriate. Management and board reports are generally accurate and
timely, and broadly identify adverse trends and the level of risk faced
by the institution. Any weaknesses or deficiencies that have been
identified are in the process of being addressed.
Rating 3 (Fair). An assessment of Fair signifies that weaknesses
exist in the institution's risk monitoring practices or MIS reports
that require more than normal supervisory attention. The weaknesses may
involve a broad range of activities or be material to a major business
line or activity. They may contribute to ineffective risk
identification or monitoring through inappropriate assumptions,
incorrect data, poor documentation, or the lack of timely testing. In
addition, MIS reports may not be distributed to the appropriate
decision-makers, adequately monitor significant risks, or properly
identify adverse trends and the level of risk faced by the institution.
Weaknesses noted could have adverse effects on the safety and soundness
of the institution if corrective action is not taken by management.
Rating 4 (Marginal). An assessment of Marginal represents deficient
risk monitoring practices or MIS reports that, unless properly
addressed, could seriously affect the safety and soundness of the
institution. A number of significant risks to the institution are not
adequately monitored or reported. Ineffective risk identification may
result from notably inappropriate assumptions, incorrect data, poor
documentation, or the lack of timely testing. In addition, MIS reports
may not be distributed to the appropriate decision-makers, may
inadequately monitor significant risks, or fail to identify adverse
trends and the level of risk faced by the institution. The risk
monitoring and MIS deficiencies warrant a high degree of supervisory
attention because, unless properly addressed, they could seriously
affect the safety and soundness of the institution.
Rating 5 (Unsatisfactory). An assessment of Unsatisfactory
indicates a critical absence of risk monitoring and MIS. They are
wholly deficient due to inappropriate assumptions, incorrect data, poor
documentation, or the lack of timely testing. Moreover, MIS reports may
not be distributed to the appropriate decision-makers, fail to monitor
significant risks, or fail to identify adverse trends and the level of
risk faced by the institution. These critical weaknesses require
immediate and close supervisory attention, as they could seriously
jeopardize the continued viability of the institution.
Internal Controls
Rating 1 (Strong). An assessment of Strong indicates that the
system of internal controls is robust for the type and level of risks
posed by the nature and scope of the organization's activities. The
organizational structure establishes clear lines of authority and
responsibility for monitoring adherence to policies, procedures, and
limits, and wherever applicable, exceptions are noted and promptly
investigated. Reporting lines provide clear independence of the control
areas from the business lines and separation of duties throughout the
organization. Robust procedures exist for ensuring compliance with
applicable laws and regulations, including consumer laws and
regulations. Financial, operational, and regulatory reports are
reliable, accurate, and timely. Internal audit or other control review
practices provide for independence and objectivity. Internal controls
and information systems are thoroughly tested and reviewed; the
coverage, procedures, findings, and responses to audits and review
tests are well documented; identified material weaknesses are given
thorough and timely high level attention; and management's actions to
address material weaknesses are objectively reviewed and verified. The
board or its audit committee regularly reviews the effectiveness of
internal audits and other control review activities.
Rating 2 (Satisfactory). An assessment of Satisfactory indicates
that the system of internal controls adequately covers major risks and
business areas, with some modest weaknesses. In general, the control
functions are independent from the business lines, and there is
appropriate separation of duties. The control system supports accuracy
in record-keeping practices and reporting systems, is adequately
documented, and verifies compliance with laws and regulations,
including consumer laws and regulations. Internal controls and
information systems are adequately tested and reviewed, and the
coverage, procedures, findings, and responses to audits and review
tests are documented. Identified material weaknesses are given
appropriate attention and management's actions to address material
weaknesses are objectively reviewed and verified. The board or its
audit committee reviews the effectiveness of internal audits and other
control review activities. Any weaknesses or deficiencies that have
been identified are modest in nature and in the process of being
addressed.
Rating 3 (Fair). An assessment of Fair signifies that weaknesses
exist in the system of internal controls that require more than normal
supervisory attention. The weaknesses may involve a broad range of
activities or be material to a major business line or activity. The
weaknesses may include insufficient oversight of internal controls and
audit by the board or its audit committee; unclear or conflicting lines
of authority and responsibility; a lack of independence between control
areas and business activities; or ineffective separation of duties. The
internal control system may produce inadequate or untimely risk
coverage and verification, including monitoring compliance with both
safety and soundness and consumer laws and regulations; inaccurate
records or financial, operational, or regulatory reporting; a lack of
documentation for work performed; or a lack of timeliness in management
review and correction of identified weaknesses. Weaknesses noted could
have adverse effects on the safety and soundness of the institution if
corrective action is not taken by management.
