AGENCY:

Federal Housing Finance Agency.

ACTION:

Notice with request for comments.

SUMMARY:

The Federal Housing Finance Agency (FHFA) is requesting comments on a proposed new examination rating system, which would be used when examining Fannie Mae and Freddie Mac (Enterprises), the Federal Home Loan Banks (Banks), (regulated entity or entities), and the Banks' Office of Finance. The new rating system would be based on a “CAMELSO” framework and would require an assessment of seven individual components dealing with Capital, Asset quality, Management, Earnings, Liquidity, Sensitivity to market risk, and Operational risk. The new system would replace those that had been developed by FHFA's predecessor agencies, and FHFA intends to begin using the new ratings system for examinations that commence after January 1, 2013.

DATES:

FHFA will accept comments in writing on or before July 19, 2012.

ADDRESSES:

You may submit your comments by any one of the following methods. Please include the following information in the subject line of your submission: Federal Housing Finance Agency, Notice: Examination Rating System, Notice Number 2012-N-06.

• Federal eRulemaking Portal: http://www.regulations.gov: Follow the instructions for submitting comments. If you submit your comment to the Federal eRulemaking Portal, please also send it by email to FHFA at RegComments@fhfa.gov to ensure timely receipt by FHFA.
• Email: Comments to Alfred M. Pollard, General Counsel may be sent by email to RegComments@fhfa.gov.
• Hand Delivered/Courier: The hand delivery address is: Alfred M. Pollard, General Counsel, Attention: Comments/Notice Number 2012-N-06, Federal Housing Finance Agency, Eighth Floor, 400 Seventh Street SW., Washington, DC 20024. The package should be logged at the Seventh Street entrance Guard Desk, First Floor, on business days between 9 a.m. and 5 p.m.
• U.S. Mail, United Parcel Service, Federal Express or Other Mail Service: The mailing address for comments is: Alfred M. Pollard, General Counsel, Attention: Comments/Notice Number 2012-N-06, Federal Housing Finance Agency, Eighth Floor, 400 Seventh Street SW., Washington, DC 20024.

FOR FURTHER INFORMATION CONTACT:

Karen Walter, Senior Associate Director, Division of Examination Programs and Support, (202) 649-3405, Karen.Walter@fhfa.gov, or Carol Connelly, Principal Examination Specialist, Division of Examination Programs and Support, (202) 649-3232, Carol.Connelly@fhfa.gov, Federal Housing Finance Agency, 400 Seventh Street SW., Washington, DC 20024.

SUPPLEMENTARY INFORMATION:

I. Comments

FHFA invites comments on all aspects of this Notice. Copies of all comments will be posted without change, including any personal information you provide, such as your name, address, and phone number, on the FHFA Web site at http://www.fhfa.gov. In addition, copies of all comments received will be available for examination by the public on business days between the hours of 10 a.m. and 3 p.m. at the Federal Housing Finance Agency, Eighth Floor, 400 Seventh Street SW., Washington, DC 20024. To make an appointment to inspect comments, please call the Office of General Counsel at (202) 649-3804.

II. Background

A. Finance Agency's Statutory Authorities

Effective July 30, 2008, the Housing and Economic Recovery Act of 2008 (HERA), Public Law 110-289, 122 Stat. 2654 (2008), created FHFA as an independent agency of the Federal Government and transferred to it the supervisory and oversight responsibilities over the Enterprises and Banks that formerly had been vested in its predecessor agencies, the Office of Federal Housing Enterprise Oversight (OFHEO) and the Federal Housing Finance Board (Finance Board), respectively. HERA provided that the Enterprises and the Banks were to be subject to the supervision and regulation of FHFA, and granted the Director of FHFA general regulatory Start Printed Page 36537authority over those regulated entities. 12 U.S.C. 4511(b). As regulator, FHFA is charged with ensuring that the Banks and Enterprises operate in a safe and sound manner, comply with applicable laws, and carry out their statutory missions. 12 U.S.C. 4513(a). The Director is authorized to exercise whatever incidental powers are necessary or appropriate to fulfilling his duties and responsibilities in overseeing the Banks and Enterprises, and to issue any regulations, guidelines or orders as are necessary to carry out his duties. 12 U.S.C. 4513(a)(2), 4526(a). The Director is also required to conduct an annual on-site examination of each Bank and Enterprise to determine its financial condition and to ensure that it operates in a safe and sound manner, and is authorized to conduct other examinations whenever he deems it to be appropriate or necessary. 12 U.S.C. 4517(a), (b). Both the Finance Board and OFHEO had similar statutory responsibilities prior to HERA.

