Large Financial Institution Rating System; Regulations K and LL, 39049-39062 [2017-16736]

Download as PDF 39049 Proposed Rules Federal Register Vol. 82, No. 158 Thursday, August 17, 2017 This section of the FEDERAL REGISTER contains notices to the public of the proposed issuance of rules and regulations. The purpose of these notices is to give interested persons an opportunity to participate in the rule making prior to the adoption of the final rules. FEDERAL RESERVE SYSTEM 12 CFR Parts 211 and 238 [Docket No. R–1569] RIN 7100–AE82 Large Financial Institution Rating System; Regulations K and LL Board of Governors of the Federal Reserve System (Board). ACTION: Notice of proposed rulemaking. AGENCY: The Board is seeking comment on a proposed new rating system for its supervision of large financial institutions. The proposed ‘‘Large Financial Institution Rating System’’ is closely aligned with the Federal Reserve’s new supervisory program for large financial institutions. The proposed rating system would apply to all bank holding companies with total consolidated assets of $50 billion or more; all non-insurance, noncommercial savings and loan holding companies with total consolidated assets of $50 billion or more; and U.S. intermediate holding companies of foreign banking organizations established pursuant to the Federal Reserve’s Regulation YY. The proposed rating system includes a new rating scale under which component ratings would be assigned for capital planning and positions, liquidity risk management and positions, and governance and controls; however, a standalone composite rating would not be assigned. The Federal Reserve proposes to assign initial ratings under the new rating system during 2018. The Federal Reserve is also seeking comment on proposed revisions to existing provisions in Regulations K and LL so they would remain consistent with certain features of the proposed rating system. DATES: Comments must be received no later than October 16, 2017. ADDRESSES: Interested parties are invited to submit written comments by following the instructions for submitting comments at http://www.federal sradovich on DSK3GMQ082PROD with PROPOSALS SUMMARY: VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 reserve.gov/generalinfo/foia/Proposed Regs.cfm. • Federal eRulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. • Email: regs.comments@ federalreserve.gov. Include the docket number in the subject line of the message. • Fax: (202) 452–3819 or (202) 452– 3102. • Mail: Address to Ann E. Misback, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue NW., Washington, DC 20551. All public comments will be made available on the Board’s Web site at http://www.federalreserve.gov/general info/foia/ProposedRegs.cfm as submitted, unless modified for technical reasons. Accordingly, comments will not be edited to remove any identifying or contact information. Public comments may also be viewed electronically or in paper in Room 3515, 1801 K Street NW. (between 18th and 19th Street NW.), Washington, DC 20006 between 9:00 a.m. and 5:00 p.m. on weekdays. FOR FURTHER INFORMATION CONTACT: Richard Naylor, Associate Director, (202) 728–5854, Vaishali Sack, Manager, (202) 452–5221, April Snyder, Manager, (202) 452–3099, Bill Charwat, Senior Project Manager, (202) 452–3006, Division of Supervision and Regulation, Scott Tkacz, Senior Counsel, (202) 452– 2744, or Christopher Callanan, Senior Attorney, (202) 452–3594, Legal Division, Board of Governors of the Federal Reserve System, 20th and C Streets NW., Washington, DC 20551. Telecommunications Device for the Deaf (TDD) users may contact (202–263– 4869). SUPPLEMENTARY INFORMATION: Table of Contents I. Background II. Overview of the Proposed LFI Rating System A. LFI Rating Components B. LFI Rating Scale III. Transition from the RFI Rating System to the LFI Rating System IV. Consequences of LFI Ratings V. Applicability VI. Timing and Implementation VII. Related Proposed Guidance A. Management of Core Business Lines and Independent Risk Management and Controls PO 00000 Frm 00001 Fmt 4702 Sfmt 4702 1. Senior Management 2. Management of Core Business Lines 3. Independent Risk Management and Controls B. Board Effectiveness VIII. Other Related Developments IX. Proposed Changes to Existing Regulations X. Comparison of the RFI and LFI Rating Systems XI. Request for Comments XII. Regulatory Analysis A. Paperwork Reduction Act B. Regulatory Flexibility Analysis C. Solicitation of Comments on Use of Plain Language Appendix A. Text of Proposed Large Financial Institution Rating System I. Background The 2007–2009 financial crisis demonstrated the risks that large financial institutions (LFIs) pose to U.S. financial stability. As a group, these institutions were overleveraged, had insufficient capital to support their risks, and relied heavily on short-term wholesale funding that was susceptible to runs. This excessive risk-taking, combined with similar behavior outside the regulated financial sector, left the U.S. economy vulnerable. The ensuing financial crisis led to a deep recession and the loss of nearly nine million jobs. In response, since the financial crisis, the Federal Reserve has placed materially heightened supervisory expectations on LFIs. The Federal Reserve has developed a supervisory program specifically designed to address the risks posed by such firms to U.S. financial stability. The Federal Reserve established the Large Institution Supervision Coordinating Committee (LISCC) in 2010 to coordinate its supervisory oversight for the systemically important firms that pose the greatest risk to U.S. financial stability.1 The LISCC supervisory program conducts annual horizontal reviews of LISCC firms and firm-specific examination work focused on evaluating a firm’s (i) capital adequacy under normal and stressed conditions; (ii) liquidity positions and risk management practices; (iii) recovery and resolution preparedness; and (iv) governance and controls. For LFIs that are not LISCC firms, the Federal Reserve performs horizontal reviews and firm-specific supervisory work focused on capital, 1 See the list of firms included in the LISCC supervisory program at https://www.federal reserve.gov/bankinforeg/large-institutionsupervision.htm. E:\FR\FM\17AUP1.SGM 17AUP1 39050 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules sradovich on DSK3GMQ082PROD with PROPOSALS liquidity, and governance and control practices, which are tailored to reflect the risk characteristics of these institutions.2 In 2012, the Federal Reserve implemented a new consolidated supervisory program for LFIs (referred to as the ‘‘LFI supervision framework’’) described in SR letter 12–17.3 The LFI supervision framework is intended to (i) enhance each LFI’s financial and operational strength and resilience to reduce the likelihood of an LFI’s failure or material financial or operational distress, and (ii) reduce the risk to U.S. financial stability overall if an LFI were to fail.4 The LFI supervision framework includes heightened expectations regarding capital and liquidity, including both the amount of capital and liquidity and the related planning and risk management practices. The LFI supervision framework also outlined expectations for a firm’s maintenance of operational strength and resilience and its compliance with laws and regulations, as provided by effective governance and control practices. The Federal Reserve has not modified its supervisory rating system for bank holding companies since the 2007–2009 financial crisis. Since 2004, the Federal Reserve has used the ‘‘RFI/C(D)’’ rating system (referred to as the ‘‘RFI rating system’’) to communicate its supervisory assessment of every bank holding company (BHC) regardless of its 2 Several LFIs which are not LISCC firms are subject to the Federal Reserve’s Comprehensive Capital Analysis and Review (CCAR). 3 See SR letter 12–17/CA letter 12–14, ‘‘Consolidated Supervision Framework for Large Financial Institutions,’’ (referred to as ‘‘SR letter 12–17’’ in this notice) at http://www.federal reserve.gov/bankinforeg/srletters/sr1217.htm. 4 ‘‘Financial strength and resilience’’ is defined as maintaining effective capital and liquidity governance and planning processes, and sufficiency of related positions, to provide for continuity of the consolidated organization and its core business lines, critical operations, and banking offices through a range of conditions. ‘‘Operational strength and resilience’’ is defined as maintaining effective governance and controls to provide for continuity of the consolidated organization and its core business lines, critical operations, and banking offices, and promote compliance with laws and regulations, including those related to consumer protection, through a range of conditions. ‘‘Critical operations’’ are a firm’s operations, including associated services, functions and support, the failure or discontinuance of which, in the view of the firm or the Federal Reserve would pose a threat to the financial stability of the United States. Under SR letter 12–17, ‘‘banking offices’’ are defined as U.S. depository institution subsidiaries and the U.S. branches and agencies of foreign banking organizations (FBOs). The Federal Reserve expects to use the LFI rating system to inform future revisions to other supervisory rating systems used to assess the U.S. operations of FBOs. VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 asset size, complexity, or systemic importance.5 The RFI rating system focuses on the risk management practices (R component) and financial condition (F component) of the consolidated organization, and assesses the potential impact (I component) of a BHC’s nondepository entities on its subsidiary depository institution(s). Given the systemic risks posed by LFIs and the corresponding changes to the Federal Reserve’s supervisory expectations and oversight of those firms, the Federal Reserve believes that a new rating system would be more effective than the RFI rating system for evaluating LFIs. The RFI rating system remains a relevant and effective tool for developing and communicating supervisory assessments for community and regional holding companies. Therefore, the RFI rating system will continue to be used in the supervision of these organizations. II. Overview of the Proposed LFI Rating System The proposed LFI rating system provides a supervisory evaluation of whether a firm possesses sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions. The proposed LFI rating system is designed to: • Fully align with the Federal Reserve’s current supervisory programs and practices, which are based upon the LFI supervision framework’s core objectives of reducing the probability of LFIs failing or experiencing material distress and reducing the risk to U.S. financial stability; • Enhance the clarity and consistency of supervisory assessments and communications of supervisory findings and implications; and • Provide appropriate incentives for LFIs to maintain financial and operational strength and resilience, including compliance with laws and regulations, by more clearly defining the supervisory consequences of a given rating. 5 See SR letter 04–18, ‘‘Bank Holding Company Rating System,’’ 69 FR 70444 (December 6, 2004), at https://www.federalreserve.gov/boarddocs/ srletters/2004/sr0418.htm. The Federal Reserve has only applied the RFI rating system to saving and loan holding companies (SLHCs) on an indicative basis since assuming supervisory responsibility for those firms from the Office of Thrift Supervision in 2011. The Federal Reserve has proposed to apply the RFI rating system to SLHCs on a fully implemented basis, excluding SLHCs engaged in significant insurance or commercial activities. See 81 FR 89941 (December 13, 2016). PO 00000 Frm 00002 Fmt 4702 Sfmt 4702 A. LFI Rating Components Under the proposed LFI rating system, the Federal Reserve would evaluate and assign ratings for the following three components: 6 • Capital Planning and Positions • Liquidity Risk Management and Positions • Governance and Controls The Capital Planning and Positions component rating would encompass assessments of (i) the effectiveness of the governance and planning processes used by a firm to determine the amount of capital necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm’s capital positions to comply with applicable regulatory requirements and to support the firm’s ability to continue to serve as a financial intermediary through a range of conditions. Findings from CCAR for LISCC firms and certain other large and complex LFIs,7 and from similar supervisory activities for other LFIs,8 represent a material portion of the work that would be conducted to determine the Capital Planning and Positions component rating. The Liquidity Risk Management and Positions component rating would encompass assessments of (i) the effectiveness of a firm’s governance and risk management processes used to determine the amount of liquidity necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm’s liquidity positions to comply with applicable regulatory requirements and to support the firm’s ongoing obligations through a range of conditions.9 The Liquidity Risk Management and Positions component rating would be based on findings of coordinated examinations of liquidity positions and risk management 6 The proposed LFI rating system does not include subcomponent ratings. 7 See SR letter 15–18, ‘‘Federal Reserve Supervisory Assessment of Capital Planning and Positions for LISCC Firms and Large and Complex Firms,’’ at https://www.federalreserve.gov/ supervisionreg/srletters/sr1518.htm. Under SR letter 15–18, a ‘‘large and complex firm’’ is defined as any domestic BHC or intermediate holding company (IHC) that is not a LISCC firm and that has total consolidated assets of $250 billion or more or consolidated total onbalance sheet foreign exposure of $10 billion or more. 8 See SR letter 15–19, ‘‘Federal Reserve Supervisory Assessment of Capital Planning and Positions for Large and Noncomplex Firms,’’ at https://www.federalreserve.gov/supervisionreg/ srletters/sr1519.htm. 9 These requirements include the Board’s Liquidity Coverage Ratio (LCR) rule in Regulation WW and the liquidity risk management and stress testing requirements in Regulation YY. See 12 CFR part 249 and 12 CFR 252.34–35 and 252.156–157. E:\FR\FM\17AUP1.SGM 17AUP1 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules sradovich on DSK3GMQ082PROD with PROPOSALS practices conducted across several firms (horizontal examinations), as well as ongoing assessments of an individual firm’s liquidity positions and risk management practices conducted through the supervisory process. Horizontal examinations help to ensure that the liquidity positions and risk management practices of firms with similar liquidity risk profiles are evaluated in a consistent manner. LISCC firms are subject to the Comprehensive Liquidity Analysis and Review (CLAR), which is an annual horizontal exercise that assesses both liquidity positions and risk management. Other LFI firms are subject to more narrow horizontal examinations depending on their risk profile. The Federal Reserve also conducts targeted examinations of specific areas that are of high risk to an individual firm or have not been covered by a recent horizontal examination. The Federal Reserve evaluates each firm’s risk management practices by reviewing the processes that firms use to identify, measure, monitor, and manage liquidity risk and make funding decisions. The Federal Reserve evaluates a firm’s liquidity positions against applicable regulatory requirements, and assesses the firm’s ability to support its obligations through other means, such as its funding concentrations. The Governance and Controls component rating would evaluate the effectiveness of a firm’s (i) board of directors, (ii) management of core business lines and independent risk management and controls, and (iii) recovery planning (for domestic LISCC firms only).10 This rating would assess a firm’s effectiveness in aligning strategic business objectives with the firm’s risk tolerance 11 and risk 10 ‘‘Board’’ or ‘‘board of directors’’ also refers to committees of the board of directors, as appropriate. At this time, recovery planning expectations only apply to domestic BHCs subject to the Federal Reserve’s LISCC supervisory framework. See SR letter 14–8, ‘‘Consolidated Recovery Planning for Certain Large Domestic Bank Holding Companies.’’ Should the Federal Reserve expand the scope of recovery planning expectations to encompass additional firms, this rating will reflect such expectations for the broader set of firms. There are eight domestic firms in the LISCC portfolio: (1) Bank of America Corporation; (2) Bank of New York Mellon Corporation; (3) Citigroup, Inc.; (4) Goldman Sachs Group, Inc.; (5) JP Morgan Chase & Co.; (6) Morgan Stanley; (7) State Street Corporation; and (8) Wells Fargo & Company. In this guidance, these eight firms may collectively be referred to as ‘‘domestic LISCC firms.’’ 11 ‘‘Risk tolerance’’ is defined as the aggregate level and types of risk the board and senior management are willing to assume to achieve the firm’s strategic business objectives, consistent with applicable capital, liquidity, and other requirements and constraints. VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 management capabilities; maintaining strong, effective, and independent risk management and control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise providing for the ongoing resiliency of the firm. Firmspecific and horizontal examination work focused on a firm’s corporate governance, independent risk management, controls, and lines of business, among other areas, would provide the basis for determining the Governance and Controls component rating. Unlike other supervisory rating systems, including the RFI rating system, the Federal Reserve would not assign a standalone composite rating under the proposed LFI rating system. The Federal Reserve believes assigning a standalone composite rating is not necessary because the three proposed LFI component ratings are designed to clearly communicate supervisory assessments and associated consequences for each of the core areas (capital, liquidity, and governance and controls) considered critical to a firm’s strength and resilience. It is unlikely that the assignment of a standalone composite rating would convey new or additional information regarding supervisory assessments, and a standalone composite rating could dilute the clarity and impact of the component ratings. B. LFI Rating Scale Each LFI component rating would be assigned using a multi-level scale (Satisfactory/Satisfactory Watch, Deficient-1, and Deficient-2). A ‘‘Satisfactory’’ rating indicates that the firm is considered safe and sound and broadly meets supervisory expectations.12 A ‘‘Satisfactory Watch’’ rating is a conditional ‘‘Satisfactory’’ rating, and is discussed in greater detail below. A ‘‘Deficient-1’’ rating indicates that although the firm’s current condition is not considered to be materially threatened, there are financial and/or operational deficiencies that put its prospects for remaining safe and sound through a range of conditions at significant risk. A ‘‘Deficient-2’’ rating indicates that financial and/or operational deficiencies materially threaten the firm’s safety and soundness, or have already put the firm in an unsafe and unsound condition. 12 References to ‘‘safe and sound’’ or ‘‘safety and soundness’’ in the proposed LFI rating system also refer to a firm’s consolidated organization and its critical operations and banking offices. PO 00000 Frm 00003 Fmt 4702 Sfmt 4702 39051 Supervisors may assign a ‘‘Satisfactory Watch’’ component rating which indicates that the firm is generally considered safe and sound; however certain issues are sufficiently material that, if not resolved in a timely manner in the normal course of business, would put the firm’s prospects for remaining safe and sound through a range of conditions at risk. This would be consistent with existing supervisory practice where supervisors generally indicate to a firm that a rating downgrade is a strong possibility if the firm fails to resolve identified weaknesses in a timely manner. The ‘‘Satisfactory Watch’’ rating may also be used for firms previously rated ‘‘Deficient’’ when circumstances warrant. In considering whether supervisory issues are likely to be resolved in the normal course of business, the Federal Reserve will assess the firm’s ability to remediate or mitigate these issues (through compensating controls and/or a reduced risk profile) in a timely manner without material changes to, or investments in, a firm’s governance, risk management or internal control structures, practices, or capabilities. A ‘‘Satisfactory Watch’’ rating is not intended to be used for a prolonged period. Firms that receive a ‘‘Satisfactory Watch’’ rating would have a specified timeframe to fully resolve issues leading to that rating (as is the case with all supervisory issues), generally no longer than 18 months.13 If the firm successfully resolved the issues leading to the ‘‘Satisfactory Watch’’ rating, the firm would typically be upgraded to ‘‘Satisfactory’’ as it has demonstrated an ability to successfully remediate or mitigate these issues in a timely manner in the normal course of business. However, if the firm failed to timely remediate or mitigate those issues, that failure would generally be viewed as evidence that the firm lacked sufficient financial and/or operational capabilities to remain safe and sound 13 The timeframe initially specified by the Federal Reserve for resolving issues will become more precise over time, and may be extended as circumstances warrant. As noted in current guidance, defined timeframes for resolving supervisory issues are communicated within either ‘‘Matters Requiring Attention’’ (MRAs) or ‘‘Matters Requiring Immediate Attention’’ (MRIAs). See SR letter 13–13/CA letter 13–10, ‘‘Supervisory Considerations for the Communication of Supervisory Findings,’’ at https://www.federal reserve.gov/supervisionreg/srletters/sr1313.htm (referred to as ‘‘SR letter 13–13’’ in this notice). Proposed guidance which would replace SR letter 13–13 has been released for public comment concurrent with this proposal and is discussed below in Section VII, ‘‘Related Proposed Guidance.’’ An enforcement action will also specify the timeframe for a firm to resolve deficiencies. E:\FR\FM\17AUP1.SGM 17AUP1 39052 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules sradovich on DSK3GMQ082PROD with PROPOSALS through a range of conditions. In these instances, the firm would typically be downgraded to a ‘‘Deficient’’ rating. When a firm is rated ‘‘Satisfactory Watch,’’ supervisors would focus on determining whether a firm’s issues are related to each other, similar in nature or root cause, or constitute a pattern reflecting deeper governance or risk management weaknesses, warranting a downgrade to a ‘‘Deficient’’ rating. III. Transition From the RFI Rating System to the LFI Rating System As noted above, the LFI supervision framework—as described in SR 12–17 and accompanied by the issuance of enhanced regulatory requirements, supervisory expectations and practices—has been established over recent years to enhance the ability of large systemically important firms to sustain operations through a range of stressful conditions and events. Introduction of a new rating system that is comprehensively aligned with the LFI supervision framework represents the natural next step in the build-out of this program. As such, transition to the proposed LFI rating system is intended to be evolutionary and expected to be routine in most respects for affected firms. Approaches to assessing an LFI’s financial strength and resilience via effective capital and liquidity governance and planning, and sufficiency of related positions, are more prominent in the proposed LFI rating system versus the RFI rating system, and are fully reflective of current supervisory practices and expectations. Key conclusions of LFI supervision activities, including CCAR and CLAR, will be directly reflected within the Capital and Liquidity component rating assignments. By contrast, the RFI rating system was not designed to readily accommodate the results of these activities. Similarly, the key elements within the Governance and Controls component rating, which underlie a firm’s operational resilience and overall risk management, are also consistent with current practices. Most of these elements can be traced to supervisory expectations for risk management and internal controls first introduced in 1995, and subsequently carried forth into the RFI rating system in 2004.14 These foundational aspects of a firm’s governance and control framework, including expectations relating to the 14 See SR letter 95–51, ‘‘Rating the Adequacy of Risk Management Processes and Internal Controls at State Member Banks and Bank Holding Companies,’’ at https://www.federalreserve.gov/ boarddocs/srletters/1995/sr9551.htm. VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 effectiveness of boards of directors and emphasis on sound risk management, remain present in the proposed LFI rating system, albeit with some changes in emphasis and nomenclature. The Governance and Controls component rating also provides an updated approach to assessing the effectiveness of risk management and control activities as conducted (i) directly within a firm’s business line operations (where risk-taking activities are initiated and implemented), and (ii) throughout a firm’s independent risk management and controls. More recently, key expectations regarding the alignment of a firm’s strategy with its risk tolerance and risk management capabilities were included in SR letter 12–17, and are also reflected within capital planning guidance issued in 2015.15 The chart included below in Section X, ‘‘Comparison of the RFI and LFI Rating Systems,’’ broadly compares and illustrates the structural differences between the two rating systems. IV. Consequences of LFI Ratings Statutes and regulations applicable to LFIs grant a number of privileges to well managed firms.16 Under the RFI rating system, a firm’s composite rating and Risk Management rating determine whether a holding company is considered to be ‘‘well managed’’ for purposes of these privileges.17 Under the proposed LFI rating system, a firm must be rated ‘‘Satisfactory’’ or ‘‘Satisfactory Watch’’ for each of its three component ratings in order to be considered ‘‘well managed.’’ 18 A rating of ‘‘Deficient-1’’ or lower for any component would result in the firm not being deemed ‘‘well managed.’’ This reflects the judgment that an LFI is not in satisfactory condition overall unless it is considered sound in each of the key areas of capital, liquidity, and governance and controls. A ‘‘Deficient-1’’ component rating could be a barrier for a firm seeking the 15 See SR letter 15–18 and SR letter 15–19. U.S.C. 1841 et. seq. and 12 U.S.C. 1461 et seq. See, e.g., 12 CFR 225.4(b)(6), 225.14, 225.22(a), 225.23, 225.85, and 225.86; 12 CFR 211.9(b), 211.10(a)(14), and 211.34; and 12 CFR 223.41. 17 12 U.S.C. 1841(o)(9)(A). 18 For purposes of determining whether a firm is considered to be ‘‘well managed’’ under section 2(o)(9) of the BHC Act, the Federal Reserve considers the three component ratings, taken together, to be equivalent to assigning a standalone composite rating. In addition, the RFI rating system designates the ‘‘Risk Management’’ rating as the ‘‘management’’ rating when making ‘‘well managed’’ determinations under section 2(o)(9)(A)(ii) of the BHC Act. See SR letter 04–8. In contrast, the proposed LFI rating system would not designate any of the three component ratings as a ‘‘management’’ rating, because each component evaluates different areas of the firm’s management. 