-
Start Preamble
Start Printed Page 39049
AGENCY:
Board of Governors of the Federal Reserve System (Board).
ACTION:
Notice of proposed rulemaking.
SUMMARY:
The Board is seeking comment on a proposed new rating system for its supervision of large financial institutions. The proposed “Large Financial Institution Rating System” is closely aligned with the Federal Reserve's new supervisory program for large financial institutions. The proposed rating system would apply to all bank holding companies with total consolidated assets of $50 billion or more; all non-insurance, non-commercial savings and loan holding companies with total consolidated assets of $50 billion or more; and U.S. intermediate holding companies of foreign banking organizations established pursuant to the Federal Reserve's Regulation YY. The proposed rating system includes a new rating scale under which component ratings would be assigned for capital planning and positions, liquidity risk management and positions, and governance and controls; however, a standalone composite rating would not be assigned. The Federal Reserve proposes to assign initial ratings under the new rating system during 2018. The Federal Reserve is also seeking comment on proposed revisions to existing provisions in Regulations K and LL so they would remain consistent with certain features of the proposed rating system.
DATES:
Comments must be received no later than October 16, 2017.
ADDRESSES:
Interested parties are invited to submit written comments by following the instructions for submitting comments at http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm.
- Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
- Email: regs.comments@federalreserve.gov. Include the docket number in the subject line of the message.
- Fax: (202) 452-3819 or (202) 452-3102.
- Mail: Address to Ann E. Misback, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue NW., Washington, DC 20551.
All public comments will be made available on the Board's Web site at http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as submitted, unless modified for technical reasons. Accordingly, comments will not be edited to remove any identifying or contact information. Public comments may also be viewed electronically or in paper in Room 3515, 1801 K Street NW. (between 18th and 19th Street NW.), Washington, DC 20006 between 9:00 a.m. and 5:00 p.m. on weekdays.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
Richard Naylor, Associate Director, (202) 728-5854, Vaishali Sack, Manager, (202) 452-5221, April Snyder, Manager, (202) 452-3099, Bill Charwat, Senior Project Manager, (202) 452-3006, Division of Supervision and Regulation, Scott Tkacz, Senior Counsel, (202) 452-2744, or Christopher Callanan, Senior Attorney, (202) 452-3594, Legal Division, Board of Governors of the Federal Reserve System, 20th and C Streets NW., Washington, DC 20551. Telecommunications Device for the Deaf (TDD) users may contact (202-263-4869).
End Further Info End Preamble Start Supplemental InformationSUPPLEMENTARY INFORMATION:
Table of Contents
I. Background
II. Overview of the Proposed LFI Rating System
A. LFI Rating Components
B. LFI Rating Scale
III. Transition from the RFI Rating System to the LFI Rating System
IV. Consequences of LFI Ratings
V. Applicability
VI. Timing and Implementation
VII. Related Proposed Guidance
A. Management of Core Business Lines and Independent Risk Management and Controls
1. Senior Management
2. Management of Core Business Lines
3. Independent Risk Management and Controls
B. Board Effectiveness
VIII. Other Related Developments
IX. Proposed Changes to Existing Regulations
X. Comparison of the RFI and LFI Rating Systems
XI. Request for Comments
XII. Regulatory Analysis
A. Paperwork Reduction Act
B. Regulatory Flexibility Analysis
C. Solicitation of Comments on Use of Plain Language
Appendix A. Text of Proposed Large Financial Institution Rating System
I. Background
The 2007-2009 financial crisis demonstrated the risks that large financial institutions (LFIs) pose to U.S. financial stability. As a group, these institutions were overleveraged, had insufficient capital to support their risks, and relied heavily on short-term wholesale funding that was susceptible to runs. This excessive risk-taking, combined with similar behavior outside the regulated financial sector, left the U.S. economy vulnerable. The ensuing financial crisis led to a deep recession and the loss of nearly nine million jobs.
In response, since the financial crisis, the Federal Reserve has placed materially heightened supervisory expectations on LFIs. The Federal Reserve has developed a supervisory program specifically designed to address the risks posed by such firms to U.S. financial stability. The Federal Reserve established the Large Institution Supervision Coordinating Committee (LISCC) in 2010 to coordinate its supervisory oversight for the systemically important firms that pose the greatest risk to U.S. financial stability.[1] The LISCC supervisory program conducts annual horizontal reviews of LISCC firms and firm-specific examination work focused on evaluating a firm's (i) capital adequacy under normal and stressed conditions; (ii) liquidity positions and risk management practices; (iii) recovery and resolution preparedness; and (iv) governance and controls. For LFIs that are not LISCC firms, the Federal Reserve performs horizontal reviews and firm-specific supervisory work focused on capital, Start Printed Page 39050liquidity, and governance and control practices, which are tailored to reflect the risk characteristics of these institutions.[2]
In 2012, the Federal Reserve implemented a new consolidated supervisory program for LFIs (referred to as the “LFI supervision framework”) described in SR letter 12-17.[3] The LFI supervision framework is intended to (i) enhance each LFI's financial and operational strength and resilience to reduce the likelihood of an LFI's failure or material financial or operational distress, and (ii) reduce the risk to U.S. financial stability overall if an LFI were to fail.[4]
The LFI supervision framework includes heightened expectations regarding capital and liquidity, including both the amount of capital and liquidity and the related planning and risk management practices. The LFI supervision framework also outlined expectations for a firm's maintenance of operational strength and resilience and its compliance with laws and regulations, as provided by effective governance and control practices.
The Federal Reserve has not modified its supervisory rating system for bank holding companies since the 2007-2009 financial crisis. Since 2004, the Federal Reserve has used the “RFI/C(D)” rating system (referred to as the “RFI rating system”) to communicate its supervisory assessment of every bank holding company (BHC) regardless of its asset size, complexity, or systemic importance.[5] The RFI rating system focuses on the risk management practices (R component) and financial condition (F component) of the consolidated organization, and assesses the potential impact (I component) of a BHC's nondepository entities on its subsidiary depository institution(s).
Given the systemic risks posed by LFIs and the corresponding changes to the Federal Reserve's supervisory expectations and oversight of those firms, the Federal Reserve believes that a new rating system would be more effective than the RFI rating system for evaluating LFIs. The RFI rating system remains a relevant and effective tool for developing and communicating supervisory assessments for community and regional holding companies. Therefore, the RFI rating system will continue to be used in the supervision of these organizations.
II. Overview of the Proposed LFI Rating System
The proposed LFI rating system provides a supervisory evaluation of whether a firm possesses sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions. The proposed LFI rating system is designed to:
- Fully align with the Federal Reserve's current supervisory programs and practices, which are based upon the LFI supervision framework's core objectives of reducing the probability of LFIs failing or experiencing material distress and reducing the risk to U.S. financial stability;
- Enhance the clarity and consistency of supervisory assessments and communications of supervisory findings and implications; and
- Provide appropriate incentives for LFIs to maintain financial and operational strength and resilience, including compliance with laws and regulations, by more clearly defining the supervisory consequences of a given rating.
A. LFI Rating Components
Under the proposed LFI rating system, the Federal Reserve would evaluate and assign ratings for the following three components: [6]
- Capital Planning and Positions
- Liquidity Risk Management and Positions
- Governance and Controls
The Capital Planning and Positions component rating would encompass assessments of (i) the effectiveness of the governance and planning processes used by a firm to determine the amount of capital necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's capital positions to comply with applicable regulatory requirements and to support the firm's ability to continue to serve as a financial intermediary through a range of conditions. Findings from CCAR for LISCC firms and certain other large and complex LFIs,[7] and from similar supervisory activities for other LFIs,[8] represent a material portion of the work that would be conducted to determine the Capital Planning and Positions component rating.
The Liquidity Risk Management and Positions component rating would encompass assessments of (i) the effectiveness of a firm's governance and risk management processes used to determine the amount of liquidity necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's liquidity positions to comply with applicable regulatory requirements and to support the firm's ongoing obligations through a range of conditions.[9] The Liquidity Risk Management and Positions component rating would be based on findings of coordinated examinations of liquidity positions and risk management Start Printed Page 39051practices conducted across several firms (horizontal examinations), as well as ongoing assessments of an individual firm's liquidity positions and risk management practices conducted through the supervisory process.
Horizontal examinations help to ensure that the liquidity positions and risk management practices of firms with similar liquidity risk profiles are evaluated in a consistent manner. LISCC firms are subject to the Comprehensive Liquidity Analysis and Review (CLAR), which is an annual horizontal exercise that assesses both liquidity positions and risk management. Other LFI firms are subject to more narrow horizontal examinations depending on their risk profile. The Federal Reserve also conducts targeted examinations of specific areas that are of high risk to an individual firm or have not been covered by a recent horizontal examination.
The Federal Reserve evaluates each firm's risk management practices by reviewing the processes that firms use to identify, measure, monitor, and manage liquidity risk and make funding decisions. The Federal Reserve evaluates a firm's liquidity positions against applicable regulatory requirements, and assesses the firm's ability to support its obligations through other means, such as its funding concentrations.
The Governance and Controls component rating would evaluate the effectiveness of a firm's (i) board of directors, (ii) management of core business lines and independent risk management and controls, and (iii) recovery planning (for domestic LISCC firms only).[10] This rating would assess a firm's effectiveness in aligning strategic business objectives with the firm's risk tolerance [11] and risk management capabilities; maintaining strong, effective, and independent risk management and control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise providing for the ongoing resiliency of the firm. Firm-specific and horizontal examination work focused on a firm's corporate governance, independent risk management, controls, and lines of business, among other areas, would provide the basis for determining the Governance and Controls component rating.
Unlike other supervisory rating systems, including the RFI rating system, the Federal Reserve would not assign a standalone composite rating under the proposed LFI rating system. The Federal Reserve believes assigning a standalone composite rating is not necessary because the three proposed LFI component ratings are designed to clearly communicate supervisory assessments and associated consequences for each of the core areas (capital, liquidity, and governance and controls) considered critical to a firm's strength and resilience. It is unlikely that the assignment of a standalone composite rating would convey new or additional information regarding supervisory assessments, and a standalone composite rating could dilute the clarity and impact of the component ratings.