B. Existing Examination Rating Systems

The FHFA examinations staff continues to use the examination rating systems that had been developed by its predecessor agencies. The FHFA's Division of Federal Home Loan Bank Regulation uses the Federal Home Loan Bank Rating System for assigning examination ratings to the Banks. That system had been developed by the Finance Board and was adopted after having been published for comment in the Federal Register. See 72 FR 547 (January 5, 2007). That rating system was a numeric system based on a four-point scale. Examiners assigned an overall composite rating to each Bank, as well as individual component ratings for Corporate Governance, Market Risk, Credit Risk, Operational Risk, and Financial Condition and Performance. Examiners assessed each Bank's Affordable Housing Program (AHP) in a separate examination, and incorporated their conclusions about AHP into the ratings for Corporate Governance and Operational Risk. Because of the unique operations of the Bank System's Office of Finance, ratings were assigned only to the areas of Corporate Governance and Operational Risk, based on the annual examination of the Office of Finance.

The FHFA examinations staff also continues to use the rating system developed by OFHEO in connection with its examination of the Enterprises. The OFHEO rating system was based on a non-numeric four-point scale ranging from “No or Minimal Concerns” to “Critical Concerns.” The composite rating for each of the Enterprises was based on work completed by examination teams as they assigned ratings in the area of Governance, Solvency, Earnings, Credit Risk, Market Risk, and Operational Risk. These ratings were first assigned in the 2007 examination cycle, and were described in the 2008 OFHEO Annual Report to Congress.

III. The Proposed Examination Rating System

FHFA is requesting comments on a proposed rating system, to be known as the Examination Rating System, which would be used in connection with examinations of both the Banks and the Enterprises. The proposed Examination Rating System is attached as an exhibit to this Notice.

Although the Banks and the Enterprises have different business models and engage in different activities, each is a government sponsored enterprise that is charged with supporting the nation's housing finance system. Each regulated entity borrows funds in the capital markets and uses those funds principally to purchase and securitize mortgage loans (in the case of the Enterprises) or to make secured loans to their member institutions (in the case of the Banks). FHFA relies on its annual on-site examinations of those regulated entities, as well as on periodic visitations and off-site monitoring, to ensure that the Banks and the Enterprises operate in a safe and sound manner, comply with applicable laws, and carry out their housing finance missions. On-site examinations ensure that FHFA carries out its oversight responsibilities and constitute the cornerstone of the agency's safety and soundness supervision program. As such, it is important that the manner in which the examinations are conducted and the manner in which the examination findings are organized and presented address key areas of the regulated entities' business that present risks to their financial condition, performance, and safe and sound operations. Although the existing examination rating systems adopted by the Finance Board and OFHEO differ in certain respects, both effectively addressed governance, capital adequacy and earnings, credit risk, market risk, and operational risk, which reflects the similarity in the financial risks to which the Banks and Enterprises are exposed. Therefore FHFA has concluded that they can be assessed by a single examination rating system. Indeed, the individual components of the new rating system pertain to areas of risk that are common to any financial institution, as is evidenced by the similarity of the rating system used by federal banking regulators for depository institutions. By adopting the new Examination Rating System, FHFA intends to further refine its existing means for communicating examination results, so that it may better identify and address supervisory concerns that may arise at the regulated entities.

Like the existing rating systems, the proposed Examination Rating System is a risk-focused system under which each regulated entity and the Office of Finance would be assigned a composite rating based on an evaluation of various aspects of its operations. Specifically, the composite rating of a Bank or an Enterprise would be based on an evaluation and rating of the following seven individual components: Capital, Asset quality; Management; Earnings; Liquidity; Sensitivity to market risk; and Operational risk, and would be referred to as the regulated entity's “CAMELSO” rating. That rating system would be similar to the “CAMELS” rating system used by the federal banking regulators for depository institutions. For the Banks' joint office, the Office of Finance, the composite rating would be based primarily on an evaluation of two components, Management and Operational risk. Because the Office of Finance principally issues and services joint debt instruments on behalf of the Banks, and does not maintain or fund an investment portfolio, the other components are not relevant to assessing the condition, performance, and risk management of the Office of Finance.