16 12 PO 00000 Frm 00004 Fmt 4702 Sfmt 4702 Federal Reserve’s approval to engage in new or expansionary activities, unless the firm can demonstrate that (i) it is making meaningful, sustained progress in resolving identified deficiencies and issues; (ii) the proposed new or expansionary activities would not present a risk of exacerbating current deficiencies or issues or lead to new concerns; and (iii) the proposed activities would not distract the board or senior management from remediating current deficiencies or issues. The Federal Reserve would be extremely unlikely to approve any proposal seeking to engage in new or expansionary activities from a firm with a ‘‘Deficient-2’’ component rating. Under the Bank Holding Company Act (BHC Act) and the Home Owners’ Loan Act,19 companies that have elected to be treated as financial holding companies (FHCs) and that do not remain well managed face restrictions on commencement or expansion of certain activities. In addition, a firm with less than satisfactory ratings may be subject to restrictions or higher charges in attempting to access the Federal Reserve’s discount window or in gaining access to intraday credit. A ‘‘Deficient-1’’ component rating would often be an indication that the firm should be subject to either an informal or formal enforcement action, and may also result in the designation of the firm as being in ‘‘troubled condition.’’ 20 A firm with a ‘‘Deficient2’’ component rating should expect to be subject to a formal enforcement action and deemed to be in ‘‘troubled condition.’’ V. Applicability The Federal Reserve would use the proposed LFI rating system to evaluate and communicate the supervisory condition of all bank holding companies that have total consolidated assets of $50 billion or more; all non-insurance, non-commercial savings and loan holding companies that have total consolidated assets of $50 billion or more; and all U.S. intermediate holding companies (IHCs) of foreign banking organizations established pursuant to section 252.153 of the Federal Reserve’s Regulation YY.21 In the future, the 19 12 U.S.C. 1843(l) and 12 U.S.C. 1467a(c)(2). 12 CFR 225.71(d). 21 See SR letter 12–17 and 12 CFR 252.153. The Federal Reserve has only applied the RFI rating system to saving and loan holding companies (SLHCs) on an indicative basis since assuming supervisory responsibility for those firms from the Office of Thrift Supervision in 2011. The Federal Reserve has proposed to apply the RFI rating system to SLHCs on a fully implemented basis, excluding SLHCs engaged in significant insurance or 20 See E:\FR\FM\17AUP1.SGM 17AUP1 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules sradovich on DSK3GMQ082PROD with PROPOSALS Federal Reserve plans to use the LFI rating system to assess systemically important nonbank financial companies designated by the Financial Stability Oversight Council (FSOC) for supervision by the Federal Reserve; however, this would be done through a separate rulemaking. Until final adoption of a LFI rating system, the Federal Reserve will continue to evaluate firms using the existing RFI rating system. Holding companies with less than $50 billion in total consolidated assets would continue to be evaluated using the RFI rating system. Reserve. A firm that meets this criteria would generally receive the three LFI component ratings within one year of becoming subject to the LFI rating system. A firm would continue to be rated under the LFI rating system until it has less than $45 billion in total consolidated assets, based on the average total consolidated assets as reported on the firm’s four (4) most recent quarterly financial reports filed with the Federal Reserve. The Federal Reserve may determine to apply the RFI rating system or another applicable rating system in certain limited circumstances.23 VI. Timing and Implementation The Federal Reserve proposes to assign initial LFI ratings to all applicable firms during 2018. Due to differences in the timing of supervisory cycles across the portfolios that comprise the LFI supervisory program, firms in one portfolio may receive their initial LFI ratings at different times during the year than firms in another portfolio. During the initial LFI rating supervisory cycle, each applicable firm would receive all three component ratings under the LFI rating system concurrently. Consistent with current Federal Reserve practice on the assignment and communication of supervisory ratings by examiners, ratings under the proposed LFI rating system would be assigned and communicated to firms on at an annual basis, and more frequently as warranted. After the initial LFI rating supervisory cycle, examiners may assign and communicate individual component ratings on a rolling basis to the firms. Under the proposed LFI rating system, the Federal Reserve would continue to generally rely to the fullest extent possible on the information and assessments developed by other relevant supervisors and functional regulators. In accordance with the Federal Reserve’s regulations governing confidential supervisory information,22 ratings assigned under the LFI rating system would be communicated by the Federal Reserve to the firm but not disclosed publicly. The proposed LFI rating system would apply if a firm reports total consolidated assets of $50 billion or more, calculated based on the average of the firm’s total consolidated assets in the four (4) most recent quarters as reported on the firm’s quarterly financial reports filed with the Federal VII. Related Proposed Guidance Concurrent with issuing this proposal, the Board is issuing another proposal for public comment addressing supervisory expectations for boards of directors of all Federal Reserve-supervised institutions.24 That proposal includes proposed guidance concerning the effectiveness of boards of directors of large financial institutions, which is an element of the Governance and Controls component rating. The Board also plans to separately release additional proposed guidance seeking comment on supervisory expectations relating to a firm’s management of core business lines and independent risk management and controls, which is also an element of the Governance and Controls component rating. The Federal Reserve expects to release this additional guidance in the near future. However, if the LFI rating system is finalized before the additional governance and controls guidance is finalized, firms would be evaluated using existing supervisory guidance until such time that the additional governance and controls guidance is finalized.25 commercial activities. See 81 FR 89941 (December 13, 2016). 22 See 12 CFR 261.20. VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 23 For example, if a firm rated under the proposed LFI rating system substantially reduces its total consolidated assets substantially below $45 billion through a sale or divestiture (but remains subject to Federal Reserve supervision), the Federal Reserve may immediately begin to apply the RFI rating system, rather than waiting for the firm’s fourquarter average to fall below the $45 billion threshold described above. 24 ‘‘Federal Reserve-supervised institutions’’ includes bank holding companies, savings and loan holding companies, state member banks, U.S. operations of foreign banking organizations, and systemically important financial institutions designated by FSOC for supervision by the Federal Reserve. 25 The above section III, ‘‘Transition from the RFI Rating System to the LFI Rating System,’’ lists prominent examples of existing supervisory guidance currently utilized to assess the effectiveness of an LFI’s governance and controls, including SR letters 95–51, 12–17, 15–18, and 15– 19. Other recent examples of related guidance include SR letter 13–19/CA letter 13–21, ‘‘Guidance on Managing Outsourcing Risk,’’ at https:// www.federalreserve.gov/supervisionreg/srletters/ sr1319.htm and SR letter 13–1/CA letter 13–1, PO 00000 Frm 00005 Fmt 4702 Sfmt 4702 39053 The following section provides a summary of the planned guidance relating to a firm’s management of core business lines and independent risk management and controls, as well as a summary of the proposed guidance relating to the effectiveness of a firm’s board of directors.26 A. Management of Core Business Lines and Independent Risk Management and Controls The supervisory assessment of a firm’s management of core business lines and independent risk management and controls would have three components: (1) Expectations for senior management with respect to both core business lines and independent risk management and controls; (2) expectations for the management of core business lines (CBLs); and (3) expectations for independent risk management (IRM) and controls. 1. Senior Management Senior management oversees both the management of core business lines and independent risk management and controls. The supervisory assessment of the effectiveness of senior management would include senior management’s role in managing the firm’s day-to-day operations, promoting safety and soundness and compliance with internal policies and procedures, laws, and regulations, including those related to consumer protection.27 Senior management is responsible for implementing the firm’s strategy and risk tolerance as approved by the firm’s board. Senior management should implement the strategic and risk objectives across the firm such that they support the firm’s long-term resiliency and safety and soundness, including the firm’s resilience to a range of stressed conditions. Senior management should ensure that the firm’s infrastructure, staffing, and resources are sufficient to carry out the firm’s strategic objectives. Senior management should maintain and implement an effective risk management framework and ensure the firm can appropriately manage risk consistent with its strategy and risk ‘‘Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing,’’ at https:// www.federalreserve.gov/supervisionreg/srletters/ sr1301.htm. 26 The discussion below relating to a firm’s management of core business lines and independent risk management and controls would only be applicable to domestic LFIs. Adjustments to extend applicability of this guidance to the U.S. operations of FBOs may be made prior to issuing the guidance for public comment. 27 Hereinafter, when reference is made to ‘‘compliance with laws and regulations’’ in this guidance, this includes laws and regulations related to banking as well as to consumer protection. E:\FR\FM\17AUP1.SGM 17AUP1 39054 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules tolerance. This should include establishing clear responsibilities and accountability for the identification, management, and control of risk. Senior management should also develop and maintain the firm’s policies and procedures and system of internal controls to ensure compliance with laws and regulations. Senior management is responsible for ensuring the resolution of key issues and effective firm-wide communication, including to and from the board of directors. Senior management should have in place robust mechanisms for keeping apprised of, among other things, current and emerging risks to the firm and other material issues, including by maintaining robust management information systems. Senior management should have in place succession and contingency staffing plans for key positions and have compensation and performance management programs that promote and enforce prudent risk-taking behaviors and business practices. sradovich on DSK3GMQ082PROD with PROPOSALS 2. Management of Core Business Lines The Federal Reserve would consider the effectiveness of the management of core business lines in meeting its supervisory expectations.28 For LISCC firms, all business lines would be considered CBLs. For other firms, CBLs would be defined as those business lines where a significant control disruption, failure, or loss event would result in a material loss of revenue, profit, or franchise value, or result in significant consumer harm.29 The Federal Reserve is reserving discretion to identify other business lines or functions as core business lines, based on their size, risk profile, or other supervisory considerations. CBL management should establish for each core business line specific business and risk objectives that align with the firm-wide strategy and risk tolerance.30 CBL management should inform senior management when the risk management capabilities are insufficient to align those business and risk objectives. CBL management should also clearly present to senior management the risks 28 All of the expectations for the management of CBLs described herein also apply to critical operations, which are central to the Federal Reserve’s supervisory focus. 29 For large financial institutions that are not LISCC firms, a firm’s CBLs should comprise at least 80 percent of total revenue in aggregate. 30 ‘‘CBL management’’ refers to the core group of individuals responsible for prudent day-to-day management of a core business line and accountable to senior management for that responsibility. Depending on a firm’s organizational structure, CBL management may or may not be members of senior management. VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 emanating from the business line’s activities and explain how those risks are managed and align with the firm’s risk tolerance. CBL management should identify, measure, and manage current and emerging risks that stem from CBL activities and external factors. CBL management should also incorporate appropriate feedback from independent risk management (IRM) on business line risk positions, implementation of the risk tolerance, and risk management practices, including risk mitigation. CBL management should manage the CBL’s activities so they remain within risk limits established by IRM, consult with senior management before permitting any breaches of the limits, and follow appropriate procedures for obtaining exceptions to limits. CBL management should also adhere to the firm’s policies and procedures for vetting new business products and initiatives, and escalate to senior management any required changes or modifications to risk management systems or internal control policies and procedures arising from the adoption of a new business or initiative. CBL management should provide a CBL with sufficient resources and infrastructure to meet financial goals and strategic objectives while maintaining operational and financial resilience in a range of operating conditions, including stressful ones. Resources and infrastructure include sufficient personnel with appropriate training and expertise and management information systems. CBL management should develop and maintain an effective system of sound and appropriate internal controls for its CBL that ensures compliance with laws and regulations.31 CBL management should regularly test to ensure the effectiveness of controls within the business lines and ensure that deficiencies are remediated, and should escalate material deficiencies and systematic control violations to senior management, as well as provide periodic reports. Finally, CBL management should reassess controls periodically to ensure relevancy and alignment with current approved policies. CBL management should establish policies and guidelines that delineate accountability, set forth clear lines of management authority within the CBL, and align desired behavior with the firm’s performance management 31 For example, a CBL’s system of controls should include access controls, change controls, and data integrity controls, including data reconciliations, variance analysis and data quality logic check. PO 00000 Frm 00006 Fmt 4702 Sfmt 4702 incentives. CBL management should hold employees accountable for conduct that is inconsistent with the firm’s policies or board and senior management directives or that could result in violations of law. CBL management should inform senior management of improper conduct when appropriate, including individual instances and when there are identified patterns of misconduct. CBL management should have ongoing and effective means to prevent, detect, and remediate risk management and compliance failures. 3. Independent Risk Management and Controls The Federal Reserve would assess whether the firm’s independent risk management and controls meet supervisory expectations. This assessment would focus on three related areas: The independent risk management function, internal controls, and internal audit. a. Independent Risk Management (IRM) Function i. Chief Risk Officer (CRO) A CRO must have sufficient capability and experience in identifying, assessing, and managing risk exposures of large, complex financial institutions.32 The CRO should guide IRM to establish and monitor compliance with enterprisewide risk limits, identify and aggregate the firm’s risks, assess the firm’s risk positions relative to the parameters of the firm’s risk tolerance, and provide relevant risk information to senior management and the board of directors. The CRO should inform the board of directors if his or her stature, independence, or authority is not sufficient or is at risk of being insufficient to provide unbiased and independent assessments of the firm’s risks, risk management activities, and system of internal controls.33 Further, the CRO should be included in discussions with other senior management and the board related to key decisions, such as strategic planning and capital and liquidity planning, and provide input to the board on incentive compensation. The CRO should notify senior management and the board of directors when activities or practices at the firm32 See 12 CFR 252.33. officers of the firm may oversee portions of functions involved in risk management and control activities. See SR letter 08–08/CA letter 08– 11, ‘‘Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliance Profiles,’’ at https:// www.federalreserve.gov/boarddocs/srletters/2008/ SR0808.htm. 33 Other E:\FR\FM\17AUP1.SGM 17AUP1 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules wide, risk-specific, or CBL level do not align with the firm’s overall risk tolerance. As appropriate, the CRO should recommend constraints on risk taking and enhancements to risk management practices to senior management and the board of directors. The CRO should support the independence of IRM from the business lines by establishing clearly defined roles and responsibilities and reporting lines. sradovich on DSK3GMQ082PROD with PROPOSALS ii. Chief Audit Executive (CAE) The firm should have a CAE, appointed by the board, with sufficient capability, experience, independence, and stature to manage the internal audit function’s responsibilities.34 Under the direction of the CAE, the internal audit function performs an independent assessment of the effectiveness of the firm’s system of internal controls and the risk management framework. The CAE should manage effectively all aspects of internal audit work on an ongoing basis, including any internal audit work that is outsourced. The CAE should have the authority to oversee all internal audit activities and to hire internal audit staff with sufficient capability and stature. The CAE should report findings, issues, and concerns to the board’s audit committee and senior management. iii. Risk Tolerance and Limits IRM should evaluate whether the firm’s risk tolerance appropriately captures the firm’s material risks, whether it aligns with the firm’s strategic plan and the corresponding business activities, and whether it is consistent with the capacity of the risk management framework. IRM, including through the CRO, should provide input to both senior management and the board to assist in the development, evaluation, and approval of the firm’s risk tolerance. IRM should also determine whether the firm’s risk profile is consistent with the firm’s risk tolerance and assess whether the firm’s risk management framework has the capacity to manage the risks outlined in the risk tolerance. Under direction of the CRO, IRM should establish enterprise-wide risk limits as well as more granular risk limits, as appropriate, that are consistent with the firm’s risk tolerance for the firm’s full set of risks. IRM should monitor and update risk limits as appropriate, especially as the firm’s risk tolerance, risk profile, or external conditions change. IRM should identify significant trends in risk levels to 34 See SR letter 13–1/CA letter 13–1. VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 evaluate whether risk-taking and risk management practices are consistent with the firm’s strategic objectives. IRM should escalate to senior management material breaches to the firm’s risk tolerance and enterprise-wide risk limits, as well as instances where IRM’s conclusions differ from those of CBLs. IRM should identify and measure under both normal and stressful operating conditions, where possible, current and emerging risks within and across business lines and risk types, as well as any other relevant perspective. Common risk types include credit, market, operational, liquidity, interest rate, legal, and compliance (such as consumer protection and Bank Secrecy Act/anti-money laundering). IRM should aggregate risks across the entire firm and assess those risks relative to the firm’s risk tolerance. IRM should identify material or critical concentrations of risks and assess the likelihood and potential impact of those risks on the firm. IRM should identify information gaps, uncertainties, or limitations in risk assessments for the board of directors and senior management, as appropriate. Risk reporting should cover current and emerging risk, risk exposure and adherence to risk limits and risk concentrations as well as the firm’s ongoing strategic, capital, and liquidity planning processes. Risk reporting should enable prompt escalation and remediation of material problems; enhance appropriate and timely responses to identified problems; provide current and forward-looking perspectives; and support or influence strategic decision-making. b. Internal Controls Developing and maintaining effective internal controls are the responsibility of senior management, IRM, and CBL management. Accordingly, a firm should appropriately assign management responsibilities for the establishment and maintenance of internal controls. To foster an appropriate control culture within the firm, adequate control activities should be integrated into the daily functions of all relevant personnel. A firm should have mechanisms to monitor and test internal controls and to identify and escalate issues that appear to compromise the effectiveness of internal controls. The scope, frequency, and depth of testing should consider the complexity of the firm, the results of risk assessments, and the number and significance of the deficiencies identified during prior testing. A firm should test and monitor internal controls using a risk-based approach, PO 00000 Frm 00007 Fmt 4702 Sfmt 4702 39055 prioritizing efforts on controls in areas of highest risk and less effective controls. A firm should evaluate and communicate internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management. c. Internal Audit The internal audit function should examine, evaluate, and perform an independent assessment of the effectiveness of the firm’s risk management framework and internal control systems and report findings to senior management and the firm’s audit committee. The Federal Reserve would assess the extent to which a firm complies with existing guidance on internal audit.35 B. Board Effectiveness Concurrent with this proposal, the Board is issuing a related proposal for public comment addressing supervisory expectations for boards of directors of all Federal Reserve-supervised institutions. The Federal Reserve conducted a multi-year review of the practices of boards of directors, particularly at the largest financial institutions, which considered the factors that make boards effective, the challenges boards face, how boards influence the safety and soundness of their firms, and the impact of the Federal Reserve’s expectations for boards of directors in existing supervisory guidance. The proposed guidance relating to boards of directors and its accompanying notice published in the Federal Register constitute the results of the review. The review identified three key issues that could potentially reduce a board’s ability to be effective. First, supervisory expectations for boards of directors and senior management have become increasingly difficult to distinguish. Second, boards typically spend a significant amount of time focused on supervisory expectations that do not directly relate to the board’s core responsibilities, which include guiding the development of the firm’s strategy and risk tolerance, overseeing senior management and holding them accountable, supporting 35 The Federal Reserve issued guidance outlining the key components of an effective internal audit function in SR letter 03–5, ‘‘Amended Interagency Guidance on the Internal Audit Function and its Outsourcing,’’ at https://www.federalreserve.gov/ boarddocs/srletters/2003/sr0305.htm and followed that with supplemental guidance in SR letter 13– 1/CA letter 13–1. The supplemental guidance builds upon the 2003 interagency guidance of SR letter 03–5 and further addresses the characteristics, governance, and operational effectiveness of a firm’s internal audit function. E:\FR\FM\17AUP1.SGM 17AUP1 sradovich on DSK3GMQ082PROD with PROPOSALS 39056 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules the stature and independence of the firm’s independent risk management and internal audit functions, and adopting effective governance practices. Third, boards of large financial institutions often face significant challenges managing the overwhelming quantity of information provided by senior management in advance of board meetings. The proposal would refocus existing supervisory expectations on a board’s core responsibilities by more clearly distinguishing the roles and responsibilities of the board from those of senior management; eliminating redundant, outdated, or irrelevant supervisory expectations for boards; and ensuring that supervisory guidance is more closely aligned. The proposal contains three parts, the first of which includes proposed supervisory guidance addressing effective boards of directors (proposed BE guidance), which would apply to the largest depository institution holding companies supervised by the Federal Reserve. The proposed BE guidance identifies five key attributes of effective boards of directors and would provide the framework the Federal Reserve would use to assess a firm’s board of directors. The proposed BE guidance also would clarify supervisory expectations for boards as distinct from expectations for senior management. The second part of the proposal would revise certain supervisory expectations for boards to ensure they are aligned with the Federal Reserve’s supervisory framework, and would eliminate redundant, outdated, or irrelevant supervisory expectations. These changes reflect the Federal Reserve’s review of approximately 170 existing supervisory expectations contained in 27 Supervision and Regulation letters (SR letters), and would apply to bank and savings