B. LFI Rating Scale
Each LFI component rating would be assigned using a multi-level scale (Satisfactory/Satisfactory Watch, Deficient-1, and Deficient-2). A “Satisfactory” rating indicates that the firm is considered safe and sound and broadly meets supervisory expectations.[12] A “Satisfactory Watch” rating is a conditional “Satisfactory” rating, and is discussed in greater detail below. A “Deficient-1” rating indicates that although the firm's current condition is not considered to be materially threatened, there are financial and/or operational deficiencies that put its prospects for remaining safe and sound through a range of conditions at significant risk. A “Deficient-2” rating indicates that financial and/or operational deficiencies materially threaten the firm's safety and soundness, or have already put the firm in an unsafe and unsound condition.
Supervisors may assign a “Satisfactory Watch” component rating which indicates that the firm is generally considered safe and sound; however certain issues are sufficiently material that, if not resolved in a timely manner in the normal course of business, would put the firm's prospects for remaining safe and sound through a range of conditions at risk. This would be consistent with existing supervisory practice where supervisors generally indicate to a firm that a rating downgrade is a strong possibility if the firm fails to resolve identified weaknesses in a timely manner. The “Satisfactory Watch” rating may also be used for firms previously rated “Deficient” when circumstances warrant.
In considering whether supervisory issues are likely to be resolved in the normal course of business, the Federal Reserve will assess the firm's ability to remediate or mitigate these issues (through compensating controls and/or a reduced risk profile) in a timely manner without material changes to, or investments in, a firm's governance, risk management or internal control structures, practices, or capabilities.
A “Satisfactory Watch” rating is not intended to be used for a prolonged period. Firms that receive a “Satisfactory Watch” rating would have a specified timeframe to fully resolve issues leading to that rating (as is the case with all supervisory issues), generally no longer than 18 months.[13] If the firm successfully resolved the issues leading to the “Satisfactory Watch” rating, the firm would typically be upgraded to “Satisfactory” as it has demonstrated an ability to successfully remediate or mitigate these issues in a timely manner in the normal course of business. However, if the firm failed to timely remediate or mitigate those issues, that failure would generally be viewed as evidence that the firm lacked sufficient financial and/or operational capabilities to remain safe and sound Start Printed Page 39052through a range of conditions. In these instances, the firm would typically be downgraded to a “Deficient” rating.
When a firm is rated “Satisfactory Watch,” supervisors would focus on determining whether a firm's issues are related to each other, similar in nature or root cause, or constitute a pattern reflecting deeper governance or risk management weaknesses, warranting a downgrade to a “Deficient” rating.
III. Transition From the RFI Rating System to the LFI Rating System
As noted above, the LFI supervision framework—as described in SR 12-17 and accompanied by the issuance of enhanced regulatory requirements, supervisory expectations and practices—has been established over recent years to enhance the ability of large systemically important firms to sustain operations through a range of stressful conditions and events. Introduction of a new rating system that is comprehensively aligned with the LFI supervision framework represents the natural next step in the build-out of this program. As such, transition to the proposed LFI rating system is intended to be evolutionary and expected to be routine in most respects for affected firms.
Approaches to assessing an LFI's financial strength and resilience via effective capital and liquidity governance and planning, and sufficiency of related positions, are more prominent in the proposed LFI rating system versus the RFI rating system, and are fully reflective of current supervisory practices and expectations. Key conclusions of LFI supervision activities, including CCAR and CLAR, will be directly reflected within the Capital and Liquidity component rating assignments. By contrast, the RFI rating system was not designed to readily accommodate the results of these activities.
Similarly, the key elements within the Governance and Controls component rating, which underlie a firm's operational resilience and overall risk management, are also consistent with current practices. Most of these elements can be traced to supervisory expectations for risk management and internal controls first introduced in 1995, and subsequently carried forth into the RFI rating system in 2004.[14] These foundational aspects of a firm's governance and control framework, including expectations relating to the effectiveness of boards of directors and emphasis on sound risk management, remain present in the proposed LFI rating system, albeit with some changes in emphasis and nomenclature.
The Governance and Controls component rating also provides an updated approach to assessing the effectiveness of risk management and control activities as conducted (i) directly within a firm's business line operations (where risk-taking activities are initiated and implemented), and (ii) throughout a firm's independent risk management and controls. More recently, key expectations regarding the alignment of a firm's strategy with its risk tolerance and risk management capabilities were included in SR letter 12-17, and are also reflected within capital planning guidance issued in 2015.[15]
The chart included below in Section X, “Comparison of the RFI and LFI Rating Systems,” broadly compares and illustrates the structural differences between the two rating systems.
IV. Consequences of LFI Ratings
Statutes and regulations applicable to LFIs grant a number of privileges to well managed firms.[16] Under the RFI rating system, a firm's composite rating and Risk Management rating determine whether a holding company is considered to be “well managed” for purposes of these privileges.[17] Under the proposed LFI rating system, a firm must be rated “Satisfactory” or “Satisfactory Watch” for each of its three component ratings in order to be considered “well managed.” [18] A rating of “Deficient-1” or lower for any component would result in the firm not being deemed “well managed.” This reflects the judgment that an LFI is not in satisfactory condition overall unless it is considered sound in each of the key areas of capital, liquidity, and governance and controls.
A “Deficient-1” component rating could be a barrier for a firm seeking the Federal Reserve's approval to engage in new or expansionary activities, unless the firm can demonstrate that (i) it is making meaningful, sustained progress in resolving identified deficiencies and issues; (ii) the proposed new or expansionary activities would not present a risk of exacerbating current deficiencies or issues or lead to new concerns; and (iii) the proposed activities would not distract the board or senior management from remediating current deficiencies or issues.
The Federal Reserve would be extremely unlikely to approve any proposal seeking to engage in new or expansionary activities from a firm with a “Deficient-2” component rating.
Under the Bank Holding Company Act (BHC Act) and the Home Owners' Loan Act,[19] companies that have elected to be treated as financial holding companies (FHCs) and that do not remain well managed face restrictions on commencement or expansion of certain activities. In addition, a firm with less than satisfactory ratings may be subject to restrictions or higher charges in attempting to access the Federal Reserve's discount window or in gaining access to intraday credit.
A “Deficient-1” component rating would often be an indication that the firm should be subject to either an informal or formal enforcement action, and may also result in the designation of the firm as being in “troubled condition.” [20] A firm with a “Deficient-2” component rating should expect to be subject to a formal enforcement action and deemed to be in “troubled condition.”
V. Applicability
The Federal Reserve would use the proposed LFI rating system to evaluate and communicate the supervisory condition of all bank holding companies that have total consolidated assets of $50 billion or more; all non-insurance, non-commercial savings and loan holding companies that have total consolidated assets of $50 billion or more; and all U.S. intermediate holding companies (IHCs) of foreign banking organizations established pursuant to section 252.153 of the Federal Reserve's Regulation YY.[21] In the future, the Start Printed Page 39053Federal Reserve plans to use the LFI rating system to assess systemically important nonbank financial companies designated by the Financial Stability Oversight Council (FSOC) for supervision by the Federal Reserve; however, this would be done through a separate rulemaking.
Until final adoption of a LFI rating system, the Federal Reserve will continue to evaluate firms using the existing RFI rating system. Holding companies with less than $50 billion in total consolidated assets would continue to be evaluated using the RFI rating system.
VI. Timing and Implementation
The Federal Reserve proposes to assign initial LFI ratings to all applicable firms during 2018. Due to differences in the timing of supervisory cycles across the portfolios that comprise the LFI supervisory program, firms in one portfolio may receive their initial LFI ratings at different times during the year than firms in another portfolio.
During the initial LFI rating supervisory cycle, each applicable firm would receive all three component ratings under the LFI rating system concurrently. Consistent with current Federal Reserve practice on the assignment and communication of supervisory ratings by examiners, ratings under the proposed LFI rating system would be assigned and communicated to firms on at an annual basis, and more frequently as warranted. After the initial LFI rating supervisory cycle, examiners may assign and communicate individual component ratings on a rolling basis to the firms. Under the proposed LFI rating system, the Federal Reserve would continue to generally rely to the fullest extent possible on the information and assessments developed by other relevant supervisors and functional regulators. In accordance with the Federal Reserve's regulations governing confidential supervisory information,[22] ratings assigned under the LFI rating system would be communicated by the Federal Reserve to the firm but not disclosed publicly.
The proposed LFI rating system would apply if a firm reports total consolidated assets of $50 billion or more, calculated based on the average of the firm's total consolidated assets in the four (4) most recent quarters as reported on the firm's quarterly financial reports filed with the Federal Reserve. A firm that meets this criteria would generally receive the three LFI component ratings within one year of becoming subject to the LFI rating system. A firm would continue to be rated under the LFI rating system until it has less than $45 billion in total consolidated assets, based on the average total consolidated assets as reported on the firm's four (4) most recent quarterly financial reports filed with the Federal Reserve. The Federal Reserve may determine to apply the RFI rating system or another applicable rating system in certain limited circumstances.[23]
VII. Related Proposed Guidance
Concurrent with issuing this proposal, the Board is issuing another proposal for public comment addressing supervisory expectations for boards of directors of all Federal Reserve-supervised institutions.[24] That proposal includes proposed guidance concerning the effectiveness of boards of directors of large financial institutions, which is an element of the Governance and Controls component rating. The Board also plans to separately release additional proposed guidance seeking comment on supervisory expectations relating to a firm's management of core business lines and independent risk management and controls, which is also an element of the Governance and Controls component rating. The Federal Reserve expects to release this additional guidance in the near future. However, if the LFI rating system is finalized before the additional governance and controls guidance is finalized, firms would be evaluated using existing supervisory guidance until such time that the additional governance and controls guidance is finalized.[25]
The following section provides a summary of the planned guidance relating to a firm's management of core business lines and independent risk management and controls, as well as a summary of the proposed guidance relating to the effectiveness of a firm's board of directors.[26]
A. Management of Core Business Lines and Independent Risk Management and Controls
The supervisory assessment of a firm's management of core business lines and independent risk management and controls would have three components: (1) Expectations for senior management with respect to both core business lines and independent risk management and controls; (2) expectations for the management of core business lines (CBLs); and (3) expectations for independent risk management (IRM) and controls.
1. Senior Management
Senior management oversees both the management of core business lines and independent risk management and controls. The supervisory assessment of the effectiveness of senior management would include senior management's role in managing the firm's day-to-day operations, promoting safety and soundness and compliance with internal policies and procedures, laws, and regulations, including those related to consumer protection.[27]
Senior management is responsible for implementing the firm's strategy and risk tolerance as approved by the firm's board. Senior management should implement the strategic and risk objectives across the firm such that they support the firm's long-term resiliency and safety and soundness, including the firm's resilience to a range of stressed conditions. Senior management should ensure that the firm's infrastructure, staffing, and resources are sufficient to carry out the firm's strategic objectives.