Under the new rating system, each Bank and Enterprise, as well as the Office of Finance, would be assigned a composite numerical rating from “1” to “5.” A “1” rating indicates the lowest degree of supervisory concern, while a “5” rating indicates the highest level of supervisory concern. The composite rating of each Bank, the two Enterprises, and the Office of Finance would reflect the ratings of the underlying components, which also would be rated on a scale of “1” to “5.” As is the case under the current rating system, the composite rating is not an arithmetic average of the component ratings. Instead, the relative importance of each component would be determined on a case-by-case basis, within the parameters established by this rating system.

IV. Request for Comments

As noted above, FHFA requests comments on all aspects of the proposed Examination Rating System. In addition, Start Printed Page 36538FHFA invites specific comments on the following questions:

1. Does the proposed Examination Rating System capture the components of a regulated entity's performance and condition that are most relevant to assigning it a composite rating? If not, what additional or different components should be considered?

2. Is it sufficient for the composite rating for the Office of Finance to be based solely on the Management and Operational Risk components, as is currently the case, or should other factors also be considered? If other factors should be considered, what additional factors should be incorporated and how would those factors fit within the proposed Examination Rating System.

3. Do the factors to be considered under each of the seven individual components (capital, asset quality, management, earnings, liquidity, sensitivity to market risk, and operational risk) address all of the factors that should be considered in assessing those components? If not, what additional or different factors should be considered?

V. Consideration of Differences

Section 1313 of the Safety and Soundness Act, as amended by HERA, requires the Director, prior to promulgating any regulation or taking any other formal or informal action of general applicability and future effect, including the issuance of advisory documents or examination guidance, to consider differences between the Banks and the Enterprises with respect to the Banks' cooperative ownership structure; mission of providing liquidity to members; affordable housing and community development mission; capital structure; and joint and several liability. As noted previously, although the operations of the Banks and the Enterprises differ in a number of respects, they are all government sponsored enterprises with a public mission to supporting housing finance, and they all face similar risks with respect to capital adequacy, the quality of their assets and management, earnings, liquidity, market risk and operational risk. The new Examination Rating System principally addresses the manner in which FHFA examiners are to document their assessments of the financial condition and performance of the Enterprises and the Banks in connection with their periodic examinations. Because the system does not direct the Enterprises or the Banks to do anything, it likely does not constitute “examination guidance” as that term is used in HERA. Nonetheless, in developing the new rating system, the Director has considered the differences between the Banks and the Enterprises as they relate to the above factors, and has determined that the common risks faced by the Banks and the Enterprises justify the use of a single Examination Rating System for all of the regulated entities. Even so, FHFA requests comments on whether there are any other differences between the Banks and the Enterprises that the Director should consider before adopting the Examination Rating System in final form.

EXAMINATION RATING SYSTEM (Proposed)

I. Introduction and Overview

The FHFA Examination Rating System is a risk-focused rating system under which each Enterprise or Federal Home Loan Bank (regulated entity or entities) and the Office of Finance (OF) is assigned a composite rating based on an evaluation of various aspects of its operations. Specifically, the composite rating of a Federal Home Loan Bank or an Enterprise is based on an evaluation and rating of seven components: Capital, Asset quality; Management; Earnings; Liquidity; Sensitivity to market risk; and Operational risk (CAMELSO). The composite rating of the Office of Finance is based primarily on an evaluation of two components: Management and Operational risk.

Under the rating system, each Federal Home Loan Bank, Enterprise and the OF is assigned a composite rating from “1” to “5.” A “1” rating indicates the lowest degree of supervisory concern, while a “5” rating indicates the highest level of supervisory concern. The composite rating of each Federal Home Loan Bank and Enterprise and the OF reflects the ratings of the underlying components, which are also rated on a scale of “1” to “5.” The composite rating is not an arithmetic average of the component ratings. Instead, the relative importance of each component is determined on a case-by-case basis, within the parameters established by this rating system.

