90 FR 133 pgs. 31641-31666 - Revisions to the Large Financial Institution Rating System and Framework for the Supervision of Insurance Organizations
Type: NOTICEVolume: 90Number: 133Pages: 31641 - 31666
Pages: 31641, 31642, 31643, 31644, 31645, 31646, 31647, 31648, 31649, 31650, 31651, 31652, 31653, 31654, 31655, 31656, 31657, 31658, 31659, 31660, 31661, 31662, 31663, 31664, 31665, 31666Docket number: [Docket No. OP-1868]
FR document: [FR Doc. 2025-13223 Filed 7-14-25; 8:45 am]
Agency: Federal Reserve System
Official PDF Version: PDF Version
[top]
FEDERAL RESERVE SYSTEM
[Docket No. OP-1868]
Revisions to the Large Financial Institution Rating System and Framework for the Supervision of Insurance Organizations
AGENCY:
Board of Governors of the Federal Reserve System (Board).
ACTION:
Notice and request for comment.
SUMMARY:
The Board is seeking comment on proposed revisions to its Large Financial Institution ("LFI") rating system ("LFI Framework") and the ratings system for depository institution holding companies significantly engaged in insurance activities, referred to as supervised insurance organizations ("Insurance Supervisory Framework," collectively with the LFI Framework, "Frameworks"), which is modeled on the LFI Framework. The proposal would revise the component ratings that a firm must receive to be considered "well managed" under the Frameworks. The proposed revisions reflect experience with the LFI Framework since its introduction in 2018. Specifically, the proposed changes aim to ensure that a firm's "well managed" status reflects that the firm has sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions, including stressful ones. The proposed revisions also seek to further align the application of the Frameworks with the operation of other existing supervisory ratings systems. The proposed revisions would not change the scope of firms to which the Frameworks apply. Other changes to the Frameworks and existing supervisory ratings systems will be considered in the future.
DATES:
Comments must be received by August 14, 2025.
ADDRESSES:
You may submit comments, identified by Docket No. OP-1868, by any of the following methods:
• Agency Website: https://www.federalreserve.gov/apps/proposals/. Follow the instructions for submitting comments, including attachments. Preferred Method.
• Mail: Ann E. Misback, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue NW, Washington, DC 20551.
• Hand Delivery/Courier: Same as mailing address.
• Other Means: publiccomments@frb.gov. You must include the docket number in the subject line of the message.
Comments received are subject to public disclosure. In general, comments received will be made available on the Board's website at https://www.federalreserve.gov/apps/proposals/ without change and will not be modified to remove personal or business information including confidential, contact, or other identifying information. Comments should not include any information such as confidential information that would be not appropriate for public disclosure. Public comments may also be viewed electronically or in person in Room M-4365A, 2001 C St. NW, Washington, DC 20551, between 9 a.m. and 5 p.m. during Federal business weekdays.
FOR FURTHER INFORMATION CONTACT:
Marta Chaffee, Senior Associate Director, (202) 263-4814, Mary Aiken, Senior Associate Director, (202) 721-4534, Juan Climent, Deputy Associate Director, (202) 872-7526, Catherine Tilford, Deputy Associate Director, (202) 452-5240, April Snyder, Assistant Director, (202) 452-3099, Missaka Nuwan Warusawitharana, Manager, (202) 452-3461, Devyn Jeffereis, Senior Financial Institution Policy Analyst II, (202) 452-2729, and Ricardo Duque Gabriel, Economist, (202) 313-1663, Division of Supervision and Regulation; or Reena Sahni, Deputy General Counsel, (202) 527-2911, Jay Schwarz, Deputy Associate General Counsel, (202) 452-2970, Julie Anthony, Senior Special Counsel, (202) 475-6682, David Cohen, Counsel, (202) 452-5259, and Vivien Lee, Attorney, (202) 452-2029, Legal Division. For users of TTY-TRS, please call 711 from any telephone, anywhere in the United States or (202) 263-4869.
SUPPLEMENTARY INFORMATION:
Table of Contents
I. Background
A. Current LFI Framework
B. Current Insurance Supervisory Framework
II. Proposed Changes
A. LFI Framework Definition of "Well Managed"
B. Insurance Supervisory Framework Definition of "Well Managed"
III. Economic Analysis
A. Baseline
B. Proposal Relative to Baseline
C. Analysis of Benefits and Costs
1. Benefits
a. Supervisory Efficiency and Efficacy
b. Reduction of Compliance Costs and Other Impediments to Growth
2. Costs
D. Impact on Supervised Insurance Organizations
E. Conclusion
IV. Administrative Law Matters
A. Solicitation of Comments and Use of Plain Language
B. Regulatory Flexibility Act
C. Riegle Community Development and Regulatory Improvement Act of 1994
D. Providing Accountability Through Transparency Act of 2023
Appendix A-Text of Proposed Large Financial Institution Rating System
Appendix B-Text of Proposed Insurance Supervisory Framework
I. Background
The Board supervises and regulates companies that control one or more banks ("bank holding companies") and companies that are not bank holding companies that control one or more savings associations ("savings and loan holding companies," and together with bank holding companies, "depository institution holding companies"). Congress gave the Board regulatory and supervisory authority for bank holding companies through the enactment of the Bank Holding Company Act of 1956 ("BHC Act"). 1 The Board's regulation and supervision of savings and loan holding companies began in 2011 when provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act ("Dodd-Frank Act")? 2 transferring supervision and regulation of savings and loan holding companies from the Office of Thrift Supervision to the Board took effect. 3 Upon this transfer, the Board became the federal supervisory agency for all depository institution holding companies, including a portfolio of depository institution holding companies significantly engaged in insurance activities ("supervised insurance organizations"). 4 The Board has developed supervisory ratings frameworks for its supervised entities, based on their size and complexity, to assess their financial and operational strength.
Footnotes:
1 ?Ch. 240, 70 Stat. 133.
2 ?Public Law 111-203, 124 Stat. 1376 (2010).
3 ?Dodd-Frank Act tit. III, 124 Stat. at 1520-70.
4 ?Specifically, a supervised insurance organization is a depository institution holding company that is an insurance underwriting company, or that has over 25 percent of its consolidated assets held by insurance underwriting subsidiaries, or has been otherwise designated as a supervised insurance organization by the Federal Reserve.
A. Current LFI Framework
[top] The Board adopted the Large Financial Institution ("LFI") rating system ("LFI Framework") in 2018 and issued related guidance in 2019. 5 The
Footnotes:
5 ?83 FR 58724 (Nov. 21, 2018); SR Letter 19-3/CA Letter 19-2, Large Financial Institution (LFI) Rating System (Feb. 26, 2019), https://www.federalreserve.gov/supervisionreg/srletters/sr1903.htm.
The LFI Framework evaluates whether a firm possesses sufficient financial and operational strength and resilience to maintain safe-and-sound operations and comply with laws and regulations, including those related to consumer protection, through a range of conditions. It includes three components: (1) capital planning and positions; (2) liquidity risk management and positions; and (3) governance and controls. 6 Each component is rated based on a four-point non-numeric scale: Broadly Meets Expectations, 7 Conditionally Meets Expectations, 8 Deficient-1, 9 and Deficient-2. 10
Footnotes:
6 ? See SR Letter 19-3/CA Letter 19-2.
7 ?Indicates that a firm's practices and capabilities broadly meet supervisory expectations, and the firm possesses sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions.
8 ?Indicates that there are certain material financial or operational weaknesses in a firm's practices or capabilities that may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business.
9 ?Indicates that there are financial or operational deficiencies in a firm's practices or capabilities, which put the firm's prospects for remaining safe and sound through a range of conditions at significant risk.
10 ?Indicates that there are financial or operational deficiencies in a firm's practices or capabilities which present a threat to the firm's safety and soundness, or have already put the firm in an unsafe and unsound condition.
The term "well managed" is defined in the BHC Act, 11 as are certain benefits to a firm from meeting this criteria. 12 In addition to being "well managed" under the LFI Framework, a large financial institution must be "well managed" at each of its depository institution subsidiaries to elect to be treated as a financial holding company, which is a designation created by statute and that permits a firm making such an election to engage in a broader range of nonbanking activities, such as securities underwriting and dealing. 13 The BHC Act permits a firm that is "well managed" to engage in certain expansionary activities and to pursue investments in and acquisitions of certain nonbank financial companies without obtaining prior Board approval. The loss of "well managed" status can constrain a banking organization that is a financial holding company; can limit the banking organization from benefiting from certain expedited processing available to "well managed" firms; and can limit the scope of certain new activities permissible for the firm. 14 This can include limitations on acquisitions of, and investments in, companies engaged in certain financial activities without prior approval by the Board. 15
Footnotes:
11 ?12 U.S.C. 1841(o)(9). Under the BHC Act, "well managed" means a company or depository institution that has achieved (i) "a CAMEL composite rating of 1 or 2 (or an equivalent rating under an equivalent rating system)," and (ii) "at least a satisfactory rating for management, if such a rating is given."
12 ? See, e.g., 12 U.S.C. 1843(j)(4)(B).
13 ?For a bank holding company to qualify as a financial holding company and engage in certain financial activities, the bank holding company and each of its depository institution subsidiaries must be "well capitalized" and "well managed." See 12 U.S.C. 1843(l)(1).
14 ? See, e.g., 12 U.S.C. 1842(d) and 1843( l ); 12 CFR 225.4(b)(6), 225.14, 225.22(a), 225.23;12 CFR 211.9(b), 211.10(a)(14), 211.34; and 12 CFR 223.41.
15 ? See, e.g., 12 CFR 225.83(d)(2).
The LFI Framework states that a "well managed" firm has sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions, including stressful ones. 16 Under the LFI Framework, a firm that receives a rating of Deficient-1 or Deficient-2 in any component rating is not considered "well managed" for purposes of the BHC Act and for certain other purposes. 17 When issuing the LFI Framework, the Board explained that a banking organization is not in satisfactory condition overall unless it is considered sound in each of the key areas of capital, liquidity, and governance and controls. A Deficient-1 component rating is issued when financial or operational deficiencies at a firm put the firm's prospects for remaining safe and sound through a range of conditions at risk, but the firm's current condition is not considered to be materially threatened. Moreover, the LFI Framework establishes a presumption that the Board will impose an informal or formal enforcement action on any firm that is not "well managed."
Footnotes:
16 ? See SR Letter 19-3/CA Letter 19-2, Large Financial Institution ("LFI") Rating System (Feb. 26, 2019), https://www.federalreserve.gov/supervisionreg/srletters/sr1903.htm.
17 ?For purposes of determining whether a firm is considered "well managed" under section 2(o)(9) of the BHC Act, the Federal Reserve considers the three component ratings, taken together, to be equivalent to assigning a standalone composite rating. 83 FR 58724, 58730 (Nov. 21, 2018). The LFI Framework does not designate any of the three component ratings as a management rating, because each component evaluates different aspects of a firm's management.
The Board has observed based on its implementation of the LFI Framework since 2018 that a firm that receives two component ratings of Conditionally Meets Expectations or better and a single Deficient-1 component rating can maintain safe-and-sound operations through a range of conditions. Therefore, the Board is proposing to change the rating system such that firms with only one Deficient-1 component rating and two component ratings of Conditionally Meets Expectations or better are considered "well managed." The proposal would not change the criteria for determining if a firm's component rating is Broadly Meets Expectations, Conditionally Meets Expectations, Deficient-1, or Deficient-2 under the LFI Framework. Under this proposal, the LFI Framework would calibrate a firm's "well managed" status based on the totality of the component ratings. These revisions would also result in the LFI Framework better reflecting the broad strength of the banking system and would align the application of the LFI Framework more closely with the operation of other existing supervisory ratings systems.
B. Current Insurance Supervisory Framework
[top] The Board's current supervisory approach for noninsurance depository institution holding companies assesses holding companies whose primary risks are related to the business of banking. The risks arising from insurance activities, however, are materially different from traditional banking risks. The top-tier holding company for some supervised insurance organizations is an insurance underwriting company, which is subject to supervision and regulation by the relevant state insurance regulator as well as consolidated supervision from the Board; for all supervised insurance organizations, the insurance regulators supervise and regulate the business of insurance underwriting companies. Additionally, the state insurance regulators have established Statutory Accounting Principles through the National Association of Insurance Commissioners to help assess the risks of insurance companies, some of which do not produce consolidated financial statements based on generally accepted accounting principles.
Because of these differences, the Board has tailored its supervision and regulation of supervised insurance organizations. In 2022, the Board adopted the Insurance Supervisory Framework. 18 In addition, in 2023, the Board established a risk-based capital framework designed specifically for supervised insurance organizations. 19
Footnotes:
18 ?87 FR 60160 (Oct. 4, 2022); SR Letter 22-8, Framework for the Supervision of Insurance Organizations (Sept. 28, 2022), https://www.federalreserve.gov/supervisionreg/srletters/SR2208.htm.
19 ?88 FR 82950 (Nov. 27, 2023); 12 CFR part 217, subpart J.
The Insurance Supervisory Framework is modeled after the LFI Framework. The Board designed the Insurance Supervisory Framework to reflect supervisory requirements and expectations applicable to supervised insurance organizations. Further, within the Insurance Supervisory Framework, the application of supervisory guidance and the assignment of supervisory resources is based explicitly on a supervised insurance organization's complexity and individual risk profile.
In addition to other tailoring of the supervision of insurance organizations, 20 the Insurance Supervisory Framework establishes a supervisory rating system for these firms modeled after the LFI Framework. Similarly to the LFI Framework, the Insurance Supervisory Framework includes three components (Capital Management, Liquidity Management, and Governance and Controls), with each component rated based on a four-point non-numeric scale (Broadly Meets Expectations, 21 Conditionally Meets Expectations, 22 Deficient-1, 23 and Deficient-2? 24 ).
Footnotes:
20 ?For example, the Insurance Supervisory Framework classifies supervised insurance organizations as either complex or noncomplex based on their risk profile. Supervisory activities vary based on this determination and also based on each firm's individual risk profile.
21 ?Indicates a supervised insurance organization's practices and capabilities broadly meet supervisory expectations and can effectively serves as a source of managerial and financial strength for its depository institution(s) and possesses sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of stressful yet plausible conditions.
22 ?Indicates a supervised insurance organization's practices and capabilities are generally considered sound, but certain supervisory issues are sufficiently material that if not resolved in a timely manner during the normal course of business, they may put the firm's prospects for remaining safe and sound, and/or the holding company's ability to serve as a source of managerial and financial strength for its depository institution(s), at risk.
23 ?Indicates that financial or operational deficiencies in a supervised insurance organization's practices or capabilities put its prospects for remaining safe and sound, and/or the holding company's ability to serve as a source of managerial and financial strength for its depository institution(s), at significant risk.
24 ?Indicates that financial or operational deficiencies in a supervised insurance organization's practices or capabilities present a threat to its safety and soundness, have already put it in an unsafe and unsound condition, and/or make it unlikely that the holding company will be able to serve as a source of financial and managerial strength to its depository institution(s).
Like firms subject to the LFI Framework, certain insurance organizations that lose their "well managed" status may be restricted from engaging in certain expansionary activities and pursuing investments in and acquisitions of certain nonbank financial companies without obtaining prior Board approval. 25 Under the Insurance Supervisory Framework, a supervised insurance organization must receive a rating of Conditionally Meets Expectations or better in each of the three rating components in order to be considered "well managed." The Board previously explained that each rating is defined specifically for supervised insurance organizations with particular emphasis on the obligation that firms serve as a source of financial and managerial strength for their depository institution(s). 26 A Deficient-1 component rating is issued when financial or operational deficiencies at a firm put its prospects for remaining safe and sound, and/or the holding company's ability to serve as a source of managerial and financial strength for its depository institution(s), at significant risk. Moreover, the Insurance Supervisory Framework establishes a presumption that the Board will impose an enforcement action on any firm that is not "well managed."