and loan holding companies of all sizes. The third part of the proposal includes proposed supervisory guidance that would replace Federal Reserve SR letter 13–13 36 and clarify expectations for communicating supervisory findings to an institution’s board of directors and senior management. This proposed guidance, like the existing guidance, would apply to all financial institutions supervised by the Federal Reserve. The proposed guidance would facilitate the 36 See SR letter 13–13. VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 execution of boards’ core responsibilities by clarifying expectations for communicating supervisory findings to an institution’s board of directors and senior management. The proposed guidance would indicate that Federal Reserve examiners and supervisory staff would direct most Matters Requiring Immediate Attention (MRIAs) and Matters Requiring Attention (MRAs) to senior management for corrective action. MRIAs and MRAs would only be directed to the board for corrective action when the board needs to address its corporate governance responsibilities or when senior management fails to take appropriate remedial action. The board would remain responsible for holding senior management accountable for remediating supervisory findings. VIII. Other Related Developments Upon finalizing the LFI rating system, the Federal Reserve expects to issue supervisory guidance to update and align the consolidated supervisory framework, including SR letter 12–17, to be fully consistent with any modifications made through the final adoption of the LFI rating system as well as supervisory guidance relating to governance and controls. In the future, the Federal Reserve may propose to revise the LFI rating system to include an additional rating component to assess the sufficiency of resolution planning efforts undertaken by LISCC firms (and perhaps other select LFIs) to reduce the impact on the U.S. financial system in the event of the firm’s failure. This proposed revision to the LFI rating system would be issued for notice and comment. IX. Proposed Changes to Existing Regulations References to holding company ratings are included in a number of the Federal Reserve’s existing regulations. In certain cases, the regulations are narrowly constructed such that they contemplate only the assignment of a standalone composite rating using a numerical rating scale. This is consistent with the current RFI rating system but is not compatible with the proposed LFI rating system. Three provisions in the Federal Reserve’s existing regulations are written in this manner, including two in Regulation K and one in Regulation LL. In Regulation K, section 211.2(z) of Regulation K PO 00000 Frm 00008 Fmt 4702 Sfmt 4702 includes a definition of ‘‘well managed’’ which in part requires a bank holding company to have received a composite rating of 1 or 2 at its most recent examination or review; and section 211.9(a)(2) requires an investor (which by definition can be a bank holding company) to have received a composite rating of at least 2 at its most recent examination in order to make investments under the general consent or limited general consent procedures contained in sections 211.9(b) and (c). In Regulation LL, section 238.54(a)(1) restricts savings and loan holding companies from commencing certain activities without the Federal Reserve’s prior approval unless the company received a composite rating of 1 or 2 at its most recent examination. To ensure that the Federal Reserve’s regulations are consistent and compatible with all aspects of both the RFI rating system as well as the proposed LFI rating system, the Federal Reserve proposes to amend those three regulatory provisions so they would apply to entities which receive numerical composite ratings as well as to entities which do not receive numerical composite ratings (including firms subject to the proposed LFI rating system).37 To satisfy the requirements of those provisions, firms that do not receive numerical composite ratings would have to be considered satisfactory under the proposed LFI rating system. To be considered satisfactory, a firm would have to be rated ‘‘Satisfactory’’ or ‘‘Satisfactory Watch’’ for each component of the proposed LFI rating system; a firm which is rated ‘‘Deficient-1’’ or lower for any component would not be considered satisfactory. This standard would apply to any provision contained in the Federal Reserve’s regulations which requires or refers to a firm having a satisfactory composite rating. X. Comparison of the RFI and LFI Rating Systems The proposed LFI rating system includes several structural changes from the RFI rating system. The following table provides a broad comparison between the two rating systems. 37 The Board may propose additional necessary revisions to its regulations resulting from the adoption of a final LFI rating system. E:\FR\FM\17AUP1.SGM 17AUP1 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules 39057 RFI rating system Proposed LFI rating system R—Risk Management .............................................................................. An evaluation of the ability of the BHC’s board of directors and senior management to identify, measure, monitor, and control risk. The rating is supported by four subcomponent ratings: • Board and Senior Management Oversight • Policies, Procedures, and Limits • Risk Monitoring and Management Information Systems • Internal Controls Assessment of the effectiveness of a firm’s governance and risk management practices is central to the Governance and Controls component rating. The Governance and Controls rating evaluates a firm’s effectiveness in aligning strategic business objectives with risk management capabilities; maintaining strong and independent risk management and control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise providing for the ongoing resiliency of the firm. Governance and risk management practices specifically related to maintaining financial strength and resilience are also incorporated into the Capital Planning and Positions and Liquidity Risk Management and Positions component ratings. Assessment of a firm’s financial strength and resilience is specifically evaluated through the Capital Planning and Positions and Liquidity Risk Management and Positions component ratings. These component ratings assess the effectiveness of associated planning and risk management processes, and the sufficiency of related positions. Although asset quality and earnings are not rated separately, they continue to be important elements in assessing a firm’s safety and soundness and resiliency, and are important considerations within each of the LFI component ratings. Although a separate ‘‘Impact’’ rating would not be assigned, the LFI rating system would assess a firm’s ability to protect the safety and soundness of its subsidiary depository institutions, including whether the firm can provide financial and managerial strength to its subsidiary depository institutions.38 A separate rating for a firm’s depository institution subsidiaries would not be assigned. The Federal Reserve will continue to rely to the fullest extent possible on supervisory assessments developed by the primary supervisor of the subsidiary depository institution(s). A standalone composite rating would not be assigned. The three LFI component ratings are designed to clearly communicate supervisory assessments and associated consequences for each of the core areas (capital, liquidity and governance and controls) considered critical to an LFI’s strength and resilience. For purposes of determining whether a firm is ‘‘well managed,’’ the three component ratings taken together would be treated as equivalent to a standalone composite rating. Each component must be rated either ‘‘Satisfactory’’ or ‘‘Satisfactory Watch’’ in order for a firm to be deemed ‘‘well managed.’’ F—Financial Condition ............................................................................. An evaluation of the consolidated organization’s financial strength ........ The rating is supported by four subcomponent ratings: • Capital Adequacy • Asset Quality • Earnings • Liquidity I—Impact .................................................................................................. An assessment of the potential impact of the firm’s nondepository entities on its subsidiary depository institution(s). D—Depository Institutions ........................................................................ Generally reflects the composite CAMELS rating assigned by the primary supervisor of the subsidiary depository institution(s).39 C—Composite Rating ............................................................................... The overall composite assessment of the BHC as reflected by the R, F, and I ratings, and supported by examiner judgment with respect to the relative importance of each component to the safe and sound operation of the BHC. sradovich on DSK3GMQ082PROD with PROPOSALS XI. Request for Comments The Board invites comments on all aspects of the proposed LFI rating system, including responses to the following questions: (1) Are there specific considerations beyond those outlined in this proposal that should be considered in the Federal Reserve’s assessment of whether an LFI has sufficient financial and operational strength and resilience to maintain safe and sound operations? (2) Does the proposal clearly describe the firms that would be subject to the LFI rating system, and those firms that would continue to be subject to the RFI rating system? (3) Does the proposal clearly describe the supervisory expectations for senior management in the evaluation of a 38 See Sections 616 of DFA (financial strength), 12 CFR 225.4 of the Board’s Regulation Y, and 12 CFR 238.8 of the Board’s Regulation LL. 39 See SR letter 96–38, ‘‘Uniform Financial Institutions Rating System,’’ at http://www.federal reserve.gov/boarddocs/srletters/1996/sr9638.htm. VerDate Sep<11>2014 17:46 Aug 16, 2017 Jkt 241001 firm’s governance and controls under the proposed LFI rating system? (4) Does the proposal clearly describe how and under what circumstances a ‘‘Satisfactory Watch’’ rating would or would not be assigned? Does that rating provide appropriate messaging and incentives to firms to correct identified deficiencies? (5) Should the LFI rating system be revised at a future date to assess the sufficiency of a firm’s resolution planning efforts undertaken to reduce the impact on the financial system in the event of the firm’s failure? If yes, what should the Federal Reserve specifically consider in conducting that assessment? (6) Are there options that should be considered to enhance the transparency of LFI ratings in order to incent more timely and comprehensive remediation of supervisory deficiencies or issues? (7) What specific issues should the Federal Reserve consider when using the LFI rating system to inform future revisions to other supervisory rating PO 00000 Frm 00009 Fmt 4702 Sfmt 4702 systems used to assess the U.S. operations of foreign banking organizations? XII. Regulatory Analysis A. Paperwork Reduction Act There is no collection of information required by this proposal that would be subject to the Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq. B. Regulatory Flexibility Analysis The Board is providing an initial regulatory flexibility analysis with respect to this proposed rule. The Regulatory Flexibility Act, 5 U.S.C. 601 et seq. (RFA), generally requires an agency to assess the impact a rule is expected to have on small entities. The RFA requires an agency either to provide an initial regulatory flexibility analysis with a proposed rule for which a general notice of proposed rulemaking is required or to certify that the proposed rule will not have a significant impact on a substantial number of small entities. Based on the Board’s analysis E:\FR\FM\17AUP1.SGM 17AUP1 39058 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules and for the reasons stated below, the Board believes that neither the proposed LFI rating system nor the proposed rule will have a significant economic impact on a substantial number of small entities. A final regulatory flexibility analysis will be conducted after comments received during the public comment period have been considered. Under regulations issued by the Small Business Administration, a small entity includes a depository institution, bank holding company, or savings and loan holding company with assets of $550 million or less (small banking organizations). As of June 1, 2017, there were approximately 3,539 small banking organizations. As described above, the proposed LFI rating system would apply only to all bank holding companies with total consolidated assets of $50 billion or more; all non-insurance, noncommercial savings and loan holding companies with total consolidated assets of $50 billion or more; and U.S. intermediate holding companies of foreign banking organizations established pursuant to section 252.153 of the Federal Reserve’s Regulation YY. Small banking organizations would therefore not be subject to the proposed LFI rating system. Similarly, the proposed rule would make conforming changes to several regulations to reflect certain aspects of the proposed LFI rating system, but would not change the operation of those regulations for any entity that would not be subject to the proposed LFI rating system. As a result, neither the proposed LFI rating system nor the proposed rule should have any impact on small banking organizations. In light of the foregoing, the Board believes that the proposed LFI rating system will not have a significant economic impact on small banking organizations supervised by the Board. sradovich on DSK3GMQ082PROD with PROPOSALS C. Solicitation of Comments on Use of Plain Language Section 722 of the Gramm-LeachBliley Act requires the Board to use plain language in all proposed and final rules published after January 1, 2000. The Board invites comment on how to make this proposed rule easier to understand. For example: • Has the Board organized the material to suit your needs? If not, how could the proposal be more clearly stated? • Does the proposal contain technical language or jargon that is not clear? If so, what language requires clarification? • Would a different format (grouping and order of sections, use of headings, paragraphing) make the proposal easier to understand? If so, what changes VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 would make the proposal easier to understand? • Would more, but shorter, sections be better? If so, what sections should be changed? • What else could the Board do to make the proposal easier to understand? List of Subjects 12 CFR Part 211 Exports, Federal Reserve System, Foreign banking, Holding companies, Investments, Reporting and recordkeeping requirements. 12 CFR Part 238 Administrative practice and procedure, Banks, Banking, Federal Reserve System, Holding companies, Reporting and recordkeeping requirements. Authority and Issuance For the reasons stated in the preamble, the Board proposes to amend 12 CFR parts 211 and 238 as follows: PART 211—INTERNATIONAL BANKING OPERATIONS (REGULATION K) 1. The authority citations for part 211 continues to read as follows: 12 U.S.C. 221 et seq., 1818, 1835a, 1841 et seq., 3101 et seq., 3901 et seq., and 5101 et seq.; 15 U.S.C. 1681s, 1681w, 6801 and 6805. ■ 2. Section 211.2 is amended by revising paragraph (z) to read as follows: ■ § 211.2 Definitions. * * * * * (z) Well managed means that the Edge or agreement corporation, any parent insured bank, and the bank holding company either received a composite rating of 1 or 2 or is considered satisfactory under the applicable rating system, and has at least a satisfactory rating for management if such a rating is given, at their most recent examination or review. ■ 3. Section 211.9 is amended by revising paragraph (a) to read as follows: § 211.9 Investment Procedures. * * * * * (a) * * * (2) Composite rating. Except as the Board may otherwise determine, in order for an investor to make investments under the general consent or limited general consent procedures of paragraphs (b) and (c) of this section, at the most recent examination the investor and any parent insured bank must have either received a composite rating of at least 2 or be considered satisfactory under the applicable rating system. PO 00000 Frm 00010 Fmt 4702 Sfmt 4702 PART 238—SAVINGS AND LOAN HOLDING COMPANIES (REGULATION LL) 1. The authority citations for part 211 continues to read as follows: ■ Authority: 5 U.S.C. 552, 559; 12 U.S.C. 1462, 1462a, 1463, 1464, 1467, 1467a, 1468, 1813, 1817, 1829e, 1831i, 1972; 15 U.S.C. 78l. 2. Section 238.54 is amended by revising paragraph (a)(1) to read as follows: ■ § 238.54 Permissible bank holding company activities of savings and loan holding companies. (a) * * * (1) The holding company received a rating of satisfactory or above prior to January 1, 2008, or thereafter, either received a composite rating of ‘‘1’’ or ‘‘2’’ or be considered satisfactory under the applicable rating system in its most recent examination, and is not in a troubled condition as defined in § 238.72, and the holding company does not propose to commence the activity by an acquisition (in whole or in part) of a going concern; or * * * * * Appendix A Note: This Appendix A will not be published in the Code of Federal Regulations. Text of Proposed Large Financial Institution Rating System A. Overview of LFI Rating System The Federal Reserve will use the large financial institution (LFI) rating system to evaluate and communicate the condition and prospects of domestic bank holding companies with total consolidated assets of $50 billion or more, certain savings and loan holding companies with total consolidated assets of $50 billion or more, and U.S. intermediate holding companies of foreign banking organizations.1 The LFI rating system will replace the existing RFI/C(D) rating system that is presently used by the Federal Reserve to assign ratings to applicable holding companies.2 The LFI rating system draws from the supervisory objectives set forth in the 1 The LFI rating system will apply to noninsurance, non-commercial savings and loan holding companies with total consolidated assets of $50 billion or more. With respect to U.S. intermediate holding companies (IHCs) of foreign banking organizations (FBOs), the LFI rating system applies only to IHCs established under Regulation YY as required for FBOs with U.S. non-branch assets of $50 billion or more. Plans are for systemically important nonbank financial companies designated by the Financial Stability Oversight Council (FSOC) for supervision by the Federal Reserve to be subject to the LFI rating system at a future date through a separate rulemaking. 2 Refer to SR letter 04–18, ‘‘Bank Holding Company Rating System,’’ 69 FR 70444 (December 6, 2004), at https://www.federalreserve.gov/ boarddocs/srletters/2004/sr0418.htm. E:\FR\FM\17AUP1.SGM 17AUP1 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules Consolidated Supervisory Framework for Large Financial Institutions for enhanced financial and operational strength and resilience for the largest and most systemically important firms.3 The LFI rating system is designed to: • Fully align with the Federal Reserve’s current supervisory programs and practices, which are based upon the LFI supervision framework’s core objectives of reducing the probability of LFIs failing or experiencing material distress and reducing the risk to U.S. financial stability; • Enhance the clarity and consistency of supervisory assessments and communications of supervisory findings and implications; and • Provide appropriate incentives for LFIs to maintain financial and operational strength and resilience, including compliance with laws and regulations, by more clearly defining the consequences of a given rating. Consistent with current practice, LFI ratings will be assigned and communicated to firms on at least an annual basis, and more frequently as warranted to reflect the conclusions of supervisory activities performed by the Federal Reserve. In determining the LFI rating and identifying supervisory issues requiring corrective action by a firm, the Federal Reserve will generally rely to the fullest extent possible on the information and assessments developed by other relevant supervisors and functional regulators. B. LFI Rating Framework sradovich on DSK3GMQ082PROD with PROPOSALS The LFI rating framework provides a supervisory evaluation of whether a firm possesses sufficient financial and operational strength and resilience to maintain safe and 3 Refer to SR letter 12–17/CA letter 12–14, ‘‘Consolidated Supervisory Framework for Large Financial Institutions,’’ at http://www.federal reserve.gov/bankinforeg/srletters/sr1217.htm. This supervisory framework will be updated to more closely align with the LFI rating system when the rating system is released in its final form. ‘‘Financial strength and resilience’’ is defined as maintaining effective capital and liquidity governance and planning processes, and sufficiency of related positions, to provide for continuity of the consolidated organization and its core business lines, critical operations, and banking offices through a range of conditions. ‘‘Operational strength and resilience’’ is defined as maintaining effective governance and controls to provide for continuity of the consolidated organization and its core business lines, critical operations, and banking offices, and promote compliance with laws and regulations, including those related to consumer protection, through a range of conditions. ‘‘Critical operations’’ are a firm’s operations, including associated services, functions and support, the failure or discontinuance of which, in the view of the firm or the Federal Reserve would pose a threat to the financial stability of the United States. Under SR letter 12–17, ‘‘banking offices’’ are defined as U.S. depository institution subsidiaries and the U.S. branches and agencies of FBOs. The Federal Reserve expects to use the LFI rating system to inform future revisions to other rating systems used to assess the U.S. operations of FBOs. VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 sound operations through a range of conditions.4 The LFI rating system is comprised of three components, described below: • Capital Planning and Positions: An evaluation of (i) the effectiveness of a firm’s governance and planning processes used to determine the amount of capital necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm’s capital positions to comply with applicable regulatory requirements and to support the firm’s ability to continue to serve as a financial intermediary through a range of conditions. • Liquidity Risk Management and Positions: An evaluation of (i) the effectiveness of a firm’s governance and risk management processes used to determine the amount of liquidity necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm’s liquidity positions to comply with applicable regulatory requirements and to support the firm’s ongoing obligations through a range of conditions. • Governance and Controls: An evaluation of the effectiveness of a firm’s (i) board of directors, (ii) management of core business lines and independent risk management and controls, and (iii) recovery planning (for domestic LISCC firms only).5 This rating assesses a firm’s effectiveness in aligning strategic business objectives with the firm’s risk tolerance and risk management capabilities; maintaining strong, effective, and independent risk management and 4 Hereinafter, when ‘‘safe and sound’’ or ‘‘safety and soundness’’ is used in this framework, related expectations apply to the consolidated organization and a firm’s critical operations and banking offices. 5 References to ‘‘board’’ or ‘‘board of directors’’ in this framework includes the equivalent to a board of directors, as appropriate, as well as committees of the board of directors or the equivalent thereof, as appropriate. A ‘‘business line’’ is a defined unit or function of a financial institution, including associated operations and support, that provides related products or services to meet the firm’s business needs and those of its customers. ‘‘Core business lines’’ are defined as those business lines in which a significant control disruption, failure or loss event would result in a material loss of revenue, profit, franchise value, or result in significant consumer harm. Supervisory expectations applicable to management of core business lines apply equally to the management of critical operations. Additionally, critical operations are to be sufficiently resilient to be maintained, continued, and funded even in the event of a firm’s material financial distress or failure. At this time, recovery planning expectations only apply to domestic BHCs subject to the Federal Reserve’s LISCC supervisory framework. Should the Federal Reserve expand the scope of recovery planning expectations to encompass additional firms, this rating will reflect such expectations for the broader set of firms. There are eight domestic firms in the LISCC portfolio: (1) Bank of America Corporation; (2) Bank of New York Mellon Corporation; (3) Citigroup, Inc.; (4) Goldman Sachs Group, Inc.; (5) JP Morgan Chase & Co.; (6) Morgan Stanley; (7) State Street Corporation; and (8) Wells Fargo & Company. In this guidance, these eight firms may collectively be referred to as ‘‘domestic LISCC firms.’’ PO 00000 Frm 00011 Fmt 4702 Sfmt 4702 39059 control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise planning for the ongoing resiliency of the firm.6 Assignment of the LFI Component Ratings Each LFI component rating is assigned along a multi-level scale (Satisfactory/ Satisfactory Watch, Deficient-1, and Deficient-2). A ‘‘Satisfactory’’ rating indicates that the firm is considered safe and sound and broadly meets supervisory expectations. A ‘‘Satisfactory Watch’’ rating is a conditional ‘‘Satisfactory’’ rating and is discussed in greater detail below. A ‘‘Deficient-1’’ rating indicates that although the firm’s current condition is not considered to be materially threatened, there are financial and/or operational deficiencies that put its prospects for remaining safe and sound through a range of conditions at significant risk. A ‘‘Deficient-2’’ rating indicates that financial and/or operational deficiencies materially threaten the firm’s safety and soundness, or have already put the firm in an unsafe and unsound condition. Supervisors may assign a ‘‘Satisfactory Watch’’ component rating which indicates that the firm is generally considered safe and sound; however certain issues are sufficiently material that, if not resolved in a timely manner in the normal course of business, would put the firm’s prospects for remaining safe and sound through a range of conditions at risk.7 Use of the ‘‘Satisfactory Watch’’ rating is consistent with existing supervisory practice of giving notice that the Federal Reserve is likely to downgrade a firm to a less-than-satisfactory rating if identified weaknesses are not resolved in a timely manner. The ‘‘Satisfactory Watch’’ rating may also be used for firms previously rated ‘‘Deficient’’ when circumstances warrant. A ‘‘Satisfactory Watch’’ rating is not intended to be used for a prolonged period. Firms that receive a ‘‘Satisfactory Watch’’ rating will have a specified timeframe to fully resolve issues leading to that rating (as is the case with all supervisory issues), generally no longer than 18 months.8 If the firm 6 ‘‘Risk tolerance’’ is defined as the aggregate level and types of risk the board and senior management are willing to assume to achieve the firm’s strategic business objectives, consistent with applicable capital, liquidity, and other requirements and constraints. 