II. Composite Ratings

Composite ratings are based on a careful evaluation of: a Federal Home Loan Bank's or Enterprise's capital, asset quality, management, earnings, liquidity, sensitivity to market risk, and operational risk; and the OF's management and operational risk. A regulated entity will be assigned a composite rating of “1” to “5” as described below.

Composite 1—The regulated entity is sound in every respect and typically each component is rated “1” or “2.” Any weaknesses are minor and can be addressed in a routine manner by the board of directors and management. The regulated entity is well positioned to withstand business fluctuations and adverse changes in the economic environment. Risk management practices are effective given the regulated entity's size, complexity and risk profile, and the regulated entity is in substantial compliance with laws, regulations, and regulatory requirements.

Composite 2—The regulated entity is generally sound and most components are rated “1” or “2” and typically no component is rated more severely than a “3.” Weaknesses are moderate and the board and management have demonstrated the ability and willingness to take necessary corrective action. The regulated entity is able to withstand business fluctuations and adverse changes in the economic environment. Risk management practices are satisfactory given the regulated entity's size, complexity and risk profile, and the regulated entity is in substantial compliance with laws, regulations, and regulatory requirements.

Composite 3—The regulated entity exhibits moderate to severe weaknesses in one or more respects but most components are rated “3” or better and no component is rated more severely than a “4.” Board and management may have demonstrated a lack of willingness or ability to address identified weaknesses within appropriate timeframes. The regulated entity is generally less capable of withstanding business fluctuations and adverse changes in the economic environment than regulated entities rated a composite “1” or “2.” Risk management practices typically need improvement given the regulated entity's size, complexity and risk profile, and the regulated entity may be in non-compliance with certain laws, regulations, and regulatory requirements.

Composite 4—The regulated entity generally exhibits severe weaknesses in multiple respects that result in serious deficiencies and unsatisfactory performance given its risk profile. The weaknesses may range from serious to critically deficient, to unsafe or unsound practices that have not been satisfactorily addressed or resolved by the board of directors and management within approved timeframes. The regulated entity is susceptible to further deterioration in condition or performance from business fluctuations and adverse changes in the economic environment. Risk management practices are deficient given the regulated entity's size, complexity and risk profile, and the regulated entity may be in non-compliance with critical laws, regulations and regulatory requirements. The viability of the regulated entity may be threatened if the problems and weaknesses are not satisfactorily resolved within an appropriate timeframe.

Composite 5—The regulated entity exhibits a volume and severity of problems that are beyond the ability of the board of directors or management to correct. The regulated entity exhibits unsafe or unsound practices or conditions. Changes to the board of directors or management are needed and outside financial or other assistance may be needed in order for the regulated entity to be viable. Risk management practices are critically deficient given the regulated entity's size, complexity and risk profile, and the regulated entity may be in significant non-compliance with laws, regulations and regulatory requirements.

III. Component Ratings

The composite rating is derived from the seven component ratings that are described below. Each of the component rating descriptions provides a list of evaluative factors that relate to that component. The listing of evaluative factors is not exhaustive, and is not in order of importance.

CAPITAL—when rating a regulated entity's capital, examiners determine whether the regulated entity has sufficient capital relative to the regulated entity's risk profile. When making this determination, examiners assess:

• the extent to which the regulated entity meets (or fails to meet) applicable capital requirements (laws, regulations, orders, guidance);
• the overall financial condition of the regulated entity;
• the composition of the balance sheet, including the nature and amount of intangible assets, the composition of capital, market risk, and concentration risk;
• the risk exposure represented by off-balance sheet activities;
• the types and quantity of risk inherent in the regulated entity's activities and management's ability to effectively identify, measure, monitor and control each of these risks;
• the potentially adverse consequences these risks may have on the regulated entity's capital;
• the adequacy of the allowance for loan losses and other reserves, as well as the nature, trend and volume of problem assets;
• the quality and strength of earnings and the reasonableness of dividends;
• the regulated entity's prospects and plans for growth, as well as the regulated entity's past experience in managing growth;
• the ability of management to address emerging needs for additional capital; and
• the regulated entity's access to capital markets and other sources of capital.