Senior management should maintain and implement an effective risk management framework and ensure the firm can appropriately manage risk consistent with its strategy and risk Start Printed Page 39054tolerance. This should include establishing clear responsibilities and accountability for the identification, management, and control of risk. Senior management should also develop and maintain the firm's policies and procedures and system of internal controls to ensure compliance with laws and regulations.
Senior management is responsible for ensuring the resolution of key issues and effective firm-wide communication, including to and from the board of directors. Senior management should have in place robust mechanisms for keeping apprised of, among other things, current and emerging risks to the firm and other material issues, including by maintaining robust management information systems.
Senior management should have in place succession and contingency staffing plans for key positions and have compensation and performance management programs that promote and enforce prudent risk-taking behaviors and business practices.
2. Management of Core Business Lines
The Federal Reserve would consider the effectiveness of the management of core business lines in meeting its supervisory expectations.[28] For LISCC firms, all business lines would be considered CBLs. For other firms, CBLs would be defined as those business lines where a significant control disruption, failure, or loss event would result in a material loss of revenue, profit, or franchise value, or result in significant consumer harm.[29] The Federal Reserve is reserving discretion to identify other business lines or functions as core business lines, based on their size, risk profile, or other supervisory considerations.
CBL management should establish for each core business line specific business and risk objectives that align with the firm-wide strategy and risk tolerance.[30] CBL management should inform senior management when the risk management capabilities are insufficient to align those business and risk objectives. CBL management should also clearly present to senior management the risks emanating from the business line's activities and explain how those risks are managed and align with the firm's risk tolerance.
CBL management should identify, measure, and manage current and emerging risks that stem from CBL activities and external factors. CBL management should also incorporate appropriate feedback from independent risk management (IRM) on business line risk positions, implementation of the risk tolerance, and risk management practices, including risk mitigation.
CBL management should manage the CBL's activities so they remain within risk limits established by IRM, consult with senior management before permitting any breaches of the limits, and follow appropriate procedures for obtaining exceptions to limits. CBL management should also adhere to the firm's policies and procedures for vetting new business products and initiatives, and escalate to senior management any required changes or modifications to risk management systems or internal control policies and procedures arising from the adoption of a new business or initiative.
CBL management should provide a CBL with sufficient resources and infrastructure to meet financial goals and strategic objectives while maintaining operational and financial resilience in a range of operating conditions, including stressful ones. Resources and infrastructure include sufficient personnel with appropriate training and expertise and management information systems.
CBL management should develop and maintain an effective system of sound and appropriate internal controls for its CBL that ensures compliance with laws and regulations.[31] CBL management should regularly test to ensure the effectiveness of controls within the business lines and ensure that deficiencies are remediated, and should escalate material deficiencies and systematic control violations to senior management, as well as provide periodic reports. Finally, CBL management should reassess controls periodically to ensure relevancy and alignment with current approved policies.
CBL management should establish policies and guidelines that delineate accountability, set forth clear lines of management authority within the CBL, and align desired behavior with the firm's performance management incentives. CBL management should hold employees accountable for conduct that is inconsistent with the firm's policies or board and senior management directives or that could result in violations of law. CBL management should inform senior management of improper conduct when appropriate, including individual instances and when there are identified patterns of misconduct. CBL management should have ongoing and effective means to prevent, detect, and remediate risk management and compliance failures.
3. Independent Risk Management and Controls
The Federal Reserve would assess whether the firm's independent risk management and controls meet supervisory expectations. This assessment would focus on three related areas: The independent risk management function, internal controls, and internal audit.
a. Independent Risk Management (IRM) Function
i. Chief Risk Officer (CRO)
A CRO must have sufficient capability and experience in identifying, assessing, and managing risk exposures of large, complex financial institutions.[32] The CRO should guide IRM to establish and monitor compliance with enterprise-wide risk limits, identify and aggregate the firm's risks, assess the firm's risk positions relative to the parameters of the firm's risk tolerance, and provide relevant risk information to senior management and the board of directors.
The CRO should inform the board of directors if his or her stature, independence, or authority is not sufficient or is at risk of being insufficient to provide unbiased and independent assessments of the firm's risks, risk management activities, and system of internal controls.[33] Further, the CRO should be included in discussions with other senior management and the board related to key decisions, such as strategic planning and capital and liquidity planning, and provide input to the board on incentive compensation.
The CRO should notify senior management and the board of directors when activities or practices at the firm-Start Printed Page 39055wide, risk-specific, or CBL level do not align with the firm's overall risk tolerance. As appropriate, the CRO should recommend constraints on risk taking and enhancements to risk management practices to senior management and the board of directors.
The CRO should support the independence of IRM from the business lines by establishing clearly defined roles and responsibilities and reporting lines.
ii. Chief Audit Executive (CAE)
The firm should have a CAE, appointed by the board, with sufficient capability, experience, independence, and stature to manage the internal audit function's responsibilities.[34] Under the direction of the CAE, the internal audit function performs an independent assessment of the effectiveness of the firm's system of internal controls and the risk management framework. The CAE should manage effectively all aspects of internal audit work on an ongoing basis, including any internal audit work that is outsourced. The CAE should have the authority to oversee all internal audit activities and to hire internal audit staff with sufficient capability and stature. The CAE should report findings, issues, and concerns to the board's audit committee and senior management.
iii. Risk Tolerance and Limits
IRM should evaluate whether the firm's risk tolerance appropriately captures the firm's material risks, whether it aligns with the firm's strategic plan and the corresponding business activities, and whether it is consistent with the capacity of the risk management framework. IRM, including through the CRO, should provide input to both senior management and the board to assist in the development, evaluation, and approval of the firm's risk tolerance. IRM should also determine whether the firm's risk profile is consistent with the firm's risk tolerance and assess whether the firm's risk management framework has the capacity to manage the risks outlined in the risk tolerance.
Under direction of the CRO, IRM should establish enterprise-wide risk limits as well as more granular risk limits, as appropriate, that are consistent with the firm's risk tolerance for the firm's full set of risks. IRM should monitor and update risk limits as appropriate, especially as the firm's risk tolerance, risk profile, or external conditions change. IRM should identify significant trends in risk levels to evaluate whether risk-taking and risk management practices are consistent with the firm's strategic objectives. IRM should escalate to senior management material breaches to the firm's risk tolerance and enterprise-wide risk limits, as well as instances where IRM's conclusions differ from those of CBLs.
IRM should identify and measure under both normal and stressful operating conditions, where possible, current and emerging risks within and across business lines and risk types, as well as any other relevant perspective. Common risk types include credit, market, operational, liquidity, interest rate, legal, and compliance (such as consumer protection and Bank Secrecy Act/anti-money laundering).
IRM should aggregate risks across the entire firm and assess those risks relative to the firm's risk tolerance. IRM should identify material or critical concentrations of risks and assess the likelihood and potential impact of those risks on the firm. IRM should identify information gaps, uncertainties, or limitations in risk assessments for the board of directors and senior management, as appropriate.
Risk reporting should cover current and emerging risk, risk exposure and adherence to risk limits and risk concentrations as well as the firm's ongoing strategic, capital, and liquidity planning processes. Risk reporting should enable prompt escalation and remediation of material problems; enhance appropriate and timely responses to identified problems; provide current and forward-looking perspectives; and support or influence strategic decision-making.
b. Internal Controls
Developing and maintaining effective internal controls are the responsibility of senior management, IRM, and CBL management. Accordingly, a firm should appropriately assign management responsibilities for the establishment and maintenance of internal controls. To foster an appropriate control culture within the firm, adequate control activities should be integrated into the daily functions of all relevant personnel.
A firm should have mechanisms to monitor and test internal controls and to identify and escalate issues that appear to compromise the effectiveness of internal controls. The scope, frequency, and depth of testing should consider the complexity of the firm, the results of risk assessments, and the number and significance of the deficiencies identified during prior testing. A firm should test and monitor internal controls using a risk-based approach, prioritizing efforts on controls in areas of highest risk and less effective controls.
A firm should evaluate and communicate internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management.
c. Internal Audit
The internal audit function should examine, evaluate, and perform an independent assessment of the effectiveness of the firm's risk management framework and internal control systems and report findings to senior management and the firm's audit committee. The Federal Reserve would assess the extent to which a firm complies with existing guidance on internal audit.[35]
B. Board Effectiveness
Concurrent with this proposal, the Board is issuing a related proposal for public comment addressing supervisory expectations for boards of directors of all Federal Reserve-supervised institutions. The Federal Reserve conducted a multi-year review of the practices of boards of directors, particularly at the largest financial institutions, which considered the factors that make boards effective, the challenges boards face, how boards influence the safety and soundness of their firms, and the impact of the Federal Reserve's expectations for boards of directors in existing supervisory guidance. The proposed guidance relating to boards of directors and its accompanying notice published in the Federal Register constitute the results of the review. The review identified three key issues that could potentially reduce a board's ability to be effective. First, supervisory expectations for boards of directors and senior management have become increasingly difficult to distinguish. Second, boards typically spend a significant amount of time focused on supervisory expectations that do not directly relate to the board's core responsibilities, which include guiding the development of the firm's strategy and risk tolerance, overseeing senior management and holding them accountable, supporting Start Printed Page 39056the stature and independence of the firm's independent risk management and internal audit functions, and adopting effective governance practices. Third, boards of large financial institutions often face significant challenges managing the overwhelming quantity of information provided by senior management in advance of board meetings.
The proposal would refocus existing supervisory expectations on a board's core responsibilities by more clearly distinguishing the roles and responsibilities of the board from those of senior management; eliminating redundant, outdated, or irrelevant supervisory expectations for boards; and ensuring that supervisory guidance is more closely aligned.
The proposal contains three parts, the first of which includes proposed supervisory guidance addressing effective boards of directors (proposed BE guidance), which would apply to the largest depository institution holding companies supervised by the Federal Reserve. The proposed BE guidance identifies five key attributes of effective boards of directors and would provide the framework the Federal Reserve would use to assess a firm's board of directors. The proposed BE guidance also would clarify supervisory expectations for boards as distinct from expectations for senior management.
