This article provides an overview of the Unified Financial Institutions Rating System, commonly known as CAMELS, which is used by regulators to assess the safety and soundness of banks. The CAMELS rating system evaluates six key components of a bank’s performance: Capital Adequacy, Asset Quality, Management, Earnings, Liquidity, and Sensitivity to Market Risk. Each component is rated on a scale of 1 to 5, with 1 representing the strongest performance and 5 the weakest.

Evaluations of the components take into consideration the size and sophistication of the institution, the nature and complexity of its activities and its risk profile.  The purpose of this article is to provide insight into how the regulators assess safety and soundness and the factors that impact the ratings.

Typically, a safety and soundness examination that results in adverse CAMELS ratings will discover regulatory violations and control breaches that could result in potentially large monetary penalties and other enforcement actions and adverse publicity (though the CAMELS Ratings are not made public, enforcement actions are).  Additionally, a high CAMELS Rating could:

  • Impede a banks ability to grow through mergers and acquisitions, investment or adding more branches and expand across state lines
  • Require an institution to pay higher deposit insurance premiums
  • Impair an organization’s access to primary credit at the Federal Reserve’s discount window
  • Subject the institution to increased regulatory scrutiny and more frequent examinations.

Within the last year, two banks were the subject of OCC regulatory actions for engaging in unsafe or unsound practices, including those relating to strategic and capital planning; liquidity risk management; interest rate risk management;  credit risk management, Allowance for Loan and Lease Losses (“ALLL”) methodology, corporate governance, and internal controls.  The violations required the banks to take immediate remedial action, including:

  • Filing a corrective action plan to address violations and provide quarterly updates on the progress of the plan.
  • Ensuring that capable senior executive officers are in place to perform present and anticipated duties, factoring in each officer’s performance, experience, and qualifications as compared to their position description, duties and responsibilities, and that an annual written performance appraisal is performed and prepared for all Bank senior executive officers.
  • Submitting a detailed Strategic Plan to establish objectives for the bank’s overall risk profile, earnings performance, growth expectations, balance sheet mix, off-balance sheet activities, liability structure, and capital and liquidity adequacy, together with strategies to achieve those objectives.
  • Prohibiting significant deviation from the products, services, asset composition and size, funding sources, structure, operations, policies, procedures, and markets without written approval of strategic plan.
  • Maintaining higher capital requirements.
  • Submitting for written approval Interest Rate Risk and Contingency Funding plans that meet strict requirements outlined by the OCC.

Doran Jones Recommends:

Banks should be performing periodic monitoring and testing by all three lines of defense that would review the factors that determine the CAMELS rating individual component scores from the point of view of the regulators.  Known issues from monitoring, testing, audits and regulatory examinations can provide insight into potential problems with any of the components.  Our experience has shown that many institutions fail to recognize when changes to their business and outside factors have had an adverse impact on the component factors since the last CAMELS rating assessment.  We recommend that banks periodically perform a review of these factors, especially during periods of market and economic volatility like we are currently experiencing.

The review should engage key business stakeholders in addition to senior members of risk and compliance. We suggest a risk-based approach that starts with a review of relevant risk assessments, controls, management reports and metrics, etc. to identify higher risk processes for more frequent review.

The objectives and benefits of performing these reviews, include:

  • Ensuring that processes and policies that are critical to the bank’s ongoing safety and soundness keep up with the bank’s growth and changes to the internal and external business environment.
  • The early detection of deteriorating ratings to minimize the required remediation efforts by allowing for incremental improvements instead of onerous revisions to processes and systems.
  • Preventing unpleasant surprises during regulatory examinations and potentially costly regulatory actions.
  • Maintaining the bank’s reputation and the confidence of clients and shareholders.
  • Enhance business managers’ ability to accurately identify, measure, monitor and control the risks of their business units.

While a full review process is beyond the scope of this article, we will describe some of the more important items for review based on our experience.

Pillar One: Capital Adequacy

Regulators expect banks to maintain an adequate level of capital that is commensurate with the quantity and types of risk inherent in their business activities. The more important factors used to determine an institution’s capital adequacy include:

  • The composition, level, and trend of the institution’s capital.
  • The historical and current level of earnings and earnings trends.
  • The level and trend of problem assets and the adequacy of allowances for losses.
  • On and off-balance sheet risk exposure.
    • Market risk
    • Concentration risk
    • interest rate risk
    • Non-traditional banking activities
  • The reasonableness of dividend payouts relative to earnings.
  • The institution’s ability to raise capital through capital markets and other sources.
  • Plans for growth and the bank’s track record of managing growth.
  • Compliance with risk-based net worth requirements.

Doran Jones Recommends:

  • Review strategic plans, policies, procedures, and reports used to manage and monitor capital for adequacy based on current and upcoming regulatory requirements.  The regulators have recently proposed increasing capital requirements.
  • Review capital structure, including stock and capital account transactions for material or unusual changes and for changes to paid-in capital and retained earnings, performing root cause analysis on any significant changes.
  • Review quarterly capital levels over a three-year period to identify trends.
  • Review call report schedules to ensure appropriately meeting the following capital ratios:
    • CET1 capital, tier 1 capital, and total capital (all banks).
    • Leverage ratio (all banks).
    • SLR (advanced approaches banks).
    • eSLR (depository institution subsidiaries of a GSIB).

As a result of the above recommended activities management can gain an insight into where their capital adequacy risk has gaps and what is effective. Proper capital adequacy will help provide a safety cushion to major economic events and financial losses.

A future article will provide further insight into how the regulators review capital adequacy.

As a result of the above recommended activities management can gain an insight into the effectiveness of its market risk management processes and any gaps in it’s controls.  Effective market risk management strategies are essential to the survival of financial institutions during times of considerable and sustained market volatility.


Recent events have proven that banks are operating in a particularly dynamic environment and that both internal and external changes can quickly change the factors that determine a bank’s basic safety and soundness.  Prudent risk management practices require that these factors be proactively and periodically reviewed, and any weaknesses addressed in a timely manner.

Contact us to learn how a strategic partnership with Doran Jones can provide you with cost-effective solutions by leveraging our expertise with these and other critical risk and compliance functions.