7 For purposes of the LFI rating system, ‘‘during the normal course of business’’ is when the Federal Reserve believes that supervisory issues can be resolved via remediation or mitigation (through compensating controls and/or a reduced risk profile) in a timely manner without material changes to, or investments in, a firm’s governance, risk management or internal control structures, practices, or capabilities. 8 The timeframe initially specified by the Federal Reserve for resolving issues will become more precise over time, and may be extended as circumstances warrant. As noted in current guidance, defined timeframes for resolving supervisory issues are communicated within either ‘‘Matters Requiring Attention’’ (MRAs) or ‘‘Matters Requiring Immediate Attention’’ (MRIAs). See SR letter 13–13/CA letter 13–10, ‘‘Supervisory Considerations for the Communication of Supervisory Findings,’’ at https:// E:\FR\FM\17AUP1.SGM Continued 17AUP1 39060 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules successfully resolves the issues leading to the ‘‘Satisfactory Watch’’ rating, the firm would typically be upgraded to ‘‘Satisfactory’’ as it has demonstrated an ability to successfully remediate or mitigate these issues in a timely manner in the normal course of business. However, if the firm fails to timely remediate or mitigate those issues, this failure would generally be viewed as evidence that the firm lacks sufficient financial and/or operational capabilities to remain safe and sound through a range of conditions. In these instances the firm would typically be downgraded to a ‘‘Deficient’’ rating. When a firm is rated ‘‘Satisfactory Watch,’’ supervisors would focus on determining whether a firm’s issues are related to each other, similar in nature or root cause, or constitute a pattern reflecting deeper governance or risk management weaknesses, warranting a downgrade to a ‘‘Deficient’’ rating. The weighting of individual elements within each LFI component rating will depend on their relative contribution to the rating definitions outlined below. For example, a limited number of significant deficiencies—or even just one significant deficiency—noted for management of a single core business line could be viewed as sufficiently important to warrant a ‘‘Deficient’’ Governance and Controls component rating, even if the firm meets supervisory expectations under the Governance and Controls component in all other respects. A standalone composite rating is not assigned under the LFI rating system. The three LFI component ratings are designed to clearly communicate supervisory assessments and associated consequences to a firm for the core areas (capital, liquidity, and governance and controls) considered critical to an LFI’s strength and resilience. Under the LFI rating system, a firm must be rated ‘‘Satisfactory’’ or ‘‘Satisfactory Watch’’ for each of its component ratings to be considered ‘‘well managed’’ in accordance with various statutes and regulations.9 A ‘‘well managed’’ firm has sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions. sradovich on DSK3GMQ082PROD with PROPOSALS C. LFI Rating Components The LFI rating system is comprised of three component ratings: 10 1. Capital Planning and Positions Component Rating The Capital Planning and Positions component rating evaluates (i) the www.federalreserve.gov/supervisionreg/srletters/ sr1313.htm. Proposed guidance which would replace SR letter 13–13 has been released for public comment. An enforcement action will also specify the timeframe for a firm to resolve deficiencies. 9 12 U.S.C. 1841 et. seq. and 12 U.S.C. 1461 et seq. See, e.g., 12 CFR 225.4(b)(6), 225.14, 225.22(a), 225.23, 225.85, and 225.86; 12 CFR 211.9(b), 211.10(a)(14), and 211.34; and 12 CFR 223.41. 10 There may be instances where deficiencies or supervisory issues may be relevant to the Federal Reserve’s assessment of more than one component area. As such, the LFI rating will reflect these deficiencies or issues within multiple rating components when necessary to provide a comprehensive supervisory assessment. VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 effectiveness of a firm’s governance and planning processes used to determine the amount of capital necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm’s capital positions to comply with applicable regulatory requirements and to support the firm’s ability to continue to serve as a financial intermediary through a range of conditions. In developing this rating, the Federal Reserve will evaluate: • Capital Planning: The extent to which a firm maintains sound capital planning practices though strong governance and oversight; strong risk management and controls; maintenance of updated capital policies and contingency plans for addressing potential shortfalls; and incorporation of appropriately stressful conditions and events into capital planning and projections of capital positions; and • Capital Positions: The extent to which a firm’s capital is sufficient to comply with regulatory requirements, and to support its ability to meet its obligations to depositors, creditors, and other counterparties and continue to serve as a financial intermediary through a range of conditions. Definitions for the Capital Planning and Positions Component Rating Satisfactory A firm’s capital planning and positions are considered sound and broadly meet supervisory expectations. Specifically: • A firm is capable of producing sound assessments of capital adequacy through a range of conditions; and • A firm’s current and projected capital positions comply with regulatory requirements, and support its ability to absorb current and potential losses, to meet obligations, and to continue to serve as a financial intermediary through a range of conditions. Although a firm rated ‘‘Satisfactory’’ may have supervisory issues requiring corrective action, the firm is effectively mitigating the issues or the Federal Reserve has deemed the issues as unlikely to present a threat to the firm’s ability to maintain safe and sound operations. Satisfactory Watch In select circumstances, a ‘‘Satisfactory Watch’’ component rating may be assigned. In these instances a firm’s capital planning and positions are generally considered sound; however certain supervisory issues are sufficiently material that, if not resolved by the firm in a timely manner during the normal course of business, would put the firm’s prospects for remaining safe and sound through a range of conditions at risk. A ‘‘Satisfactory Watch’’ rating may be assigned to a firm that meets these characteristics regardless of its prior rating (that is, it may be assigned to a firm previously rated ‘‘Satisfactory’’ or ‘‘Deficient’’). In either instance, the Federal Reserve will not use the ‘‘Satisfactory Watch’’ rating for a prolonged period. In most instances, the firm will either (i) resolve the issues in a timely manner and be assigned a ‘‘Satisfactory’’ rating, or (ii) fail to resolve the PO 00000 Frm 00012 Fmt 4702 Sfmt 4702 issues and be downgraded to a ‘‘Deficient’’ rating, as its inability to resolve those issues in a timely manner would indicate that the firm does not possess sufficient financial and operational capabilities to maintain its safety and soundness through a range of conditions. The Federal Reserve will provide an expected timeframe for the firm to remediate or mitigate each issue leading to the ‘‘Satisfactory Watch’’ rating, and will closely monitor the firm’s progress. Deficient-1 Although a firm’s current condition is not considered to be materially threatened, there are deficiencies in capital planning or positions that put its prospects for remaining safe and sound through a range of conditions at significant risk. Its practices and capabilities do not meet supervisory expectations, as: • Deficiencies in a firm’s capital planning processes are not effectively mitigated. These deficiencies limit the firm’s ability to effectively assess capital adequacy through a range of conditions; and/or • A firm’s projected capital positions may be insufficient to absorb potential losses, and to support its ability to meet prospective obligations and serve as a financial intermediary through a range of conditions. These deficiencies require timely corrective action focused on restoring and maintaining capital planning capabilities and capital positions consistent with assignment of a ‘‘Satisfactory’’ component rating. To support supervisory efforts—and ensure the immediate attention of the firm’s board and senior management towards restoring financial and operational strength and resilience as necessary to maintain the firm’s safety and soundness through a range of conditions—there is a strong presumption that the firm will be subject to an informal or formal enforcement action by the Federal Reserve. A ‘‘Deficient-1’’ component rating could be a barrier for a firm seeking the Federal Reserve’s approval of a proposal to engage in new or expansionary activities, unless the firm can demonstrate that (i) it is making meaningful, sustained progress in resolving identified deficiencies and issues; (ii) the proposed new or expansionary activities would not present a risk of exacerbating current deficiencies or issues or lead to new concerns; and (iii) the proposed activities would not distract the board or senior management from remediating current deficiencies or issues. Deficient-2 Deficiencies in a firm’s capital planning or positions present a material threat to its safety and soundness, or have already put the firm in an unsafe and unsound condition. Its practices and capabilities fall well short of supervisory expectations, as: • A firm’s capital planning processes are insufficient to effectively assess capital adequacy through a range of conditions; and/ or • A firm’s current and projected capital positions are insufficient to absorb current or potential losses, and to support its ability to meet current and prospective obligations and serve as a financial intermediary through a range of conditions. E:\FR\FM\17AUP1.SGM 17AUP1 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules sradovich on DSK3GMQ082PROD with PROPOSALS To address these deficiencies, a firm is required to (i) implement comprehensive corrective measures sufficient to restore and maintain satisfactory capital planning capabilities and adequate capital positions; and (ii) demonstrate the sufficiency, credibility, and readiness of contingency planning and options in the event of further escalation of financial or operational deficiencies. To support supervisory efforts and ensure the immediate attention of the firm’s board and senior management in addressing threats to safety and soundness, there is a strong presumption that the firm will be subject to a formal enforcement action. The Federal Reserve would be extremely unlikely to approve any proposal from a firm with a ‘‘Deficient-2’’ rating to engage in new or expansionary activities. 2. Liquidity Risk Management and Positions Component Rating The Liquidity Risk Management and Positions component rating evaluates (i) the effectiveness of a firm’s governance and risk management processes used to determine the amount of liquidity necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm’s liquidity positions to comply with applicable regulatory requirements and to support the firm’s ongoing obligations through a range of conditions. In developing this rating, the Federal Reserve will evaluate: • Liquidity Risk Management: The extent to which a firm maintains sound liquidity risk management practices though strong governance and oversight; strong risk management and controls; maintenance of updated liquidity policies and contingency plans for addressing potential shortfalls; and incorporation of appropriately stressful conditions and events into liquidity planning and projections of liquidity positions; and • Liquidity Positions: The extent to which a firm’s liquidity is sufficient to comply with regulatory requirements, and to support its ability to meet current and prospective obligations to depositors, creditors and other counterparties through a range of conditions. Definitions for the Liquidity Risk Management and Positions Component Rating Satisfactory A firm’s liquidity risk management and positions are considered sound and broadly meet supervisory expectations. Specifically: • A firm is capable of producing sound assessments of liquidity adequacy through a range of conditions; and • A firm’s current and projected liquidity positions comply with regulatory requirements, and support its ability to meet current and prospective obligations and to continue to serve as a financial intermediary through a range of conditions. Although a firm rated ‘‘Satisfactory’’ may have supervisory issues requiring corrective action, the firm is effectively mitigating the issues or the Federal Reserve has deemed the issues as unlikely to present a threat to the firm’s ability to maintain safe and sound operations. VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 Satisfactory Watch In select circumstances, a ‘‘Satisfactory Watch’’ component rating may be assigned. In these instances a firm’s liquidity risk management and positions are generally considered sound; however certain supervisory issues are sufficiently material that, if not resolved by the firm in a timely manner during the normal course of business, would put the firm’s prospects for remaining safe and sound through a range of conditions at risk. A ‘‘Satisfactory Watch’’ rating may be assigned to a firm that meets these characteristics regardless of its prior rating (that is, it may be assigned to a firm previously rated ‘‘Satisfactory’’ or ‘‘Deficient’’). In either instance, the Federal Reserve will not use the ‘‘Satisfactory Watch’’ rating for a prolonged period. In most instances, the firm will either (i) resolve the issues in a timely manner and be assigned a ‘‘Satisfactory’’ rating, or (ii) fail to resolve the issues and be downgraded to a ‘‘Deficient’’ rating, as its inability to resolve those issues in a timely manner would indicate that the firm does not possess sufficient financial and operational capabilities to maintain its safety and soundness through a range of conditions. The Federal Reserve will provide an expected timeframe for the firm to remediate or mitigate each issue leading to the ‘‘Satisfactory Watch’’ rating, and will closely monitor the firm’s progress. Deficient-1 Although a firm’s current condition is not considered to be materially threatened, there are deficiencies in liquidity risk management or positions that put its prospects for remaining safe and sound through a range of conditions at significant risk. Its practices and capabilities do not meet supervisory expectations, as: • Deficiencies in a firm’s liquidity risk management processes are not effectively mitigated. These deficiencies limit the firm’s ability to effectively assess liquidity adequacy through a range of conditions; and/ or • A firm’s projected liquidity positions may be insufficient to support its ability to meet prospective obligations and serve as a financial intermediary through a range of conditions. These deficiencies require timely corrective action, focused on restoration and maintenance of liquidity risk management capabilities and liquidity positions consistent with assignment of a ‘‘Satisfactory’’ component rating. To support supervisory efforts—and ensure the immediate attention of the firm’s board and senior management towards restoring financial and operational strength and resilience as necessary to maintain the firm’s safety and soundness through a range of conditions—there is a strong presumption that the firm will be subject to an informal or formal enforcement action by the Federal Reserve. A ‘‘Deficient-1’’ component rating could be a barrier for a firm seeking the Federal Reserve’s approval of a proposal to engage in new or expansionary activities, unless the firm can demonstrate that (i) it is making meaningful, sustained progress in resolving PO 00000 Frm 00013 Fmt 4702 Sfmt 4702 39061 identified deficiencies and issues; (ii) the proposed new or expansionary activities would not present a risk of exacerbating current deficiencies or issues or lead to new concerns; and (iii) the proposed activities would not distract the board or senior management from remediating current deficiencies or issues. Deficient-2 Deficiencies in a firm’s liquidity risk management or positions present a material threat to its safety and soundness, or have already put the firm in an unsafe and unsound condition. Its practices and capabilities fall well short of supervisory expectations, as: • A firm’s liquidity risk management processes are insufficient to perform an effective assessment of liquidity adequacy through a range of conditions; and/or • A firm’s current and projected liquidity positions are insufficient to support its ability to meet current and prospective obligations and serve as a financial intermediary through a range of conditions. To address these material deficiencies, a firm is required to immediately (i) implement comprehensive corrective measures sufficient to provide for the restoration and continued maintenance of satisfactory liquidity risk management capabilities and adequate liquidity positions; and (ii) demonstrate the sufficiency, credibility and readiness of contingency planning and options in the event of further escalation of financial or operational deficiencies. To support supervisory efforts and ensure the immediate attention of the firm’s board and senior management in addressing threats to safety and soundness, there is a strong presumption that the firm will be subject to a formal enforcement action. The Federal Reserve would be extremely unlikely to approve any proposal from a firm with a ‘‘Deficient-2’’ rating to engage in new or expansionary activities. 3. Governance and Controls Component Rating The Governance and Controls component rating evaluates the effectiveness of a firm’s (i) board of directors, (ii) management of core business lines and independent risk management and controls, and (iii) recovery planning (for domestic LISCC firms only). This rating assesses a firm’s effectiveness in aligning strategic business objectives with the firm’s risk tolerance and risk management capabilities; maintaining strong, effective, and independent risk management and control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise providing for the ongoing resiliency of the firm.11 In developing this rating, the Federal Reserve will evaluate: • Effectiveness of the Board of Directors: The extent to which the board exhibits attributes consistent with those of effective boards in carrying out its core roles and 11 Hereinafter, references to ‘‘compliance with laws and regulations’’ include laws and regulations related to banking and consumer protection. E:\FR\FM\17AUP1.SGM 17AUP1 39062 Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / Proposed Rules sradovich on DSK3GMQ082PROD with PROPOSALS responsibilities, including setting a clear strategy for the firm that aligns with the firm’s risk tolerance; actively managing information flow and board discussions; holding senior management accountable for implementing the firm’s strategy and risk tolerance in an effective manner, and for maintaining the firm’s risk management and control framework; supporting the independence and stature of the firm’s independent risk management and internal audit functions; and maintaining its effectiveness by adapting its composition, governance structure and practices to changes that occur over time. • Management of Core Business Lines and Independent Risk Management and Controls The extent to which: Æ Senior management effectively and prudently manages the day-to-day operations of the firm and provides for ongoing resiliency; implements the firm’s strategy and risk tolerance; maintains an effective risk management framework and system of internal controls; and promotes prudent risk taking behaviors and business practices, including compliance with laws and regulations. Æ Core business line management executes business line activities consistent with the firm’s strategy and risk tolerance; identifies and manages risks; and ensures an effective system of internal controls for its operations. Æ Independent risk management effectively evaluates whether the firm’s risk tolerance appropriately captures material risks and is consistent with the firm’s risk management capacity; establishes and monitors risk limits that are consistent with the firm’s risk tolerance; identifies and measures the firm’s risks; and aggregates, assesses and reports on the firm’s risk profile and positions. Additionally, the firm demonstrates that its system of internal controls is appropriate and tested for effectiveness. Finally, internal audit effectively and independently assesses the firm’s risk management framework and internal control systems, and reports findings to senior management and the firm’s audit committee. • Recovery Planning (domestic LISCC firms only): The extent to which recovery planning processes effectively identify options that provide a reasonable chance of a firm being able to remedy financial weakness and restore market confidence without extraordinary official sector support. Definitions for the Governance and Controls Component Rating Satisfactory A firm’s governance and control practices are considered sound and broadly meet supervisory expectations. Specifically, a firm’s practices and capabilities are sufficient to align strategic business objectives with the firm’s risk tolerance and risk management capabilities; maintain strong and independent risk management and control functions, including internal audit; promote compliance with laws and regulations; and otherwise provide for the firm’s ongoing resiliency through a range of conditions. Although a firm rated ‘‘Satisfactory’’ may have supervisory issues requiring corrective VerDate Sep<11>2014 17:29 Aug 16, 2017 Jkt 241001 action, the firm is effectively mitigating the issues or the Federal Reserve has deemed the issues as unlikely to present a threat to the firm’s ability to maintain safe and sound operations. Satisfactory Watch Supervisors may assign a ‘‘Satisfactory Watch’’ component rating, which indicates that governance and controls are generally considered sound; however certain supervisory issues are sufficiently material that, if not resolved by the firm in a timely manner during the normal course of business, would put the firm’s prospects for remaining safe and sound through a range of conditions at risk. A ‘‘Satisfactory Watch’’ rating may be assigned to a firm which meets these characteristics regardless of its prior rating (that is, it may be assigned to a firm previously rated ‘‘Satisfactory’’ or ‘‘Deficient’’). In either instance, the Federal Reserve will not use the ‘‘Satisfactory Watch’’ rating for a prolonged period. In most instances, the firm will either (i) resolve the issues in a timely manner and be assigned a ‘‘Satisfactory’’ rating, or (ii) fail to resolve the issues and be downgraded to a ‘‘Deficient’’ rating, as its inability to resolve those issues in a timely manner would indicate that the firm does not possess sufficient financial and operational capabilities to maintain its safety and soundness through a range of conditions. The Federal Reserve will provide an expected timeframe for the firm to remediate or mitigate each issue leading to the ‘‘Satisfactory Watch’’ rating, and will closely monitor the firm’s progress. Deficient-1 Although a firm’s current condition is not considered to be materially threatened, there are deficiencies in a firm’s governance or controls that put its prospects for remaining safe and sound through a range of conditions at significant risk. The firm’s practices and capabilities do not meet supervisory expectations, and deficiencies limit its ability to align strategic business objectives with the firm’s risk tolerance and risk management capabilities; maintain strong and independent risk management and control functions, including internal audit; promote compliance with laws and regulations; and/or otherwise provide for the firm’s ongoing resiliency through a range of conditions. These deficiencies require timely corrective action by the firm, focused on restoring and maintaining its governance and control capabilities consistent with a ‘‘Satisfactory’’ component rating. To support supervisory efforts—and ensure the immediate attention of the firm’s board and senior management towards restoring financial and operational strength and resilience as necessary to maintain the firm’s safety and soundness through a range of conditions—there is a strong presumption that the firm will be subject to an informal or formal enforcement action by the Federal Reserve. A ‘‘Deficient-1’’ component rating could be a barrier for a firm seeking the Federal Reserve’s approval of a proposal to engage in new or expansionary activities, unless the PO 00000 Frm 00014 Fmt 4702 Sfmt 4702 firm can demonstrate that (i) it is making meaningful, sustained progress in resolving identified deficiencies and issues; (ii) the proposed new or expansionary activities would not present a risk of exacerbating current deficiencies or issues or lead to new concerns; and (iii) the proposed activities would not distract the board or senior management from remediating current deficiencies or issues. Deficient-2 Deficiencies in a firm’s governance or controls present a material threat to its safety and soundness, or have already put the firm in an unsafe and unsound condition. Its practices and capabilities fall well short of supervisory expectations, and are insufficient to align strategic business objectives with the firm’s risk tolerance and risk management capabilities; maintain strong and independent risk management and control functions, including internal audit; promote compliance with laws and regulations; and/or otherwise provide for the firm’s ongoing resiliency. To address these material deficiencies, a firm is required to (i) implement comprehensive corrective measures sufficient to restore and maintain appropriate governance and control capabilities; and (ii) demonstrate the sufficiency, credibility and readiness of contingency planning and options in the event of further escalation of financial or operational deficiencies. To support supervisory efforts and ensure the immediate attention of the firm’s board and senior management in addressing threats to safety and soundness, there is a strong presumption that the firm will be subject to a formal enforcement action. The Federal Reserve would be extremely unlikely to approve any proposal from a firm with a ‘‘Deficient-2’’ rating to engage in new or expansionary activities. By order of the Board of Governors of the Federal Reserve System, August 3, 2017. Margaret McCloskey Shanks, Deputy Secretary of the Board. [FR Doc. 2017–16736 Filed 8–16–17; 8:45 am] BILLING CODE 6210–01–P DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 39 [Docket No. FAA–2017–0770; Product Identifier 2017–NM–030–AD] RIN 2120–AA64 Airworthiness Directives; The Boeing Company Airplanes Federal Aviation Administration (FAA), DOT. ACTION: Notice of proposed rulemaking (NPRM). AGENCY: We propose to supersede Airworthiness Directive (AD) 2014–03– SUMMARY: E:\FR\FM\17AUP1.SGM 17AUP1