Footnotes:
25 ? See 12 CFR 225.83 and 238.66(b).
26 ?87 FR 60160 (Oct. 4, 2022).
The Board has explained that the Insurance Supervisory Framework was modeled after the LFI Framework. 27 Therefore, to promote consistency with the LFI Framework, the Board is proposing to amend the Insurance Supervisory Framework such that firms with a single Deficient-1 component rating and two component ratings of Conditionally Meets Expectations or better would be considered "well managed." The proposal would not change the criteria for determining if a firm's component rating is Broadly Meets Expectations, Conditionally Meets Expectations, Deficient-1, or Deficient-2 under the Insurance Supervisory Framework. Under this proposal, similar to changes proposed for the LFI Framework, the Insurance Supervisory Framework would calibrate a firm's "well managed" status based on the totality of the component ratings. These revisions would also result in the Insurance Supervisory Framework better reflecting the contribution of other components of the Board's regulation of supervised insurance organizations intended to ensure continued financial strength and would align the application of the LFI Framework more closely with the operation of other existing supervisory ratings systems.
Footnotes:
27 ?87 FR 6537 (Feb. 4, 2024).
In addition to this proposal, the Board plans to consider more comprehensive changes to supervisory ratings systems, including the Frameworks, that apply to Federal Reserve-supervised institutions. The Board will coordinate future proposals with other banking agencies, as appropriate.
II. Proposed Changes
A. LFI Framework Definition of "Well Managed"
The Board proposes to revise its LFI Framework so that a firm with at least two Broadly Meets Expectations or Conditionally Meets Expectations component ratings and no more than one Deficient-1 component rating would be considered "well managed" under the LFI Framework. A firm would not be considered "well managed" under the LFI Framework if it receives a Deficient-1 for two or more component ratings. A firm would also not be considered "well managed" under the LFI Framework if it receives a Deficient-2 for any of the component ratings.
[top] In addition, the Board proposes to remove the presumption in the LFI Framework that firms with one or more Deficient-1 component ratings will be subject to an informal or formal enforcement action. Instead, under the proposal, the LFI Framework would state that firms with one or more Deficient-1 component ratings may be subject to a formal or informal enforcement action, depending on particular facts and circumstances. This change would better align the LFI Framework with other supervisory
Footnotes:
28 ?For example, the Board has previously explained that firms with a composite 3 rating under the CAMELS framework, "require more than normal supervision, which may include formal or informal enforcement actions." See SR Letter 96-38, Uniform Financial Institutions Rating System (Dec. 27, 1996), https://www.federalreserve.gov/boarddocs/srletters/1996/sr9638.htm.
Since its implementation, the Board has gained experience applying the LFI Framework and has evaluated whether the standard for identifying a "well managed" firm under the LFI Framework is properly calibrated. The LFI Framework states that a "well managed" firm has sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions, including stressful ones. In using the rating system, the Board has observed that a single Deficient-1 component rating can be indicative of a discrete deficiency that does not necessarily reflect the overall condition of a firm. For example, firms may be rated Deficient-1 on governance and controls due to concerns surrounding a specific operational risk management issue, including weaknesses in areas such as operational resilience, cybersecurity, or Bank Secrecy Act and anti-money laundering compliance. Similarly, firms may be rated Deficient-1 for capital or liquidity due to risk-management deficiencies in a particular business line. While such deficiencies may require significant management attention to address, such a deficiency could be discrete, and the firm could have strong positions and practices overall.
A component rating of Broadly Meets Expectations signifies that a firm's practices and capabilities broadly meet supervisory expectations, and the firm possesses sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions. A component rating of Conditionally Meets Expectations means that there is a material financial or operational weakness in a firm's practices or capabilities that may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business. These weaknesses can be resolved through measures that do not require a material change to the firm's business model or financial profile, or its governance, risk-management, or internal control structures or practices. Therefore, a firm that has an idiosyncratic deficiency that results in a rating of Deficient-1 in an individual component while maintaining a rating of Broadly Meets Expectations or Conditionally Meets Expectations in its other two components would generally have sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions due to its overall robustness.
Conversely, firms with more than one Deficient-1 component rating, or one or more Deficient-2 component ratings, would not be considered "well managed," as the Board has observed that such firms may not have sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions due to a broader range of issues. The LFI Framework's presumptions regarding enforcement actions would also be revised to reflect this adjustment.
The proposed change to the definition of "well managed" firms under the LFI Framework would also better reflect the current condition of the banking system. As discussed in the Board's November 2024 Supervision and Regulation Report, the banking system remains sound and resilient overall: Most banks are well capitalized; liquidity and funding conditions are stable compared to 2023; and asset quality generally remains sound. 29 Further, large banking organizations are required to meet capital and liquidity regulatory requirements, which are calibrated to be sufficient to absorb impacts of a severe stress. 30 Under the current LFI Framework, however, over half of large financial institutions are considered not "well managed," despite their resilience under current and stressed conditions.
Footnotes:
29 ?Board of Governors of the Federal Reserve System, Supervision and Regulation Report (Nov. 2024), https://www.federalreserve.gov/publications/files/202411-supervision-and-regulation-report.pdf.
30 ?Many of these firms are subject to enhanced prudential standards, which establish general risk management, liquidity risk and capital management, and stress testing requirements for certain banking organizations. See 12 CFR parts 252 and 238.
In light of the experience discussed above, the current LFI Framework's approach of determining a firm's "well managed" status based solely on its lowest component rating has resulted in overweighting a single component for purposes of "well managed" determinations and has not appropriately balanced all of the components. Revising the LFI Framework to avoid such an outcome would ensure that "well managed" determinations take a more comprehensive approach and reflect the overall strength of the firm across the three components.
The proposed revision would better align the application of the LFI Framework with the operation of the Board's other existing ratings frameworks, none of which determine a firm's composite rating, which is relevant to its "well managed" status, based solely on any one of its component ratings. For example, the Uniform Financial Institutions Rating System ("CAMELS") incorporates a composite score, which is relevant to a firm's "well managed" status. 31 The CAMELS composite score is an evaluation of a firm's managerial, operational, financial, and compliance performance and therefore takes into account a firm's performance in multiple component areas. 32 Similarly, the RFI/C(D) rating system includes a composite rating based on an evaluation of several component ratings, including the firm's managerial and financial condition and an assessment of future potential risk to its subsidiary depository institutions. 33 This composite score is relevant to determining a firm's "well managed" status. As such, the proposed revisions to the LFI Framework would better align the LFI Framework with the supervisory rating systems used for other banking organizations. 34
Footnotes:
31 ?SR Letter 96-38; SR Letter 00-14, Enhancements to the Interagency Program for Supervising the U.S. Operations of Foreign Banking Organizations (revised Oct. 23, 2020), https://www.federalreserve.gov/boarddocs/srletters/2000/sr0014.htm.
32 ? See id. "The composite rating generally bears a close relationship to the component ratings assigned. However, the composite rating is not derived by computing an arithmetic average of the component ratings." Moreover, for a financial institution to receive a composite rating of 2, for example, "generally no component rating should be more severe than 3." SR Letter 96-38.
33 ?SR Letter 19-4/CA Letter 19-3, Supervisory Rating System for Holding Companies with Total Consolidated Assets Less than $100 Billion (Feb. 26, 2019), https://www.federalreserve.gov/supervisionreg/srletters/sr1904.htm.
34 ? See, e.g., 61 FR 67021 (Dec. 12, 1996); 70 FR 44256 (Aug. 2, 2005); and SR Letter 96-36, Guidance on Evaluating Activities Under the Responsibility of U.S. Branches, Agencies and Nonbank Subsidiaries of Foreign Banking Organizations (Dec. 19, 1996), https://www.federalreserve.gov/boarddocs/srletters/1996/sr9636.htm.
[top] This proposal does not include other changes to the LFI Framework, including the Board's standard for evaluating the individual component ratings in the LFI Framework. The proposal does not seek to change the Board's expectation that a firm with a Deficient-1 component rating would
B. Insurance Supervisory Framework Definition of "Well Managed"
The Board also proposes to make parallel changes to the "well managed" determination under the Insurance Supervisory Framework. Under the proposed amended framework, a firm with at least two Broadly Meets Expectations or Conditionally Meets Expectations component ratings and no more than one Deficient-1 component rating would be considered "well managed" under the Insurance Supervisory Framework, whereas a firm would not be considered "well managed" under the Insurance Supervisory Framework if it receives a Deficient-1 rating for two or more component ratings. A firm would also not be considered "well managed" under the Insurance Supervisory Framework if it receives a Deficient-2 rating for any of the component ratings.
Additionally, the Board proposes to make parallel changes to the Insurance Supervisory Framework to remove the presumption that firms with one or more Deficient-1 component ratings will be subject to an enforcement action. Instead, under the proposal, the Insurance Supervisory Framework would state that firms with one or more Deficient-1 component ratings may be subject to a formal or informal enforcement action, depending on particular facts and circumstances. The proposal maintains a presumption that a firm with one or more Deficient-2 component ratings would be subject to a formal enforcement action by the Board. All other aspects of the Insurance Supervisory Framework would remain unchanged under the proposal.
While the Insurance Supervisory Framework differs from the LFI Framework, in that its structure and application support use for supervised insurance organizations of all sizes and risk profiles, the Insurance Supervisory Framework is ultimately modeled after the LFI Framework. Under the Insurance Supervisory Framework, a component rating of Broadly Meets Expectations means that a firm's practices and capabilities broadly meet supervisory expectations. The firm effectively serves as a source of managerial and financial strength for its depository institution(s) and possesses sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of stressful yet plausible conditions. A component rating of Conditionally Meets Expectations signifies that the firm's practices and capabilities are generally considered sound, but there are certain supervisory issues that are sufficiently material that, if not resolved in a timely manner during the normal course of business, may put the firm's prospects for remaining safe and sound, and/or the firm's ability to serve as a source of managerial and financial strength for its depository institution(s), at risk. Therefore, a firm that has an idiosyncratic deficiency that results in a rating of Deficient-1 in an individual component while maintaining a rating of Broadly Meets Expectations or Conditionally Meets Expectations in its other two components would generally be able to operate in a safe and sound manner and have sufficient financial and operational strength to serve as a source of strength for their depository institution(s) through a range of stressful yet plausible conditions due to its overall robustness.
Conversely, firms with more than one Deficient-1 component rating, or one or more Deficient-2 component ratings, would not be considered "well managed," as such firms generally may not be able to operate in a safe and sound manner and serve as a source of strength for their depository institution(s) through a range of stressful yet plausible conditions due to a broader range of issues.
Furthermore, following the adoption of the Insurance Supervisory Framework, the Board took steps to help ensure the financial strength of supervised insurance organizations by adopting risk-based capital requirements for these firms. 35 This risk-based capital framework, termed the Building Block Approach, adjusts and aggregates existing legal entity capital requirements to determine enterprise-wide capital requirements. These requirements help to ensure that supervised insurance organizations are appropriately capitalized and, therefore, help to prevent the economic and consumer impacts resulting from the failure of organizations engaged in banking and insurance. Currently, firms subject to the Building Block Approach have capital levels in excess of minimum requirements. 36
Footnotes:
35 ?88 FR 82950 (Nov. 27, 2023).
36 ?Reports submitted by supervised insurance organizations under the "Building Block Approach" are available at https://www.ffiec.gov/NPW.
As discussed previously, none of the Board's other existing ratings frameworks determine a firm's composite rating, which is relevant to its "well managed" status, based solely on any one of its component ratings. Therefore, similar to the proposed changes to the LFI Framework, the proposed changes to the Insurance Supervisory Framework would better align the Insurance Supervisory Framework with the supervisory rating systems used for other banking organizations. 37
Footnotes:
37 ? See, e.g., 61 FR 67021; 70 FR 44256; and SR Letter 96-36.
This proposal does not include other changes to the Insurance Supervisory Framework, including the Board's standard for evaluating the individual component ratings in the Insurance Supervisory Framework. The proposal does not seek to change the Board's expectation that a firm with a Deficient-1 component rating would take timely action to correct financial or operational deficiencies and to restore and maintain its safety and soundness and compliance with laws and regulations. Further, while certain firms with a single Deficient-1 component rating would no longer be statutorily limited from engaging in new activities permissible only for "well managed" firms without Board approval, the Federal Reserve would consider specific concerns underlying a Deficient-1 component rating in evaluating any application from a firm to engage in new or expansionary activities to the extent those concerns are relevant to the evaluation of a particular statutory factor.
Question 1: What are the advantages and disadvantages of revising the current Frameworks such that firms that receive a Broadly Meets Expectations or Conditionally Meets Expectations rating in the capital and liquidity components and a Deficient-2 rating only in the governance and controls component would be considered "well managed"?
Question 2: What are the advantages and disadvantages of revising the Frameworks to implement a timing requirement where a firm with a single Deficient-1 component rating would be considered not "well managed" if it has not remediated the deficiency within a certain time period?
[top] Question 3: What are the advantages and disadvantages of revising the Frameworks such that a firm with a
Question 4: What other changes to the Frameworks should be considered by the Board, and why?
Question 5: Should the Board consider adding a composite rating to the Frameworks to determine whether a firm is "well managed"? If so, what definitions should be used for the composite rating? For example, should the definitions be aligned with the existing generalized definitions of Broadly Meets Expectations, Conditionally Meets Expectations, Deficient-1, or Deficient-2 for each component, footnotes 7-10 and 21-24? What standard should guide the determination of a composite rating? For example, should the composite rating be based on a comprehensive assessment, or should it involve a presumption based on an average or weighted average of the different component ratings?
Question 6: What other changes to supervisory ratings systems (such as CAMELS, the RFI/C(D) rating system, ROCA ratings for U.S. branches of foreign banking organizations, and ratings for combined U.S. operations of foreign banking organizations) should be considered by the Board to reflect recent experiences in the banking system, and why? What changes to other supervisory ratings systems should be considered by the Board to align it with the proposed revisions to the Frameworks, and why?
Question 7: What other changes to supervisory ratings systems should be considered by the Board to ensure that a firm's "well managed" status is appropriately calibrated, and why?
III. Economic Analysis
As outlined in previous sections, the changes included in this proposal would reflect experience with the LFI Framework since its introduction in 2018, better align the application of the LFI Framework with the operation of the Board's other existing ratings frameworks, and better reflect the current condition of the banking system. The Board assessed the economic impact of the proposal on firms, on supervisory efficiency and efficacy, and on the broader economy. Specifically, the Board evaluated the potential impact on firms that would become "well managed" and the broader implications of adopting this change. It also evaluated the potential effects of the proposal's elimination of the presumption of enforcement actions in certain cases. As a result of this proposal, there would be an increase in the number of firms that are "well managed" under the LFI Framework and a potential reduction in the number of enforcement actions for these firms that have sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of stressful conditions. Overall, firms that would become "well managed" may face reduced enforcement-related compliance costs and fewer regulatory impediments to pursue certain activities, including investments in, and acquisitions of, certain non-bank financial companies.
The economic analysis is structured in four parts. Section III.A provides an overview of the baseline ( i.e., the current LFI Framework), describes the current state of the assignment of LFI ratings, and discusses how these ratings can affect a firm's "well managed" status under the BHC Act. Section III.B discusses the proposal, outlines the specific changes being considered and estimates the change in the number of "well managed" firms under the proposal. Section III.C analyzes the potential benefits and costs associated with the proposed changes relative to the baseline. Section III.D analyzes the impact on supervised insurance organizations.