Rating 4 (Marginal). An assessment of Marginal represents a
deficient internal control system that does not adequately address a
number of significant risks to the institution. The deficiencies may
include neglect of internal controls and audit by the board or its
audit committee; conflicting lines of authority and responsibility; a
lack of independence between control areas and business activities; or
no separation of duties in critical areas. The internal control system
may produce inadequate, untimely, or nonexistent risk coverage and
verification in certain areas, including monitoring compliance with
both safety and soundness and consumer laws and regulations; inaccurate
records or financial, operational, or regulatory reporting; a lack of
documentation for work performed; or infrequent management review and
correction of identified weaknesses. The internal control
[[Page 70454]]
deficiencies warrant a high degree of supervisory attention because,
unless properly addressed, they could seriously affect the safety and
soundness of the institution.
Rating 5 (Unsatisfactory). An assessment of Unsatisfactory
indicates a critical absence of an internal control system. There may
be no oversight by the board or its audit committee; conflicting lines
of authority and responsibility; no distinction between control areas
and business activities; or no separation of duties. The internal
control system may produce totally inadequate or untimely risk coverage
and verification, including monitoring compliance with both safety and
soundness and consumer laws and regulations; completely inaccurate
records or regulatory reporting; a severe lack of documentation for
work performed; or no management review and correction of identified
weaknesses. Such deficiencies require immediate and close supervisory
attention, as they could seriously jeopardize the continued viability
of the institution.
Financial Condition Component
Rating 1 (Strong). A rating of 1 indicates that the consolidated
BHC is financially sound in almost every respect; any negative findings
are basically of a minor nature and can be handled in a routine manner.
The capital adequacy, asset quality, earnings, and liquidity of the
consolidated BHC are more than adequate to protect the company from
reasonably foreseeable external economic and financial disturbances.
The company generates more than sufficient cash flow to service its
debt and fixed obligations with no harm to subsidiaries of the
organization.
Rating 2 (Satisfactory). A rating of 2 indicates that the
consolidated BHC is fundamentally financially sound, but may have
modest weaknesses correctable in the normal course of business. The
capital adequacy, asset quality, earnings and liquidity of the
consolidated BHC are adequate to protect the company from external
economic and financial disturbances. The company also generates
sufficient cash flow to service its obligations; however, areas of
weakness could develop into areas of greater concern. To the extent
minor adjustments are handled in the normal course of business, the
supervisory response is limited.
Rating 3 (Fair). A rating of 3 indicates that the consolidated BHC
exhibits a combination of weaknesses ranging from fair to moderately
severe. The company has less than adequate financial strength stemming
from one or more of the following: modest capital deficiencies,
substandard asset quality, weak earnings, or liquidity problems. As a
result, the BHC and its subsidiaries are less resistant to adverse
business conditions. The financial condition of the BHC will likely
deteriorate if concerted action is not taken to correct areas of
weakness. The company's cash flow is sufficient to meet immediate
obligations, but may not remain adequate if action is not taken to
correct weaknesses. Consequently, the BHC is vulnerable and requires
more than normal supervision. Overall financial strength and capacity
are still such as to pose only a remote threat to the viability of the
company.
Rating 4 (Marginal). A rating of 4 indicates that the consolidated
BHC has either inadequate capital, an immoderate volume of problem
assets, very weak earnings, serious liquidity issues, or a combination
of factors that are less than satisfactory. An additional weakness may
be that the BHC's cash flow needs are met only by upstreaming imprudent
dividends and/or fees from subsidiaries. Unless prompt action is taken
to correct these conditions, they could impair future viability. BHCs
in this category require close supervisory attention and increased
financial surveillance.
Rating 5 (Unsatisfactory). A rating of 5 indicates that the volume
and character of financial weaknesses of the BHC are so critical as to
require urgent aid from shareholders or other sources to prevent
insolvency. The imminent inability of such a company to service its
fixed obligations and/or prevent capital depletion due to severe
operating losses places its viability in serious doubt. Such companies
require immediate corrective action and constant supervisory attention.
The Financial Condition Subcomponents
The financial condition subcomponents can be evaluated along
business lines, product lines, or legal entity lines--depending on
which type of review is most appropriate for the holding company
structure.