The second part of the proposal would revise certain supervisory expectations for boards to ensure they are aligned with the Federal Reserve's supervisory framework, and would eliminate redundant, outdated, or irrelevant supervisory expectations. These changes reflect the Federal Reserve's review of approximately 170 existing supervisory expectations contained in 27 Supervision and Regulation letters (SR letters), and would apply to bank and savings and loan holding companies of all sizes.
The third part of the proposal includes proposed supervisory guidance that would replace Federal Reserve SR letter 13-13 [36] and clarify expectations for communicating supervisory findings to an institution's board of directors and senior management. This proposed guidance, like the existing guidance, would apply to all financial institutions supervised by the Federal Reserve. The proposed guidance would facilitate the execution of boards' core responsibilities by clarifying expectations for communicating supervisory findings to an institution's board of directors and senior management. The proposed guidance would indicate that Federal Reserve examiners and supervisory staff would direct most Matters Requiring Immediate Attention (MRIAs) and Matters Requiring Attention (MRAs) to senior management for corrective action. MRIAs and MRAs would only be directed to the board for corrective action when the board needs to address its corporate governance responsibilities or when senior management fails to take appropriate remedial action. The board would remain responsible for holding senior management accountable for remediating supervisory findings.
VIII. Other Related Developments
Upon finalizing the LFI rating system, the Federal Reserve expects to issue supervisory guidance to update and align the consolidated supervisory framework, including SR letter 12-17, to be fully consistent with any modifications made through the final adoption of the LFI rating system as well as supervisory guidance relating to governance and controls.
In the future, the Federal Reserve may propose to revise the LFI rating system to include an additional rating component to assess the sufficiency of resolution planning efforts undertaken by LISCC firms (and perhaps other select LFIs) to reduce the impact on the U.S. financial system in the event of the firm's failure. This proposed revision to the LFI rating system would be issued for notice and comment.
IX. Proposed Changes to Existing Regulations
References to holding company ratings are included in a number of the Federal Reserve's existing regulations. In certain cases, the regulations are narrowly constructed such that they contemplate only the assignment of a standalone composite rating using a numerical rating scale. This is consistent with the current RFI rating system but is not compatible with the proposed LFI rating system. Three provisions in the Federal Reserve's existing regulations are written in this manner, including two in Regulation K and one in Regulation LL. In Regulation K, section 211.2(z) of Regulation K includes a definition of “well managed” which in part requires a bank holding company to have received a composite rating of 1 or 2 at its most recent examination or review; and section 211.9(a)(2) requires an investor (which by definition can be a bank holding company) to have received a composite rating of at least 2 at its most recent examination in order to make investments under the general consent or limited general consent procedures contained in sections 211.9(b) and (c). In Regulation LL, section 238.54(a)(1) restricts savings and loan holding companies from commencing certain activities without the Federal Reserve's prior approval unless the company received a composite rating of 1 or 2 at its most recent examination.
To ensure that the Federal Reserve's regulations are consistent and compatible with all aspects of both the RFI rating system as well as the proposed LFI rating system, the Federal Reserve proposes to amend those three regulatory provisions so they would apply to entities which receive numerical composite ratings as well as to entities which do not receive numerical composite ratings (including firms subject to the proposed LFI rating system).[37] To satisfy the requirements of those provisions, firms that do not receive numerical composite ratings would have to be considered satisfactory under the proposed LFI rating system. To be considered satisfactory, a firm would have to be rated “Satisfactory” or “Satisfactory Watch” for each component of the proposed LFI rating system; a firm which is rated “Deficient-1” or lower for any component would not be considered satisfactory. This standard would apply to any provision contained in the Federal Reserve's regulations which requires or refers to a firm having a satisfactory composite rating.
X. Comparison of the RFI and LFI Rating Systems
The proposed LFI rating system includes several structural changes from the RFI rating system. The following table provides a broad comparison between the two rating systems.Start Printed Page 39057
RFI rating system Proposed LFI rating system R—Risk Management An evaluation of the ability of the BHC's board of directors and senior management to identify, measure, monitor, and control risk The rating is supported by four subcomponent ratings: • Board and Senior Management Oversight • Policies, Procedures, and Limits • Risk Monitoring and Management Information Systems • Internal Controls Assessment of the effectiveness of a firm's governance and risk management practices is central to the Governance and Controls component rating. The Governance and Controls rating evaluates a firm's effectiveness in aligning strategic business objectives with risk management capabilities; maintaining strong and independent risk management and control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise providing for the ongoing resiliency of the firm. Governance and risk management practices specifically related to maintaining financial strength and resilience are also incorporated into the Capital Planning and Positions and Liquidity Risk Management and Positions component ratings. F—Financial Condition An evaluation of the consolidated organization's financial strength The rating is supported by four subcomponent ratings: • Capital Adequacy • Asset Quality • Earnings • Liquidity Assessment of a firm's financial strength and resilience is specifically evaluated through the Capital Planning and Positions and Liquidity Risk Management and Positions component ratings. These component ratings assess the effectiveness of associated planning and risk management processes, and the sufficiency of related positions. Although asset quality and earnings are not rated separately, they continue to be important elements in assessing a firm's safety and soundness and resiliency, and are important considerations within each of the LFI component ratings. I—Impact An assessment of the potential impact of the firm's nondepository entities on its subsidiary depository institution(s) Although a separate “Impact” rating would not be assigned, the LFI rating system would assess a firm's ability to protect the safety and soundness of its subsidiary depository institutions, including whether the firm can provide financial and managerial strength to its subsidiary depository institutions.38 D—Depository Institutions Generally reflects the composite CAMELS rating assigned by the primary supervisor of the subsidiary depository institution(s).39 A separate rating for a firm's depository institution subsidiaries would not be assigned. The Federal Reserve will continue to rely to the fullest extent possible on supervisory assessments developed by the primary supervisor of the subsidiary depository institution(s). C—Composite Rating The overall composite assessment of the BHC as reflected by the R, F, and I ratings, and supported by examiner judgment with respect to the relative importance of each component to the safe and sound operation of the BHC A standalone composite rating would not be assigned. The three LFI component ratings are designed to clearly communicate supervisory assessments and associated consequences for each of the core areas (capital, liquidity and governance and controls) considered critical to an LFI's strength and resilience. For purposes of determining whether a firm is “well managed,” the three component ratings taken together would be treated as equivalent to a standalone composite rating. Each component must be rated either “Satisfactory” or “Satisfactory Watch” in order for a firm to be deemed “well managed.” XI. Request for Comments
The Board invites comments on all aspects of the proposed LFI rating system, including responses to the following questions:
(1) Are there specific considerations beyond those outlined in this proposal that should be considered in the Federal Reserve's assessment of whether an LFI has sufficient financial and operational strength and resilience to maintain safe and sound operations?
(2) Does the proposal clearly describe the firms that would be subject to the LFI rating system, and those firms that would continue to be subject to the RFI rating system?
(3) Does the proposal clearly describe the supervisory expectations for senior management in the evaluation of a firm's governance and controls under the proposed LFI rating system?
(4) Does the proposal clearly describe how and under what circumstances a “Satisfactory Watch” rating would or would not be assigned? Does that rating provide appropriate messaging and incentives to firms to correct identified deficiencies?
(5) Should the LFI rating system be revised at a future date to assess the sufficiency of a firm's resolution planning efforts undertaken to reduce the impact on the financial system in the event of the firm's failure? If yes, what should the Federal Reserve specifically consider in conducting that assessment?
(6) Are there options that should be considered to enhance the transparency of LFI ratings in order to incent more timely and comprehensive remediation of supervisory deficiencies or issues?
(7) What specific issues should the Federal Reserve consider when using the LFI rating system to inform future revisions to other supervisory rating systems used to assess the U.S. operations of foreign banking organizations?
XII. Regulatory Analysis
A. Paperwork Reduction Act
There is no collection of information required by this proposal that would be subject to the Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq.
B. Regulatory Flexibility Analysis
The Board is providing an initial regulatory flexibility analysis with respect to this proposed rule. The Regulatory Flexibility Act, 5 U.S.C. 601 et seq. (RFA), generally requires an agency to assess the impact a rule is expected to have on small entities. The RFA requires an agency either to provide an initial regulatory flexibility analysis with a proposed rule for which a general notice of proposed rulemaking is required or to certify that the proposed rule will not have a significant impact on a substantial number of small entities. Based on the Board's analysis Start Printed Page 39058and for the reasons stated below, the Board believes that neither the proposed LFI rating system nor the proposed rule will have a significant economic impact on a substantial number of small entities. A final regulatory flexibility analysis will be conducted after comments received during the public comment period have been considered.
Under regulations issued by the Small Business Administration, a small entity includes a depository institution, bank holding company, or savings and loan holding company with assets of $550 million or less (small banking organizations). As of June 1, 2017, there were approximately 3,539 small banking organizations. As described above, the proposed LFI rating system would apply only to all bank holding companies with total consolidated assets of $50 billion or more; all non-insurance, non-commercial savings and loan holding companies with total consolidated assets of $50 billion or more; and U.S. intermediate holding companies of foreign banking organizations established pursuant to section 252.153 of the Federal Reserve's Regulation YY. Small banking organizations would therefore not be subject to the proposed LFI rating system. Similarly, the proposed rule would make conforming changes to several regulations to reflect certain aspects of the proposed LFI rating system, but would not change the operation of those regulations for any entity that would not be subject to the proposed LFI rating system. As a result, neither the proposed LFI rating system nor the proposed rule should have any impact on small banking organizations. In light of the foregoing, the Board believes that the proposed LFI rating system will not have a significant economic impact on small banking organizations supervised by the Board.
C. Solicitation of Comments on Use of Plain Language
Section 722 of the Gramm-Leach-Bliley Act requires the Board to use plain language in all proposed and final rules published after January 1, 2000. The Board invites comment on how to make this proposed rule easier to understand. For example:
- Has the Board organized the material to suit your needs? If not, how could the proposal be more clearly stated?
- Does the proposal contain technical language or jargon that is not clear? If so, what language requires clarification?
- Would a different format (grouping and order of sections, use of headings, paragraphing) make the proposal easier to understand? If so, what changes would make the proposal easier to understand?
- Would more, but shorter, sections be better? If so, what sections should be changed?
- What else could the Board do to make the proposal easier to understand?