Agencies

[Federal Register Volume 82, Number 158 (Thursday, August 17, 2017)]
[Proposed Rules]
[Pages 39049-39062]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-16736]


========================================================================
Proposed Rules
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains notices to the public of 
the proposed issuance of rules and regulations. The purpose of these 
notices is to give interested persons an opportunity to participate in 
the rule making prior to the adoption of the final rules.

========================================================================


Federal Register / Vol. 82, No. 158 / Thursday, August 17, 2017 / 
Proposed Rules

[[Page 39049]]



FEDERAL RESERVE SYSTEM

12 CFR Parts 211 and 238

[Docket No. R-1569]
RIN 7100-AE82


Large Financial Institution Rating System; Regulations K and LL

AGENCY: Board of Governors of the Federal Reserve System (Board).

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Board is seeking comment on a proposed new rating system 
for its supervision of large financial institutions. The proposed 
``Large Financial Institution Rating System'' is closely aligned with 
the Federal Reserve's new supervisory program for large financial 
institutions. The proposed rating system would apply to all bank 
holding companies with total consolidated assets of $50 billion or 
more; all non-insurance, non-commercial savings and loan holding 
companies with total consolidated assets of $50 billion or more; and 
U.S. intermediate holding companies of foreign banking organizations 
established pursuant to the Federal Reserve's Regulation YY. The 
proposed rating system includes a new rating scale under which 
component ratings would be assigned for capital planning and positions, 
liquidity risk management and positions, and governance and controls; 
however, a standalone composite rating would not be assigned. The 
Federal Reserve proposes to assign initial ratings under the new rating 
system during 2018. The Federal Reserve is also seeking comment on 
proposed revisions to existing provisions in Regulations K and LL so 
they would remain consistent with certain features of the proposed 
rating system.

DATES: Comments must be received no later than October 16, 2017.

ADDRESSES: Interested parties are invited to submit written comments by 
following the instructions for submitting comments at http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm.
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Email: regs.comments@federalreserve.gov. Include the 
docket number in the subject line of the message.
     Fax: (202) 452-3819 or (202) 452-3102.
     Mail: Address to Ann E. Misback, Secretary, Board of 
Governors of the Federal Reserve System, 20th Street and Constitution 
Avenue NW., Washington, DC 20551.
    All public comments will be made available on the Board's Web site 
at http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as 
submitted, unless modified for technical reasons. Accordingly, comments 
will not be edited to remove any identifying or contact information. 
Public comments may also be viewed electronically or in paper in Room 
3515, 1801 K Street NW. (between 18th and 19th Street NW.), Washington, 
DC 20006 between 9:00 a.m. and 5:00 p.m. on weekdays.

FOR FURTHER INFORMATION CONTACT: Richard Naylor, Associate Director, 
(202) 728-5854, Vaishali Sack, Manager, (202) 452-5221, April Snyder, 
Manager, (202) 452-3099, Bill Charwat, Senior Project Manager, (202) 
452-3006, Division of Supervision and Regulation, Scott Tkacz, Senior 
Counsel, (202) 452-2744, or Christopher Callanan, Senior Attorney, 
(202) 452-3594, Legal Division, Board of Governors of the Federal 
Reserve System, 20th and C Streets NW., Washington, DC 20551. 
Telecommunications Device for the Deaf (TDD) users may contact (202-
263-4869).

SUPPLEMENTARY INFORMATION: 

Table of Contents

I. Background
II. Overview of the Proposed LFI Rating System
    A. LFI Rating Components
    B. LFI Rating Scale
III. Transition from the RFI Rating System to the LFI Rating System
IV. Consequences of LFI Ratings
V. Applicability
VI. Timing and Implementation
VII. Related Proposed Guidance
    A. Management of Core Business Lines and Independent Risk 
Management and Controls
    1. Senior Management
    2. Management of Core Business Lines
    3. Independent Risk Management and Controls
    B. Board Effectiveness
VIII. Other Related Developments
IX. Proposed Changes to Existing Regulations
X. Comparison of the RFI and LFI Rating Systems
XI. Request for Comments
XII. Regulatory Analysis
    A. Paperwork Reduction Act
    B. Regulatory Flexibility Analysis
    C. Solicitation of Comments on Use of Plain Language
Appendix A. Text of Proposed Large Financial Institution Rating 
System

I. Background

    The 2007-2009 financial crisis demonstrated the risks that large 
financial institutions (LFIs) pose to U.S. financial stability. As a 
group, these institutions were overleveraged, had insufficient capital 
to support their risks, and relied heavily on short-term wholesale 
funding that was susceptible to runs. This excessive risk-taking, 
combined with similar behavior outside the regulated financial sector, 
left the U.S. economy vulnerable. The ensuing financial crisis led to a 
deep recession and the loss of nearly nine million jobs.
    In response, since the financial crisis, the Federal Reserve has 
placed materially heightened supervisory expectations on LFIs. The 
Federal Reserve has developed a supervisory program specifically 
designed to address the risks posed by such firms to U.S. financial 
stability. The Federal Reserve established the Large Institution 
Supervision Coordinating Committee (LISCC) in 2010 to coordinate its 
supervisory oversight for the systemically important firms that pose 
the greatest risk to U.S. financial stability.\1\ The LISCC supervisory 
program conducts annual horizontal reviews of LISCC firms and firm-
specific examination work focused on evaluating a firm's (i) capital 
adequacy under normal and stressed conditions; (ii) liquidity positions 
and risk management practices; (iii) recovery and resolution 
preparedness; and (iv) governance and controls. For LFIs that are not 
LISCC firms, the Federal Reserve performs horizontal reviews and firm-
specific supervisory work focused on capital,

[[Page 39050]]

liquidity, and governance and control practices, which are tailored to 
reflect the risk characteristics of these institutions.\2\
---------------------------------------------------------------------------

    \1\ See the list of firms included in the LISCC supervisory 
program at https://www.federalreserve.gov/bankinforeg/large-institution-supervision.htm.
    \2\ Several LFIs which are not LISCC firms are subject to the 
Federal Reserve's Comprehensive Capital Analysis and Review (CCAR).
---------------------------------------------------------------------------

    In 2012, the Federal Reserve implemented a new consolidated 
supervisory program for LFIs (referred to as the ``LFI supervision 
framework'') described in SR letter 12-17.\3\ The LFI supervision 
framework is intended to (i) enhance each LFI's financial and 
operational strength and resilience to reduce the likelihood of an 
LFI's failure or material financial or operational distress, and (ii) 
reduce the risk to U.S. financial stability overall if an LFI were to 
fail.\4\
---------------------------------------------------------------------------

    \3\ See SR letter 12-17/CA letter 12-14, ``Consolidated 
Supervision Framework for Large Financial Institutions,'' (referred 
to as ``SR letter 12-17'' in this notice) at http://www.federalreserve.gov/bankinforeg/srletters/sr1217.htm.
    \4\ ``Financial strength and resilience'' is defined as 
maintaining effective capital and liquidity governance and planning 
processes, and sufficiency of related positions, to provide for 
continuity of the consolidated organization and its core business 
lines, critical operations, and banking offices through a range of 
conditions.
    ``Operational strength and resilience'' is defined as 
maintaining effective governance and controls to provide for 
continuity of the consolidated organization and its core business 
lines, critical operations, and banking offices, and promote 
compliance with laws and regulations, including those related to 
consumer protection, through a range of conditions.
    ``Critical operations'' are a firm's operations, including 
associated services, functions and support, the failure or 
discontinuance of which, in the view of the firm or the Federal 
Reserve would pose a threat to the financial stability of the United 
States.
    Under SR letter 12-17, ``banking offices'' are defined as U.S. 
depository institution subsidiaries and the U.S. branches and 
agencies of foreign banking organizations (FBOs). The Federal 
Reserve expects to use the LFI rating system to inform future 
revisions to other supervisory rating systems used to assess the 
U.S. operations of FBOs.
---------------------------------------------------------------------------

    The LFI supervision framework includes heightened expectations 
regarding capital and liquidity, including both the amount of capital 
and liquidity and the related planning and risk management practices. 
The LFI supervision framework also outlined expectations for a firm's 
maintenance of operational strength and resilience and its compliance 
with laws and regulations, as provided by effective governance and 
control practices.
    The Federal Reserve has not modified its supervisory rating system 
for bank holding companies since the 2007-2009 financial crisis. Since 
2004, the Federal Reserve has used the ``RFI/C(D)'' rating system 
(referred to as the ``RFI rating system'') to communicate its 
supervisory assessment of every bank holding company (BHC) regardless 
of its asset size, complexity, or systemic importance.\5\ The RFI 
rating system focuses on the risk management practices (R component) 
and financial condition (F component) of the consolidated organization, 
and assesses the potential impact (I component) of a BHC's 
nondepository entities on its subsidiary depository institution(s).
---------------------------------------------------------------------------

    \5\ See SR letter 04-18, ``Bank Holding Company Rating System,'' 
69 FR 70444 (December 6, 2004), at https://www.federalreserve.gov/boarddocs/srletters/2004/sr0418.htm.
    The Federal Reserve has only applied the RFI rating system to 
saving and loan holding companies (SLHCs) on an indicative basis 
since assuming supervisory responsibility for those firms from the 
Office of Thrift Supervision in 2011. The Federal Reserve has 
proposed to apply the RFI rating system to SLHCs on a fully 
implemented basis, excluding SLHCs engaged in significant insurance 
or commercial activities. See 81 FR 89941 (December 13, 2016).
---------------------------------------------------------------------------

    Given the systemic risks posed by LFIs and the corresponding 
changes to the Federal Reserve's supervisory expectations and oversight 
of those firms, the Federal Reserve believes that a new rating system 
would be more effective than the RFI rating system for evaluating LFIs. 
The RFI rating system remains a relevant and effective tool for 
developing and communicating supervisory assessments for community and 
regional holding companies. Therefore, the RFI rating system will 
continue to be used in the supervision of these organizations.