A. Baseline
The current LFI Framework (discussed in detail in Section I) establishes the baseline for the economic analysis. The Board has assessed the costs and benefits of the proposal (discussed in detail in Section III.C) relative to this baseline.
Under the current LFI Framework, a firm whose holding company receives a Deficient-1 or Deficient-2 in any LFI component rating is not considered "well managed." Furthermore, there is a presumption that firms with one or more Deficient-1 ratings will be subject to an informal or formal enforcement action.
The "well managed" status of a banking organization under certain provisions of the BHC Act depends on the ratings of the holding company and the holding company's depository institution subsidiaries, which are assigned by the relevant federal banking agency. For instance, for a bank holding company to qualify as a financial holding company and engage in certain financial activities, a bank holding company and all its depository institution subsidiaries must be "well capitalized" and "well managed." Thus, regardless of the LFI ratings of its holding company, a U.S. banking organization may not be able to engage in certain expansionary activities if any of its subsidiary depository institutions' management or composite CAMELS rating is 3 or worse. For a foreign banking organization ("FBO"), the combined ROCA (Risk Management, Operational Controls, Compliance, Asset Quality) rating must be 3 or worse for its U.S. branches and agencies to negatively affect its "well managed" status. Additionally, an FBO that has a combined U.S. operations ("CUSO") rating of 3 or worse is not treated as "well managed" for BHC Act purposes. Under the BHC Act, and as discussed in this section, a "well managed" firm refers to a banking organization where the holding company and all relevant subsidiaries are "well managed" and for FBOs, where their ROCA ratings and CUSO ratings are also at least satisfactory.
For the firms whose holding companies had LFI ratings in Q4 2024, Figure 1 displays their ratings between Q1 2020 to Q4 2024 and categorizes them into three categories. The first category, "Not Satisfactory DI/FBO Ratings Only," shown in black, represents the number of firms whose depository institutions' composite or management ratings or their composite ROCA or CUSO ratings were 3 or worse and whose holding company had all three components of LFI ratings either Broadly Meets Expectations or Conditionally Meets Expectations. The second category, "Not Satisfactory LFI Ratings Only," shown in dark grey, represents the number of firms where the holding company had one or more Deficient-1 or Deficient-2 LFI component ratings, but the subsidiary depository institutions' composite and management ratings and their composite ROCA and CUSO ratings, if applicable, were 1 or 2. The third category, "Not Satisfactory LFI and DI/FBO Ratings," in light grey color, represents the number of firms whose subsidiary depository institutions' composite or management ratings or their composite ROCA or CUSO ratings, if applicable, were 3 or worse and whose holding company had one or more Deficient-1 or Deficient-2 LFI component ratings. As of Q4 2024, 23 out of 36 firms subject to the LFI Framework were classified as not "well managed" under the BHC Act, based on both the LFI ratings and depository institution composite and management ratings and composite ROCA and CUSO ratings, if applicable.
[top] Figure 1 reveals an overall upward trend in the number of not "well managed" firms throughout the observed period. Ratings at the holding company and at the depository institution and FBO level usually coincide, and both contribute to a firm being not "well managed," as
Notably, the upward trend in the number of firms being considered not "well managed" has occurred over a period when the regulatory capital ratio of large financial institutions as a group remained generally stable around 13 percent. 38 Moreover, in Q4 2024 the average regulatory capital ratio was 2 percentage points higher for not "well managed" LFI firms compared to their "well managed" LFI peers. This indicates a misalignment between the results of the current LFI Framework and the financial condition of these firms. This misalignment and the associated presumption of an enforcement action in these cases may have caused the Board to allocate examination, remediation, and enforcement resources to firms that otherwise have financial strength and resilience.
Footnotes:
38 ?The average CET1 capital over standardized approach risk weighted assets between Q1 2020 and Q4 2024 across large financial institutions was approximately 13 percent.
39 ?Note that, for comparison purposes, we are only including in this sample firms that were subject to the LFI Framework in Q4 2024.
[Federal Register graphic "EN15JY25.014" is not available. Please view the graphic in the PDF version of this document.]
B. Proposal Relative to Baseline
As discussed in detail in Section II, under the proposal, all elements of the current LFI Framework would be maintained except for two key changes. The criteria for a firm to be "well managed" under the LFI Framework would be adjusted and the threshold for presumptive enforcement action would be modified.
First, under the proposed changes, a firm would only be considered not "well managed" under the LFI Framework if it receives a Deficient-1 rating for two or more components, or if it receives a Deficient-2 rating for any component. Nevertheless, the firm's "well managed" status under certain provisions of the BHC Act would also still be conditional on the firm's subsidiary depository institution ratings (CAMELS) and the foreign bank organization's ratings (CUSO and ROCA), if applicable.
Second, the proposal would amend the LFI Framework such that firms with one or more Deficient-1 ratings would no longer be presumed to be subject to a formal or informal enforcement action. Instead, a firm with one or more Deficient-1 component ratings may be subject to a formal or informal enforcement action, depending on particular facts and circumstances. The proposal maintains the presumption that the Board will impose a formal enforcement action on a firm with one or more Deficient-2 component ratings.
The impact of the proposal hinges on the number of firms that would become "well managed" if its holding company has a Deficient-1 rating for one component and a Broadly Meets Expectations or Conditionally Meets Expectations for the remaining two components. In addition to their direct effect on "well managed" status, LFI ratings are an input to the CUSO rating and there might be other interrelations between ratings that are hard to quantify. 40 Consequently, assessing the impact of the LFI Framework change alone and assuming that all other ratings would not be affected might underestimate the true effect, and thus provide a lower bound. Conversely, the upper bound of the proposal's effects would be obtained by computing the number of not "well managed" firms as determined by LFI ratings alone, which assumes that the depository institution or FBO ratings are not more limiting on the firm than the LFI ratings. Therefore, the Board calculated the number of not "well managed" firms for both the baseline and the proposal under the following two metrics:
Footnotes:
40 ? See 83 FR 58724, 58727 (Nov. 21, 2018) ("[T]he LFI rating assigned to the U.S. IHC would be an input into the rating of the combined U.S. operations of a foreign bank.").
[top]
Metric 1: Not "well managed" firms under the BHC Act (LFI rating, or bank CAMELS rating, or equivalent for FBOs).
Metric 2: Not "well managed" holding companies under the LFI Framework.
Metric 1 is equivalent to the sum of all 3 categories presented in Figure 1. Metric 2 corresponds to the sum of two categories "Not Satisfactory LFI Ratings Only" and "Not Satisfactory LFI and DI/FBO Ratings" in Figure 1. The results are presented in Table 1. The analysis in Table 1 uses a sample of all 36 firms subject to the LFI Framework in Q4 2024.
| Baseline | Metric 1 | Metric 2 | Proposal | Metric 1 | Metric 2 | |
|---|---|---|---|---|---|---|
| Number of Firms | 23 | 23 | 20 | 15 |
Table 1 presents the estimated number of not "well managed" firms under both the baseline and the proposal for both metrics. As of Q4 2024, under the baseline, 23 out of 36 firms would be considered not well managed if LFI and depository institution/FBO ratings were considered (Metric 1), and 23 out of 36 firms would be considered not well managed if only the LFI ratings were considered (Metric 2). Under the proposed revisions to the LFI Framework, 20 out of 36 firms would be not "well managed" under Metric 1. The number would be smaller under Metric 2, where only 15 out of 36 firms would be classified as not "well managed" when considering the LFI ratings only.
The expected effect of the proposed changes likely lies between Metric 1 and Metric 2. On one hand, Metric 1 may underestimate the impact of the proposal when viewed over time due to potential future changes to ratings at the depository institution/FBO and the fact that LFI ratings are an input to CUSO ratings. 41 On the other hand, Metric 2 mechanically overestimates the impact by not considering any ratings other than the LFI ratings.
Footnotes:
41 ?83 FR 58724 (Nov. 21, 2018).
Therefore, the Board expects the current proposal could result in a decrease in not "well managed" firms by up to eight compared to the baseline. To be precise, staff estimates that the proposal would decrease the number of holding companies that are not "well managed" under the LFI Framework (that is, based on holding company ratings alone) by eight, from 23 to 15. However, for a bank holding company to qualify as a financial holding company and engage in certain financial activities without prior Board approval, a bank holding company and each of its depository institution subsidiaries must be "well capitalized" and "well managed;" for an FBO, its CUSO and ROCA ratings must also be satisfactory. As such, changes solely to the LFI Framework would initially have a limited impact. Staff estimates that only three of the eight firms have "well managed" subsidiaries (or the FBO equivalent) as of Q4 2024.
Figure 2 illustrates the share of not "well managed" firms under the baseline and the proposal, using either Metric 1 (left panel) or Metric 2 (right panel). The share increased between Q1 2020 to Q4 2024, with a notable and sharp increase in 2023. This increase was in contrast with trends in regulatory capital ratios for these firms in this period. According to the Supervision and Regulation Report of November 2024, the share of well capitalized banks has increased over this period, from 94 percent in 2020 to 99 percent in 2024. 42
Footnotes:
42 ?Board of Governors of the Federal Reserve System, Supervision and Regulation Report (Nov. 2024), https://www.federalreserve.gov/publications/files/202411-supervision-and-regulation-report.pdf.
Figure 2 documents that the estimated impact, under both metrics, is not driven by the choice of using Q4 2024 data to evaluate the change. In fact, across the sample period, the proposed changes under both Metric 1 and 2 would have consistently resulted in a smaller share of firms that are not "well managed."
[Federal Register graphic "EN15JY25.015" is not available. Please view the graphic in the PDF version of this document.]
[top]
C. Analysis of Benefits and Costs
This section assesses the benefits and costs of the proposal relative to the baseline. The consequences of modifying the LFI Framework primarily stem from allocating supervisory resources more efficiently and from potentially altering a firm's "well managed" status under the BHC Act and the subsequent implications, as well as modifying the threshold for an enforcement action. The previous section estimated that the number of impacted firms would be between 3 and 8 out of 36, using Q4 2024 as the baseline. Therefore, the benefits and costs of the proposed changes that are discussed below would materialize in part through those firms and more broadly, over the long run, through a revised ratings framework that aligns ratings more closely with the overall condition of the supervised firms.
1. Benefits
a. Supervisory Efficiency and Efficacy
The proposal would remove the presumption in the LFI Framework that firms with one or more Deficient-1 component rating will be subject to an informal or formal enforcement action. It would also change the definition of "well managed" to better align with other supervisory ratings frameworks and reflect the firms' overall condition, as described above. This alignment across frameworks and reflection of firms' overall condition could lead to more consistent and effective supervision.
The proposed changes could also allow supervisors to allocate resources more efficiently, concentrating on significant risks, and enhancing overall supervision. For instance, the removal of the presumption in the LFI Framework that firms with one or more Deficient-1 component ratings will be subject to an informal or formal enforcement action could provide supervisory teams with the ability to more efficiently allocate resources based on the severity of the issues that are identified and the needed remediation.
b. Reduction of Compliance Costs and Other Impediments to Growth
Firms that become "well managed" as a result of the proposal may experience reduced compliance costs and associated burdens on management resulting from removing the presumption of certain enforcement actions. This reduction in enforcement-related expenses and efforts could enable institutions to invest more resources in core business operations. Consequently, this reallocation of resources has the potential to promote innovation and growth, as firms may have increased capacity to develop new products, services, or technologies that benefit consumers and the broader economy. It could also permit them to focus more managerial attention on tackling business challenges, thus supporting the financial intermediation activities of these firms.
Between Q1 2020 and Q4 2024, following the implementation of the LFI Framework, the loss of "well managed" status was associated with slower growth in assets and loans. Figure 3 shows that the average growth rate one year before the loss of "well managed" status (pre) is about 5.6 percent, roughly in line with the yearly average growth rate of firms that were always "well managed" throughout the sample (control) of approximately 6.7 percent. By contrast, in the year after a ratings downgrade that results in a firm becoming not "well managed" (post), growth in total assets dropped by almost two thirds to about 2.1 percent. The same qualitative findings hold true for growth in total loans. Taken together, this analysis indicates that the proposal has the potential to promote growth at large financial institutions that, under the proposal, would become "well managed." Moreover, as fewer firms that have sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions due to their overall robustness would be classified as not "well managed" in the future due to the change in the LFI ratings framework, the proposal could bolster the overall growth of large banking organizations and thus foster economic activity.
[top]
[Federal Register graphic "EN15JY25.016" is not available. Please view the graphic in the PDF version of this document.]
While the analysis indicates a decrease in the growth of total assets and total loans as a firm moves to not "well managed," the observed decline may reflect multiple factors beyond just the loss of "well managed" status. These factors could include underlying issues that contributed to the downgrade, such as deteriorating performance or governance challenges. Moreover, it is possible that the remediation efforts required to address the issues that led to the supervisory downgrade could be a driver of the observed slower growth.
Footnotes:
43 ?This figure plots the unweighted average growth in total assets and total loans for firms which were downgraded to not "well managed" between Q1 2020 and Q4 2024 in the one year before (pre) and one year after (post) the change. For comparison, we compute the yearly unweighted average growth rate of firms which were always "well managed" throughout the sample (control group). A red dashed vertical line separates the control and treated groups.
Under the proposal, more firms with sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions would be able to engage in certain business initiatives and strategic opportunities without obtaining prior Board approval due to the changes to the "well managed" criteria, as permitted by statute. Besides the reduction in enforcement-related compliance costs for these firms, these activities can also promote stronger growth via economies of scale. 44 As institutions grow larger, they can spread fixed costs-such as technology investments, compliance infrastructure, and branch operations-over a broader and larger base of customers and assets, potentially improving operational efficiency.
Footnotes:
44 ? See David C. Wheelock & Paul W. Wilson, "The Evolution of Scale Economies in US Banking," 33 Journal of Applied Economics 16, 16-28 (June 2017), https://doi.org/10.1002/jae.2579.
The proposal could also make it easier for firms that meet the required standards of strength and resilience to expand into non-bank financial activities, which can also generate economies of scope and increase opportunities for innovation. By expanding into new markets and business areas, firms could realize significant synergies from integrating banking, investment, and technology-based services. Encouraging firms' engagement with innovative financial sectors could also significantly enhance consumer access to a broader range of financial services. For example, investments in fintech could not only foster technological advancement but also contribute to broader financial sector resilience. 45 Consumers and businesses might benefit from lower costs due to these investments, along with synergies and operational efficiencies stemming from potential investments in, or acquisitions of, non-bank financial companies. Simultaneously, firms could diversify revenue streams beyond traditional banking activities, which could enhance financial stability by reducing their reliance on particular business lines.
Footnotes:
45 ? See Emma Li et al., "Banks' investments in fintech ventures," 149 Journal of Banking & Finance 106754, 106754-97 (October 2022), https://dx.doi.org/10.2139/ssrn.3979248.
2. Costs
[top] The proposal, while enhancing supervisory efficiency, may result in a slight increase in risk-taking by firms that have sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions. With the removal of the presumption that firms with one or more Deficient-1 component ratings will be subject to an informal or formal enforcement action, institutions might be marginally less incentivized to immediately address issues underlying a single Deficient-1 component rating. However, this risk is likely to be small, as firms with a Deficient-1 rating may still receive specific supervisory findings in the form of Matters Requiring Attention or Matters Requiring Immediate Attention, which would outline issues that need to be remediated. Furthermore, the possibility of becoming not "well managed" due to a further rating decline to Deficient-2 could provide an incentive for institutions to address potential deficiencies. Importantly, supervisors would continue to monitor the remediation of supervisory issues and retain the ability to impose enforcement actions where necessary, thus limiting this cost and ensuring that these issues are resolved in an appropriate timeframe.