List of Subjects
12 CFR Part 211
- Exports
- Federal Reserve System
- Foreign banking
- Holding companies
- Investments
- Reporting and recordkeeping requirements
12 CFR Part 238
- Administrative practice and procedure
- Banks
- Banking
- Federal Reserve System
- Holding companies
- Reporting and recordkeeping requirements
Authority and Issuance
For the reasons stated in the preamble, the Board proposes to amend 12 CFR parts 211 and 238 as follows:
Start PartPART 211—INTERNATIONAL BANKING OPERATIONS (REGULATION K)
End Part Start Amendment Part1. The authority citations for part 211 continues to read as follows: 12 U.S.C. 221 et seq., 1818, 1835a, 1841 et seq., 3101 et seq., 3901 et seq., and 5101 et seq.; 15 U.S.C. 1681s, 1681w, 6801 and 6805.
End Amendment Part Start Amendment Part2. Section 211.2 is amended by revising paragraph (z) to read as follows:
End Amendment PartDefinitions.* * * * *(z) Well managed means that the Edge or agreement corporation, any parent insured bank, and the bank holding company either received a composite rating of 1 or 2 or is considered satisfactory under the applicable rating system, and has at least a satisfactory rating for management if such a rating is given, at their most recent examination or review.
3. Section 211.9 is amended by revising paragraph (a) to read as follows:
End Amendment PartInvestment Procedures.* * * * *(a) * * *
(2) Composite rating. Except as the Board may otherwise determine, in order for an investor to make investments under the general consent or limited general consent procedures of paragraphs (b) and (c) of this section, at the most recent examination the investor and any parent insured bank must have either received a composite rating of at least 2 or be considered satisfactory under the applicable rating system.
PART 238—SAVINGS AND LOAN HOLDING COMPANIES (REGULATION LL)
End Part Start Amendment Part1. The authority citations for part 211 continues to read as follows:
End Amendment Part Start Amendment Part2. Section 238.54 is amended by revising paragraph (a)(1) to read as follows:
End Amendment PartPermissible bank holding company activities of savings and loan holding companies.(a) * * *
(1) The holding company received a rating of satisfactory or above prior to January 1, 2008, or thereafter, either received a composite rating of “1” or “2” or be considered satisfactory under the applicable rating system in its most recent examination, and is not in a troubled condition as defined in § 238.72, and the holding company does not propose to commence the activity by an acquisition (in whole or in part) of a going concern; or
* * * * *Appendix A
Note: This Appendix A will not be published in the Code of Federal Regulations.
Text of Proposed Large Financial Institution Rating System
A. Overview of LFI Rating System
The Federal Reserve will use the large financial institution (LFI) rating system to evaluate and communicate the condition and prospects of domestic bank holding companies with total consolidated assets of $50 billion or more, certain savings and loan holding companies with total consolidated assets of $50 billion or more, and U.S. intermediate holding companies of foreign banking organizations.[1] The LFI rating system will replace the existing RFI/C(D) rating system that is presently used by the Federal Reserve to assign ratings to applicable holding companies.[2]
The LFI rating system draws from the supervisory objectives set forth in the Start Printed Page 39059 Consolidated Supervisory Framework for Large Financial Institutions for enhanced financial and operational strength and resilience for the largest and most systemically important firms.[3] The LFI rating system is designed to:
- Fully align with the Federal Reserve's current supervisory programs and practices, which are based upon the LFI supervision framework's core objectives of reducing the probability of LFIs failing or experiencing material distress and reducing the risk to U.S. financial stability;
- Enhance the clarity and consistency of supervisory assessments and communications of supervisory findings and implications; and
- Provide appropriate incentives for LFIs to maintain financial and operational strength and resilience, including compliance with laws and regulations, by more clearly defining the consequences of a given rating.
Consistent with current practice, LFI ratings will be assigned and communicated to firms on at least an annual basis, and more frequently as warranted to reflect the conclusions of supervisory activities performed by the Federal Reserve. In determining the LFI rating and identifying supervisory issues requiring corrective action by a firm, the Federal Reserve will generally rely to the fullest extent possible on the information and assessments developed by other relevant supervisors and functional regulators.
B. LFI Rating Framework
The LFI rating framework provides a supervisory evaluation of whether a firm possesses sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions.[4]
The LFI rating system is comprised of three components, described below:
- Capital Planning and Positions: An evaluation of (i) the effectiveness of a firm's governance and planning processes used to determine the amount of capital necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's capital positions to comply with applicable regulatory requirements and to support the firm's ability to continue to serve as a financial intermediary through a range of conditions.
- Liquidity Risk Management and Positions: An evaluation of (i) the effectiveness of a firm's governance and risk management processes used to determine the amount of liquidity necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's liquidity positions to comply with applicable regulatory requirements and to support the firm's ongoing obligations through a range of conditions.
- Governance and Controls: An evaluation of the effectiveness of a firm's (i) board of directors, (ii) management of core business lines and independent risk management and controls, and (iii) recovery planning (for domestic LISCC firms only).[5] This rating assesses a firm's effectiveness in aligning strategic business objectives with the firm's risk tolerance and risk management capabilities; maintaining strong, effective, and independent risk management and control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise planning for the ongoing resiliency of the firm.[6]
Assignment of the LFI Component Ratings
Each LFI component rating is assigned along a multi-level scale (Satisfactory/Satisfactory Watch, Deficient-1, and Deficient-2). A “Satisfactory” rating indicates that the firm is considered safe and sound and broadly meets supervisory expectations. A “Satisfactory Watch” rating is a conditional “Satisfactory” rating and is discussed in greater detail below. A “Deficient-1” rating indicates that although the firm's current condition is not considered to be materially threatened, there are financial and/or operational deficiencies that put its prospects for remaining safe and sound through a range of conditions at significant risk. A “Deficient-2” rating indicates that financial and/or operational deficiencies materially threaten the firm's safety and soundness, or have already put the firm in an unsafe and unsound condition.
Supervisors may assign a “Satisfactory Watch” component rating which indicates that the firm is generally considered safe and sound; however certain issues are sufficiently material that, if not resolved in a timely manner in the normal course of business, would put the firm's prospects for remaining safe and sound through a range of conditions at risk.[7] Use of the “Satisfactory Watch” rating is consistent with existing supervisory practice of giving notice that the Federal Reserve is likely to downgrade a firm to a less-than-satisfactory rating if identified weaknesses are not resolved in a timely manner. The “Satisfactory Watch” rating may also be used for firms previously rated “Deficient” when circumstances warrant.
A “Satisfactory Watch” rating is not intended to be used for a prolonged period. Firms that receive a “Satisfactory Watch” rating will have a specified timeframe to fully resolve issues leading to that rating (as is the case with all supervisory issues), generally no longer than 18 months.[8] If the firm Start Printed Page 39060successfully resolves the issues leading to the “Satisfactory Watch” rating, the firm would typically be upgraded to “Satisfactory” as it has demonstrated an ability to successfully remediate or mitigate these issues in a timely manner in the normal course of business. However, if the firm fails to timely remediate or mitigate those issues, this failure would generally be viewed as evidence that the firm lacks sufficient financial and/or operational capabilities to remain safe and sound through a range of conditions. In these instances the firm would typically be downgraded to a “Deficient” rating.
When a firm is rated “Satisfactory Watch,” supervisors would focus on determining whether a firm's issues are related to each other, similar in nature or root cause, or constitute a pattern reflecting deeper governance or risk management weaknesses, warranting a downgrade to a “Deficient” rating.
The weighting of individual elements within each LFI component rating will depend on their relative contribution to the rating definitions outlined below. For example, a limited number of significant deficiencies—or even just one significant deficiency—noted for management of a single core business line could be viewed as sufficiently important to warrant a “Deficient” Governance and Controls component rating, even if the firm meets supervisory expectations under the Governance and Controls component in all other respects.
A standalone composite rating is not assigned under the LFI rating system. The three LFI component ratings are designed to clearly communicate supervisory assessments and associated consequences to a firm for the core areas (capital, liquidity, and governance and controls) considered critical to an LFI's strength and resilience.
Under the LFI rating system, a firm must be rated “Satisfactory” or “Satisfactory Watch” for each of its component ratings to be considered “well managed” in accordance with various statutes and regulations.[9] A “well managed” firm has sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions.
C. LFI Rating Components
The LFI rating system is comprised of three component ratings: [10]
1. Capital Planning and Positions Component Rating
The Capital Planning and Positions component rating evaluates (i) the effectiveness of a firm's governance and planning processes used to determine the amount of capital necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's capital positions to comply with applicable regulatory requirements and to support the firm's ability to continue to serve as a financial intermediary through a range of conditions.
In developing this rating, the Federal Reserve will evaluate:
- Capital Planning: The extent to which a firm maintains sound capital planning practices though strong governance and oversight; strong risk management and controls; maintenance of updated capital policies and contingency plans for addressing potential shortfalls; and incorporation of appropriately stressful conditions and events into capital planning and projections of capital positions; and
- Capital Positions: The extent to which a firm's capital is sufficient to comply with regulatory requirements, and to support its ability to meet its obligations to depositors, creditors, and other counterparties and continue to serve as a financial intermediary through a range of conditions.
Definitions for the Capital Planning and Positions Component Rating
Satisfactory
A firm's capital planning and positions are considered sound and broadly meet supervisory expectations. Specifically:
- A firm is capable of producing sound assessments of capital adequacy through a range of conditions; and
- A firm's current and projected capital positions comply with regulatory requirements, and support its ability to absorb current and potential losses, to meet obligations, and to continue to serve as a financial intermediary through a range of conditions.
Although a firm rated “Satisfactory” may have supervisory issues requiring corrective action, the firm is effectively mitigating the issues or the Federal Reserve has deemed the issues as unlikely to present a threat to the firm's ability to maintain safe and sound operations.
Satisfactory Watch
In select circumstances, a “Satisfactory Watch” component rating may be assigned. In these instances a firm's capital planning and positions are generally considered sound; however certain supervisory issues are sufficiently material that, if not resolved by the firm in a timely manner during the normal course of business, would put the firm's prospects for remaining safe and sound through a range of conditions at risk.
A “Satisfactory Watch” rating may be assigned to a firm that meets these characteristics regardless of its prior rating (that is, it may be assigned to a firm previously rated “Satisfactory” or “Deficient”). In either instance, the Federal Reserve will not use the “Satisfactory Watch” rating for a prolonged period. In most instances, the firm will either (i) resolve the issues in a timely manner and be assigned a “Satisfactory” rating, or (ii) fail to resolve the issues and be downgraded to a “Deficient” rating, as its inability to resolve those issues in a timely manner would indicate that the firm does not possess sufficient financial and operational capabilities to maintain its safety and soundness through a range of conditions.