II. Overview of the Proposed LFI Rating System

    The proposed LFI rating system provides a supervisory evaluation of 
whether a firm possesses sufficient financial and operational strength 
and resilience to maintain safe and sound operations through a range of 
conditions. The proposed LFI rating system is designed to:
     Fully align with the Federal Reserve's current supervisory 
programs and practices, which are based upon the LFI supervision 
framework's core objectives of reducing the probability of LFIs failing 
or experiencing material distress and reducing the risk to U.S. 
financial stability;
     Enhance the clarity and consistency of supervisory 
assessments and communications of supervisory findings and 
implications; and
     Provide appropriate incentives for LFIs to maintain 
financial and operational strength and resilience, including compliance 
with laws and regulations, by more clearly defining the supervisory 
consequences of a given rating.

A. LFI Rating Components

    Under the proposed LFI rating system, the Federal Reserve would 
evaluate and assign ratings for the following three components: \6\
---------------------------------------------------------------------------

    \6\ The proposed LFI rating system does not include subcomponent 
ratings.
---------------------------------------------------------------------------

     Capital Planning and Positions
     Liquidity Risk Management and Positions
     Governance and Controls
    The Capital Planning and Positions component rating would encompass 
assessments of (i) the effectiveness of the governance and planning 
processes used by a firm to determine the amount of capital necessary 
to cover risks and exposures, and to support activities through a range 
of conditions; and (ii) the sufficiency of a firm's capital positions 
to comply with applicable regulatory requirements and to support the 
firm's ability to continue to serve as a financial intermediary through 
a range of conditions. Findings from CCAR for LISCC firms and certain 
other large and complex LFIs,\7\ and from similar supervisory 
activities for other LFIs,\8\ represent a material portion of the work 
that would be conducted to determine the Capital Planning and Positions 
component rating.
---------------------------------------------------------------------------

    \7\ See SR letter 15-18, ``Federal Reserve Supervisory 
Assessment of Capital Planning and Positions for LISCC Firms and 
Large and Complex Firms,'' at https://www.federalreserve.gov/supervisionreg/srletters/sr1518.htm.
    Under SR letter 15-18, a ``large and complex firm'' is defined 
as any domestic BHC or intermediate holding company (IHC) that is 
not a LISCC firm and that has total consolidated assets of $250 
billion or more or consolidated total on-balance sheet foreign 
exposure of $10 billion or more.
    \8\ See SR letter 15-19, ``Federal Reserve Supervisory 
Assessment of Capital Planning and Positions for Large and 
Noncomplex Firms,'' at https://www.federalreserve.gov/supervisionreg/srletters/sr1519.htm.
---------------------------------------------------------------------------

    The Liquidity Risk Management and Positions component rating would 
encompass assessments of (i) the effectiveness of a firm's governance 
and risk management processes used to determine the amount of liquidity 
necessary to cover risks and exposures, and to support activities 
through a range of conditions; and (ii) the sufficiency of a firm's 
liquidity positions to comply with applicable regulatory requirements 
and to support the firm's ongoing obligations through a range of 
conditions.\9\ The Liquidity Risk Management and Positions component 
rating would be based on findings of coordinated examinations of 
liquidity positions and risk management

[[Page 39051]]

practices conducted across several firms (horizontal examinations), as 
well as ongoing assessments of an individual firm's liquidity positions 
and risk management practices conducted through the supervisory 
process.
---------------------------------------------------------------------------

    \9\ These requirements include the Board's Liquidity Coverage 
Ratio (LCR) rule in Regulation WW and the liquidity risk management 
and stress testing requirements in Regulation YY. See 12 CFR part 
249 and 12 CFR 252.34-35 and 252.156-157.
---------------------------------------------------------------------------

    Horizontal examinations help to ensure that the liquidity positions 
and risk management practices of firms with similar liquidity risk 
profiles are evaluated in a consistent manner. LISCC firms are subject 
to the Comprehensive Liquidity Analysis and Review (CLAR), which is an 
annual horizontal exercise that assesses both liquidity positions and 
risk management. Other LFI firms are subject to more narrow horizontal 
examinations depending on their risk profile. The Federal Reserve also 
conducts targeted examinations of specific areas that are of high risk 
to an individual firm or have not been covered by a recent horizontal 
examination.
    The Federal Reserve evaluates each firm's risk management practices 
by reviewing the processes that firms use to identify, measure, 
monitor, and manage liquidity risk and make funding decisions. The 
Federal Reserve evaluates a firm's liquidity positions against 
applicable regulatory requirements, and assesses the firm's ability to 
support its obligations through other means, such as its funding 
concentrations.
    The Governance and Controls component rating would evaluate the 
effectiveness of a firm's (i) board of directors, (ii) management of 
core business lines and independent risk management and controls, and 
(iii) recovery planning (for domestic LISCC firms only).\10\ This 
rating would assess a firm's effectiveness in aligning strategic 
business objectives with the firm's risk tolerance \11\ and risk 
management capabilities; maintaining strong, effective, and independent 
risk management and control functions, including internal audit; 
promoting compliance with laws and regulations, including those related 
to consumer protection; and otherwise providing for the ongoing 
resiliency of the firm. Firm-specific and horizontal examination work 
focused on a firm's corporate governance, independent risk management, 
controls, and lines of business, among other areas, would provide the 
basis for determining the Governance and Controls component rating.
---------------------------------------------------------------------------

    \10\ ``Board'' or ``board of directors'' also refers to 
committees of the board of directors, as appropriate.
    At this time, recovery planning expectations only apply to 
domestic BHCs subject to the Federal Reserve's LISCC supervisory 
framework. See SR letter 14-8, ``Consolidated Recovery Planning for 
Certain Large Domestic Bank Holding Companies.'' Should the Federal 
Reserve expand the scope of recovery planning expectations to 
encompass additional firms, this rating will reflect such 
expectations for the broader set of firms.
    There are eight domestic firms in the LISCC portfolio: (1) Bank 
of America Corporation; (2) Bank of New York Mellon Corporation; (3) 
Citigroup, Inc.; (4) Goldman Sachs Group, Inc.; (5) JP Morgan Chase 
& Co.; (6) Morgan Stanley; (7) State Street Corporation; and (8) 
Wells Fargo & Company. In this guidance, these eight firms may 
collectively be referred to as ``domestic LISCC firms.''
    \11\ ``Risk tolerance'' is defined as the aggregate level and 
types of risk the board and senior management are willing to assume 
to achieve the firm's strategic business objectives, consistent with 
applicable capital, liquidity, and other requirements and 
constraints.
---------------------------------------------------------------------------

    Unlike other supervisory rating systems, including the RFI rating 
system, the Federal Reserve would not assign a standalone composite 
rating under the proposed LFI rating system. The Federal Reserve 
believes assigning a standalone composite rating is not necessary 
because the three proposed LFI component ratings are designed to 
clearly communicate supervisory assessments and associated consequences 
for each of the core areas (capital, liquidity, and governance and 
controls) considered critical to a firm's strength and resilience. It 
is unlikely that the assignment of a standalone composite rating would 
convey new or additional information regarding supervisory assessments, 
and a standalone composite rating could dilute the clarity and impact 
of the component ratings.

B. LFI Rating Scale

    Each LFI component rating would be assigned using a multi-level 
scale (Satisfactory/Satisfactory Watch, Deficient-1, and Deficient-2). 
A ``Satisfactory'' rating indicates that the firm is considered safe 
and sound and broadly meets supervisory expectations.\12\ A 
``Satisfactory Watch'' rating is a conditional ``Satisfactory'' rating, 
and is discussed in greater detail below. A ``Deficient-1'' rating 
indicates that although the firm's current condition is not considered 
to be materially threatened, there are financial and/or operational 
deficiencies that put its prospects for remaining safe and sound 
through a range of conditions at significant risk. A ``Deficient-2'' 
rating indicates that financial and/or operational deficiencies 
materially threaten the firm's safety and soundness, or have already 
put the firm in an unsafe and unsound condition.
---------------------------------------------------------------------------

    \12\ References to ``safe and sound'' or ``safety and 
soundness'' in the proposed LFI rating system also refer to a firm's 
consolidated organization and its critical operations and banking 
offices.
---------------------------------------------------------------------------

    Supervisors may assign a ``Satisfactory Watch'' component rating 
which indicates that the firm is generally considered safe and sound; 
however certain issues are sufficiently material that, if not resolved 
in a timely manner in the normal course of business, would put the 
firm's prospects for remaining safe and sound through a range of 
conditions at risk. This would be consistent with existing supervisory 
practice where supervisors generally indicate to a firm that a rating 
downgrade is a strong possibility if the firm fails to resolve 
identified weaknesses in a timely manner. The ``Satisfactory Watch'' 
rating may also be used for firms previously rated ``Deficient'' when 
circumstances warrant.
    In considering whether supervisory issues are likely to be resolved 
in the normal course of business, the Federal Reserve will assess the 
firm's ability to remediate or mitigate these issues (through 
compensating controls and/or a reduced risk profile) in a timely manner 
without material changes to, or investments in, a firm's governance, 
risk management or internal control structures, practices, or 
capabilities.
    A ``Satisfactory Watch'' rating is not intended to be used for a 
prolonged period. Firms that receive a ``Satisfactory Watch'' rating 
would have a specified timeframe to fully resolve issues leading to 
that rating (as is the case with all supervisory issues), generally no 
longer than 18 months.\13\ If the firm successfully resolved the issues 
leading to the ``Satisfactory Watch'' rating, the firm would typically 
be upgraded to ``Satisfactory'' as it has demonstrated an ability to 
successfully remediate or mitigate these issues in a timely manner in 
the normal course of business. However, if the firm failed to timely 
remediate or mitigate those issues, that failure would generally be 
viewed as evidence that the firm lacked sufficient financial and/or 
operational capabilities to remain safe and sound

[[Page 39052]]

through a range of conditions. In these instances, the firm would 
typically be downgraded to a ``Deficient'' rating.
---------------------------------------------------------------------------

    \13\ The timeframe initially specified by the Federal Reserve 
for resolving issues will become more precise over time, and may be 
extended as circumstances warrant. As noted in current guidance, 
defined timeframes for resolving supervisory issues are communicated 
within either ``Matters Requiring Attention'' (MRAs) or ``Matters 
Requiring Immediate Attention'' (MRIAs). See SR letter 13-13/CA 
letter 13-10, ``Supervisory Considerations for the Communication of 
Supervisory Findings,'' at https://www.federalreserve.gov/supervisionreg/srletters/sr1313.htm (referred to as ``SR letter 13-
13'' in this notice). Proposed guidance which would replace SR 
letter 13-13 has been released for public comment concurrent with 
this proposal and is discussed below in Section VII, ``Related 
Proposed Guidance.'' An enforcement action will also specify the 
timeframe for a firm to resolve deficiencies.
---------------------------------------------------------------------------

    When a firm is rated ``Satisfactory Watch,'' supervisors would 
focus on determining whether a firm's issues are related to each other, 
similar in nature or root cause, or constitute a pattern reflecting 
deeper governance or risk management weaknesses, warranting a downgrade 
to a ``Deficient'' rating.

III. Transition From the RFI Rating System to the LFI Rating System

    As noted above, the LFI supervision framework--as described in SR 
12-17 and accompanied by the issuance of enhanced regulatory 
requirements, supervisory expectations and practices--has been 
established over recent years to enhance the ability of large 
systemically important firms to sustain operations through a range of 
stressful conditions and events. Introduction of a new rating system 
that is comprehensively aligned with the LFI supervision framework 
represents the natural next step in the build-out of this program. As 
such, transition to the proposed LFI rating system is intended to be 
evolutionary and expected to be routine in most respects for affected 
firms.
    Approaches to assessing an LFI's financial strength and resilience 
via effective capital and liquidity governance and planning, and 
sufficiency of related positions, are more prominent in the proposed 
LFI rating system versus the RFI rating system, and are fully 
reflective of current supervisory practices and expectations. Key 
conclusions of LFI supervision activities, including CCAR and CLAR, 
will be directly reflected within the Capital and Liquidity component 
rating assignments. By contrast, the RFI rating system was not designed 
to readily accommodate the results of these activities.
    Similarly, the key elements within the Governance and Controls 
component rating, which underlie a firm's operational resilience and 
overall risk management, are also consistent with current practices. 
Most of these elements can be traced to supervisory expectations for 
risk management and internal controls first introduced in 1995, and 
subsequently carried forth into the RFI rating system in 2004.\14\ 
These foundational aspects of a firm's governance and control 
framework, including expectations relating to the effectiveness of 
boards of directors and emphasis on sound risk management, remain 
present in the proposed LFI rating system, albeit with some changes in 
emphasis and nomenclature.
---------------------------------------------------------------------------

    \14\ See SR letter 95-51, ``Rating the Adequacy of Risk 
Management Processes and Internal Controls at State Member Banks and 
Bank Holding Companies,'' at https://www.federalreserve.gov/boarddocs/srletters/1995/sr9551.htm.
---------------------------------------------------------------------------

    The Governance and Controls component rating also provides an 
updated approach to assessing the effectiveness of risk management and 
control activities as conducted (i) directly within a firm's business 
line operations (where risk-taking activities are initiated and 
implemented), and (ii) throughout a firm's independent risk management 
and controls. More recently, key expectations regarding the alignment 
of a firm's strategy with its risk tolerance and risk management 
capabilities were included in SR letter 12-17, and are also reflected 
within capital planning guidance issued in 2015.\15\
---------------------------------------------------------------------------

    \15\ See SR letter 15-18 and SR letter 15-19.
---------------------------------------------------------------------------

    The chart included below in Section X, ``Comparison of the RFI and 
LFI Rating Systems,'' broadly compares and illustrates the structural 
differences between the two rating systems.

IV. Consequences of LFI Ratings

    Statutes and regulations applicable to LFIs grant a number of 
privileges to well managed firms.\16\ Under the RFI rating system, a 
firm's composite rating and Risk Management rating determine whether a 
holding company is considered to be ``well managed'' for purposes of 
these privileges.\17\ Under the proposed LFI rating system, a firm must 
be rated ``Satisfactory'' or ``Satisfactory Watch'' for each of its 
three component ratings in order to be considered ``well managed.'' 
\18\ A rating of ``Deficient-1'' or lower for any component would 
result in the firm not being deemed ``well managed.'' This reflects the 
judgment that an LFI is not in satisfactory condition overall unless it 
is considered sound in each of the key areas of capital, liquidity, and 
governance and controls.
---------------------------------------------------------------------------

    \16\ 12 U.S.C. 1841 et. seq. and 12 U.S.C. 1461 et seq. See, 
e.g., 12 CFR 225.4(b)(6), 225.14, 225.22(a), 225.23, 225.85, and 
225.86; 12 CFR 211.9(b), 211.10(a)(14), and 211.34; and 12 CFR 
223.41.
    \17\ 12 U.S.C. 1841(o)(9)(A).
    \18\ For purposes of determining whether a firm is considered to 
be ``well managed'' under section 2(o)(9) of the BHC Act, the 
Federal Reserve considers the three component ratings, taken 
together, to be equivalent to assigning a standalone composite 
rating. In addition, the RFI rating system designates the ``Risk 
Management'' rating as the ``management'' rating when making ``well 
managed'' determinations under section 2(o)(9)(A)(ii) of the BHC 
Act. See SR letter 04-8. In contrast, the proposed LFI rating system 
would not designate any of the three component ratings as a 
``management'' rating, because each component evaluates different 
areas of the firm's management.
---------------------------------------------------------------------------

    A ``Deficient-1'' component rating could be a barrier for a firm 
seeking the Federal Reserve's approval to engage in new or expansionary 
activities, unless the firm can demonstrate that (i) it is making 
meaningful, sustained progress in resolving identified deficiencies and 
issues; (ii) the proposed new or expansionary activities would not 
present a risk of exacerbating current deficiencies or issues or lead 
to new concerns; and (iii) the proposed activities would not distract 
the board or senior management from remediating current deficiencies or 
issues.
    The Federal Reserve would be extremely unlikely to approve any 
proposal seeking to engage in new or expansionary activities from a 
firm with a ``Deficient-2'' component rating.
    Under the Bank Holding Company Act (BHC Act) and the Home Owners' 
Loan Act,\19\ companies that have elected to be treated as financial 
holding companies (FHCs) and that do not remain well managed face 
restrictions on commencement or expansion of certain activities. In 
addition, a firm with less than satisfactory ratings may be subject to 
restrictions or higher charges in attempting to access the Federal 
Reserve's discount window or in gaining access to intraday credit.
---------------------------------------------------------------------------

    \19\ 12 U.S.C. 1843(l) and 12 U.S.C. 1467a(c)(2).
---------------------------------------------------------------------------

    A ``Deficient-1'' component rating would often be an indication 
that the firm should be subject to either an informal or formal 
enforcement action, and may also result in the designation of the firm 
as being in ``troubled condition.'' \20\ A firm with a ``Deficient-2'' 
component rating should expect to be subject to a formal enforcement 
action and deemed to be in ``troubled condition.''
---------------------------------------------------------------------------

    \20\ See 12 CFR 225.71(d).
---------------------------------------------------------------------------

V. Applicability

    The Federal Reserve would use the proposed LFI rating system to 
evaluate and communicate the supervisory condition of all bank holding 
companies that have total consolidated assets of $50 billion or more; 
all non-insurance, non-commercial savings and loan holding companies 
that have total consolidated assets of $50 billion or more; and all 
U.S. intermediate holding companies (IHCs) of foreign banking 
organizations established pursuant to section 252.153 of the Federal 
Reserve's Regulation YY.\21\ In the future, the

[[Page 39053]]

Federal Reserve plans to use the LFI rating system to assess 
systemically important nonbank financial companies designated by the 
Financial Stability Oversight Council (FSOC) for supervision by the 
Federal Reserve; however, this would be done through a separate 
rulemaking.
---------------------------------------------------------------------------

    \21\ See SR letter 12-17 and 12 CFR 252.153.
    The Federal Reserve has only applied the RFI rating system to 
saving and loan holding companies (SLHCs) on an indicative basis 
since assuming supervisory responsibility for those firms from the 
Office of Thrift Supervision in 2011. The Federal Reserve has 
proposed to apply the RFI rating system to SLHCs on a fully 
implemented basis, excluding SLHCs engaged in significant insurance 
or commercial activities. See 81 FR 89941 (December 13, 2016).
---------------------------------------------------------------------------

    Until final adoption of a LFI rating system, the Federal Reserve 
will continue to evaluate firms using the existing RFI rating system. 
Holding companies with less than $50 billion in total consolidated 
assets would continue to be evaluated using the RFI rating system.