D. Impact on Supervised Insurance Organizations
The proposed changes to the LFI Framework have direct implications for the Insurance Supervisory Framework, as the latter is modeled after the former. This section aims to assess the potential economic impact of these changes on supervised insurance organizations.
As of Q4 2024, there were five firms subject to the Insurance Supervisory Framework. Under the proposed changes, which would allow firms with one "Deficient-1" rating and two satisfactory ratings to be "well managed," no firms would see a change in their "well-managed" status.
This indicates that the proposed changes would not have meaningful effects on the supervised insurance organizations. However, it is important to consider the potential long-term implications of the proposal, which could materialize for any supervised insurance organization that is a financial holding company.
On the one hand, the proposed changes offer potential benefits for supervised insurance organizations that are financial holding companies such as increased flexibility to adapt to market conditions, pursue growth opportunities, and enhance competitiveness. Supervised insurance organizations that are not financial holding companies could also benefit from the reduced likelihood of being designated as not "well managed," thus reducing their enforcement-related compliance costs.
On the other hand, potential costs might include a slight increase in risk-taking as insurance firms may be marginally less incentivized to remediate single Deficient-1 component ratings. Notwithstanding, it is important to note that the possibility of losing "well managed" status due to further rating decline to Deficient-2 might provide an incentive to address potential deficiencies promptly. Moreover, supervisors would continue to monitor the remediation of supervisory issues, ensuring that these issues are resolved in an appropriate timeframe.
E. Conclusion
The proposal has the potential to alleviate constraints faced by large financial institutions and supervised insurance organizations that are financial holding companies arising from the current requirements for a firm to be "well managed." By enabling firms to potentially realize economies of scale and scope, the proposal could enhance operational efficiency and promote financial innovation. Vigilant supervision can address a potential increase in risk-taking by firms. Taken together, the Board expects that the benefits of this proposal justify the costs.
Question 8: What additional benefits or costs could be relevant for assessing the proposal?
Question 9: How would the proposed changes impact firm behavior, including expansionary activities? What additional risks could these changes in behavior pose to individual firms and the banking sector?
IV. Administrative Law Matters
A. Solicitation of Comments and Use of Plain Language
Section 722 of the Gramm-Leach-Bliley Act? 46 requires the Federal banking agencies to use plain language in all proposed and final rules published after January 1, 2000. The Board has sought to present the proposal in a simple and straightforward manner and invite comment on the use of plain language. For example:
Footnotes:
46 ?Public Law 106-102, sec. 722, 113 Stat. 1338, 1471 (1999), 12 U.S.C. 4809.
• Has the Board organized the material to suit your needs? If not, how could they present the proposal more clearly?
• Are the requirements in the proposal clearly stated? If not, how could the proposal be more clearly stated?
• Do the regulations contain technical language or jargon that is not clear? If so, which language requires clarification?
• Would a different format (grouping and order of sections, use of headings, paragraphing) make the regulation easier to understand? If so, what changes would achieve that?
• Would more, but shorter, sections be better? If so, which sections should be changed?
• What other changes can the Board incorporate to make the regulation easier to understand?
B. Regulatory Flexibility Act
The Regulatory Flexibility Act ("RFA") generally requires an agency to conduct an initial regulatory flexibility analysis ("IRFA") and a final regulatory flexibility analysis ("FRFA") of any rule subject to notice-and-comment rulemaking requirements, unless the head of the agency certifies that the rule will not, if promulgated, have a significant economic impact on a substantial number of small entities. 47 This proposal would not impose any obligations on regulated entities, and regulated entities would not need to take any action in response to this proposal. The Board certifies that the proposal will not have a significant economic impact on a substantial number of small entities. 48 The Board requests comments on this analysis and any relevant data.
Footnotes:
47 ??5 U.S.C. 601-612.
48 ??5 U.S.C. 605(b).
C. Riegle Community Development and Regulatory Improvement Act of 1994
Pursuant to section 302(a) of the Riegle Community Development and Regulatory Improvement Act ("RCDRIA"), 49 in determining the effective date and administrative compliance requirements for new regulations that impose additional reporting, disclosure, or other requirements on insured depository institutions ("IDIs"), each Federal banking agency must consider, consistent with principles of safety and soundness and the public interest, any administrative burdens that such regulations would place on depository institutions, including small depository institutions, and customers of depository institutions, as well as the benefits of such regulations. In addition, section 302(b) of RCDRIA requires new regulations and amendments to regulations that impose additional reporting, disclosures, or other new requirements on IDIs generally to take effect on the first day of a calendar quarter that begins on or after the date on which the regulations are published in final form. 50 The Board has determined that the proposal would not impose additional reporting, disclosure, or other requirements on IDIs; therefore, the requirements of the RCDRIA do not apply. However, the Board invites comments that will further inform its consideration of RCDRIA.
Footnotes:
49 ?12 U.S.C. 4802(a).
50 ??12 U.S.C. 4802.
D. Providing Accountability Through Transparency Act of 2023
The Providing Accountability Through Transparency Act of 2023 (12 U.S.C. 553(b)(4)) requires that a notice of proposed rulemaking include the internet address of a summary of not more than 100 words in length of the proposed rule, in plain language, that shall be posted on the internet website under section 206(d) of the E-Government Act of 2002 (44 U.S.C. 3501 note).
[top] In summary, the Board is inviting public comment on a proposal to revise two of its supervisory rating systems for
The proposal and such a summary can be found at https://www.regulations.gov and https://www.federalreserve.gov/supervisionreg/reglisting.htm.
This Appendix A and Appendix B will not publish in the CFR.
Appendix A-Text of Proposed Large Financial Institution Rating System
A. Overview
Each large financial institution (LFI) is expected to ensure that the consolidated organization (or the combined U.S. operations in the case of foreign banking organizations), including its critical operations and banking offices, remain safe and sound and in compliance with laws and regulations, including those related to consumer protection. 51 The LFI rating system provides a supervisory evaluation of whether a covered firm possesses sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions, including stressful ones. 52 The LFI rating system applies to bank holding companies with total consolidated assets of $100 billion or more; all non-insurance, non-commercial savings and loan holding companies with total consolidated assets of $100 billion or more; and U.S. intermediate holding companies of foreign banking organizations with combined U.S. assets of $50 billion or more established pursuant to the Federal Reserve's Regulation YY. 53
Footnotes:
51 ? See SR letter 12-17/CA letter 12-14, "Consolidated Supervisory Framework for Large Financial Institutions," at http://www.federalreserve.gov/bankinforeg/srletters/sr1217.htm.
Hereinafter, when "safe and sound" or "safety and soundness" is used in this framework, related expectations apply to the consolidated organization and the firm's critical operations and banking offices.
"Critical operations" are a firm's operations, including associated services, functions and support, the failure or discontinuance of which, in the view of the firm or the Federal Reserve, would pose a threat to the financial stability of the United States.
"Banking offices" are defined as U.S. depository institution subsidiaries, as well as the U.S. branches and agencies of foreign banking organizations.
52 ?"Financial strength and resilience" is defined as maintaining effective capital and liquidity governance and planning processes, and sufficiency of related positions, to provide for the continuity of the consolidated organization (including its critical operations and banking offices) through a range of conditions.
"Operational strength and resilience" is defined as maintaining effective governance and controls to provide for the continuity of the consolidated organization (including its critical operations and banking offices) and to promote compliance with laws and regulations, including those related to consumer protection, through a range of conditions.
References to "financial or operational" weaknesses or deficiencies implicate a firm's financial or operational strength and resilience.
53 ?Total consolidated assets will be calculated based on the average of the firm's total consolidated assets in the four most recent quarters as reported on the firm's quarterly financial reports filed with the Federal Reserve. A firm will continue to be rated under the LFI rating system until it has less than $95 billion in total consolidated assets, based on the average total consolidated assets as reported on the firm's four most recent quarterly financial reports filed with the Federal Reserve. As noted in the proposal, the Federal Reserve may determine to apply the RFI rating system or another applicable rating system in certain limited circumstances.
The LFI rating system is designed to:
• Fully align with the Federal Reserve's current supervisory programs and practices, which are based upon the LFI supervision framework's core objectives of reducing the probability of LFIs failing or experiencing material distress and reducing the risk to U.S. financial stability;
• Enhance the clarity and consistency of supervisory assessments and communications of supervisory findings and implications; and
• Provide transparency related to the supervisory consequences of a given rating.
The LFI rating system is comprised of three components:
• Capital Planning and Positions: An evaluation of (i) the effectiveness of a firm's governance and planning processes used to determine the amount of capital necessary to cover risks and exposures, and to support activities through a range of conditions and events; and (ii) the sufficiency of a firm's capital positions to comply with applicable regulatory requirements and to support the firm's ability to continue to serve as a financial intermediary through a range of conditions.
• Liquidity Risk Management and Positions: An evaluation of (i) the effectiveness of a firm's governance and risk management processes used to determine the amount of liquidity necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's liquidity positions to comply with applicable regulatory requirements and to support the firm's ongoing obligations through a range of conditions.
Governance and Controls: An evaluation of the effectiveness of a firm's (i) board of directors, 54 (ii) management of business lines and independent risk management and controls, 55 and (iii) recovery planning (only for domestic firms that are subject to the Board's Large Institution Supervision Coordinating Committee (LISCC) Framework). 56 This rating assesses a firm's effectiveness in aligning strategic business objectives with the firm's risk appetite and risk management capabilities; maintaining effective and independent risk management and control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise planning for the ongoing resiliency of the firm. 57
Footnotes:
54 ?References to "board" or "board of directors" in this framework includes the equivalent to a board of directors, as appropriate, as well as committees of the board of directors or the equivalent thereof, as appropriate.
At this time, recovery planning expectations only apply to domestic bank holding companies subject to the Federal Reserve's LISCC supervisory framework. Should the Federal Reserve expand the scope of recovery planning expectations to encompass additional firms, this rating will reflect such expectations for the broader set of firms.
55 ?The evaluation of the effectiveness of management of business lines would include management of critical operations.
56 ?There are eight domestic firms in the LISCC portfolio: (1) Bank of America Corporation; (2) Bank of New York Mellon Corporation; (3) Citigroup, Inc.; (4) Goldman Sachs Group, Inc.; (5) JP Morgan Chase & Co.; (6) Morgan Stanley; (7) State Street Corporation; and (8) Wells Fargo & Company. In this guidance, these eight firms may collectively be referred to as "domestic LISCC firms."
57 ?"Risk appetite" is defined as the aggregate level and types of risk the board and senior management are willing to assume to achieve the firm's strategic business objectives, consistent with applicable capital, liquidity, and other requirements and constraints.
B. Assignment of the LFI Component Ratings
Each LFI component rating is assigned along a four-level scale:
• Broadly Meets Expectations: A firm's practices and capabilities broadly meet supervisory expectations, and the firm possesses sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions. The firm may be subject to identified supervisory issues requiring corrective action. These issues are unlikely to present a threat to the firm's ability to maintain safe-and-sound operations through a range of conditions.
• Conditionally Meets Expectations: Certain, material financial or operational weaknesses in a firm's practices or capabilities may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business.
[top] The Federal Reserve does not intend for a firm to be assigned a "Conditionally Meets Expectations" rating for a prolonged period, and will
A firm is assigned a "Conditionally Meets Expectations" rating-as opposed to a "Deficient" rating-when it has the ability to resolve these issues through measures that do not require a material change to the firm's business model or financial profile, or its governance, risk management or internal control structures or practices. Failure to resolve the issues in a timely manner would most likely result in the firm's downgrade to a "Deficient" rating, since the inability to resolve the issues would indicate that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
It is recognized that completion and validation of remediation activities for select supervisory issues-such as those involving information technology modifications-may require an extended time horizon. In all instances, appropriate and effective risk mitigation techniques must be utilized in the interim to maintain safe-and-sound operations under a range of conditions until remediation activities are completed, validated, and fully operational.
• Deficient-1: Financial or operational deficiencies in a firm's practices or capabilities put the firm's prospects for remaining safe and sound through a range of conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require the firm to make a material change to its business model or financial profile, or its practices or capabilities.
A firm's failure to resolve the issues in a timely manner that gave rise to a "Conditionally Meets Expectations" rating would most likely result in its downgrade to a "Deficient" rating. A firm with a "Deficient-1" rating is required to take timely corrective action to correct financial or operational deficiencies and to restore and maintain its safety and soundness and compliance with laws and regulations, including those related to consumer protection. Firms with one or more "Deficient-1" component ratings may be subject to an informal or formal enforcement action, depending on particular facts and circumstances. Two or more component ratings of "Deficient-1" could be a barrier for a firm seeking Federal Reserve approval to engage in new or expansionary activities.
• Deficient-2: Financial or operational deficiencies in a firm's practices or capabilities present a threat to the firm's safety and soundness, or have already put the firm in an unsafe and unsound condition.
A firm with a "Deficient-2" rating is required to immediately implement comprehensive corrective measures, and demonstrate the sufficiency of contingency planning in the event of further deterioration. There is a strong presumption that a firm with a "Deficient-2" rating will be subject to a formal enforcement action, and the Federal Reserve would be unlikely to approve any proposal from a firm with this rating to engage in new or expansionary activities.
The Federal Reserve will take into account a number of individual elements of a firm's practices, capabilities and performance when making each component rating assignment. The weighting of an individual element in assigning a component rating will depend on its impact on the firm's safety, soundness and resilience as provided for in the LFI rating system definitions. For example, for purposes of the Governance and Controls rating, a limited number of significant deficiencies-or even just one significant deficiency-noted for management of a single material business line could be viewed as sufficiently important to warrant a "Deficient-1" for the Governance and Controls component rating, even if the firm meets supervisory expectations under the Governance and Controls component in all other respects.
Under the LFI rating system, a firm must be rated "Broadly Meets Expectations" or "Conditionally Meets Expectations" for each of the three component ratings (Capital, Liquidity, Governance and Controls), or rated "Deficient-1" in one component and "Broadly Meets Expectations" or "Conditionally Meets Expectations" ratings for each of the other two components, to be considered "well managed" in accordance with various statutes and regulations. 58 A firm rated "Deficient-1" for two or more rating components or "Deficient-2" for any rating component would not be considered "well managed," which would subject the firm to various consequences. The Federal Reserve would be unlikely to approve any proposal from a firm rated "Deficient-2" for any rating component to engage in new or expansionary activities. A firm rated "Deficient-1" for two or more rating component would not be considered "well managed," which would subject the firm to various consequences. Two or more "Deficient-1" ratings could be a barrier for a firm seeking Federal Reserve approval of a proposal to engage in new or expansionary activities, unless the firm can demonstrate that (i) it is making meaningful, sustained progress in resolving identified deficiencies and issues; (ii) the proposed new or expansionary activities would not present a risk of exacerbating current deficiencies or issues or lead to new concerns; and (iii) the proposed activities would not distract the firm from remediating current deficiencies or issues A "well managed" firm has sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions, including stressful ones.
Footnotes:
58 ???12 U.S.C. 1841 et seq. and 12 U.S.C. 1461 et seq. See, e.g., 12 CFR 225.4(b)(6), 225.14, 225.22(a), 225.23, 225.85, and 225.86; 12 CFR 211.9(b), 211.10(a)(14), and 211.34; and 12 CFR 223.41.