The Federal Reserve will provide an expected timeframe for the firm to remediate or mitigate each issue leading to the “Satisfactory Watch” rating, and will closely monitor the firm's progress.
Deficient-1
Although a firm's current condition is not considered to be materially threatened, there are deficiencies in capital planning or positions that put its prospects for remaining safe and sound through a range of conditions at significant risk. Its practices and capabilities do not meet supervisory expectations, as:
- Deficiencies in a firm's capital planning processes are not effectively mitigated. These deficiencies limit the firm's ability to effectively assess capital adequacy through a range of conditions; and/or
- A firm's projected capital positions may be insufficient to absorb potential losses, and to support its ability to meet prospective obligations and serve as a financial intermediary through a range of conditions.
These deficiencies require timely corrective action focused on restoring and maintaining capital planning capabilities and capital positions consistent with assignment of a “Satisfactory” component rating. To support supervisory efforts—and ensure the immediate attention of the firm's board and senior management towards restoring financial and operational strength and resilience as necessary to maintain the firm's safety and soundness through a range of conditions—there is a strong presumption that the firm will be subject to an informal or formal enforcement action by the Federal Reserve.
A “Deficient-1” component rating could be a barrier for a firm seeking the Federal Reserve's approval of a proposal to engage in new or expansionary activities, unless the firm can demonstrate that (i) it is making meaningful, sustained progress in resolving identified deficiencies and issues; (ii) the proposed new or expansionary activities would not present a risk of exacerbating current deficiencies or issues or lead to new concerns; and (iii) the proposed activities would not distract the board or senior management from remediating current deficiencies or issues.
Deficient-2
Deficiencies in a firm's capital planning or positions present a material threat to its safety and soundness, or have already put the firm in an unsafe and unsound condition. Its practices and capabilities fall well short of supervisory expectations, as:
- A firm's capital planning processes are insufficient to effectively assess capital adequacy through a range of conditions; and/or
- A firm's current and projected capital positions are insufficient to absorb current or potential losses, and to support its ability to meet current and prospective obligations and serve as a financial intermediary through a range of conditions.Start Printed Page 39061
To address these deficiencies, a firm is required to (i) implement comprehensive corrective measures sufficient to restore and maintain satisfactory capital planning capabilities and adequate capital positions; and (ii) demonstrate the sufficiency, credibility, and readiness of contingency planning and options in the event of further escalation of financial or operational deficiencies. To support supervisory efforts and ensure the immediate attention of the firm's board and senior management in addressing threats to safety and soundness, there is a strong presumption that the firm will be subject to a formal enforcement action.
The Federal Reserve would be extremely unlikely to approve any proposal from a firm with a “Deficient-2” rating to engage in new or expansionary activities.
2. Liquidity Risk Management and Positions Component Rating
The Liquidity Risk Management and Positions component rating evaluates (i) the effectiveness of a firm's governance and risk management processes used to determine the amount of liquidity necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's liquidity positions to comply with applicable regulatory requirements and to support the firm's ongoing obligations through a range of conditions.
In developing this rating, the Federal Reserve will evaluate:
- Liquidity Risk Management: The extent to which a firm maintains sound liquidity risk management practices though strong governance and oversight; strong risk management and controls; maintenance of updated liquidity policies and contingency plans for addressing potential shortfalls; and incorporation of appropriately stressful conditions and events into liquidity planning and projections of liquidity positions; and
- Liquidity Positions: The extent to which a firm's liquidity is sufficient to comply with regulatory requirements, and to support its ability to meet current and prospective obligations to depositors, creditors and other counterparties through a range of conditions.
Definitions for the Liquidity Risk Management and Positions Component Rating
Satisfactory
A firm's liquidity risk management and positions are considered sound and broadly meet supervisory expectations. Specifically:
- A firm is capable of producing sound assessments of liquidity adequacy through a range of conditions; and
- A firm's current and projected liquidity positions comply with regulatory requirements, and support its ability to meet current and prospective obligations and to continue to serve as a financial intermediary through a range of conditions.
Although a firm rated “Satisfactory” may have supervisory issues requiring corrective action, the firm is effectively mitigating the issues or the Federal Reserve has deemed the issues as unlikely to present a threat to the firm's ability to maintain safe and sound operations.
Satisfactory Watch
In select circumstances, a “Satisfactory Watch” component rating may be assigned. In these instances a firm's liquidity risk management and positions are generally considered sound; however certain supervisory issues are sufficiently material that, if not resolved by the firm in a timely manner during the normal course of business, would put the firm's prospects for remaining safe and sound through a range of conditions at risk.
A “Satisfactory Watch” rating may be assigned to a firm that meets these characteristics regardless of its prior rating (that is, it may be assigned to a firm previously rated “Satisfactory” or “Deficient”). In either instance, the Federal Reserve will not use the “Satisfactory Watch” rating for a prolonged period. In most instances, the firm will either (i) resolve the issues in a timely manner and be assigned a “Satisfactory” rating, or (ii) fail to resolve the issues and be downgraded to a “Deficient” rating, as its inability to resolve those issues in a timely manner would indicate that the firm does not possess sufficient financial and operational capabilities to maintain its safety and soundness through a range of conditions.
The Federal Reserve will provide an expected timeframe for the firm to remediate or mitigate each issue leading to the “Satisfactory Watch” rating, and will closely monitor the firm's progress.
Deficient-1
Although a firm's current condition is not considered to be materially threatened, there are deficiencies in liquidity risk management or positions that put its prospects for remaining safe and sound through a range of conditions at significant risk. Its practices and capabilities do not meet supervisory expectations, as:
- Deficiencies in a firm's liquidity risk management processes are not effectively mitigated. These deficiencies limit the firm's ability to effectively assess liquidity adequacy through a range of conditions; and/or
- A firm's projected liquidity positions may be insufficient to support its ability to meet prospective obligations and serve as a financial intermediary through a range of conditions.
These deficiencies require timely corrective action, focused on restoration and maintenance of liquidity risk management capabilities and liquidity positions consistent with assignment of a “Satisfactory” component rating. To support supervisory efforts—and ensure the immediate attention of the firm's board and senior management towards restoring financial and operational strength and resilience as necessary to maintain the firm's safety and soundness through a range of conditions—there is a strong presumption that the firm will be subject to an informal or formal enforcement action by the Federal Reserve.
A “Deficient-1” component rating could be a barrier for a firm seeking the Federal Reserve's approval of a proposal to engage in new or expansionary activities, unless the firm can demonstrate that (i) it is making meaningful, sustained progress in resolving identified deficiencies and issues; (ii) the proposed new or expansionary activities would not present a risk of exacerbating current deficiencies or issues or lead to new concerns; and (iii) the proposed activities would not distract the board or senior management from remediating current deficiencies or issues.
Deficient-2
Deficiencies in a firm's liquidity risk management or positions present a material threat to its safety and soundness, or have already put the firm in an unsafe and unsound condition. Its practices and capabilities fall well short of supervisory expectations, as:
- A firm's liquidity risk management processes are insufficient to perform an effective assessment of liquidity adequacy through a range of conditions; and/or
- A firm's current and projected liquidity positions are insufficient to support its ability to meet current and prospective obligations and serve as a financial intermediary through a range of conditions.
To address these material deficiencies, a firm is required to immediately (i) implement comprehensive corrective measures sufficient to provide for the restoration and continued maintenance of satisfactory liquidity risk management capabilities and adequate liquidity positions; and (ii) demonstrate the sufficiency, credibility and readiness of contingency planning and options in the event of further escalation of financial or operational deficiencies. To support supervisory efforts and ensure the immediate attention of the firm's board and senior management in addressing threats to safety and soundness, there is a strong presumption that the firm will be subject to a formal enforcement action.
The Federal Reserve would be extremely unlikely to approve any proposal from a firm with a “Deficient-2” rating to engage in new or expansionary activities.
3. Governance and Controls Component Rating
The Governance and Controls component rating evaluates the effectiveness of a firm's (i) board of directors, (ii) management of core business lines and independent risk management and controls, and (iii) recovery planning (for domestic LISCC firms only). This rating assesses a firm's effectiveness in aligning strategic business objectives with the firm's risk tolerance and risk management capabilities; maintaining strong, effective, and independent risk management and control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise providing for the ongoing resiliency of the firm.[11]
In developing this rating, the Federal Reserve will evaluate:
- Effectiveness of the Board of Directors: The extent to which the board exhibits attributes consistent with those of effective boards in carrying out its core roles and Start Printed Page 39062responsibilities, including setting a clear strategy for the firm that aligns with the firm's risk tolerance; actively managing information flow and board discussions; holding senior management accountable for implementing the firm's strategy and risk tolerance in an effective manner, and for maintaining the firm's risk management and control framework; supporting the independence and stature of the firm's independent risk management and internal audit functions; and maintaining its effectiveness by adapting its composition, governance structure and practices to changes that occur over time.
- Management of Core Business Lines and Independent Risk Management and Controls
The extent to which:
○ Senior management effectively and prudently manages the day-to-day operations of the firm and provides for ongoing resiliency; implements the firm's strategy and risk tolerance; maintains an effective risk management framework and system of internal controls; and promotes prudent risk taking behaviors and business practices, including compliance with laws and regulations.
○ Core business line management executes business line activities consistent with the firm's strategy and risk tolerance; identifies and manages risks; and ensures an effective system of internal controls for its operations.
○ Independent risk management effectively evaluates whether the firm's risk tolerance appropriately captures material risks and is consistent with the firm's risk management capacity; establishes and monitors risk limits that are consistent with the firm's risk tolerance; identifies and measures the firm's risks; and aggregates, assesses and reports on the firm's risk profile and positions. Additionally, the firm demonstrates that its system of internal controls is appropriate and tested for effectiveness. Finally, internal audit effectively and independently assesses the firm's risk management framework and internal control systems, and reports findings to senior management and the firm's audit committee.
- Recovery Planning (domestic LISCC firms only): The extent to which recovery planning processes effectively identify options that provide a reasonable chance of a firm being able to remedy financial weakness and restore market confidence without extraordinary official sector support.
Definitions for the Governance and Controls Component Rating
Satisfactory
A firm's governance and control practices are considered sound and broadly meet supervisory expectations. Specifically, a firm's practices and capabilities are sufficient to align strategic business objectives with the firm's risk tolerance and risk management capabilities; maintain strong and independent risk management and control functions, including internal audit; promote compliance with laws and regulations; and otherwise provide for the firm's ongoing resiliency through a range of conditions.