Capital ratings

1. A rating of 1 indicates: The level and composition of capital is strong relative to the regulated entity's risk profile. The regulated entity meets or exceeds all regulatory and statutory capital requirements and is expected to continue to be well-capitalized considering potential risks to the regulated entity. Capital management practices are strong.

2. A rating of 2 indicates: The level and composition of capital is satisfactory relative to the regulated entity's risk profile. The regulated entity meets or exceeds all regulatory and statutory capital requirements and is expected to continue to be satisfactorily capitalized considering potential risks to the regulated entity. Capital management practices are satisfactory, although minor weaknesses may be identified.

3. A rating of 3 indicates: The level and/or composition of capital needs improvement and does not fully support the regulated entity's risk profile. Although the regulated entity may currently meet or exceed minimum regulatory and statutory capital requirements, capital should be augmented when considering potential risks to the regulated entity. Capital management practices need improvement.

4. A rating of 4 indicates: The level and/or composition of capital is not adequate relative to the regulated entity's risk profile. The regulated entity may not meet all minimum regulatory and statutory capital requirements, and the viability of the regulated entity may be in question. Capital management practices exhibit deficiencies.

5. A rating of 5 indicates: The level and composition of capital are critically deficient and the viability of the regulated entity may be threatened. The regulated entity does not meet minimum regulatory and statutory capital requirements. Outside financial assistance may be needed in order for the regulated entity to be viable.

ASSET QUALITY— when rating a regulated entity's asset quality, examiners determine the quantity of existing and potential credit risk associated with the loan and investment portfolios, real estate owned, and other assets, as well as off-balance sheet transactions, and management's ability to identify, measure, monitor and control credit risk. When making this determination, examiners assess:

• the adequacy of underwriting standards;
• the soundness of credit administration practices;
• the appropriateness of risk identification and rating practices;
• the level, distribution, severity of problem, adversely classified, nonaccrual, restructured, delinquent, and nonperforming assets for both on- and off-balance sheet transactions;
• the adequacy of the allowance for loan losses and other asset valuation reserves;
• the credit risk arising from or reduced by off-balance sheet transactions, such as unfunded commitments, credit derivatives, and lines of credit;Start Printed Page 36540
• the diversification and quality of the loan and investment portfolios;
• the extent of securities underwriting activities and exposure to counterparties in trading activities;
• the existence of asset concentrations;
• the level and pace of asset growth;
• the adequacy of loan and investment policies, procedures and practices;
• the ability of management to properly administer its assets, including the timely identification and collection of problem assets;
• the adequacy of internal controls and management information systems; and
• the volume and nature of credit documentation exceptions.

Asset quality ratings

1. A rating of 1 indicates: Asset quality and credit risk management practices are strong. Any identified weaknesses are minor in nature and risk exposure is minimal in relation to the regulated entity's capital protection and management's ability to identify, monitor and mitigate risks.

2. A rating of 2 indicates: Asset quality and credit risk management practices are satisfactory. Identified weaknesses, such as the level and severity of adversely-rated or classified assets, are moderate and in-line with the regulated entity's capital protection and management's ability to identify, monitor and mitigate risks.

3. A rating of 3 indicates: Asset quality or credit risk management practices need improvement. Identified weaknesses, such as the level and severity of adversely rated or classified assets, are significant and not in-line with the regulated entity's capital protection or management's ability to identify, monitor and mitigate risks.

4. A rating of 4 indicates: Asset quality or credit risk management practices are deficient. Identified weaknesses, such as the level of problem assets are significant and inadequately controlled. The weaknesses subject the regulated entity to potential losses, which if left unchecked may threaten the regulated entity's viability.

5. A rating of 5 indicates: Asset quality or credit risk management practices are critically deficient and may represent an imminent threat to the regulated entity's viability.