C. LFI Rating Components
The LFI rating system is comprised of three component ratings:? 59
Footnotes:
59 ??There may be instances where deficiencies or supervisory issues may be relevant to the Federal Reserve's assessment of more than one component area. As such, the LFI rating will reflect these deficiencies or issues within multiple rating components when necessary to provide a comprehensive supervisory assessment.
1. Capital Planning and Positions Component Rating
The Capital Planning and Positions component rating evaluates (i) the effectiveness of a firm's governance and planning processes used to determine the amount of capital necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's capital positions to comply with applicable regulatory requirements and to support the firm's ability to continue to serve as a financial intermediary through a range of conditions.
In developing this rating, the Federal Reserve evaluates:
• Capital Planning: The extent to which a firm maintains sound capital planning practices through effective governance and oversight; effective risk management and controls; maintenance of updated capital policies and contingency plans for addressing potential shortfalls; and incorporation of appropriately stressful conditions into capital planning and projections of capital positions; and
[top] • Capital Positions: The extent to which a firm's capital is sufficient to
Definitions for the Capital Planning and Positions Component Rating
Broadly Meets Expectations
A firm's capital planning and positions broadly meet supervisory expectations and support maintenance of safe-and-sound operations. Specifically:
• The firm is capable of producing sound assessments of capital adequacy through a range of conditions; and
• The firm's current and projected capital positions comply with regulatory requirements, and support its ability to absorb current and potential losses, to meet obligations, and to continue to serve as a financial intermediary through a range of conditions.
A firm rated "Broadly Meets Expectations" may be subject to identified supervisory issues requiring corrective action. However, these issues are unlikely to present a threat to the firm's ability to maintain safe-and-sound operations through a range of potentially stressful conditions.
A firm that does not meet the capital planning and position expectations associated with a "Broadly Meets Expectations" rating will be rated "Conditionally Meets Expectations," "Deficient-1," or "Deficient-2," and subject to potential consequences as outlined below.
Conditionally Meets Expectations
Certain, material financial or operational weaknesses in a firm's capital planning or positions may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business.
Specifically, if left unresolved, these weaknesses:
• May threaten the firm's ability to produce sound assessments of capital adequacy through a range of conditions; and/or
• May result in the firm's projected capital positions being insufficient to absorb potential losses, comply with regulatory requirements, and support the firm's ability to meet current and prospective obligations and to continue to serve as a financial intermediary through a range of conditions.
The Federal Reserve does not intend for a firm to be rated "Conditionally Meets Expectations" for a prolonged period. The firm has the ability to resolve these issues through measures that do not require a material change to the firm's business model or financial profile, or its governance, risk management, or internal control structures or practices. The Federal Reserve will work with the firm to develop an appropriate timeframe during which the firm would be required to resolve each supervisory issue leading to the "Conditionally Meets Expectations" rating.
The Federal Reserve will closely monitor the firm's remediation and mitigation activities; in most instances, the firm will either:
(i) Resolve the issues in a timely manner and, if no new material supervisory issues arise, be upgraded to a "Broadly Meets Expectations" rating because the firm's capital planning practices and related positions would broadly meet supervisory expectations; or
(ii) Fail to resolve the issues in a timely manner and be downgraded to a "Deficient-1" rating, because the inability to resolve the issues would indicate that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
It is possible that a firm may be close to completing resolution of the supervisory issues leading to the "Conditionally Meets Expectations" rating, but new issues are identified that, taken alone, would be consistent with a "Conditionally Meets Expectations" rating. In this event, the firm may continue to be rated "Conditionally Meets Expectations," provided the new issues do not reflect a pattern of deeper or prolonged capital planning or position weaknesses consistent with a "Deficient" rating.
A "Conditionally Meets Expectations" rating may be assigned to a firm that meets the above definition regardless of its prior rating. A firm previously rated "Deficient-1" may be upgraded to "Conditionally Meets Expectations" if the firm's remediation and mitigation activities are sufficiently advanced so that the firm's prospects for remaining safe and sound are no longer at significant risk, even if the firm has outstanding supervisory issues or is subject to an active enforcement action.
Deficient-1
Financial or operational deficiencies in a firm's capital planning or positions put the firm's prospects for remaining safe and sound through a range of conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require a material change to the firm's business model or financial profile, or its capital planning practices.
Specifically, although the firm's current condition is not considered to be materially threatened:
• Deficiencies in the firm's capital planning processes are not effectively mitigated. These deficiencies limit the firm's ability to effectively assess capital adequacy through a range of conditions; and/or
• The firm's projected capital positions may be insufficient to absorb potential losses and to support its ability to meet current and prospective obligations and serve as a financial intermediary through a range of conditions.
Supervisory issues that place the firm's safety and soundness at significant risk, and where resolution is likely to require steps that clearly go beyond the normal course of business-such as issues requiring a material change to the firm's business model or financial profile, or its governance, risk management or internal control structures or practices-would generally warrant assignment of a "Deficient-1" rating.
A "Deficient-1" rating may be assigned to a firm regardless of its prior rating. A firm previously rated "Broadly Meets Expectations" may be downgraded to "Deficient-1" when supervisory issues are identified that place the firm's prospects for maintaining safe-and-sound operations through a range of potentially stressful conditions at significant risk. A firm previously rated "Conditionally Meets Expectations" may be downgraded to "Deficient-1" when the firm's inability to resolve supervisory issues in a timely manner indicates that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
To address these financial or operational deficiencies, the firm is required to take timely corrective action to restore and maintain its capital planning and positions consistent with supervisory expectations.
Deficient-2
Financial or operational deficiencies in a firm's capital planning or positions present a threat to the firm's safety and soundness, or have already put the firm in an unsafe and unsound condition.
Specifically, as a result of these deficiencies:
[top] • The firm's capital planning processes are insufficient to effectively
• The firm's current or projected capital positions are insufficient to absorb current or potential losses, and to support the firm's ability to meet current and prospective obligations and serve as a financial intermediary through a range of conditions.
To address these deficiencies, the firm is required to immediately (i) implement comprehensive corrective measures sufficient to restore and maintain appropriate capital planning capabilities and adequate capital positions; and (ii) demonstrate the sufficiency, credibility and readiness of contingency planning in the event of further deterioration of the firm's financial or operational strength or resiliency. There is a strong presumption that a firm rated "Deficient-2" will be subject to a formal enforcement action by the Federal Reserve.
2. Liquidity Risk Management and Positions Component Rating
The Liquidity Risk Management and Positions component rating evaluates (i) the effectiveness of a firm's governance and risk management processes used to determine the amount of liquidity necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's liquidity positions to comply with applicable regulatory requirements and to support the firm's ongoing obligations through a range of conditions.
In developing this rating, the Federal Reserve evaluates:
• Liquidity Risk Management: The extent to which a firm maintains sound liquidity risk management practices through effective governance and oversight; effective risk management and controls; maintenance of updated liquidity policies and contingency plans for addressing potential shortfalls; and incorporation of appropriately stressful conditions into liquidity planning and projections of liquidity positions; and
• Liquidity Positions: The extent to which a firm's liquidity is sufficient to comply with regulatory requirements, and to support its ability to meet current and prospective obligations to depositors, creditors and other counterparties through a range of conditions.
Definitions for the Liquidity Risk Management and Positions Component Rating Broadly Meets Expectations
A firm's liquidity risk management and positions broadly meet supervisory expectations and support maintenance of safe-and-sound operations. Specifically:
• The firm is capable of producing sound assessments of liquidity adequacy through a range of conditions; and
• The firm's current and projected liquidity positions comply with regulatory requirements, and support its ability to meet current and prospective obligations and to continue to serve as a financial intermediary through a range of conditions.
A firm rated "Broadly Meets Expectations" may be subject to identified supervisory issues requiring corrective action. However, these issues are unlikely to present a threat to the firm's ability to maintain safe-and-sound operations through a range of potentially stressful conditions.
A firm that does not meet the liquidity risk management and position expectations associated with a "Broadly Meets Expectations" rating will be rated "Conditionally Meets Expectations," "Deficient-1," or "Deficient-2," and subject to potential consequences as outlined below.
Conditionally Meets Expectations
Certain, material financial or operational weaknesses in a firm's liquidity risk management or positions may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business.
Specifically, if left unresolved, these weaknesses:
• May threaten the firm's ability to produce sound assessments of liquidity adequacy through a range of conditions; and/or
• May result in the firm's projected liquidity positions being insufficient to comply with regulatory requirements, and support its ability to meet current and prospective obligations and to continue to serve as a financial intermediary through a range of conditions.
The Federal Reserve does not intend for a firm to be rated "Conditionally Meets Expectations" for a prolonged period. The firm has the ability to resolve these issues through measures that do not require a material change to the firm's business model or financial profile, or its governance, risk management or internal control structures or practices. The Federal Reserve will work with the firm to develop an appropriate timeframe during which the firm would be required to resolve each supervisory issue leading to the "Conditionally Meets Expectations" rating.
The Federal Reserve will closely monitor the firm's remediation and mitigation activities; in most instances, the firm will either:
(i) Resolve the issues in a timely manner and, if no new material supervisory issues arise, and be upgraded to a "Broadly Meets Expectations" rating because the firm's liquidity risk management practices and related positions would broadly meet supervisory expectations; or
(ii) Fail to resolve the issues in a timely manner and be downgraded to a "Deficient-1" rating, because the firm's inability to resolve those issues would indicate that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
It is possible that a firm may be close to completing resolution of the supervisory issues leading to the "Conditionally Meets Expectations" rating, but new issues are identified that, taken alone, would be consistent with a "Conditionally Meets Expectations" rating. In this event, the firm may continue to be rated "Conditionally Meets Expectations," provided the new issues do not reflect a pattern of deeper or prolonged capital planning or position weaknesses consistent with a "Deficient" rating.
A "Conditionally Meets Expectations" rating may be assigned to a firm that meets the above definition regardless of its prior rating. A firm previously rated "Deficient-1" may be upgraded to "Conditionally Meets Expectations" if the firm's remediation and mitigation activities are sufficiently advanced so that the firm's prospects for remaining safe and sound are no longer at significant risk, even if the firm has outstanding supervisory issues or is subject to an active enforcement action.
Deficient-1
Financial or operational deficiencies in a firm's liquidity risk management or positions put the firm's prospects for remaining safe and sound through a range of conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require a material change to the firm's business model or financial profile, or its liquidity risk management practices.
Specifically, although the firm's current condition is not considered to be materially threatened:
[top] • Deficiencies in the firm's liquidity risk management processes are not effectively mitigated. These deficiencies limit the firm's ability to effectively
• The firm's projected liquidity positions may be insufficient to support its ability to meet prospective obligations and serve as a financial intermediary through a range of conditions.
Supervisory issues that place the firm's safety and soundness at significant risk, and where resolution is likely to require steps that clearly go beyond the normal course of business-such as issues requiring a material change to the firm's business model or financial profile, or its governance, risk management or internal control structures or practices-would generally warrant assignment of a "Deficient-1" rating.
A "Deficient-1" rating may be assigned to a firm regardless of its prior rating. A firm previously rated "Broadly Meets Expectations" may be downgraded to "Deficient-1" when supervisory issues are identified that place the firm's prospects for maintaining safe-and-sound operations through a range of potentially stressful conditions at significant risk. A firm previously rated "Conditionally Meets Expectations" may be downgraded to "Deficient-1" when the firm's inability to resolve supervisory issues in a timely manner indicates that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
To address these financial or operational deficiencies, the firm is required to take timely corrective action to restore and maintain its liquidity risk management and positions consistent with supervisory expectations.
Deficient-2
Financial or operational deficiencies in a firm's liquidity risk management or positions present a threat to the firm's safety and soundness, or have already put the firm in an unsafe and unsound condition.
Specifically, as a result of these deficiencies:
• The firm's liquidity risk management processes are insufficient to effectively assess the firm's liquidity adequacy through a range of conditions; and/or
• The firm's current or projected liquidity positions are insufficient to support the firm's ability to meet current and prospective obligations and serve as a financial intermediary through a range of conditions.
To address these deficiencies, the firm is required to immediately (i) implement comprehensive corrective measures sufficient to restore and maintain appropriate liquidity risk management capabilities and adequate liquidity positions; and (ii) demonstrate the sufficiency, credibility and readiness of contingency planning in the event of further deterioration of the firm's financial or operational strength or resiliency.
3. Governance and Controls Component Rating
The Governance and Controls component rating evaluates the effectiveness of a firm's (i) board of directors, (ii) management of business lines and independent risk management and controls, and (iii) recovery planning (for domestic LISCC firms only). This rating assesses a firm's effectiveness in aligning strategic business objectives with the firm's risk appetite and risk management capabilities; maintaining effective and independent risk management and control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise providing for the ongoing resiliency of the firm.
In developing this rating, the Federal Reserve evaluates:
• Effectiveness of the Board of Directors: The extent to which the board exhibits attributes that are consistent with those of effective boards in carrying out its core roles and responsibilities, including: (i) Setting a clear, aligned, and consistent direction regarding the firm's strategy and risk appetite; (ii) directing senior management regarding the board's information; (iii) overseeing and holding senior management accountable, (iv) supporting the independence and stature of independent risk management and internal audit; and (v) maintaining a capable board composition and governance structure.
• Management of Business Lines and Independent Risk Management and Controls
The extent to which:
? Senior management effectively and prudently manages the day-to-day operations of the firm and provides for ongoing resiliency; implements the firm's strategy and risk appetite; maintains an effective risk management framework and system of internal controls; and promotes prudent risk taking behaviors and business practices, including compliance with laws and regulations, including those related to consumer protection.
? Business line management executes business line activities consistent with the firm's strategy and risk appetite; identifies and manages risks; and ensures an effective system of internal controls for its operations.
? Independent risk management effectively evaluates whether the firm's risk appetite appropriately captures material risks and is consistent with the firm's risk management capacity; establishes and monitors risk limits that are consistent with the firm's risk appetite; identifies and measures the firm's risks; and aggregates, assesses and reports on the firm's risk profile and positions. Additionally, the firm demonstrates that its internal controls are appropriate and tested for effectiveness. Finally, internal audit effectively and independently assesses the firm's risk management framework and internal control systems, and reports findings to senior management and the firm's audit committee.
• Recovery Planning (domestic LISCC firms only): The extent to which recovery planning processes effectively identify options that provide a reasonable chance of a firm being able to remedy financial weakness and restore market confidence without extraordinary official sector support.
Definitions for the Governance and Controls Component Rating Broadly Meets Expectations
A firm's governance and controls broadly meet supervisory expectations and support maintenance of safe-and-sound operations. Specifically, the firm's practices and capabilities are sufficient to align strategic business objectives with its risk appetite and risk management capabilities, 60 maintain effective and independent risk management and control functions, including internal audit; promote compliance with laws and regulations (including those related to consumer protection); and otherwise provide for the firm's ongoing financial and operational resiliency through a range of conditions.
Footnotes:
60 ?References to risk management capabilities includes risk management of business lines and independent risk management and control functions, including internal audit.
A firm rated "Broadly Meets Expectations" may be subject to identified supervisory issues requiring corrective action. However, these issues are unlikely to present a threat to the firm's ability to maintain safe-and-sound operations through a range of potentially stressful conditions.
[top] A firm that does not meet supervisory expectations associated with a "Broadly Meets Expectations" rating will be rated "Conditionally Meets Expectations," "Deficient-1," or "Deficient-2," and subject to potential consequences, as outlined below.