Although a firm rated “Satisfactory” may have supervisory issues requiring corrective action, the firm is effectively mitigating the issues or the Federal Reserve has deemed the issues as unlikely to present a threat to the firm's ability to maintain safe and sound operations.
Satisfactory Watch
Supervisors may assign a “Satisfactory Watch” component rating, which indicates that governance and controls are generally considered sound; however certain supervisory issues are sufficiently material that, if not resolved by the firm in a timely manner during the normal course of business, would put the firm's prospects for remaining safe and sound through a range of conditions at risk.
A “Satisfactory Watch” rating may be assigned to a firm which meets these characteristics regardless of its prior rating (that is, it may be assigned to a firm previously rated “Satisfactory” or “Deficient”). In either instance, the Federal Reserve will not use the “Satisfactory Watch” rating for a prolonged period. In most instances, the firm will either (i) resolve the issues in a timely manner and be assigned a “Satisfactory” rating, or (ii) fail to resolve the issues and be downgraded to a “Deficient” rating, as its inability to resolve those issues in a timely manner would indicate that the firm does not possess sufficient financial and operational capabilities to maintain its safety and soundness through a range of conditions.
The Federal Reserve will provide an expected timeframe for the firm to remediate or mitigate each issue leading to the “Satisfactory Watch” rating, and will closely monitor the firm's progress.
Deficient-1
Although a firm's current condition is not considered to be materially threatened, there are deficiencies in a firm's governance or controls that put its prospects for remaining safe and sound through a range of conditions at significant risk.
The firm's practices and capabilities do not meet supervisory expectations, and deficiencies limit its ability to align strategic business objectives with the firm's risk tolerance and risk management capabilities; maintain strong and independent risk management and control functions, including internal audit; promote compliance with laws and regulations; and/or otherwise provide for the firm's ongoing resiliency through a range of conditions.
These deficiencies require timely corrective action by the firm, focused on restoring and maintaining its governance and control capabilities consistent with a “Satisfactory” component rating. To support supervisory efforts—and ensure the immediate attention of the firm's board and senior management towards restoring financial and operational strength and resilience as necessary to maintain the firm's safety and soundness through a range of conditions—there is a strong presumption that the firm will be subject to an informal or formal enforcement action by the Federal Reserve.
A “Deficient-1” component rating could be a barrier for a firm seeking the Federal Reserve's approval of a proposal to engage in new or expansionary activities, unless the firm can demonstrate that (i) it is making meaningful, sustained progress in resolving identified deficiencies and issues; (ii) the proposed new or expansionary activities would not present a risk of exacerbating current deficiencies or issues or lead to new concerns; and (iii) the proposed activities would not distract the board or senior management from remediating current deficiencies or issues.
Deficient-2
Deficiencies in a firm's governance or controls present a material threat to its safety and soundness, or have already put the firm in an unsafe and unsound condition.
Its practices and capabilities fall well short of supervisory expectations, and are insufficient to align strategic business objectives with the firm's risk tolerance and risk management capabilities; maintain strong and independent risk management and control functions, including internal audit; promote compliance with laws and regulations; and/or otherwise provide for the firm's ongoing resiliency.
To address these material deficiencies, a firm is required to (i) implement comprehensive corrective measures sufficient to restore and maintain appropriate governance and control capabilities; and (ii) demonstrate the sufficiency, credibility and readiness of contingency planning and options in the event of further escalation of financial or operational deficiencies. To support supervisory efforts and ensure the immediate attention of the firm's board and senior management in addressing threats to safety and soundness, there is a strong presumption that the firm will be subject to a formal enforcement action.
The Federal Reserve would be extremely unlikely to approve any proposal from a firm with a “Deficient-2” rating to engage in new or expansionary activities.
By order of the Board of Governors of the Federal Reserve System, August 3, 2017.
Margaret McCloskey Shanks,
Deputy Secretary of the Board.
Footnotes
1. See the list of firms included in the LISCC supervisory program at https://www.federalreserve.gov/bankinforeg/large-institution-supervision.htm.
Back to Citation2. Several LFIs which are not LISCC firms are subject to the Federal Reserve's Comprehensive Capital Analysis and Review (CCAR).
Back to Citation3. See SR letter 12-17/CA letter 12-14, “Consolidated Supervision Framework for Large Financial Institutions,” (referred to as “SR letter 12-17” in this notice) at http://www.federalreserve.gov/bankinforeg/srletters/sr1217.htm.
Back to Citation4. “Financial strength and resilience” is defined as maintaining effective capital and liquidity governance and planning processes, and sufficiency of related positions, to provide for continuity of the consolidated organization and its core business lines, critical operations, and banking offices through a range of conditions.
“Operational strength and resilience” is defined as maintaining effective governance and controls to provide for continuity of the consolidated organization and its core business lines, critical operations, and banking offices, and promote compliance with laws and regulations, including those related to consumer protection, through a range of conditions.
“Critical operations” are a firm's operations, including associated services, functions and support, the failure or discontinuance of which, in the view of the firm or the Federal Reserve would pose a threat to the financial stability of the United States.
Under SR letter 12-17, “banking offices” are defined as U.S. depository institution subsidiaries and the U.S. branches and agencies of foreign banking organizations (FBOs). The Federal Reserve expects to use the LFI rating system to inform future revisions to other supervisory rating systems used to assess the U.S. operations of FBOs.
Back to Citation5. See SR letter 04-18, “Bank Holding Company Rating System,” 69 FR 70444 (December 6, 2004), at https://www.federalreserve.gov/boarddocs/srletters/2004/sr0418.htm.
The Federal Reserve has only applied the RFI rating system to saving and loan holding companies (SLHCs) on an indicative basis since assuming supervisory responsibility for those firms from the Office of Thrift Supervision in 2011. The Federal Reserve has proposed to apply the RFI rating system to SLHCs on a fully implemented basis, excluding SLHCs engaged in significant insurance or commercial activities. See 81 FR 89941 (December 13, 2016).
Back to Citation6. The proposed LFI rating system does not include subcomponent ratings.
Back to Citation7. See SR letter 15-18, “Federal Reserve Supervisory Assessment of Capital Planning and Positions for LISCC Firms and Large and Complex Firms,” at https://www.federalreserve.gov/supervisionreg/srletters/sr1518.htm.
Under SR letter 15-18, a “large and complex firm” is defined as any domestic BHC or intermediate holding company (IHC) that is not a LISCC firm and that has total consolidated assets of $250 billion or more or consolidated total on-balance sheet foreign exposure of $10 billion or more.
Back to Citation8. See SR letter 15-19, “Federal Reserve Supervisory Assessment of Capital Planning and Positions for Large and Noncomplex Firms,” at https://www.federalreserve.gov/supervisionreg/srletters/sr1519.htm.
Back to Citation9. These requirements include the Board's Liquidity Coverage Ratio (LCR) rule in Regulation WW and the liquidity risk management and stress testing requirements in Regulation YY. See 12 CFR part 249 and 12 CFR 252.34-35 and 252.156-157.
Back to Citation10. “Board” or “board of directors” also refers to committees of the board of directors, as appropriate.
At this time, recovery planning expectations only apply to domestic BHCs subject to the Federal Reserve's LISCC supervisory framework. See SR letter 14-8, “Consolidated Recovery Planning for Certain Large Domestic Bank Holding Companies.” Should the Federal Reserve expand the scope of recovery planning expectations to encompass additional firms, this rating will reflect such expectations for the broader set of firms.
There are eight domestic firms in the LISCC portfolio: (1) Bank of America Corporation; (2) Bank of New York Mellon Corporation; (3) Citigroup, Inc.; (4) Goldman Sachs Group, Inc.; (5) JP Morgan Chase & Co.; (6) Morgan Stanley; (7) State Street Corporation; and (8) Wells Fargo & Company. In this guidance, these eight firms may collectively be referred to as “domestic LISCC firms.”
Back to Citation11. “Risk tolerance” is defined as the aggregate level and types of risk the board and senior management are willing to assume to achieve the firm's strategic business objectives, consistent with applicable capital, liquidity, and other requirements and constraints.
Back to Citation12. References to “safe and sound” or “safety and soundness” in the proposed LFI rating system also refer to a firm's consolidated organization and its critical operations and banking offices.
Back to Citation13. The timeframe initially specified by the Federal Reserve for resolving issues will become more precise over time, and may be extended as circumstances warrant. As noted in current guidance, defined timeframes for resolving supervisory issues are communicated within either “Matters Requiring Attention” (MRAs) or “Matters Requiring Immediate Attention” (MRIAs). See SR letter 13-13/CA letter 13-10, “Supervisory Considerations for the Communication of Supervisory Findings,” at https://www.federalreserve.gov/supervisionreg/srletters/sr1313.htm (referred to as “SR letter 13-13” in this notice). Proposed guidance which would replace SR letter 13-13 has been released for public comment concurrent with this proposal and is discussed below in Section VII, “Related Proposed Guidance.” An enforcement action will also specify the timeframe for a firm to resolve deficiencies.
Back to Citation14. See SR letter 95-51, “Rating the Adequacy of Risk Management Processes and Internal Controls at State Member Banks and Bank Holding Companies,” at https://www.federalreserve.gov/boarddocs/srletters/1995/sr9551.htm.
Back to Citation15. See SR letter 15-18 and SR letter 15-19.
Back to Citation16. 12 U.S.C. 1841 et. seq. and 12 U.S.C. 1461 et seq. See, e.g., 12 CFR 225.4(b)(6), 225.14, 225.22(a), 225.23, 225.85, and 225.86; 12 CFR 211.9(b), 211.10(a)(14), and 211.34; and 12 CFR 223.41.
Back to Citation18. For purposes of determining whether a firm is considered to be “well managed” under section 2(o)(9) of the BHC Act, the Federal Reserve considers the three component ratings, taken together, to be equivalent to assigning a standalone composite rating. In addition, the RFI rating system designates the “Risk Management” rating as the “management” rating when making “well managed” determinations under section 2(o)(9)(A)(ii) of the BHC Act. See SR letter 04-8. In contrast, the proposed LFI rating system would not designate any of the three component ratings as a “management” rating, because each component evaluates different areas of the firm's management.
Back to Citation20. See 12 CFR 225.71(d).
Back to Citation21. See SR letter 12-17 and 12 CFR 252.153.