MANAGEMENT— When rating a regulated entity's or the OF's management, examiners determine the capability and willingness of the board of directors and management, in their respective roles, to identify, measure, monitor, and control the risks of the regulated entity's or the OF's activities and to ensure that the regulated entity's or the OF's safe, sound and efficient operations are in compliance with applicable laws and regulations. When making this determination, examiners assess:

• the level and quality of oversight and support of all regulated entity or OF activities by the board of directors and management;
• the quality and effectiveness of strategic planning;
• the ability of the board of directors and management, in their respective roles, to plan for, and respond to, risks that may arise from changing business conditions or the initiation of new activities or products;
• the adequacy of, and conformance with, appropriate internal policies and controls addressing the operations and risks of significant activities;
• the accuracy, timeliness and effectiveness of management information and risk monitoring systems appropriate for the regulated entity's or the OF's size, complexity and risk profile;
• the ability and willingness to identify, measure, monitor, and control risks across the regulated entity or the OF;
• the adequacy of audits and internal controls to promote effective operations and reliable financial and regulatory reporting; safeguard assets; and ensure compliance with laws, regulations, regulatory requirements, and internal policies;
• the regulated entity's or the OF's compliance with laws and regulations, including Prudential Management and Operational Standards (PMOS), Office of Minority and Women Inclusion (OMWI) and relevant provisions of the Dodd-Frank Act;
• the regulated entity's or the OF's responsiveness to findings made by regulatory authorities, the regulated entity's or the OF's risk management function, internal/external audit functions or outside consultants;
• the depth of management and management succession;
• the extent that the board of directors and management is affected by, or susceptible to, dominant influence or concentration of authority;
• the reasonableness and comparability of compensation and compensation policies and avoidance of self-dealing;
• the ability of the regulated entity or the OF to achieve mission-related goals and requirements, including affordable housing and community investment requirements; and
• the overall performance of the regulated entity or the OF and its risk profile.

Management ratings

1. A rating of 1 indicates: The performance by the board of directors and management, and risk management practices relative to the regulated entity's or the OF's size, complexity and risk profile are strong. All significant risks are consistently and effectively identified, measured, monitored and controlled. The regulated entity or the OF is in substantial compliance with laws, regulations and regulatory requirements, including mission-related and affordable housing goals and requirements. The board of directors and management demonstrate the ability to promptly and successfully address existing and potential problems and risks.

2. A rating of 2 indicates: The performance by the board of directors and management, and risk management practices relative to the regulated entity's or the OF's size, complexity and risk profile are satisfactory. Generally, significant risks and problems are effectively identified, measured, monitored and controlled. The regulated entity or the OF is in substantial compliance with laws, regulations and regulatory requirements, including mission-related and affordable housing goals and requirements. Minor weaknesses may exist, but they are not material to the safety and soundness of the regulated entity or the OF, and are being satisfactorily addressed.

3. A rating of 3 indicates: The performance by the board of directors and management, and/or risk management practices need improvement given the regulated entity's or the OF's size, complexity and risk profile. Problems and significant risks may be inadequately identified, measured, monitored or controlled. The regulated entity or the OF may be in non-compliance with laws, regulations and regulatory requirements, including mission-related and affordable housing goals and requirements. The capabilities of the board of directors or management may be insufficient for the type, size or condition of the regulated entity or the OF.

4. A rating of 4 indicates: The performance by the board of directors and management and/or risk management practices are deficient given the regulated entity's or the OF's size, complexity and risk profile. Operational or performance problems and significant risks are inadequately identified, measured, monitored or controlled, and require immediate Start Printed Page 36541action to preserve the soundness of the regulated entity or the OF. The regulated entity or the OF may be in significant non-compliance with laws, regulations and regulatory requirements, including mission-related and affordable housing goals and requirements.

5. A rating of 5 indicates: The performance by the board of directors and management and/or risk management practices are critically deficient. Problems and significant risks are inadequately identified, measured, monitored or controlled, and may threaten the viability of the regulated entity or the OF. The regulated entity or the OF is in significant non-compliance with laws, regulations and regulatory requirements, including mission-related and affordable housing goals and requirements. The board of directors and management fail to demonstrate the ability or willingness to correct problems and implement appropriate risk management practices.

EARNINGS— when rating a regulated entity's earnings, examiners determine the quantity, trend, sustainability, and quality of earnings. When making this determination, examiners assess:

• the level of earnings, including trends and stability;
• the ability to provide for adequate capital through retained earnings;
• the quality and source of earnings, including the level of reliance on extraordinary gains, nonrecurring events, or favorable tax effects;
• the level of expenses in relations to operations;
• the adequacy of the budgeting systems, forecasting processes, and management information systems in general;
• the adequacy of provisions to maintain the allowance for loan losses and other valuation allowance accounts; and
• the earnings exposure to market risk.