Conditionally Meets Expectations
Certain, material financial or operational weaknesses in a firm's governance and controls practices may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business. Specifically, if left unresolved, these weaknesses may threaten the firm's ability to align strategic business objectives with the firm's risk appetite and risk management capabilities; maintain effective and independent risk management and control functions, including internal audit; promote compliance with laws and regulations (including those related to consumer protection); or otherwise provide for the firm's ongoing resiliency through a range of conditions.
The Federal Reserve does not intend for a firm to be rated "Conditionally Meets Expectations" for a prolonged period. The firm has the ability to resolve these issues through measures that do not require a material change to the firm's business model or financial profile, or its governance, risk management or internal control structures or practices. The Federal Reserve will work with the firm to develop an appropriate timeframe during which the firm would be required to resolve each supervisory issue leading to the "Conditionally Meets Expectations" rating.
The Federal Reserve will closely monitor the firm's remediation and mitigation activities; in most instances, the firm will either:
(i) Resolve the issues in a timely manner and, if no new material supervisory issues arise, and be upgraded to a "Broadly Meets Expectations" rating because the firm's governance and controls would broadly meet supervisory expectations; or
(ii) Fail to resolve the issues in a timely manner and be downgraded to a "Deficient-1" rating, because the firm's inability to resolve those issues would indicate that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
It is possible that a firm may be close to completing resolution of the supervisory issues leading to the "Conditionally Meets Expectations" rating, but new issues are identified that, taken alone, would be consistent with a "Conditionally Meets Expectations" rating. In this event, the firm may continue to be rated "Conditionally Meets Expectations," provided the new issues do not reflect a pattern of deeper or prolonged capital planning or position weaknesses consistent with a "Deficient" rating.
A "Conditionally Meets Expectations" rating may be assigned to a firm that meets the above definition regardless of its prior rating. A firm previously rated "Deficient" may be upgraded to "Conditionally Meets Expectations" if the firm's remediation and mitigation activities are sufficiently advanced so that the firm's prospects for remaining safe and sound are no longer at significant risk, even if the firm has outstanding supervisory issues or is subject to an active enforcement action.
Deficient-1
Financial or operational deficiencies in a firm's governance and controls put the firm's prospects for remaining safe and sound through a range of conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require a material change to the firm's business model or financial profile, or its governance, risk management or internal control structures or practices.
Specifically, although the firm's current condition is not considered to be materially threatened, these deficiencies limit the firm's ability to align strategic business objectives with its risk appetite and risk management capabilities; maintain effective and independent risk management and control functions, including internal audit; promote compliance with laws and regulations (including those related to consumer protection); or otherwise provide for the firm's ongoing resiliency through a range of conditions.
A "Deficient-1" rating may be assigned to a firm regardless of its prior rating. A firm previously rated "Broadly Meets Expectations" may be downgraded to "Deficient-1" when supervisory issues are identified that place the firm's prospects for maintaining safe-and-sound operations through a range of potentially stressful conditions at significant risk. A firm previously rated "Conditionally Meets Expectations" may be downgraded to "Deficient-1" when the firm's inability to resolve supervisory issues in a timely manner indicates that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
To address these financial or operational deficiencies, the firm is required to take timely corrective action to restore and maintain its governance and controls consistent with supervisory expectations.
Deficient-2
Financial or operational deficiencies in governance or controls present a threat to the firm's safety and soundness, or have already put the firm in an unsafe and unsound condition. Specifically, as a result of these deficiencies, the firm is unable to align strategic business objectives with its risk appetite and risk management capabilities; maintain effective and independent risk management and control functions, including internal audit; promote compliance with laws and regulations (including those related to consumer protection); or otherwise provide for the firm's ongoing resiliency.
To address these deficiencies, the firm is required to immediately (i) implement comprehensive corrective measures sufficient to restore and maintain appropriate governance and control capabilities; and (ii) demonstrate the sufficiency, credibility, and readiness of contingency planning in the event of further deterioration of the firm's financial or operational strength or resiliency.
Appendix B-Text of Proposed Insurance Supervisory Framework
Framework for the Supervision of Insurance Organizations
This framework describes the Federal Reserve's approach to consolidated supervision of supervised insurance organizations. 61 The framework is designed specifically to account for the unique risks and business profiles of these firms resulting mainly from their insurance business. The framework consists of a risk-based approach to establishing supervisory expectations, assigning supervisory resources, and conducting supervisory activities; a supervisory rating system; and a description of how Federal Reserve examiners work with the state insurance regulators to limit supervisory duplication.
Footnotes:
61 ?In this framework, a "supervised insurance organization" is a depository institution holding company that is an insurance underwriting company, or that has over 25 percent of its consolidated assets held by insurance underwriting subsidiaries, or has been otherwise designated as a supervised insurance organization by Federal Reserve staff.
A. Proportionality-Supervisory Activities and Expectations
[top] Consistent with the Federal Reserve's approach to risk-based supervision, supervisory guidance is applied, and supervisory activities are conducted, in
1. Complexity Classification and Supervised Activities
The Federal Reserve classifies each supervised insurance organization as either complex or noncomplex based on its risk profile. The classification serves as the basis for determining the level of supervisory resources dedicated to each firm, as well as the frequency and intensity of supervisory activities.
Complex
Complex firms have a higher level of risk and therefore require more supervisory attention and resources. Federal Reserve dedicated supervisory teams are assigned to execute approved supervisory plans led by a dedicated Central Point of Contact. The activities listed in the supervisory plans focus on understanding any risks that could threaten the safety and soundness of the consolidated organization or a firm's ability to act as a source of strength for its subsidiary depository institution(s). These activities typically include continuous monitoring, targeted topical examinations, coordinated reviews, and an annual roll-up assessment resulting in ratings for the three rating components. The relevance of certain supervisory guidance may vary among complex firms based on each firm's risk profile. Supervisory guidance targeted at smaller depository institution holding companies, for example, may be more relevant for complex supervised insurance organizations with limited inherent exposure to a certain risk.
Noncomplex
Noncomplex firms, due to their lower risk profile, require less supervisory oversight relative to complex firms. The supervisory activities for these firms occur primarily during a rating examination that occurs no less often than every other year and results in the three component ratings. The supervision of noncomplex firms relies more heavily on the reports and assessments of a firm's other relevant supervisors, although these firms may also be subject to continuous monitoring, targeted topical examinations, and coordinated reviews as appropriate. The focus and types of supervisory activities for noncom plex firms are also set based on the risks of each firm.
Factors considered when classifying a supervised insurance organization as either complex or noncom plex include the absolute and relative size of its depository institution(s), its current supervisory and regulatory oversight (ratings and opinions of its supervisors, and the nature and extent of any unregulated and/or unsupervised activities), the breadth and nature of product and portfolio risks, the nature of its organizational structure, its quality and level of capital and liquidity, the materiality of any international exposure, and its interconnectedness with the broader financial system.
For supervised insurance organizations that are commencing Federal Reserve supervision, the classification as complex or noncomplex is done and communicated during the application phase after initial discussions with the firm. The firm's risk profile, including the characteristics listed above, are evaluated by staff of the Board and relevant Reserve Bank before the complexity classification is assigned by Board staff. Large, well-established, and financially strong supervised insurance organizations with relatively small depository institutions can be classified as noncomplex if, in the opinion of Board staff, the corresponding level of supervisory oversight is sufficient to accomplish its objectives. Although the risk profile is the primary basis for assigning a classification, a firm is automatically classified as complex if its depository institution's average assets exceed $100 billion. A firm may request that the Federal Reserve review its complexity classification if it has experienced a significant change to its risk profile.
The focus, frequency, and intensity of supervisory activities are based on a risk assessment of the firm completed periodically by the supervisory team and will vary among firms within the same complexity classification. For each risk described in the Supervisory Expectations section below, the supervisory team assesses the firm's inherent risks and its residual risk after considering the effectiveness of its management of the risk. The risk assessment and the supervisory activities that follow from it take into account the assessments made by and work performed by the firm's other regulators. In certain instances, Federal Reserve examiners may be able to rely on a firm's internal audit (if it is rated effective) or internal control functions in developing the risk assessment.
2. Supervisory Expectations
Supervised insurance organizations are required to operate in a safe and sound manner, to comply with all applicable laws and regulations, and to possess sufficient financial and operational strength to serve as a source of strength for their depository institution(s) through range of stressful yet plausible conditions. The governance and risk management practices necessary to accomplish these objectives will vary based on a firm's specific risk profile, size, and complexity. Guidance describing supervisory expectations for safe and sound practices can be found in Supervision & Regulation (SR) letters published by the Board and other supervisory material. Supervisory guidance most relevant to a specific supervised insurance organization is driven by the risk profile of the firm. Federal Reserve examiners periodically reassess the firm's risk profile and inform the firm if different supervisory guidance becomes more relevant as a result of a material change to its risk profile.
Most supervisory guidance issued by the Board is intended specifically for institutions that are primarily engaged in banking activities. Examples of specific practices provided in these materials may differ from (or not be applicable to) the nonbanking operations of supervised insurance organizations, including for insurance operations. The Board recognizes that practices in nonbanking business lines can be different than those published in supervisory guidance without being considered unsafe or unsound. When making their assessment, Federal Reserve examiners work with supervised insurance organizations and other involved regulators, including state insurance regulators, to appropriately assess practices that may be different than those typically observed for banking operations.
[top] This section describes general safety and soundness expectations and how the Board has adapted its supervisory expectations to reflect the special characteristics of a supervised insurance organization. The section is organized
Governance and Controls
The Governance and Controls component rating is derived from an assessment of the effectiveness of a firm's (1) board and senior management, and (2) independent risk management and controls. All firms are expected to align their strategic business objectives with their risk appetite and risk management capabilities; maintain effective and independent risk management and control functions including internal audit; promote compliance with laws and regulations; and remain a source of financial and managerial strength for their depository institution(s).
When assessing governance and controls, Federal Reserve examiners consider a firm's risk management capabilities relative to its risk exposure within the following areas: internal audit, credit risk, legal and compliance risk, market risk, model risk, and operational risk, including cybersecurity/information technology and third-party risk.
Governance & Controls Expectations
• Despite differences in their business models and the products offered, insurance companies and banks are expected to have effective and sustainable systems of governance and controls to manage their respective risks. The governance and controls framework for a supervised insurance organization should:
? Clearly define roles and responsibilities throughout the organization;
? Include policies and procedures, limits, requirements for documenting decisions, and decision-making and accountability chains of command; and
? Provide timely information about risk and corrective action for non-compliance or weak oversight, controls, and management.
• The Board expects the sophistication of the governance and controls framework to be commensurate with the size, complexity, and risk profile of the firm. As such, governance and controls expectations for complex firms will be higher than that for noncom plex firms but will also vary based on each firm's risk profile.
• The Board expects supervised insurance organizations to have a risk management and control framework that is commensurate with its structure, risk profile, complexity, activities, and size. For any chosen structure, the firm's board is expected to have the capacity, expertise, and sufficient information to discharge risk oversight and governance responsibilities in a safe and sound manner.
In assigning a rating for the Governance and Controls component, Federal Reserve examiners evaluate:
Board and Senior Management Effectiveness
• The firm's board is expected to exhibit certain attributes consistent with effectiveness, including: (i) setting a clear, aligned, and consistent direction regarding the firm's strategy and risk appetite; (ii) directing senior management regarding board reporting; (iii) overseeing and holding senior management accountable; (iv) supporting the independence and stature of independent risk management and internal audit; and (v) maintaining a capable board and an effective governance structure. As the consolidated supervisor, the Board focuses on the board of the supervised insurance organization and its committees. Complex firms are expected to take into consideration the Board's guidance on board of directors' effectiveness. 62 In assessing the effectiveness of a firm's senior management, Federal Reserve examiners consider the extent to which senior management effectively and prudently manages the day-to-day operations of the firm and provides for ongoing resiliency; implements the firm's strategy and risk appetite; identifies and manages risks; maintains an effective risk management framework and system of internal controls; and promotes prudent risk taking behaviors and business practices, including compliance with laws and regulations such as those related to consumer protection and the Bank Secrecy Act/Anti-Money Laundering and Office of Foreign Assets Control (BSA/AML and OFAC). Federal Reserve examiners evaluate how the framework allows management to be responsible for and manage all risk types, including emerging risks, within the business lines. Examiners rely to the fullest extent possible on insurance and banking supervisors' examination reports and information concerning risk and management in specific lines of business, including relying specifically on state insurance regulators to evaluate and assess how firms manage the pricing, underwriting, and reserving risk of their insurance operations.
Footnotes:
62 ? See SR letter 21-3, "Supervisory Guidance on Board of Directors' Effectiveness."
Independent Risk Management and Controls
• In assessing a firm's independent risk management and controls, Federal Reserve examiners consider the extent to which independent risk management effectively evaluates whether the firm's risk appetite framework identifies and measures all of the firm's material risks; establishes appropriate risk limits; and aggregates, assesses and reports on the firm's risk profile and positions. Additionally, the firm is expected to demonstrate that its internal controls are appropriate and tested for effectiveness and sustainability.
• Internal Audit is an integral part of a supervised insurance organization's internal control system and risk management structure. An effective internal audit function plays an essential role by providing an independent risk assessment and objective evaluation of all key governance, risk management, and internal control processes. Internal audit is expected to effectively and independently assess the firm's risk management framework and internal control systems, and report findings to senior management and to the firm's audit committee. Despite differences in business models, the Board expects the largest, most complex supervised insurance organizations to have internal audit practices in place that are similar to those at banking organizations and as such, no modification to existing guidance is required for these firms. 63 At the same time, the Board recognizes that firms should have an internal audit function that is appropriate to their size, nature, and scope of activities. Therefore, for noncomplex firms, Federal Reserve examiners will consider the expectations in the insurance company's domicile state's Annual Financial Reporting Regulation (NAIC Model Audit Rule 205), or similar state regulation, to assess the effectiveness of a firm's internal audit function.
Footnotes:
63 ?Regulatory guidance provided in SR letter 03-5, "Amended Interagency Guidance on the Internal Audit Function and its Outsourcing" and SR letter 13-1, "Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing" are applicable to complex supervised insurance organizations.
The principles of sound risk management described in the previous sections apply to the entire spectrum of risk management activities of a supervised insurance organization, including but not limited to:
[top] • Credit risk arises from the possibility that a borrower or counterparty will fail to perform on an obligation. Fixed income securities, by far the largest asset class held by many
• Market risk arises from exposures to losses as a result of underlying changes in, for example, interest rates, equity prices, foreign exchange rates, commodity prices, or real estate prices. Federal Reserve examiners scope examination work based on a firm's level of inherent market risk exposure, which is normally driven by the primary business line(s) in which the firm is engaged as well as the structure of the investment portfolio. A firm may be exposed to inherent market risk due to its investment portfolio or as result of its product offerings, including variable and indexed life insurance and annuity products, or asset/wealth management business. While interest rate risk (IRR), a category of market risk, differs between insurance companies and banking organizations, the degree of IRR also differs based on the type of insurance products the firm offers. IRR is generally a small risk for U.S. property/casualty (P/C) whereas it can be a significant risk factor for life insurers with certain life and annuity products that are spread-based, longer in duration, may include embedded product guarantees, and can pose disintermediation risk. Equity market risk can be significant for life insurers that issue guarantees tied to equity markets, like variable annuity living benefits, and for P/C insurers with large common equity allocations in their investment portfolios. Generally foreign exchange and commodity risk is low for supervised insurance organizations but could be material for some complex firms. Firms are expected to have sound risk management infrastructure that adequately identifies, measures, monitors, and controls any material or significant forms of market risks to which it is exposed.
