This article provides an overview of the Unified Financial Institutions Rating System, commonly known as CAMELS, which is used by regulators to assess the safety and soundness of banks. The CAMELS rating system evaluates six key components of a bank’s performance: Capital Adequacy, Asset Quality, Management, Earnings, Liquidity, and Sensitivity to Market Risk. Each component is rated on a scale of 1 to 5, with 1 representing the strongest performance and 5 the weakest.
Evaluations of the components take into consideration the size and sophistication of the institution, the nature and complexity of its activities and its risk profile. The purpose of this article is to provide insight into how the regulators assess safety and soundness and the factors that impact the ratings.
Typically, a safety and soundness examination that results in adverse CAMELS ratings will discover regulatory violations and control breaches that could result in potentially large monetary penalties and other enforcement actions and adverse publicity (though the CAMELS Ratings are not made public, enforcement actions are). Additionally, a high CAMELS Rating could:
- Impede a banks ability to grow through mergers and acquisitions, investment or adding more branches and expand across state lines
- Require an institution to pay higher deposit insurance premiums
- Impair an organization’s access to primary credit at the Federal Reserve’s discount window
- Subject the institution to increased regulatory scrutiny and more frequent examinations.
Within the last year, two banks were the subject of OCC regulatory actions for engaging in unsafe or unsound practices, including those relating to strategic and capital planning; liquidity risk management; interest rate risk management; credit risk management, Allowance for Loan and Lease Losses (“ALLL”) methodology, corporate governance, and internal controls. The violations required the banks to take immediate remedial action, including:
- Filing a corrective action plan to address violations and provide quarterly updates on the progress of the plan.
- Ensuring that capable senior executive officers are in place to perform present and anticipated duties, factoring in each officer’s performance, experience, and qualifications as compared to their position description, duties and responsibilities, and that an annual written performance appraisal is performed and prepared for all Bank senior executive officers.
- Submitting a detailed Strategic Plan to establish objectives for the bank’s overall risk profile, earnings performance, growth expectations, balance sheet mix, off-balance sheet activities, liability structure, and capital and liquidity adequacy, together with strategies to achieve those objectives.
- Prohibiting significant deviation from the products, services, asset composition and size, funding sources, structure, operations, policies, procedures, and markets without written approval of strategic plan.
- Maintaining higher capital requirements.
- Submitting for written approval Interest Rate Risk and Contingency Funding plans that meet strict requirements outlined by the OCC.
Doran Jones Recommends:
Banks should be performing periodic monitoring and testing by all three lines of defense that would review the factors that determine the CAMELS rating individual component scores from the point of view of the regulators. Known issues from monitoring, testing, audits and regulatory examinations can provide insight into potential problems with any of the components. Our experience has shown that many institutions fail to recognize when changes to their business and outside factors have had an adverse impact on the component factors since the last CAMELS rating assessment. We recommend that banks periodically perform a review of these factors, especially during periods of market and economic volatility like we are currently experiencing.
The review should engage key business stakeholders in addition to senior members of risk and compliance.
We suggest a risk-based approach that starts with a review of relevant risk assessments, controls, management reports and metrics, etc. to identify higher risk processes for more frequent review.
The objectives and benefits of performing these reviews, include:
- Ensuring that processes and policies that are critical to the bank’s ongoing safety and soundness keep up with the bank’s growth and changes to the internal and external business environment.
- The early detection of deteriorating ratings to minimize the required remediation efforts by allowing for incremental improvements instead of onerous revisions to processes and systems.
- Preventing unpleasant surprises during regulatory examinations and potentially costly regulatory actions.
- Maintaining the bank’s reputation and the confidence of clients and shareholders.
- Enhance business managers’ ability to accurately identify, measure, monitor and control the risks of their business units.
While a full review process is beyond the scope of this article, we will describe some of the more important items for review based on our experience.
The management rating reflects the ability of the board and management to ensure a bank’s safe and sound operation, compliance with applicable laws and regulations, and identify, measure, monitor, and control risks.
The more important factors used to determine an institution’s management rating include:
- The overall effectiveness and level of management and board oversight of the bank’s activities.
- Conformance with effective policies and controls that address the operational and compliance risks of the bank’s activities.
- The adequacy of monitoring and testing by all three levels of defense to ensure the accuracy of regulatory and financial reporting and ensure compliance with laws, regulations, and internal policies.
- The bank’s ability to anticipate and respond to changes in risk resulting from new business activities and products and changing business and economic conditions.
- The management and boards responsiveness to recommendations from regulators and auditors.
- The level of board and management independence from concentrated or dominant authority.
- The reasonableness of compensation and a lack of self-dealing
- The level of management depth and effective succession planning.
Doran Jones Recommends:
- Review board and management oversight of employee benefits plans for appropriate bank counsel review, consistency with peers, periodic independent reviews of eligibility, and compliance with laws and regulations.
- Review Management Information Systems (MIS) policies and procedures to determine if they are adequate and if they need updating. Examples of items they should adequately cover include:
- The purpose and components of MIS.
- The process of two-way communication between employees and management and specific avenues of communication.
- The processes for initiating, developing, and executing MIS enhancements.
- Procedures for acquiring, manipulating, merging, and uploading data between systems.
- Policies regarding internal/external audit monitoring and testing.
- Review Compliance Management System (CMS) policies and procedures to determine if they are adequate and if they need updating. Examples of items they should adequately cover include:
- A CMS compliance monitoring and testing programs
- board or management has appointed a compliance officer whose duties and responsibilities have been clearly established and documented
- Verify that CMS covers all applicable laws and regulations and prudential ethical standards
- Evidence that the board places a high priority on compliance that is communicated throughout the organization
As a result of the above recommended activities management can gain an insight into the effectiveness of their risk management and compliance programs and Management Information Systems and identify any gaps. Problems in these areas can result in potentially costly regulatory actions, reputational damage, and s loss in client and shareholder confidence.
Future articles will provide additional details on regulatory expectations regarding board and management oversight and MIS.
Recent events have proven that banks are operating in a particularly dynamic environment and that both internal and external changes can quickly change the factors that determine a bank’s basic safety and soundness. Prudent risk management practices require that these factors be proactively and periodically reviewed, and any weaknesses addressed in a timely manner.
Contact us to learn how a strategic partnership with Doran Jones can provide you with cost-effective solutions by leveraging our expertise with these and other critical risk and compliance functions.