Earnings ratings

1. A rating of 1 indicates: The quality, quantity, and sustainability of earnings are strong. The regulated entity's earnings are more than sufficient to support operations and maintain adequate capital and allowance levels after considering the regulated entity's overall condition, growth and other factors.

2. A rating of 2 indicates: The quality, quantity, and sustainability of earnings are satisfactory. The regulated entity's earnings are sufficient to support operations and maintain adequate capital and allowance levels after considering the regulated entity's overall condition, growth and other factors.

3. A rating of 3 indicates: The quality, quantity, or sustainability of earnings needs improvement. The regulated entity's earnings may not fully support the regulated entity's operations or provide for adequate capital and/or allowance levels in relation to the regulated entity's overall condition, growth, and other factors.

4. A rating of 4 indicates: The quality, quantity, and/or sustainability of earnings is deficient. The regulated entity's earnings are insufficient to support operations and maintain adequate capital and allowance levels.

5. A rating of 5 indicates: The quality, quantity, and/or sustainability of earnings is critically deficient. The regulated entity's earnings are inadequate to cover expenses, and losses may threaten the regulated entity's viability through the erosion of capital.

LIQUIDITY— when rating a regulated entity's liquidity, examiners determine the current level and prospective sources of liquidity compared to funding needs, as well as the adequacy of funds management practices relative to the regulated entity's size, complexity and risk profile. When making this determination, examiners assess:

• the adequacy of liquidity sources to meet present and future needs and the ability of the regulated entity to meet liquidity needs without adversely affecting its operations or condition;
• the availability of assets readily convertible to cash without undue loss;
• the regulated entity's access to money markets and other secondary sources of funding;
• the level and diversification of funding sources, both on- and off-balance sheet;
• the degree of reliance on short-term, volatile sources of funding to fund longer term assets;
• the ability to securitize and sell certain pools of assets; and
• the capability and willingness of management to properly identify, measure, monitor and control the regulated entity's liquidity position, including the effectiveness of funds management strategies, liquidity policies, management information systems and contingency liquidity plans.

Liquidity ratings

1. A rating of 1 indicates: The level of liquidity and the regulated entity's management of its liquidity position are strong. Any identified weaknesses in its liquidity management practices are minor. The regulated entity has reliable access to sufficient sources of funds on favorable terms to meet current and anticipated liquidity needs. The regulated entity meets or exceeds regulatory guidance related to liquidity.

2. A rating of 2 indicates: The level of liquidity and the regulated entity's management of its liquidity position are satisfactory. The regulated entity may have moderate weaknesses in its liquidity management practices, but these are correctable in the normal course of business. The regulated entity has reliable access to sufficient sources of funds on acceptable terms to meet current and anticipated liquidity needs. The regulated entity meets or exceeds regulatory guidance related to liquidity.

3. A rating of 3 indicates: The level of liquidity or the regulated entity's management of its liquidity position needs improvement. The regulated entity may evidence moderate weaknesses in funds management practices, or weaknesses that are not correctable in the normal course of business. The regulated entity may lack ready access to funds on reasonable terms. The regulated entity may not meet all regulatory guidance related to liquidity.

4. A rating of 4 indicates: The level of liquidity or the regulated entity's management of its liquidity position is deficient. The regulated entity may not have or be able to obtain sufficient funds on reasonable terms. The regulated entity does not meet all regulatory guidance related to liquidity.

5. A rating of 5 indicates: The level of liquidity or the regulated entity's management of its liquidity position is critically deficient. The viability of the regulated entity may be threatened and the regulated entity may need to seek immediate external financial assistance to meet maturing obligations or other liquidity needs. The regulated entity does not meet regulatory guidance related to liquidity.

SENSITIVITY TO MARKET RISK— when rating a regulated entity's sensitivity to market risk, examiners determine the degree to which changes in interest rates, foreign exchange rates, commodity prices, or equity prices can adversely affect the regulated entity's earnings or economic capital. When making this determination, examiners assess:

• the sensitivity of the regulated entity's earnings, or the economic value of its capital to adverse changes in interest rates, foreign exchange rates, commodity prices or equity prices;
• the ability of management to identify, measure, monitor and control exposure to market risk given the Start Printed Page 36542regulated entity's size, complexity and risk profile;
• the nature and complexity of interest rate risk exposure arising from non-trading positions; and
• the nature and complexity of market risk exposure arising from trading, asset management activities and foreign operations.