VI. Timing and Implementation

    The Federal Reserve proposes to assign initial LFI ratings to all 
applicable firms during 2018. Due to differences in the timing of 
supervisory cycles across the portfolios that comprise the LFI 
supervisory program, firms in one portfolio may receive their initial 
LFI ratings at different times during the year than firms in another 
portfolio.
    During the initial LFI rating supervisory cycle, each applicable 
firm would receive all three component ratings under the LFI rating 
system concurrently. Consistent with current Federal Reserve practice 
on the assignment and communication of supervisory ratings by 
examiners, ratings under the proposed LFI rating system would be 
assigned and communicated to firms on at an annual basis, and more 
frequently as warranted. After the initial LFI rating supervisory 
cycle, examiners may assign and communicate individual component 
ratings on a rolling basis to the firms. Under the proposed LFI rating 
system, the Federal Reserve would continue to generally rely to the 
fullest extent possible on the information and assessments developed by 
other relevant supervisors and functional regulators. In accordance 
with the Federal Reserve's regulations governing confidential 
supervisory information,\22\ ratings assigned under the LFI rating 
system would be communicated by the Federal Reserve to the firm but not 
disclosed publicly.
---------------------------------------------------------------------------

    \22\ See 12 CFR 261.20.
---------------------------------------------------------------------------

    The proposed LFI rating system would apply if a firm reports total 
consolidated assets of $50 billion or more, calculated based on the 
average of the firm's total consolidated assets in the four (4) most 
recent quarters as reported on the firm's quarterly financial reports 
filed with the Federal Reserve. A firm that meets this criteria would 
generally receive the three LFI component ratings within one year of 
becoming subject to the LFI rating system. A firm would continue to be 
rated under the LFI rating system until it has less than $45 billion in 
total consolidated assets, based on the average total consolidated 
assets as reported on the firm's four (4) most recent quarterly 
financial reports filed with the Federal Reserve. The Federal Reserve 
may determine to apply the RFI rating system or another applicable 
rating system in certain limited circumstances.\23\
---------------------------------------------------------------------------

    \23\ For example, if a firm rated under the proposed LFI rating 
system substantially reduces its total consolidated assets 
substantially below $45 billion through a sale or divestiture (but 
remains subject to Federal Reserve supervision), the Federal Reserve 
may immediately begin to apply the RFI rating system, rather than 
waiting for the firm's four-quarter average to fall below the $45 
billion threshold described above.
---------------------------------------------------------------------------

VII. Related Proposed Guidance

    Concurrent with issuing this proposal, the Board is issuing another 
proposal for public comment addressing supervisory expectations for 
boards of directors of all Federal Reserve-supervised institutions.\24\ 
That proposal includes proposed guidance concerning the effectiveness 
of boards of directors of large financial institutions, which is an 
element of the Governance and Controls component rating. The Board also 
plans to separately release additional proposed guidance seeking 
comment on supervisory expectations relating to a firm's management of 
core business lines and independent risk management and controls, which 
is also an element of the Governance and Controls component rating. The 
Federal Reserve expects to release this additional guidance in the near 
future. However, if the LFI rating system is finalized before the 
additional governance and controls guidance is finalized, firms would 
be evaluated using existing supervisory guidance until such time that 
the additional governance and controls guidance is finalized.\25\
---------------------------------------------------------------------------

    \24\ ``Federal Reserve-supervised institutions'' includes bank 
holding companies, savings and loan holding companies, state member 
banks, U.S. operations of foreign banking organizations, and 
systemically important financial institutions designated by FSOC for 
supervision by the Federal Reserve.
    \25\ The above section III, ``Transition from the RFI Rating 
System to the LFI Rating System,'' lists prominent examples of 
existing supervisory guidance currently utilized to assess the 
effectiveness of an LFI's governance and controls, including SR 
letters 95-51, 12-17, 15-18, and 15-19. Other recent examples of 
related guidance include SR letter 13-19/CA letter 13-21, ``Guidance 
on Managing Outsourcing Risk,'' at https://www.federalreserve.gov/supervisionreg/srletters/sr1319.htm and SR letter 13-1/CA letter 13-
1, ``Supplemental Policy Statement on the Internal Audit Function 
and Its Outsourcing,'' at https://www.federalreserve.gov/supervisionreg/srletters/sr1301.htm.
---------------------------------------------------------------------------

    The following section provides a summary of the planned guidance 
relating to a firm's management of core business lines and independent 
risk management and controls, as well as a summary of the proposed 
guidance relating to the effectiveness of a firm's board of 
directors.\26\
---------------------------------------------------------------------------

    \26\ The discussion below relating to a firm's management of 
core business lines and independent risk management and controls 
would only be applicable to domestic LFIs. Adjustments to extend 
applicability of this guidance to the U.S. operations of FBOs may be 
made prior to issuing the guidance for public comment.
---------------------------------------------------------------------------

A. Management of Core Business Lines and Independent Risk Management 
and Controls

    The supervisory assessment of a firm's management of core business 
lines and independent risk management and controls would have three 
components: (1) Expectations for senior management with respect to both 
core business lines and independent risk management and controls; (2) 
expectations for the management of core business lines (CBLs); and (3) 
expectations for independent risk management (IRM) and controls.
1. Senior Management
    Senior management oversees both the management of core business 
lines and independent risk management and controls. The supervisory 
assessment of the effectiveness of senior management would include 
senior management's role in managing the firm's day-to-day operations, 
promoting safety and soundness and compliance with internal policies 
and procedures, laws, and regulations, including those related to 
consumer protection.\27\
---------------------------------------------------------------------------

    \27\ Hereinafter, when reference is made to ``compliance with 
laws and regulations'' in this guidance, this includes laws and 
regulations related to banking as well as to consumer protection.
---------------------------------------------------------------------------

    Senior management is responsible for implementing the firm's 
strategy and risk tolerance as approved by the firm's board. Senior 
management should implement the strategic and risk objectives across 
the firm such that they support the firm's long-term resiliency and 
safety and soundness, including the firm's resilience to a range of 
stressed conditions. Senior management should ensure that the firm's 
infrastructure, staffing, and resources are sufficient to carry out the 
firm's strategic objectives.
    Senior management should maintain and implement an effective risk 
management framework and ensure the firm can appropriately manage risk 
consistent with its strategy and risk

[[Page 39054]]

tolerance. This should include establishing clear responsibilities and 
accountability for the identification, management, and control of risk. 
Senior management should also develop and maintain the firm's policies 
and procedures and system of internal controls to ensure compliance 
with laws and regulations.
    Senior management is responsible for ensuring the resolution of key 
issues and effective firm-wide communication, including to and from the 
board of directors. Senior management should have in place robust 
mechanisms for keeping apprised of, among other things, current and 
emerging risks to the firm and other material issues, including by 
maintaining robust management information systems.
    Senior management should have in place succession and contingency 
staffing plans for key positions and have compensation and performance 
management programs that promote and enforce prudent risk-taking 
behaviors and business practices.
2. Management of Core Business Lines
    The Federal Reserve would consider the effectiveness of the 
management of core business lines in meeting its supervisory 
expectations.\28\ For LISCC firms, all business lines would be 
considered CBLs. For other firms, CBLs would be defined as those 
business lines where a significant control disruption, failure, or loss 
event would result in a material loss of revenue, profit, or franchise 
value, or result in significant consumer harm.\29\ The Federal Reserve 
is reserving discretion to identify other business lines or functions 
as core business lines, based on their size, risk profile, or other 
supervisory considerations.
---------------------------------------------------------------------------

    \28\ All of the expectations for the management of CBLs 
described herein also apply to critical operations, which are 
central to the Federal Reserve's supervisory focus.
    \29\ For large financial institutions that are not LISCC firms, 
a firm's CBLs should comprise at least 80 percent of total revenue 
in aggregate.
---------------------------------------------------------------------------

    CBL management should establish for each core business line 
specific business and risk objectives that align with the firm-wide 
strategy and risk tolerance.\30\ CBL management should inform senior 
management when the risk management capabilities are insufficient to 
align those business and risk objectives. CBL management should also 
clearly present to senior management the risks emanating from the 
business line's activities and explain how those risks are managed and 
align with the firm's risk tolerance.
---------------------------------------------------------------------------

    \30\ ``CBL management'' refers to the core group of individuals 
responsible for prudent day-to-day management of a core business 
line and accountable to senior management for that responsibility. 
Depending on a firm's organizational structure, CBL management may 
or may not be members of senior management.
---------------------------------------------------------------------------

    CBL management should identify, measure, and manage current and 
emerging risks that stem from CBL activities and external factors. CBL 
management should also incorporate appropriate feedback from 
independent risk management (IRM) on business line risk positions, 
implementation of the risk tolerance, and risk management practices, 
including risk mitigation.
    CBL management should manage the CBL's activities so they remain 
within risk limits established by IRM, consult with senior management 
before permitting any breaches of the limits, and follow appropriate 
procedures for obtaining exceptions to limits. CBL management should 
also adhere to the firm's policies and procedures for vetting new 
business products and initiatives, and escalate to senior management 
any required changes or modifications to risk management systems or 
internal control policies and procedures arising from the adoption of a 
new business or initiative.
    CBL management should provide a CBL with sufficient resources and 
infrastructure to meet financial goals and strategic objectives while 
maintaining operational and financial resilience in a range of 
operating conditions, including stressful ones. Resources and 
infrastructure include sufficient personnel with appropriate training 
and expertise and management information systems.
    CBL management should develop and maintain an effective system of 
sound and appropriate internal controls for its CBL that ensures 
compliance with laws and regulations.\31\ CBL management should 
regularly test to ensure the effectiveness of controls within the 
business lines and ensure that deficiencies are remediated, and should 
escalate material deficiencies and systematic control violations to 
senior management, as well as provide periodic reports. Finally, CBL 
management should reassess controls periodically to ensure relevancy 
and alignment with current approved policies.
---------------------------------------------------------------------------

    \31\ For example, a CBL's system of controls should include 
access controls, change controls, and data integrity controls, 
including data reconciliations, variance analysis and data quality 
logic check.
---------------------------------------------------------------------------

    CBL management should establish policies and guidelines that 
delineate accountability, set forth clear lines of management authority 
within the CBL, and align desired behavior with the firm's performance 
management incentives. CBL management should hold employees accountable 
for conduct that is inconsistent with the firm's policies or board and 
senior management directives or that could result in violations of law. 
CBL management should inform senior management of improper conduct when 
appropriate, including individual instances and when there are 
identified patterns of misconduct. CBL management should have ongoing 
and effective means to prevent, detect, and remediate risk management 
and compliance failures.
3. Independent Risk Management and Controls
    The Federal Reserve would assess whether the firm's independent 
risk management and controls meet supervisory expectations. This 
assessment would focus on three related areas: The independent risk 
management function, internal controls, and internal audit.
a. Independent Risk Management (IRM) Function
i. Chief Risk Officer (CRO)
    A CRO must have sufficient capability and experience in 
identifying, assessing, and managing risk exposures of large, complex 
financial institutions.\32\ The CRO should guide IRM to establish and 
monitor compliance with enterprise-wide risk limits, identify and 
aggregate the firm's risks, assess the firm's risk positions relative 
to the parameters of the firm's risk tolerance, and provide relevant 
risk information to senior management and the board of directors.
---------------------------------------------------------------------------

    \32\ See 12 CFR 252.33.
---------------------------------------------------------------------------

    The CRO should inform the board of directors if his or her stature, 
independence, or authority is not sufficient or is at risk of being 
insufficient to provide unbiased and independent assessments of the 
firm's risks, risk management activities, and system of internal 
controls.\33\ Further, the CRO should be included in discussions with 
other senior management and the board related to key decisions, such as 
strategic planning and capital and liquidity planning, and provide 
input to the board on incentive compensation.
---------------------------------------------------------------------------

    \33\ Other officers of the firm may oversee portions of 
functions involved in risk management and control activities. See SR 
letter 08-08/CA letter 08-11, ``Compliance Risk Management Programs 
and Oversight at Large Banking Organizations with Complex Compliance 
Profiles,'' at https://www.federalreserve.gov/boarddocs/srletters/2008/SR0808.htm.
---------------------------------------------------------------------------

    The CRO should notify senior management and the board of directors 
when activities or practices at the firm-

[[Page 39055]]

wide, risk-specific, or CBL level do not align with the firm's overall 
risk tolerance. As appropriate, the CRO should recommend constraints on 
risk taking and enhancements to risk management practices to senior 
management and the board of directors.
    The CRO should support the independence of IRM from the business 
lines by establishing clearly defined roles and responsibilities and 
reporting lines.
ii. Chief Audit Executive (CAE)
    The firm should have a CAE, appointed by the board, with sufficient 
capability, experience, independence, and stature to manage the 
internal audit function's responsibilities.\34\ Under the direction of 
the CAE, the internal audit function performs an independent assessment 
of the effectiveness of the firm's system of internal controls and the 
risk management framework. The CAE should manage effectively all 
aspects of internal audit work on an ongoing basis, including any 
internal audit work that is outsourced. The CAE should have the 
authority to oversee all internal audit activities and to hire internal 
audit staff with sufficient capability and stature. The CAE should 
report findings, issues, and concerns to the board's audit committee 
and senior management.
---------------------------------------------------------------------------

    \34\ See SR letter 13-1/CA letter 13-1.
---------------------------------------------------------------------------

iii. Risk Tolerance and Limits
    IRM should evaluate whether the firm's risk tolerance appropriately 
captures the firm's material risks, whether it aligns with the firm's 
strategic plan and the corresponding business activities, and whether 
it is consistent with the capacity of the risk management framework. 
IRM, including through the CRO, should provide input to both senior 
management and the board to assist in the development, evaluation, and 
approval of the firm's risk tolerance. IRM should also determine 
whether the firm's risk profile is consistent with the firm's risk 
tolerance and assess whether the firm's risk management framework has 
the capacity to manage the risks outlined in the risk tolerance.
    Under direction of the CRO, IRM should establish enterprise-wide 
risk limits as well as more granular risk limits, as appropriate, that 
are consistent with the firm's risk tolerance for the firm's full set 
of risks. IRM should monitor and update risk limits as appropriate, 
especially as the firm's risk tolerance, risk profile, or external 
conditions change. IRM should identify significant trends in risk 
levels to evaluate whether risk-taking and risk management practices 
are consistent with the firm's strategic objectives. IRM should 
escalate to senior management material breaches to the firm's risk 
tolerance and enterprise-wide risk limits, as well as instances where 
IRM's conclusions differ from those of CBLs.
    IRM should identify and measure under both normal and stressful 
operating conditions, where possible, current and emerging risks within 
and across business lines and risk types, as well as any other relevant 
perspective. Common risk types include credit, market, operational, 
liquidity, interest rate, legal, and compliance (such as consumer 
protection and Bank Secrecy Act/anti-money laundering).
    IRM should aggregate risks across the entire firm and assess those 
risks relative to the firm's risk tolerance. IRM should identify 
material or critical concentrations of risks and assess the likelihood 
and potential impact of those risks on the firm. IRM should identify 
information gaps, uncertainties, or limitations in risk assessments for 
the board of directors and senior management, as appropriate.
    Risk reporting should cover current and emerging risk, risk 
exposure and adherence to risk limits and risk concentrations as well 
as the firm's ongoing strategic, capital, and liquidity planning 
processes. Risk reporting should enable prompt escalation and 
remediation of material problems; enhance appropriate and timely 
responses to identified problems; provide current and forward-looking 
perspectives; and support or influence strategic decision-making.
b. Internal Controls
    Developing and maintaining effective internal controls are the 
responsibility of senior management, IRM, and CBL management. 
Accordingly, a firm should appropriately assign management 
responsibilities for the establishment and maintenance of internal 
controls. To foster an appropriate control culture within the firm, 
adequate control activities should be integrated into the daily 
functions of all relevant personnel.
    A firm should have mechanisms to monitor and test internal controls 
and to identify and escalate issues that appear to compromise the 
effectiveness of internal controls. The scope, frequency, and depth of 
testing should consider the complexity of the firm, the results of risk 
assessments, and the number and significance of the deficiencies 
identified during prior testing. A firm should test and monitor 
internal controls using a risk-based approach, prioritizing efforts on 
controls in areas of highest risk and less effective controls.
    A firm should evaluate and communicate internal control 
deficiencies in a timely manner to those parties responsible for taking 
corrective action, including senior management.
c. Internal Audit
    The internal audit function should examine, evaluate, and perform 
an independent assessment of the effectiveness of the firm's risk 
management framework and internal control systems and report findings 
to senior management and the firm's audit committee. The Federal 
Reserve would assess the extent to which a firm complies with existing 
guidance on internal audit.\35\
---------------------------------------------------------------------------

    \35\ The Federal Reserve issued guidance outlining the key 
components of an effective internal audit function in SR letter 03-
5, ``Amended Interagency Guidance on the Internal Audit Function and 
its Outsourcing,'' at https://www.federalreserve.gov/boarddocs/srletters/2003/sr0305.htm and followed that with supplemental 
guidance in SR letter 13-1/CA letter 13-1. The supplemental guidance 
builds upon the 2003 interagency guidance of SR letter 03-5 and 
further addresses the characteristics, governance, and operational 
effectiveness of a firm's internal audit function.
---------------------------------------------------------------------------

B. Board Effectiveness

    Concurrent with this proposal, the Board is issuing a related 
proposal for public comment addressing supervisory expectations for 
boards of directors of all Federal Reserve-supervised institutions. The 
Federal Reserve conducted a multi-year review of the practices of 
boards of directors, particularly at the largest financial 
institutions, which considered the factors that make boards effective, 
the challenges boards face, how boards influence the safety and 
soundness of their firms, and the impact of the Federal Reserve's 
expectations for boards of directors in existing supervisory guidance. 
The proposed guidance relating to boards of directors and its 
accompanying notice published in the Federal Register constitute the 
results of the review. The review identified three key issues that 
could potentially reduce a board's ability to be effective. First, 
supervisory expectations for boards of directors and senior management 
have become increasingly difficult to distinguish. Second, boards 
typically spend a significant amount of time focused on supervisory 
expectations that do not directly relate to the board's core 
responsibilities, which include guiding the development of the firm's 
strategy and risk tolerance, overseeing senior management and holding 
them accountable, supporting

[[Page 39056]]

the stature and independence of the firm's independent risk management 
and internal audit functions, and adopting effective governance 
practices. Third, boards of large financial institutions often face 
significant challenges managing the overwhelming quantity of 
information provided by senior management in advance of board meetings.
    The proposal would refocus existing supervisory expectations on a 
board's core responsibilities by more clearly distinguishing the roles 
and responsibilities of the board from those of senior management; 
eliminating redundant, outdated, or irrelevant supervisory expectations 
for boards; and ensuring that supervisory guidance is more closely 
aligned.
    The proposal contains three parts, the first of which includes 
proposed supervisory guidance addressing effective boards of directors 
(proposed BE guidance), which would apply to the largest depository 
institution holding companies supervised by the Federal Reserve. The 
proposed BE guidance identifies five key attributes of effective boards 
of directors and would provide the framework the Federal Reserve would 
use to assess a firm's board of directors. The proposed BE guidance 
also would clarify supervisory expectations for boards as distinct from 
expectations for senior management.
    The second part of the proposal would revise certain supervisory 
expectations for boards to ensure they are aligned with the Federal 
Reserve's supervisory framework, and would eliminate redundant, 
outdated, or irrelevant supervisory expectations. These changes reflect 
the Federal Reserve's review of approximately 170 existing supervisory 
expectations contained in 27 Supervision and Regulation letters (SR 
letters), and would apply to bank and savings and loan holding 
companies of all sizes.
    The third part of the proposal includes proposed supervisory 
guidance that would replace Federal Reserve SR letter 13-13 \36\ and 
clarify expectations for communicating supervisory findings to an 
institution's board of directors and senior management. This proposed 
guidance, like the existing guidance, would apply to all financial 
institutions supervised by the Federal Reserve. The proposed guidance 
would facilitate the execution of boards' core responsibilities by 
clarifying expectations for communicating supervisory findings to an 
institution's board of directors and senior management. The proposed 
guidance would indicate that Federal Reserve examiners and supervisory 
staff would direct most Matters Requiring Immediate Attention (MRIAs) 
and Matters Requiring Attention (MRAs) to senior management for 
corrective action. MRIAs and MRAs would only be directed to the board 
for corrective action when the board needs to address its corporate 
governance responsibilities or when senior management fails to take 
appropriate remedial action. The board would remain responsible for 
holding senior management accountable for remediating supervisory 
findings.
---------------------------------------------------------------------------

    \36\ See SR letter 13-13.
---------------------------------------------------------------------------

VIII. Other Related Developments

    Upon finalizing the LFI rating system, the Federal Reserve expects 
to issue supervisory guidance to update and align the consolidated 
supervisory framework, including SR letter 12-17, to be fully 
consistent with any modifications made through the final adoption of 
the LFI rating system as well as supervisory guidance relating to 
governance and controls.
    In the future, the Federal Reserve may propose to revise the LFI 
rating system to include an additional rating component to assess the 
sufficiency of resolution planning efforts undertaken by LISCC firms 
(and perhaps other select LFIs) to reduce the impact on the U.S. 
financial system in the event of the firm's failure. This proposed 
revision to the LFI rating system would be issued for notice and 
comment.