• Model risk is the potential for adverse consequences from decisions based on incorrect or misused model outputs and reports. Model risk can lead to financial loss, poor business and strategic decision-making, or damage to a firm's reputation. Supervised insurance organizations are often heavily reliant on models for product pricing and reserving, risk and capital management strategic planning and other decision-making purposes. A sound model risk management framework helps manage this risk. 64 Federal Reserve examiners take into account the firm's size, nature, and complexity, as well as the extent of use and sophistication of its models when assessing its model risk management program. Examiners focus on the governance framework, policies and controls, and enterprise model risk management through a holistic evaluation of the firm's practices. The Federal Reserve's review of a firm's model risk management program complements the work of the firm's other relevant supervisors. A sound model risk management framework includes three main elements: (1) an accurate model inventory and an appropriate approach to model development, implementation, and use; (2) effective model validation and continuous model performance monitoring; and (3) a strong governance framework that provides explicit support and structure for model risk management through policies defining relevant activities, procedures that implement those policies, allocation of resources, and mechanisms for evaluating whether policies and procedures are being carried out as specified, including internal audit review. The Federal Reserve relies on work already conducted by other relevant supervisors and appropriately collaborates with state insurance regulators on their findings related to insurance models. With respect to insurance models, the Federal Reserve recognizes the important role played by actuaries as described in actuarial standards of practice on model risk management. With respect to the business of insurance, Federal Reserve examiners focus on the firm's adherence to its own policies and procedures and the comprehensiveness of model validation rather than technical specifications such as the appropriateness of the model, its assumptions, or output. Federal Reserve examiners may request that firms provide model documentation or model validation reports for insurance and bank models when performing transaction testing.
Footnotes:
64 ?SR letter 11-7, "Guidance on Model Risk Management" is applicable to all supervised insurance organizations.
• Legal risk arises from the potential that unenforceable contracts, lawsuits, or adverse judgments can disrupt or otherwise negatively affect the operations or financial condition of a supervised insurance organization.
[top] • Compliance risk is the risk of regulatory sanctions, fines, penalties, or losses resulting from failure to comply with laws, rules, regulations, or other supervisory requirements applicable to a firm. By offering multiple financial service products that may include insurance, annuity, banking, services provided by securities broker-dealers, and asset and wealth management products, provided through a diverse distribution network, supervised insurance organizations are inherently exposed to a significant amount of legal and compliance risk. As the consolidated supervisor, the Board expects firms to have an enterprise-wide legal and compliance risk management program that covers all business lines, legal entities, and jurisdictions of operation. Firms are expected to have compliance risk management governance, oversight, monitoring, testing, and reporting commensurate with their size and complexity, and to ensure compliance with all applicable laws and regulations. The principles-based guidance in existing SR letters related to legal and compliance risk is applicable to supervised insurance
Footnotes:
65 ?SR letter 08-8, "Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliance Profiles" is applicable to complex supervised insurance organizations. For noncomplex firms, the Federal Reserve will assess legal and compliance risk management based on the guidance in SR letter 16-11, "Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $100 Billion."
? Money laundering, terrorist financing and other illicit financial activity risk is the risk of providing criminals access to the legitimate financial system and thereby being used to facilitate financial crime. This financial crime includes laundering criminal proceeds, financing terrorism, and conducting other illegal activities. Money laundering and terrorist financing risk is associated with a financial institution's products, services, customers, and geographic locations. This and other illicit financial activity risks can impact a firm across business lines, legal entities, and jurisdictions. A reasonably designed compliance program generally includes a structure and oversight that mitigates these risks and supports regulatory compliance with both BSA/AML OFAC requirements. Although OFAC regulations are not part of the BSA, OFAC compliance programs are frequently assessed in conjunction with BSA/AML. Supervised insurance organizations are not defined as financial institutions under the BSA and, therefore, are not required to have an AML program, unless the firm is directly selling certain insurance products. However, certain subsidiaries and affiliates of supervised insurance organizations, such as insurance companies and banks, are defined as financial institutions under 31 U.S.C. 5312(a)(2) and must develop and implement a written BSA/AML compliance program as well as comply with other BSA regulatory requirements. Unlike banks, insurance companies' BSA/AML obligations are limited to certain products, referred to as covered insurance products. 66 The volume of covered products, which the Financial Crimes Enforcement Network (FinCEN) has determined to be of higher risk, is an important driver of supervisory focus. In addition, as U.S. persons, all supervised insurance organizations (including their subsidiaries and affiliates) are subject to OFAC regulations. Federal Reserve examiners assess all material risks that each firm faces, extending to whether business activities across the consolidated organization, including within its individual subsidiaries or affiliates, comply with the legal requirements of BSA and OFAC regulations. In keeping with the principles of a risk-based framework and proportionality, Federal Reserve supervision for BSA/AML and OFAC primarily focuses on oversight of compliance programs at a consolidated level and relies on work by other relevant supervisors to the fullest extent possible. In the evaluation of a firm's risks and BSA/AML and OFAC compliance program, however, it may be necessary for examiners to review compliance with BSA/AML and OFAC requirements at individual subsidiaries or affiliates in order to fully assess the material risks of the supervised insurance organization.
Footnotes:
66 ?"Covered products" means: a permanent life insurance policy, other than a group life insurance policy; an annuity contract, other than a group annuity contract; or any other insurance product with features of cash value or investment. 31 CFR 1025.100(b). "Permanent life insurance policy" means an agreement that contains a cash value or investment element and that obligates the insurer to indemnify or to confer a benefit upon the insured or beneficiary to the agreement contingent upon the death of the insured. 31 CFR 1025.100(h). "Annuity contract" means any agreement between the insurer and the contract owner whereby the insurer promises to pay out a fixed or variable income stream for a period of time. 31 CFR 1025.100(a).
• Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. Operational resilience is the ability to maintain operations, including critical operations and core business lines, through a disruption from any hazard. It is the outcome of effective operational risk management combined with sufficient financial and operational resources to prepare, adapt, withstand, and recover from disruptions. A firm that operates in a safe and sound manner is able to identify threats, respond and adapt to incidents, and recover and learn from such threats and incidents so that it can prioritize and maintain critical operations and core business lines, along with other operations, services and functions identified by the firm, through a disruption.
? Cybersecurity/information technology risks are a subset of operational risk and arise from operations of a firm requiring a strong and robust internal control system and risk management oversight structure. Information Technology (IT) and Cybersecurity (Cyber) functions are especially critical to a firm's operations. Examiners of financial institutions, including supervised insurance organizations, utilize the detailed guidance on mitigating these risks in the Federal Financial Institutions Examination Council's (FFIEC) IT Handbooks. In assessing IT/Cyber risks, Federal Reserve examiners assess each firm's:
Board and senior management for effective oversight and support of IT management;
Information/cyber security program for strong board and senior management support, integration of security activities and controls through business processes, and establishment of clear accountability for security responsibilities;
IT operations for sufficient personnel, system capacity and availability, and storage capacity adequacy to achieve strategic objectives and appropriate solutions;
Development and acquisition processes' ability to identify, acquire, develop, install, and maintain effective IT to support business operations; and
Appropriate business continuity management processes to effectively oversee and implement resilience, continuity, and response capabilities to safeguard employees, customers, assets, products, and services.
Complex and noncomplex firms are assessed in these areas. All supervised insurance organizations are required to notify the Federal Reserve of any computer-security notification incidents. 67
Footnotes:
67 ?SR letter 22-4, "Contact Information in Relation to Computer-Security Incident Notification Requirements" applies to all supervised insurance organizations.
[top] ? Third party risk is also a subset of operational risk and arises from a firm's use of service providers to perform operational or service functions. These risks may be inherent to the outsourced activity or be introduced with the involvement of the service provider. When assessing effective third party risk management, Federal Reserve examiners evaluate eight areas: (1) third party risk management governance, (2) risk assessment framework, (3) due diligence in the selection of a service provider, (4) a review of any incentive compensation embedded in a service provider contract, (5) management of any contract or legal issues arising from third party agreements, (6) ongoing monitoring and reporting of third parties, (7) business continuity and
Footnotes:
68 ?SR letter 13-19, "Guidance on Managing Outsourcing Risk" applies to all supervised insurance organizations.
Capital Management
The Capital Management rating is derived from an assessment of a firm's current and stressed level of capitalization, and the quality of its capital planning and internal stress testing. A capital management program should be commensurate with a supervised insurance organization's complexity and risk profile. In assigning this rating, the Federal Reserve examiners evaluate the extent to which a firm maintains sound capital planning practices through effective governance and oversight, effective risk management and controls, maintenance of updated capital policies and contingency plans for addressing potential shortfalls, and incorporation of appropriately stressful conditions into capital planning and projections of capital positions. The extent to which a firm's capital is sufficient to comply with regulatory requirements, to support the firm's ability to meet its obligations, and to enable the firm to remain a source of strength to its depository institution(s) in a range of stressful, but plausible, economic and financial environments is also evaluated.
Insurance company balance sheets are typically quite different from those of most banking organizations. For life insurance companies, investment strategies may focus on cash flow matching to reduce interest rate risk and provide liquidity to support their liabilities, while for traditional banks, deposits (liabilities) are attracted to support investment strategies.
Additionally, for insurers, capital provides a buffer for policyholder claims and creditor obligations, helping the firm absorb adverse deviations in expected claims experience, and other drivers of economic loss. The Board recognizes that the capital needs for insurance activities are materially different from those of banking activities and can be different between life and property and casualty insurers. Insurers may also face capital fungibility constraints not faced by banking organizations.
In assessing a supervised insurance organization's capital management, the Federal Reserve relies to the fullest extent possible on information provided by state insurance regulators, including the firm's own risk and solvency assessment (ORSA) and the state insurance regulator's written assessment of the ORSA. An ORSA is an internal process undertaken by an insurance group to assess the adequacy of its risk management and current and prospective capital position under normal and stress scenarios. As part of the ORSA, insurance groups are required to analyze all reasonably foreseeable and relevant material risks that could have an impact on their ability to meet obligations.
The Board expects supervised insurance organizations to have sound governance over their capital planning process. A firm should establish capital goals that are approved by the board of directors, and that reflect the potential impact of legal and/or regulatory restrictions on the transfer of capital between legal entities. In general, senior management should establish the capital planning process, which should be reviewed and approved periodically by the board. The board should require senior management to provide clear, accurate, and timely information on the firm's material risks and exposures to inform board decisions on capital adequacy and actions. The capital planning process should clearly reflect the difference between the risk profiles and associated capital needs of the insurance and banking businesses.
A firm should have a risk management framework that appropriately identifies, measures, and assesses material risks and provides a strong foundation for capital planning. This framework should be supported by comprehensive policies and procedures, clear and well established roles and responsibilities, strong internal controls, and effective reporting to senior management and the board. In addition, the risk management framework should be built upon sound management information systems.
As part of capital management, a firm should have a sound internal control framework that helps ensure that all aspects of the capital planning process are functioning as designed and result in an accurate assessment of the firm's capital needs. The internal control framework should be independently evaluated periodically by the firm's internal audit function.
The governance and oversight framework should include an assessment of the principles and guidelines used for capital planning, issuance, and usage, including internal post-stress capital goals and targeted capital levels; guidelines for dividend payments and stock repurchases; strategies for addressing capital shortfalls; and internal governance responsibilities and procedures for the capital policy. The capital policy should reflect the capital needs of the insurance and banking businesses based on their risks, be approved by the firm's board of directors or a designated committee of the board, and be re-evaluated periodically and revised as necessary.
A strong capital management program will incorporate appropriately stressful conditions and events that could adversely affect the firm's capital adequacy and capital planning. As part of its capital plan, a firm should use at least one scenario that stresses the specific vulnerabilities of the firm's activities and associated risks, including those related to the firm's insurance activities and its banking activities.
Supervised insurance organizations should employ estimation approaches to project the impact on capital positions of various types of stressful conditions and events, and that are independently validated. A firm should estimate losses, revenues, expenses, and capital using sound methods that incorporate macroeconomic and other risk drivers. The robustness of a firm's capital stress testing processes should be commensurate with its risk profile.
Liquidity Management
The Liquidity Management rating is derived from an assessment of the supervised insurance organization's liquidity position and the quality of its liquidity risk management program. Each firm's liquidity risk management program should be commensurate with its complexity and risk profile.
The Board recognizes that supervised insurance organizations are typically less exposed to traditional liquidity risk than banking organizations. Instead of cash outflows being mainly the result of discretionary withdrawals, cash outflows for many insurance products only result from the occurrence of an insured event. Insurance products, like annuities, that are potentially exposed to call risk generally have product features ( i.e., surrender charges, market value surrenders, tax treatment, etc.) that help mitigate liquidity risk.
[top] Federal Reserve examiners tailor the application of existing supervisory guidance on liquidity risk management to reflect the liquidity characteristics of supervised insurance organizations. 69 For example, guidance on intra-day liquidity management would only be applicable for supervised insurance organizations with material intra-day
Footnotes:
69 ?See SR letter 10-6, "Interagency Policy Statement on Funding and Liquidity Risk Management."
The scope of the Federal Reserve's supervisory activities on liquidity risk is influenced by each firm's individual risk profile. Traditional property and casualty insurance products are typically short duration liabilities backed by short-duration, liquid assets. Because of this, they typically present lower liquidity risk than traditional banking activities. However, some nontraditional life insurance and retirement products create liquidity risk through features that allow payments at the request of policyholders without the occurrence of an insured event. Risks of certain other insurance products are often mitigated using derivatives. Any differences between collateral requirements related to hedging and the related liability cash flows can also create liquidity risk. The Board expects firms significantly engaged in these types of insurance activities to have correspondingly more sophisticated liquidity risk management programs.
A strong liquidity risk management program includes cash flow forecasting with appropriate granularity. The firm's suite of quantitative metrics should effectively inform senior management and the board of directors of the firm's liquidity risk profile and identify liquidity events or stresses that could detrimentally affect the firm. The metrics used to measure a firm's liquidity position may vary by type of business.
Federal Reserve examiners rely to the fullest extent possible on each firm's ORSA, which requires all firms to include a discussion of the risk management framework and assessment of material risks, including liquidity risk.
Supervised insurance organizations are expected to perform liquidity stress testing at least annually and more frequently, if necessary, based on their risk profile. The scenarios used should reflect the firm's specific risk profile and include both idiosyncratic and system-wide stress events. Stress testing should inform the firm on the amount of liquid assets necessary to meet net cash outflows over relevant time periods, including at least a one-year time horizon. Firms should hold a liquidity buffer comprised of highly liquid assets to meet stressed net cash outflows. The liquidity buffer should be measured using appropriate haircuts based on asset quality, duration, and expected market illiquidity based on the stress scenario assumptions. Stress testing should reflect the expected impact on collateral requirements. For material life insurance operations, Federal Reserve examiners will rely to the greatest extent possible on information submitted by the firm to comply with the National Association of Insurance Commissioners' (NAIC) liquidity stress test framework.
The fungibility of sources of liquidity is often limited between an insurance group's legal entities. Large insurance groups can operate with a significant number of legal entities and many different regulatory and operational barriers to transferring funds among them. Regulations designed to protect policyholders of insurance operating companies can limit the transferability of funds from an insurance company to other legal entities within the group, including to other insurance operating companies. Supervised insurance organizations should carefully consider these limitations in their stress testing and liquidity risk management framework. Effective liquidity stress testing should include stress testing at the legal entity level with consideration for intercompany liquidity fungibility. Furthermore, the firm should be able to measure and provide an assessment of liquidity at the top-tier depository institution holding company in a manner that incorporates fungibility constraints.