Capital Adequacy
Rating 1 (Strong). A rating of 1 indicates that the consolidated
BHC maintains more than adequate capital to support the volume and risk
characteristics of all parent and subsidiary business lines and
products; provide a sufficient cushion to absorb unanticipated losses
arising from the parent and subsidiary activities; and support the
level and composition of parent and subsidiary borrowing. In addition,
a company assigned a rating of 1 has more than sufficient capital to
provide a base for the growth of risk assets and the entry into capital
markets as the need arises for the parent company and subsidiaries.
Rating 2 (Satisfactory). A rating of 2 indicates that the
consolidated BHC maintains adequate capital to support the volume and
risk characteristics of all parent and subsidiary business lines and
products; provide a sufficient cushion to absorb unanticipated losses
arising from the parent and subsidiary activities; and support the
level and composition of parent and subsidiary borrowing. In addition,
a company assigned a rating of 2 has sufficient capital to provide a
base for the growth of risk assets and the entry into capital markets
as the need arises for the parent company and subsidiaries.
Rating 3 (Fair). A rating of 3 indicates that the consolidated BHC
may not maintain sufficient capital to ensure support for the volume
and risk characteristics of all parent and subsidiary business lines
and products; the unanticipated losses arising from the parent and
subsidiary activities; or the level and composition of parent and
subsidiary borrowing. In addition, a company assigned a rating of 3 may
not maintain a sufficient capital position to provide a base for the
growth of risk assets and the entry into capital markets as the need
arises for the parent company and subsidiaries. The capital position of
the consolidated BHC could quickly become inadequate in the event of
asset deterioration or other negative factors and therefore requires
more than normal supervisory attention.
Rating 4 (Marginal). A rating of 4 indicates that the capital level
of the consolidated BHC is significantly below the amount needed to
ensure support for the volume and risk characteristics of all parent
and subsidiary business lines and products; the unanticipated losses
arising from the parent and subsidiary activities; and the level and
composition of parent and subsidiary borrowing. In addition, a company
assigned a rating of 4 does not maintain a sufficient capital position
to provide a base for the growth of risk assets and the entry into
capital markets as the need arises for the parent company and
subsidiaries. If left unchecked, the consolidated capital position of
the company might evolve into weaknesses or conditions that could
threaten the viability of the institution. The capital position of the
consolidated BHC requires immediate supervisory attention.
[[Page 70455]]
Rating 5 (Unsatisfactory). A rating of 5 indicates that the level
of capital of the consolidated BHC is critically deficient and in need
of immediate corrective action. The consolidated capital position
threatens the viability of the institution and requires constant
supervisory attention.
Asset Quality
Rating 1 (Strong). A rating of 1 indicates that the BHC maintains
strong asset quality across all parts of the organization, with a very
low level of criticized and nonperforming assets. Credit risk across
the organization is commensurate with management's abilities and modest
in relation to credit risk management practices.
Rating 2 (Satisfactory). A rating of 2 indicates that the BHC
maintains satisfactory asset quality across all parts of the
organization, with a manageable level of criticized and nonperforming
assets. Any identified weaknesses in asset quality are correctable in
the normal course of business. Credit risk across the organization is
commensurate with management's abilities and generally modest in
relation to credit risk management practices.
Rating 3 (Fair). A rating of 3 indicates that the asset quality
across all or a material part of the consolidated BHC is less than
satisfactory. The BHC may be facing a decrease in the overall quality
of assets currently maintained on and off balance sheet. The BHC may
also be experiencing an increase in credit risk exposure that has not
been met with an appropriate improvement in risk management practices.
BHCs assigned a rating of 3 require more than normal supervisory
attention.
Rating 4 (Marginal). A rating of 4 indicates that the BHC's asset
quality is deficient. The level of problem assets and/or unmitigated
credit risk subjects the holding company to potential losses that, if
left unchecked, may threaten its viability. BHCs assigned a rating of 4
require immediate supervisory attention.
Rating 5 (Unsatisfactory). A rating of 5 indicates that the BHC's
asset quality is critically deficient and presents an imminent threat
to the institution's viability. BHCs assigned a rating of 5 require
immediate remedial action and constant supervisory attention.
Earnings
Rating 1 (Strong). A rating of 1 indicates that the quantity and
quality of the BHC's consolidated earnings over time are more than
sufficient to make full provision for the absorption of losses and/or
accretion of capital when due consideration is given to asset quality
and BHC growth. Generally, BHCs with a 1 rating have earnings well
above peer-group averages.