Sensitivity to market risk ratings

1. A rating of 1 indicates: Market risk sensitivity is well controlled and there is minimal potential that the regulated entity's earnings performance or capital position will be adversely affected by market risk sensitivity. Risk management practices are strong for the size, sophistication and market risk accepted by the regulated entity. Earnings and capital provide substantial support for the amount of market risk taken by the regulated entity.

2. A rating of 2 indicates: Market risk sensitivity is satisfactorily controlled and there is moderate potential that the regulated entity's earnings performance or capital position will be adversely affected by market risk sensitivity. Risk management practices are satisfactory for the size, sophistication and market risk accepted by the regulated entity. Earnings and capital provide adequate support for the amount of market risk taken by the regulated entity.

3. A rating of 3 indicates: Market risk sensitivity control needs improvement or there is significant potential that the regulated entity's earnings performance or capital position will be adversely affected by market risk sensitivity. Risk management practices need improvement given the size, sophistication and market risk accepted by the regulated entity. Earnings and capital may not adequately support the amount of market risk taken by the regulated entity.

4. A rating of 4 indicates: Market risk sensitivity control is deficient or there is a high potential that the regulated entity's earnings performance or capital position will be adversely affected by market risk sensitivity. Risk management practices are deficient for the size, sophistication and market risk accepted by the regulated entity. Earnings and capital provide inadequate support for the amount of market risk taken by the regulated entity.

5. A rating of 5 indicates: Market risk sensitivity control is critically deficient or the level of market risk taken by the regulated entity may be an imminent threat to the regulated entity's viability. Risk management practices are critically deficient for the size, sophistication and level of market risk accepted by the regulated entity.

OPERATIONAL RISK— when rating a regulated entity's or the OF's operational risk, examiners determine the exposure to loss from inadequate or failed internal processes, people, and systems, including internal controls and information technology, or from external events, including all direct and indirect economic losses related to legal liability, reputational setbacks, and compliance and remediation costs to the extent such costs are consequences of operational events. When making this determination examiners assess:

• the efficiency and effectiveness of operations and technology;
• the effectiveness of the operational risk framework in identifying and assessing threats posed to operations;
• the quality of operational risk management in the administration of the regulated entity's or the OF's mission-related activities, including affordable housing and community investment activities;
• the organizational structure, including lines of authority and responsibility for adhering to prescribed policies;
• the accuracy of recording transactions;
• the effectiveness of internal controls over financial reporting (i.e., the level of compliance with Sarbanes-Oxley section 404);
• the controls surrounding limits of authorities, including: Safeguarding access to and use of records and assets; segregation of duties;
• the effectiveness of the control environment in preventing and/or detecting errors and unauthorized activity;
• the accuracy, effectiveness and security of information systems, data and management reporting;
• the effectiveness of business continuity planning; and
• the effectiveness, accuracy and security of models

Operational risk ratings

1. A rating of 1 indicates: Operational risk management is strong and the number and severity of operational risk events are low. There is minimal potential that the regulated entity's or the OF's earnings performance or capital position will be adversely affected by the level of operational risk.

2. A rating of 2 indicates: Operational risk management is satisfactory and the number and severity of operational risk events are moderate. There is moderate potential that the regulated entity's or the OF's earnings performance or capital position will be adversely affected by the level of operational risk.

3. A rating of 3 indicates: Operational risk management needs improvement or there is significant potential that the regulated entity's or the OF's earnings performance or capital position will be adversely affected by the level of operational risk. The number and severity of operational risk events are moderate to serious.

4. A rating of 4 indicates: Operational risk management is deficient or there is a high potential that the regulated entity's or the OF's earnings performance or capital position will be adversely affected by the level of operational risk. The number and severity of operational risk events are serious to critical.

5. A rating of 5 indicates: Operational risk management is critically deficient or the level of operational risk taken by the regulated entity or the OF may be an imminent threat to the regulated entity's or the OF's viability. The number and severity of operational risk events may threaten the regulated entity's or the OF's viability.