The enterprise-wide governance and oversight framework should be consistent with the firm's liquidity risk profile and include policies and procedures on liquidity risk management. The firm's policies and procedures should describe its liquidity risk reporting, stress testing, and contingency funding plan.
B. Supervisory Ratings
Supervised insurance organizations are expected to operate in a safe and sound manner, to comply with all applicable laws and regulations, and to possess sufficient financial and operational strength to serve as a source of strength for their depository institution(s) through a range of stressful yet plausible conditions. Supervisory ratings and supervisory findings are used to communicate the assessment of a firm. Federal Reserve examiners periodically assign one of four ratings to each of the three rating components used to assess supervised insurance organizations. The rating components are Capital Management, Liquidity Management, and Governance & Controls. The four potential ratings are Broadly Meets Expectations, Conditionally Meets Expectations, Deficient-1, and Deficient-2. To be considered "well managed," a firm must receive a rating of Conditionally Meets Expectations or better in each of the three rating components or a rating of Deficient-1 in one rating component and Broadly Meets Expectations or Conditionally Meets Expectations ratings for each of the other two rating components. A firm rated Deficient-1 for two or more rating components or Deficient-2 for any rating component would not be considered "well managed." Each rating is defined specifically for supervised insurance organizations with particular emphasis on the obligation that firms serve as a source of financial and managerial strength for their depository institution(s). High-level definitions for each rating are below, followed by more specific rating definitions for each component.
Broadly Meets Expectations. The supervised insurance organization's practices and capabilities broadly meet supervisory expectations. The holding company effectively serves as a source of managerial and financial strength for its depository institution(s) and possesses sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of stressful yet plausible conditions. The firm may have outstanding supervisory issues requiring corrective actions, but these are unlikely to present a threat to its ability to maintain safe-and-sound operations and unlikely to negatively impact its ability to fulfill its obligation to serve as a source of strength for its depository institution(s). These issues are also expected to be corrected on a timely basis during the normal course of business.
[top] Conditionally Meets Expectations. The supervised insurance organization's practices and capabilities are generally considered sound. However, certain supervisory issues are sufficiently material that if not resolved in a timely manner during the normal course of business, may put the firm's prospects for remaining safe and sound, and/or the holding company's ability to serve as a source of managerial and financial strength for its depository institution(s), at risk. A firm with a Conditionally Meets Expectations rating has the ability, resources, and management capacity to resolve its issues and has developed a sound plan to address the issue(s) in a timely manner. Examiners will work with the firm to develop an appropriate timeframe during which it will be required to resolve that supervisory issue(s) leading to this rating.
Deficient-1. Financial or operational deficiencies in a supervised insurance organization's practices or capabilities put its prospects for remaining safe and sound, and/or the holding company's ability to serve as a source of managerial and financial strength for its depository institution(s), at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require it to make material changes to its business model or financial profile, or its practices or capabilities. A firm with a Deficient-1 rating is required to take timely action to correct financial or operational deficiencies and to restore and maintain its safety and soundness and compliance with laws and regulations.
Supervisory issues that place the firm's safety and soundness at significant risk, and where resolution is likely to require steps that clearly go beyond the normal course of business-such as issues requiring a material change to the firm's business model or financial profile, or its governance, risk management or internal control structures or practices-would generally warrant assignment of a Deficient-1 rating. Firms with one or more Deficient-1 component ratings may be subject to an informal or formal enforcement action, depending on particular facts and circumstances.
Deficient-2. Financial or operational deficiencies in a supervised insurance organization's practices or capabilities present a threat to its safety and soundness, have already put it in an unsafe and unsound condition, and/or make it unlikely that the holding company will be able to serve as a source of financial and managerial strength to its depository institution(s). A firm with a Deficient-2 rating is required to immediately implement comprehensive corrective measures and demonstrate the sufficiency of contingency planning in the event of further deterioration.
There is a strong presumption that a firm with a Deficient-2 rating will be subject to a formal enforcement action.
Definitions for the Governance and Controls Component Rating
Broadly Meets Expectations. Despite the potential existence of outstanding supervisory issues, the supervised insurance organization's governance and controls broadly meet supervisory expectations, supports maintenance of safe-and-sound operations, and supports the holding company's ability to serve as a source of financial and managerial strength for its depository institutions(s). Specifically, the firm's practices and capabilities are sufficient to align strategic business objectives with its risk appetite and risk management capabilities; maintain effective and independent risk management and control functions, including internal audit; promote compliance with laws and regulations; and otherwise provide for the firm's ongoing financial and operational resiliency through a range of conditions. The firm's governance and controls clearly reflect the holding company's obligation to act as a source of financial and managerial strength for its depository institution(s).
Conditionally Meets Expectations. Certain material financial or operational weaknesses in a supervised insurance organization's governance and controls practices may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business. Specifically, if left unresolved, these weaknesses may threaten the firm's ability to align strategic business objectives with its risk appetite and risk-management capabilities; maintain effective and independent risk management and control functions, including internal audit; promote compliance with laws and regulations; or otherwise provide for the firm's ongoing resiliency through a range of conditions. Supervisory issues may exist related to the firm's internal audit function, but internal audit is still regarded as effective.
Deficient-1. Deficiencies in a supervised insurance organization's governance and controls put its prospects for remaining safe and sound through a range of conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require a material change to the firm's business model or financial profile, or its governance, risk management or internal control structures or practices.
Examples of issues that may result in a Deficient-1 rating include, but are not limited to:
• The firm may be currently subject to, or expected to be subject to, informal or formal enforcement action(s) by the Federal Reserve or another regulator tied to violations of laws and regulations that indicate severe deficiencies in the firm's governance and controls.
• Significant legal issues may have or be expected to impede the holding company's ability to act as a source of financial strength for its depository institution(s).
• The firm may have engaged in intentional misconduct.
• Deficiencies within the firm's governance and controls may limit the credibility of the firm's financial results, limit the board or senior management's ability to make sound decisions, or materially increase the firm's risk of litigation.
• The firm's internal audit function may be considered ineffective.
• Deficiencies in the firm's governance and controls may have limited the holding company's ability to act as a source of financial and/or managerial strength for its depository institution(s).
Deficient-2. Financial or operational deficiencies in a supervised insurance organization's governance and controls present a threat to its safety and soundness, a threat to the holding company's ability to serve as a source of financial strength for its depository institution(s), or have already put the firm in an unsafe and unsound condition.
Examples of issues that may result in a Deficient-2 rating include, but are not limited to:
• The firm is currently subject to, or expected to be subject to, formal enforcement action(s) by the Federal Reserve or another regulator tied to violations of laws and regulations that indicate severe deficiencies in the firm's governance and controls.
• Significant legal issues may be impeding the holding company's ability to act as a source of financial strength for its depository institution(s).
• The firm may have engaged in intentional misconduct.
• The holding company may have failed to act as a source of financial and/or managerial strength for its depository institution(s) when needed.
• The firm's internal audit function is regarded as ineffective.
Definitions for the Capital Management Component Rating
Broadly Meets Expectations. Despite the potential existence of outstanding supervisory issues, the supervised insurance organization's capital management broadly meets supervisory expectations, supports maintenance of safe-and-sound operations, and supports the holding company's ability to serve as a source of financial strength for its depository institution(s).
Specifically:
[top] • The firm's current and projected capital positions on a consolidated basis and within each of its material business lines/legal entities comply with regulatory requirements and support its ability to absorb potential losses, meet
• Capital management processes are sufficient to give credibility to stress testing results and the firm is capable of producing sound assessments of capital adequacy through a range of stressful yet plausible conditions; and
• Potential capital fungibility issues are effectively mitigated, and capital contingency plans allow the holding company to continue to act as a source of financial strength for its depository institution(s) through a range of stressful yet plausible conditions.
Conditionally Meets Expectations. Capital adequacy meets regulatory minimums, both currently and on a prospective basis. Supervisory issues exist but these do not threaten the holding company's ability to act as a source of financial strength for its depository institution(s) through a range of stressful yet plausible conditions. Specifically, if left unresolved, these issues:
• May threaten the firm's ability to produce sound assessments of capital adequacy through a range of stressful yet plausible conditions; and/or
• May result in the firm's projected capital positions being insufficient to absorb potential losses, comply with regulatory requirements, and support the holding company's ability to meet current and prospective obligations and continue to serve as a source of financial strength to its depository institution(s).
Deficient-1. Financial or operational deficiencies in a supervised insurance organization's capital management put its prospects for remaining safe and sound through a range of plausible conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require a material change to the firm's business model or financial profile, or its capital management processes.
Examples of issues that may result in a Deficient-1 rating include, but are not limited to:
• Capital adequacy currently meets regulatory minimums although there may be uncertainty regarding the firm's ability to continue meeting regulatory minimums.
• Fungibility concerns may exist that could challenge the firm's ability to contribute capital to its depository institutions under certain stressful yet plausible scenarios.
• Supervisory issues may exist that undermine the credibility of the firm's current capital adequacy and/or its stress testing results.
Deficient-2. Financial or operational deficiencies in a supervised insurance organization's capital management present a threat to the firm's safety and soundness, a threat to the holding company's ability to serve a source of financial strength for its depository institution(s), or have already put the firm in an unsafe and unsound condition.
Examples of issues that may result in a Deficient-2 rating include, but are not limited to:
• Capital adequacy may currently fail to meet regulatory minimums or there is significant concern that the firm will not meet capital adequacy minimums prospectively.
• Supervisory issues may exist that significantly undermine the firm's capital adequacy metrics either currently or prospectively.
• Significant fungibility constraints may exist that would prevent the holding company from contributing capital to its depository institution(s) and fulfilling its obligation to serve as a source of financial strength.
• The holding company may have failed to act as source of financial strength for its depository institution when needed.
Definitions for the Liquidity Management Component Rating
Broadly Meets Expectations. Despite the potential existence of outstanding supervisory issues, the supervised insurance organization's liquidity management broadly meets supervisory expectations, supports maintenance of safe-and-sound operations, and supports the holding company's ability to serve as a source of financial strength for its depository institutions(s). The firm generates sufficient liquidity to meet its short-term and long-term obligations currently and under a range of stressful yet plausible conditions. The firm's liquidity management processes, including its liquidity contingency planning, support its obligation to act as a source of financial strength for its depository institution(s).
Specifically:
• The firm is capable of producing sound assessments of liquidity adequacy through a range of stressful yet plausible conditions; and
• The firm's current and projected liquidity positions on a consolidated basis and within each of its material business lines/legal entities comply with regulatory requirements and support the holding company's ability to meet obligations and to continue to serve as a source of financial strength for its depository institution(s).
Conditionally Meets Expectations. Certain material financial or operational weaknesses in a supervised insurance organization's liquidity management place its prospects for remaining safe and sound through a range of stressful yet plausible conditions at risk if not resolved in a timely manner during the normal course of business.
Specifically, if left unresolved, these weaknesses:
• May threaten the firm's ability to produce sound assessments of liquidity adequacy through a range of conditions; and/or
• May result in the firm's projected liquidity positions being insufficient to comply with regulatory requirements and support the firm's ability to meet current and prospective obligations and to continue to serve as a source of financial strength to its depository institution(s).
Deficient-1. Financial or operational deficiencies in a supervised insurance organization's liquidity management put the firm's prospects for remaining safe and sound through a range of stressful yet plausible conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require a material change to the firm's business model or financial profile, or its liquidity management processes.
Examples of issues that may result in a Deficient-1 rating include, but are not limited to:
• The firm is currently able to meet its obligations but there may be uncertainty regarding the firm's ability to do so prospectively.
• The holding company's liquidity contingency plan may be insufficient to support its obligation to act as a source of financial strength for its depository institution(s).
• Supervisory issues may exist that undermine the credibility of the firm's liquidity metrics and stress testing results.
Deficient-2. Financial or operational deficiencies in a supervised insurance organization's liquidity management present a threat to its safety and soundness, a threat to the holding company's ability to serve as a source of financial strength for its depository institution(s), or have already put the firm in an unsafe and unsound condition.
Examples of issues that may result in a Deficient-2 rating include, but are not limited to:
[top] • Liquidity shortfalls may exist within the firm that have prevented the firm, or are expected to prevent the firm, from fulfilling its obligations, including
• Liquidity adequacy may currently fail to meet regulatory minimums or there is significant concern that the firm will not meet liquidity adequacy minimums prospectively for at least one of its regulated subsidiaries.
• Supervisory issues may exist that significantly undermine the firm's liquidity metrics either currently or prospectively.
• Significant fungibility constraints may exist that would prevent the holding company from supporting its depository institution(s) and fulfilling its obligation to serve as a source of financial strength.
• The holding company may have failed to act as source of financial strength for its depository institution when needed.
C. Incorporating the Work of Other Supervisors
Similar to the approach taken by the Federal Reserve in its consolidated supervision of other firms, the oversight of supervised insurance organizations relies to the fullest extent possible, on work performed by other relevant supervisors. Federal Reserve supervisory activities are not intended to duplicate or replace supervision by the firm's other regulators and Federal Reserve examiners typically do not specifically assess firms' compliance with laws outside of its jurisdiction, including state insurance laws. The Federal Reserve collaboratively coordinates with, communicates with, and leverages the work of the Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), Securities and Exchange Commission (SEC), Financial Crimes Enforcement Network (FinCEN), Internal Revenue Service (IRS), applicable state insurance regulators, and other relevant supervisors to achieve its supervisory objectives and eliminate unnecessary burden.
Existing statutes specifically require the Board to coordinate with, and to rely to the fullest extent possible on work performed by the state insurance regulators. The Board and all state insurance regulators have entered into Memorandums of Understanding (MOU) allowing supervisors to freely exchange information relevant for the effective supervision of supervised insurance organizations. Federal Reserve examiners take the actions below with respect to state insurance regulators to support accomplishing the objective of minimizing supervisory duplication and burden, without sacrificing effective oversight:
• Routine discussions (at least annually) with state insurance regulatory staff with greater frequency during times of stress;
• Discussions around the annual supervisory plan, including how best to leverage work performed by the state and potential participation by state insurance regulatory staff on relevant supervisory activities;
• Consideration of the opinions and work done by the state when scoping relevant examination activities;
• Documenting any input received from the state and considering the assessments of and work performed by the state for relevant supervisory activities;
• Sharing and discussing with the state the annual ratings and relevant conclusion documents from supervisory activities;
• Collaboratively working with the states and the NAIC on the development of policies that affect insurance depository institution holding companies; and
• Participating in supervisory colleges.
The Federal Reserve relies on the state insurance regulators to participate in the activities above and to share proactively their supervisory opinions and relevant documents. These documents include the annual ORSA, 70 the state insurance regulator's written assessment of the ORSA, results from its examination activities, the Corporate Governance Annual Disclosure, financial analysis memos, risk assessments, material risk determinations, material transaction filings (Form D), the insurance holding company system annual registration statement (Form B), submissions for the NAIC liquidity stress test framework, and other state supervisory material.
Footnotes:
70 ?See NAIC Own Risk and Solvency Assessment (ORSA) Guidance Manual (December 2017) at https://content.naic.org/sites/default/files/publication-orsa-guidance-manual.pdf.
If the Federal Reserve determines that it is necessary to perform supervisory activities related to aspects of the supervised insurance organization that also fall under the jurisdiction of the state insurance regulator, it will communicate the rationale and result of these activities to the state insurance regulator.
By order of the Board of Governors of the Federal Reserve System.
Ann E. Misback,
Secretary of the Board.
[FR Doc. 2025-13223 Filed 7-14-25; 8:45 am]
BILLING CODE 6210-01-P