Rating 2 (Satisfactory). A rating of 2 indicates that the quantity
and quality of the BHC's consolidated earnings over time are generally
adequate to make provision for the absorption of losses and/or
accretion of capital when due consideration is given to asset quality
and BHC growth. Generally, BHCs with a 2 earnings rating have earnings
that are in line with or slightly above peer-group averages.
Rating 3 (Fair). A rating of 3 indicates that the BHC's
consolidated earnings are not fully adequate to make provisions for the
absorption of losses and the accretion of capital in relation to
company growth. The consolidated earnings of companies rated 3 may be
further clouded by static or inconsistent earnings trends, chronically
insufficient earnings, or less than satisfactory asset quality. BHCs
with a 3 rating for earnings generally have earnings below peer-group
averages. Such BHCs require more than normal supervisory attention.
Rating 4 (Marginal). A rating of 4 indicates that the BHC's
consolidated earnings, while generally positive, are clearly not
sufficient to make full provision for losses and the necessary
accretion of capital. BHCs with earnings rated 4 may be characterized
by erratic fluctuations in net income, poor earnings (and the
likelihood of the development of a further downward trend),
intermittent losses, chronically depressed earnings, or a substantial
drop from the previous year. The earnings of such companies are
generally substantially below peer-group averages. Such BHCs require
immediate supervisory attention.
Rating 5 (Unsatisfactory). A rating of 5 indicates that the BHC is
experiencing losses or a level of earnings that is worse than that
described for the 4 rating. Such losses, if not reversed, represent a
distinct threat to the BHC's solvency through erosion of capital. Such
BHCs require immediate and constant supervisory attention.
Liquidity
Rating 1 (Strong). A rating of 1 indicates that the BHC maintains
strong liquidity levels and well developed funds management practices.
The parent company and subsidiaries have reliable access to sufficient
sources of funds on favorable terms to meet present and anticipated
liquidity needs.
Rating 2 (Satisfactory). A rating of 2 indicates that the BHC
maintains satisfactory liquidity levels and funds management practices.
The parent company and subsidiaries have access to sufficient sources
of funds on acceptable terms to meet present and anticipated liquidity
needs. Modest weaknesses in funds management practices may be evident,
but those weaknesses are correctable in the normal course of business.
Rating 3 (Fair). A rating of 3 indicates that the BHC's liquidity
levels or funds management practices are in need of improvement. BHCs
rated 3 may lack ready access to funds on reasonable terms or may
evidence significant weaknesses in funds management practices at the
parent company or subsidiary levels. However, these deficiencies are
considered correctable in the normal course of business. Such BHCs
require more than normal supervisory attention.
Rating 4 (Marginal). A rating of 4 indicates that the BHC's
liquidity levels or funds management practices are deficient.
Institutions rated 4 may not have or be able to obtain a sufficient
volume of funds on reasonable terms to meet liquidity needs at the
parent company or subsidiary levels and require immediate supervisory
attention.
Rating 5 (Unsatisfactory). A rating of 5 indicates that the BHC's
liquidity levels or funds management practices are critically deficient
and may threaten the continued viability of the institution.
Institutions rated 5 require constant supervisory attention and
immediate external financial assistance to meet maturing obligations or
other liquidity needs.
Impact Component
The I component rating reflects the aggregate potential impact of
the nondepository entities on the subsidiary depository institution(s).
It is rated on a five point numerical scale. Ratings will be assigned
in ascending order of supervisory concern as follows:
1--Low likelihood of significant negative impact;
2--Limited likelihood of significant negative impact;
3--Moderate likelihood of significant negative impact;
4--Considerable likelihood of significant negative impact; and
5--High likelihood of significant negative impact.
Rating 1 (Low Likelihood of Significant Negative Impact). A rating
of 1 indicates that the nondepository entities of the BHC are highly
unlikely to have a significant negative impact on the subsidiary
depository institution(s) due to the sound financial condition of the
nondepository entities, the strong risk management practices within the
nondepository entities, or the corporate
[[Page 70456]]
structure of the BHC. The BHC maintains an appropriate capital
allocation across the organization commensurate with associated risks.
Intra-group exposures, including servicing agreements, are very
unlikely to undermine the financial condition of the subsidiary
depository institution(s). Parent company cash flow is sufficient and
not dependent on excessive dividend payments from subsidiaries. The
potential risks posed to the subsidiary depository institution(s) by
strategic plans, the control environment, risk concentrations, or legal
or reputational issues within or facing the nondepository entities are
minor in nature and can be addressed in the normal course of business.