The Federal Reserve has only applied the RFI rating system to saving and loan holding companies (SLHCs) on an indicative basis since assuming supervisory responsibility for those firms from the Office of Thrift Supervision in 2011. The Federal Reserve has proposed to apply the RFI rating system to SLHCs on a fully implemented basis, excluding SLHCs engaged in significant insurance or commercial activities. See 81 FR 89941 (December 13, 2016).
Back to Citation22. See 12 CFR 261.20.
Back to Citation23. For example, if a firm rated under the proposed LFI rating system substantially reduces its total consolidated assets substantially below $45 billion through a sale or divestiture (but remains subject to Federal Reserve supervision), the Federal Reserve may immediately begin to apply the RFI rating system, rather than waiting for the firm's four-quarter average to fall below the $45 billion threshold described above.
Back to Citation24. “Federal Reserve-supervised institutions” includes bank holding companies, savings and loan holding companies, state member banks, U.S. operations of foreign banking organizations, and systemically important financial institutions designated by FSOC for supervision by the Federal Reserve.
Back to Citation25. The above section III, “Transition from the RFI Rating System to the LFI Rating System,” lists prominent examples of existing supervisory guidance currently utilized to assess the effectiveness of an LFI's governance and controls, including SR letters 95-51, 12-17, 15-18, and 15-19. Other recent examples of related guidance include SR letter 13-19/CA letter 13-21, “Guidance on Managing Outsourcing Risk,” at https://www.federalreserve.gov/supervisionreg/srletters/sr1319.htm and SR letter 13-1/CA letter 13-1, “Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing,” at https://www.federalreserve.gov/supervisionreg/srletters/sr1301.htm.
Back to Citation26. The discussion below relating to a firm's management of core business lines and independent risk management and controls would only be applicable to domestic LFIs. Adjustments to extend applicability of this guidance to the U.S. operations of FBOs may be made prior to issuing the guidance for public comment.
Back to Citation27. Hereinafter, when reference is made to “compliance with laws and regulations” in this guidance, this includes laws and regulations related to banking as well as to consumer protection.
Back to Citation28. All of the expectations for the management of CBLs described herein also apply to critical operations, which are central to the Federal Reserve's supervisory focus.
Back to Citation29. For large financial institutions that are not LISCC firms, a firm's CBLs should comprise at least 80 percent of total revenue in aggregate.
Back to Citation30. “CBL management” refers to the core group of individuals responsible for prudent day-to-day management of a core business line and accountable to senior management for that responsibility. Depending on a firm's organizational structure, CBL management may or may not be members of senior management.
Back to Citation31. For example, a CBL's system of controls should include access controls, change controls, and data integrity controls, including data reconciliations, variance analysis and data quality logic check.
Back to Citation32. See 12 CFR 252.33.
Back to Citation33. Other officers of the firm may oversee portions of functions involved in risk management and control activities. See SR letter 08-08/CA letter 08-11, “Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliance Profiles,” at https://www.federalreserve.gov/boarddocs/srletters/2008/SR0808.htm.
Back to Citation34. See SR letter 13-1/CA letter 13-1.
Back to Citation35. The Federal Reserve issued guidance outlining the key components of an effective internal audit function in SR letter 03-5, “Amended Interagency Guidance on the Internal Audit Function and its Outsourcing,” at https://www.federalreserve.gov/boarddocs/srletters/2003/sr0305.htm and followed that with supplemental guidance in SR letter 13-1/CA letter 13-1. The supplemental guidance builds upon the 2003 interagency guidance of SR letter 03-5 and further addresses the characteristics, governance, and operational effectiveness of a firm's internal audit function.
Back to Citation36. See SR letter 13-13.
Back to Citation37. The Board may propose additional necessary revisions to its regulations resulting from the adoption of a final LFI rating system.
Back to Citation38. See Sections 616 of DFA (financial strength), 12 CFR 225.4 of the Board's Regulation Y, and 12 CFR 238.8 of the Board's Regulation LL.
Back to Citation39. See SR letter 96-38, “Uniform Financial Institutions Rating System,” at http://www.federalreserve.gov/boarddocs/srletters/1996/sr9638.htm.
Back to Citation1. The LFI rating system will apply to non-insurance, non-commercial savings and loan holding companies with total consolidated assets of $50 billion or more. With respect to U.S. intermediate holding companies (IHCs) of foreign banking organizations (FBOs), the LFI rating system applies only to IHCs established under Regulation YY as required for FBOs with U.S. non-branch assets of $50 billion or more. Plans are for systemically important nonbank financial companies designated by the Financial Stability Oversight Council (FSOC) for supervision by the Federal Reserve to be subject to the LFI rating system at a future date through a separate rulemaking.
Back to Citation2. Refer to SR letter 04-18, “Bank Holding Company Rating System,” 69 FR 70444 (December 6, 2004), at https://www.federalreserve.gov/boarddocs/srletters/2004/sr0418.htm.
Back to Citation3. Refer to SR letter 12-17/CA letter 12-14, “Consolidated Supervisory Framework for Large Financial Institutions,” at http://www.federalreserve.gov/bankinforeg/srletters/sr1217.htm. This supervisory framework will be updated to more closely align with the LFI rating system when the rating system is released in its final form.
“Financial strength and resilience” is defined as maintaining effective capital and liquidity governance and planning processes, and sufficiency of related positions, to provide for continuity of the consolidated organization and its core business lines, critical operations, and banking offices through a range of conditions.
“Operational strength and resilience” is defined as maintaining effective governance and controls to provide for continuity of the consolidated organization and its core business lines, critical operations, and banking offices, and promote compliance with laws and regulations, including those related to consumer protection, through a range of conditions.
“Critical operations” are a firm's operations, including associated services, functions and support, the failure or discontinuance of which, in the view of the firm or the Federal Reserve would pose a threat to the financial stability of the United States.
Under SR letter 12-17, “banking offices” are defined as U.S. depository institution subsidiaries and the U.S. branches and agencies of FBOs. The Federal Reserve expects to use the LFI rating system to inform future revisions to other rating systems used to assess the U.S. operations of FBOs.
Back to Citation4. Hereinafter, when “safe and sound” or “safety and soundness” is used in this framework, related expectations apply to the consolidated organization and a firm's critical operations and banking offices.
Back to Citation5. References to “board” or “board of directors” in this framework includes the equivalent to a board of directors, as appropriate, as well as committees of the board of directors or the equivalent thereof, as appropriate.
A “business line” is a defined unit or function of a financial institution, including associated operations and support, that provides related products or services to meet the firm's business needs and those of its customers. “Core business lines” are defined as those business lines in which a significant control disruption, failure or loss event would result in a material loss of revenue, profit, franchise value, or result in significant consumer harm. Supervisory expectations applicable to management of core business lines apply equally to the management of critical operations. Additionally, critical operations are to be sufficiently resilient to be maintained, continued, and funded even in the event of a firm's material financial distress or failure.
At this time, recovery planning expectations only apply to domestic BHCs subject to the Federal Reserve's LISCC supervisory framework. Should the Federal Reserve expand the scope of recovery planning expectations to encompass additional firms, this rating will reflect such expectations for the broader set of firms.
There are eight domestic firms in the LISCC portfolio: (1) Bank of America Corporation; (2) Bank of New York Mellon Corporation; (3) Citigroup, Inc.; (4) Goldman Sachs Group, Inc.; (5) JP Morgan Chase & Co.; (6) Morgan Stanley; (7) State Street Corporation; and (8) Wells Fargo & Company. In this guidance, these eight firms may collectively be referred to as “domestic LISCC firms.”
Back to Citation6. “Risk tolerance” is defined as the aggregate level and types of risk the board and senior management are willing to assume to achieve the firm's strategic business objectives, consistent with applicable capital, liquidity, and other requirements and constraints.
Back to Citation7. For purposes of the LFI rating system, “during the normal course of business” is when the Federal Reserve believes that supervisory issues can be resolved via remediation or mitigation (through compensating controls and/or a reduced risk profile) in a timely manner without material changes to, or investments in, a firm's governance, risk management or internal control structures, practices, or capabilities.
Back to Citation8. The timeframe initially specified by the Federal Reserve for resolving issues will become more precise over time, and may be extended as circumstances warrant. As noted in current guidance, defined timeframes for resolving supervisory issues are communicated within either “Matters Requiring Attention” (MRAs) or “Matters Requiring Immediate Attention” (MRIAs). See SR letter 13-13/CA letter 13-10, “Supervisory Considerations for the Communication of Supervisory Findings,” at https://www.federalreserve.gov/supervisionreg/srletters/sr1313.htm. Proposed guidance which would replace SR letter 13-13 has been released for public comment. An enforcement action will also specify the timeframe for a firm to resolve deficiencies.
Back to Citation9. 12 U.S.C. 1841 et. seq. and 12 U.S.C. 1461 et seq. See, e.g., 12 CFR 225.4(b)(6), 225.14, 225.22(a), 225.23, 225.85, and 225.86; 12 CFR 211.9(b), 211.10(a)(14), and 211.34; and 12 CFR 223.41.
Back to Citation10. There may be instances where deficiencies or supervisory issues may be relevant to the Federal Reserve's assessment of more than one component area. As such, the LFI rating will reflect these deficiencies or issues within multiple rating components when necessary to provide a comprehensive supervisory assessment.
Back to Citation11. Hereinafter, references to “compliance with laws and regulations” include laws and regulations related to banking and consumer protection.
Back to Citation[FR Doc. 2017-16736 Filed 8-16-17; 8:45 am]
BILLING CODE 6210-01-P
Document Information
- Published:
- 08/17/2017
- Department:
- Federal Reserve System
- Entry Type:
- Proposed Rule
- Action:
- Notice of proposed rulemaking.
- Document Number:
- 2017-16736
- Dates:
- Comments must be received no later than October 16, 2017.
- Pages:
- 39049-39062 (14 pages)
- Docket Numbers:
- Docket No. R-1569
- RINs:
- 7100-AE82: Regulations K and LL--Large Financial Institution Rating System (Docket No: R-1569)
- RIN Links:
- https://www.federalregister.gov/regulations/7100-AE82/regulations-k-and-ll-large-financial-institution-rating-system-docket-no-r-1569-
- Topics:
- Administrative practice and procedure, Banks, banking, Banks, banking, Banks, banking, Banks, banking, Exports, Federal Reserve System, Foreign banking, Holding companies, Investments, Reporting and recordkeeping requirements
- PDF File:
- 2017-16736.pdf
- CFR: (3)
- 12 CFR 211.2
- 12 CFR 211.9
- 12 CFR 238.54