Rating 2 (Limited Likelihood of Significant Negative Impact). A
rating of 2 indicates a limited likelihood that the nondepository
entities of the BHC will have a significant negative impact on the
subsidiary depository institution(s) due to the adequate financial
condition of the nondepository entities, the satisfactory risk
management practices within the parent nondepository entities, or the
corporate structure of the BHC. The BHC maintains adequate capital
allocation across the organization commensurate with associated risks.
Intra-group exposures, including servicing agreements, are unlikely to
undermine the financial condition of the subsidiary depository
institution(s). Parent company cash flow is satisfactory and generally
does not require excessive dividend payments from subsidiaries. The
potential risks posed to the subsidiary depository institution(s) by
strategic plans, the control environment, risk concentrations, or legal
or reputational issues within the nondepository entities are modest and
can be addressed in the normal course of business.
Rating 3 (Moderate Likelihood of Significant Negative Impact). A
rating of 3 indicates a moderate likelihood that the aggregate impact
of the nondepository entities of the BHC on the subsidiary depository
institution(s) will have a significant negative impact on the
subsidiary depository institution(s) due to weaknesses in the financial
condition and/or risk management practices of the nondepository
entities. The BHC may have only marginally sufficient allocation of
capital across the organization to support risks. Intra-group
exposures, including servicing agreements, may have the potential to
undermine the financial condition of the subsidiary depository
institution(s). Parent company cash flow may at times require excessive
dividend payments from subsidiaries. Strategic growth plans, weaknesses
in the control environment, risk concentrations or legal or
reputational issues within the nondepository entities may pose
significant risks to the subsidiary depository institution(s). A BHC
assigned a 3 impact rating requires more than normal supervisory
attention, as there could be adverse effects on the safety and
soundness of the subsidiary depository institution(s) if corrective
action is not taken by management.
Rating 4 (Considerable Likelihood of Significant Negative Impact).
A rating of 4 indicates that there is a considerable likelihood that
the nondepository entities of the BHC will have a significant negative
impact on the subsidiary depository institution(s) due to weaknesses in
the financial condition and/or risk management practices of the
nondepository entities. A 4-rated BHC may have insufficient capital
within the nondepository entities to support their risks and
activities. Intra-group exposures, including servicing agreements, may
also have the immediate potential to undermine the financial condition
of the subsidiary depository institution(s). Parent company cash flow
may be dependent on excessive dividend payments from subsidiaries.
Strategic growth plans, weaknesses in the control environment, risk
concentrations or legal or reputational issues within the nondepository
entities may pose considerable risks to the subsidiary depository
institution(s). A BHC assigned a 4 impact rating requires immediate
remedial action and close supervisory attention because the
nondepository entities could seriously affect the safety and soundness
of the subsidiary depository institution(s).
Rating 5 (High Likelihood of Significant Negative Impact). A rating
of 5 indicates a high likelihood that the aggregate impact of the
nondepository entities of the BHC on the subsidiary depository
institution(s) is or will become significantly negative due to
substantial weaknesses in the financial condition and/or risk
management practices of the nondepository entities. Strategic growth
plans, a deficient control environment, risk concentrations or legal or
reputational issues within the nondepository entities may pose critical
risks to the subsidiary depository institution(s). The parent company
also may be unable to meet its obligations without excessive support
from the subsidiary depository institution(s). The BHC requires
immediate and close supervisory attention, as the nondepository
entities seriously jeopardize the continued viability of the subsidiary
depository institution(s).
(D) (Depository Institutions) Component
The (D) component identifies the overall condition of the
subsidiary depository institution(s) of the BHC. For BHCs with only one
subsidiary depository institution, the (D) component rating generally
will mirror the CAMELS composite rating for that depository
institution. To arrive at a (D) component rating for BHCs with multiple
subsidiary depository institutions, the CAMELS composite ratings for
each of the depository institutions should be weighted, giving
consideration to asset size and the relative importance of each
depository institution within the overall structure of the
organization. In general, it is expected that the resulting (D)
component rating will reflect the lead depository institution's CAMELS
composite rating.
If in the process of analyzing the financial condition and risk
management programs of the consolidated organization, a major
difference of opinion regarding the safety and soundness of the
subsidiary depository institution(s) emerges between the Federal
Reserve and the depository institution's primary regulator, then the
(D) rating should reflect the Federal Reserve's evaluation.
By order of the Board of Governors of the Federal Reserve
System.
Dated: December 1, 2004.
Jennifer J. Johnson,
Secretary of the Board.
[FR Doc. 04-26723 Filed 12-3-04; 8:45 am]
BILLING CODE 6210-01-P