IX. Proposed Changes to Existing Regulations

    References to holding company ratings are included in a number of 
the Federal Reserve's existing regulations. In certain cases, the 
regulations are narrowly constructed such that they contemplate only 
the assignment of a standalone composite rating using a numerical 
rating scale. This is consistent with the current RFI rating system but 
is not compatible with the proposed LFI rating system. Three provisions 
in the Federal Reserve's existing regulations are written in this 
manner, including two in Regulation K and one in Regulation LL. In 
Regulation K, section 211.2(z) of Regulation K includes a definition of 
``well managed'' which in part requires a bank holding company to have 
received a composite rating of 1 or 2 at its most recent examination or 
review; and section 211.9(a)(2) requires an investor (which by 
definition can be a bank holding company) to have received a composite 
rating of at least 2 at its most recent examination in order to make 
investments under the general consent or limited general consent 
procedures contained in sections 211.9(b) and (c). In Regulation LL, 
section 238.54(a)(1) restricts savings and loan holding companies from 
commencing certain activities without the Federal Reserve's prior 
approval unless the company received a composite rating of 1 or 2 at 
its most recent examination.
    To ensure that the Federal Reserve's regulations are consistent and 
compatible with all aspects of both the RFI rating system as well as 
the proposed LFI rating system, the Federal Reserve proposes to amend 
those three regulatory provisions so they would apply to entities which 
receive numerical composite ratings as well as to entities which do not 
receive numerical composite ratings (including firms subject to the 
proposed LFI rating system).\37\ To satisfy the requirements of those 
provisions, firms that do not receive numerical composite ratings would 
have to be considered satisfactory under the proposed LFI rating 
system. To be considered satisfactory, a firm would have to be rated 
``Satisfactory'' or ``Satisfactory Watch'' for each component of the 
proposed LFI rating system; a firm which is rated ``Deficient-1'' or 
lower for any component would not be considered satisfactory. This 
standard would apply to any provision contained in the Federal 
Reserve's regulations which requires or refers to a firm having a 
satisfactory composite rating.
---------------------------------------------------------------------------

    \37\ The Board may propose additional necessary revisions to its 
regulations resulting from the adoption of a final LFI rating 
system.
---------------------------------------------------------------------------

X. Comparison of the RFI and LFI Rating Systems

    The proposed LFI rating system includes several structural changes 
from the RFI rating system. The following table provides a broad 
comparison between the two rating systems.

[[Page 39057]]



------------------------------------------------------------------------
           RFI rating system                Proposed LFI rating system
------------------------------------------------------------------------
R--Risk Management.....................  Assessment of the effectiveness
An evaluation of the ability of the       of a firm's governance and
 BHC's board of directors and senior      risk management practices is
 management to identify, measure,         central to the Governance and
 monitor, and control risk.               Controls component rating. The
The rating is supported by four           Governance and Controls rating
 subcomponent ratings:.                   evaluates a firm's
 Board and Senior Management      effectiveness in aligning
 Oversight.                               strategic business objectives
 Policies, Procedures, and        with risk management
 Limits.                                  capabilities; maintaining
 Risk Monitoring and Management   strong and independent risk
 Information Systems.                     management and control
 Internal Controls.............   functions, including internal
                                          audit; promoting compliance
                                          with laws and regulations,
                                          including those related to
                                          consumer protection; and
                                          otherwise providing for the
                                          ongoing resiliency of the
                                          firm.
                                         Governance and risk management
                                          practices specifically related
                                          to maintaining financial
                                          strength and resilience are
                                          also incorporated into the
                                          Capital Planning and Positions
                                          and Liquidity Risk Management
                                          and Positions component
                                          ratings.
F--Financial Condition.................  Assessment of a firm's
An evaluation of the consolidated         financial strength and
 organization's financial strength.       resilience is specifically
The rating is supported by four           evaluated through the Capital
 subcomponent ratings:.                   Planning and Positions and
 Capital Adequacy..............   Liquidity Risk Management and
 Asset Quality.................   Positions component ratings.
 Earnings......................   These component ratings assess
 Liquidity.....................   the effectiveness of
                                          associated planning and risk
                                          management processes, and the
                                          sufficiency of related
                                          positions.
                                         Although asset quality and
                                          earnings are not rated
                                          separately, they continue to
                                          be important elements in
                                          assessing a firm's safety and
                                          soundness and resiliency, and
                                          are important considerations
                                          within each of the LFI
                                          component ratings.
I--Impact..............................  Although a separate ``Impact''
An assessment of the potential impact     rating would not be assigned,
 of the firm's nondepository entities     the LFI rating system would
 on its subsidiary depository             assess a firm's ability to
 institution(s).                          protect the safety and
                                          soundness of its subsidiary
                                          depository institutions,
                                          including whether the firm can
                                          provide financial and
                                          managerial strength to its
                                          subsidiary depository
                                          institutions.\38\
D--Depository Institutions.............  A separate rating for a firm's
Generally reflects the composite CAMELS   depository institution
 rating assigned by the primary           subsidiaries would not be
 supervisor of the subsidiary             assigned. The Federal Reserve
 depository institution(s).\39\.          will continue to rely to the
                                          fullest extent possible on
                                          supervisory assessments
                                          developed by the primary
                                          supervisor of the subsidiary
                                          depository institution(s).
C--Composite Rating....................  A standalone composite rating
The overall composite assessment of the   would not be assigned. The
 BHC as reflected by the R, F, and I      three LFI component ratings
 ratings, and supported by examiner       are designed to clearly
 judgment with respect to the relative    communicate supervisory
 importance of each component to the      assessments and associated
 safe and sound operation of the BHC.     consequences for each of the
                                          core areas (capital, liquidity
                                          and governance and controls)
                                          considered critical to an
                                          LFI's strength and resilience.
                                         For purposes of determining
                                          whether a firm is ``well
                                          managed,'' the three component
                                          ratings taken together would
                                          be treated as equivalent to a
                                          standalone composite rating.
                                          Each component must be rated
                                          either ``Satisfactory'' or
                                          ``Satisfactory Watch'' in
                                          order for a firm to be deemed
                                          ``well managed.''
------------------------------------------------------------------------

XI. Request for Comments

    The Board invites comments on all aspects of the proposed LFI 
rating system, including responses to the following questions:
---------------------------------------------------------------------------

    \38\ See Sections 616 of DFA (financial strength), 12 CFR 225.4 
of the Board's Regulation Y, and 12 CFR 238.8 of the Board's 
Regulation LL.
    \39\ See SR letter 96-38, ``Uniform Financial Institutions 
Rating System,'' at http://www.federalreserve.gov/boarddocs/srletters/1996/sr9638.htm.
---------------------------------------------------------------------------

    (1) Are there specific considerations beyond those outlined in this 
proposal that should be considered in the Federal Reserve's assessment 
of whether an LFI has sufficient financial and operational strength and 
resilience to maintain safe and sound operations?
    (2) Does the proposal clearly describe the firms that would be 
subject to the LFI rating system, and those firms that would continue 
to be subject to the RFI rating system?
    (3) Does the proposal clearly describe the supervisory expectations 
for senior management in the evaluation of a firm's governance and 
controls under the proposed LFI rating system?
    (4) Does the proposal clearly describe how and under what 
circumstances a ``Satisfactory Watch'' rating would or would not be 
assigned? Does that rating provide appropriate messaging and incentives 
to firms to correct identified deficiencies?
    (5) Should the LFI rating system be revised at a future date to 
assess the sufficiency of a firm's resolution planning efforts 
undertaken to reduce the impact on the financial system in the event of 
the firm's failure? If yes, what should the Federal Reserve 
specifically consider in conducting that assessment?
    (6) Are there options that should be considered to enhance the 
transparency of LFI ratings in order to incent more timely and 
comprehensive remediation of supervisory deficiencies or issues?
    (7) What specific issues should the Federal Reserve consider when 
using the LFI rating system to inform future revisions to other 
supervisory rating systems used to assess the U.S. operations of 
foreign banking organizations?

XII. Regulatory Analysis

A. Paperwork Reduction Act

    There is no collection of information required by this proposal 
that would be subject to the Paperwork Reduction Act of 1995, 44 U.S.C. 
3501 et seq.

B. Regulatory Flexibility Analysis

    The Board is providing an initial regulatory flexibility analysis 
with respect to this proposed rule. The Regulatory Flexibility Act, 5 
U.S.C. 601 et seq. (RFA), generally requires an agency to assess the 
impact a rule is expected to have on small entities. The RFA requires 
an agency either to provide an initial regulatory flexibility analysis 
with a proposed rule for which a general notice of proposed rulemaking 
is required or to certify that the proposed rule will not have a 
significant impact on a substantial number of small entities. Based on 
the Board's analysis

[[Page 39058]]

and for the reasons stated below, the Board believes that neither the 
proposed LFI rating system nor the proposed rule will have a 
significant economic impact on a substantial number of small entities. 
A final regulatory flexibility analysis will be conducted after 
comments received during the public comment period have been 
considered.
    Under regulations issued by the Small Business Administration, a 
small entity includes a depository institution, bank holding company, 
or savings and loan holding company with assets of $550 million or less 
(small banking organizations). As of June 1, 2017, there were 
approximately 3,539 small banking organizations. As described above, 
the proposed LFI rating system would apply only to all bank holding 
companies with total consolidated assets of $50 billion or more; all 
non-insurance, non-commercial savings and loan holding companies with 
total consolidated assets of $50 billion or more; and U.S. intermediate 
holding companies of foreign banking organizations established pursuant 
to section 252.153 of the Federal Reserve's Regulation YY. Small 
banking organizations would therefore not be subject to the proposed 
LFI rating system. Similarly, the proposed rule would make conforming 
changes to several regulations to reflect certain aspects of the 
proposed LFI rating system, but would not change the operation of those 
regulations for any entity that would not be subject to the proposed 
LFI rating system. As a result, neither the proposed LFI rating system 
nor the proposed rule should have any impact on small banking 
organizations. In light of the foregoing, the Board believes that the 
proposed LFI rating system will not have a significant economic impact 
on small banking organizations supervised by the Board.

C. Solicitation of Comments on Use of Plain Language

    Section 722 of the Gramm-Leach-Bliley Act requires the Board to use 
plain language in all proposed and final rules published after January 
1, 2000. The Board invites comment on how to make this proposed rule 
easier to understand. For example:
     Has the Board organized the material to suit your needs? 
If not, how could the proposal be more clearly stated?
     Does the proposal contain technical language or jargon 
that is not clear? If so, what language requires clarification?
     Would a different format (grouping and order of sections, 
use of headings, paragraphing) make the proposal easier to understand? 
If so, what changes would make the proposal easier to understand?
     Would more, but shorter, sections be better? If so, what 
sections should be changed?
     What else could the Board do to make the proposal easier 
to understand?

List of Subjects

12 CFR Part 211

    Exports, Federal Reserve System, Foreign banking, Holding 
companies, Investments, Reporting and recordkeeping requirements.

12 CFR Part 238

    Administrative practice and procedure, Banks, Banking, Federal 
Reserve System, Holding companies, Reporting and recordkeeping 
requirements.

Authority and Issuance

    For the reasons stated in the preamble, the Board proposes to amend 
12 CFR parts 211 and 238 as follows:

PART 211--INTERNATIONAL BANKING OPERATIONS (REGULATION K)

0
1. The authority citations for part 211 continues to read as follows: 
12 U.S.C. 221 et seq., 1818, 1835a, 1841 et seq., 3101 et seq., 3901 et 
seq., and 5101 et seq.; 15 U.S.C. 1681s, 1681w, 6801 and 6805.
0
2. Section 211.2 is amended by revising paragraph (z) to read as 
follows:


Sec.  211.2  Definitions.

* * * * *
    (z) Well managed means that the Edge or agreement corporation, any 
parent insured bank, and the bank holding company either received a 
composite rating of 1 or 2 or is considered satisfactory under the 
applicable rating system, and has at least a satisfactory rating for 
management if such a rating is given, at their most recent examination 
or review.
0
3. Section 211.9 is amended by revising paragraph (a) to read as 
follows:


Sec.  211.9  Investment Procedures.

* * * * *
    (a) * * *
    (2) Composite rating. Except as the Board may otherwise determine, 
in order for an investor to make investments under the general consent 
or limited general consent procedures of paragraphs (b) and (c) of this 
section, at the most recent examination the investor and any parent 
insured bank must have either received a composite rating of at least 2 
or be considered satisfactory under the applicable rating system.

PART 238--SAVINGS AND LOAN HOLDING COMPANIES (REGULATION LL)

0
1. The authority citations for part 211 continues to read as follows:


    Authority: 5 U.S.C. 552, 559; 12 U.S.C. 1462, 1462a, 1463, 1464, 
1467, 1467a, 1468, 1813, 1817, 1829e, 1831i, 1972; 15 U.S.C. 78l.

0
2. Section 238.54 is amended by revising paragraph (a)(1) to read as 
follows:


Sec.  238.54  Permissible bank holding company activities of savings 
and loan holding companies.

    (a) * * *
    (1) The holding company received a rating of satisfactory or above 
prior to January 1, 2008, or thereafter, either received a composite 
rating of ``1'' or ``2'' or be considered satisfactory under the 
applicable rating system in its most recent examination, and is not in 
a troubled condition as defined in Sec.  238.72, and the holding 
company does not propose to commence the activity by an acquisition (in 
whole or in part) of a going concern; or
* * * * *

Appendix A

Note: This Appendix A will not be published in the Code of Federal 
Regulations.

 Text of Proposed Large Financial Institution Rating System

A. Overview of LFI Rating System

    The Federal Reserve will use the large financial institution 
(LFI) rating system to evaluate and communicate the condition and 
prospects of domestic bank holding companies with total consolidated 
assets of $50 billion or more, certain savings and loan holding 
companies with total consolidated assets of $50 billion or more, and 
U.S. intermediate holding companies of foreign banking 
organizations.\1\ The LFI rating system will replace the existing 
RFI/C(D) rating system that is presently used by the Federal Reserve 
to assign ratings to applicable holding companies.\2\
---------------------------------------------------------------------------

    \1\ The LFI rating system will apply to non-insurance, non-
commercial savings and loan holding companies with total 
consolidated assets of $50 billion or more. With respect to U.S. 
intermediate holding companies (IHCs) of foreign banking 
organizations (FBOs), the LFI rating system applies only to IHCs 
established under Regulation YY as required for FBOs with U.S. non-
branch assets of $50 billion or more. Plans are for systemically 
important nonbank financial companies designated by the Financial 
Stability Oversight Council (FSOC) for supervision by the Federal 
Reserve to be subject to the LFI rating system at a future date 
through a separate rulemaking.
    \2\ Refer to SR letter 04-18, ``Bank Holding Company Rating 
System,'' 69 FR 70444 (December 6, 2004), at https://www.federalreserve.gov/boarddocs/srletters/2004/sr0418.htm.
---------------------------------------------------------------------------

    The LFI rating system draws from the supervisory objectives set 
forth in the

[[Page 39059]]

Consolidated Supervisory Framework for Large Financial Institutions 
for enhanced financial and operational strength and resilience for 
the largest and most systemically important firms.\3\ The LFI rating 
system is designed to:
---------------------------------------------------------------------------

    \3\ Refer to SR letter 12-17/CA letter 12-14, ``Consolidated 
Supervisory Framework for Large Financial Institutions,'' at http://www.federalreserve.gov/bankinforeg/srletters/sr1217.htm. This 
supervisory framework will be updated to more closely align with the 
LFI rating system when the rating system is released in its final 
form.
    ``Financial strength and resilience'' is defined as maintaining 
effective capital and liquidity governance and planning processes, 
and sufficiency of related positions, to provide for continuity of 
the consolidated organization and its core business lines, critical 
operations, and banking offices through a range of conditions.
    ``Operational strength and resilience'' is defined as 
maintaining effective governance and controls to provide for 
continuity of the consolidated organization and its core business 
lines, critical operations, and banking offices, and promote 
compliance with laws and regulations, including those related to 
consumer protection, through a range of conditions.
    ``Critical operations'' are a firm's operations, including 
associated services, functions and support, the failure or 
discontinuance of which, in the view of the firm or the Federal 
Reserve would pose a threat to the financial stability of the United 
States.
    Under SR letter 12-17, ``banking offices'' are defined as U.S. 
depository institution subsidiaries and the U.S. branches and 
agencies of FBOs. The Federal Reserve expects to use the LFI rating 
system to inform future revisions to other rating systems used to 
assess the U.S. operations of FBOs.
---------------------------------------------------------------------------

     Fully align with the Federal Reserve's current 
supervisory programs and practices, which are based upon the LFI 
supervision framework's core objectives of reducing the probability 
of LFIs failing or experiencing material distress and reducing the 
risk to U.S. financial stability;
     Enhance the clarity and consistency of supervisory 
assessments and communications of supervisory findings and 
implications; and
     Provide appropriate incentives for LFIs to maintain 
financial and operational strength and resilience, including 
compliance with laws and regulations, by more clearly defining the 
consequences of a given rating.
    Consistent with current practice, LFI ratings will be assigned 
and communicated to firms on at least an annual basis, and more 
frequently as warranted to reflect the conclusions of supervisory 
activities performed by the Federal Reserve. In determining the LFI 
rating and identifying supervisory issues requiring corrective 
action by a firm, the Federal Reserve will generally rely to the 
fullest extent possible on the information and assessments developed 
by other relevant supervisors and functional regulators.

B. LFI Rating Framework

    The LFI rating framework provides a supervisory evaluation of 
whether a firm possesses sufficient financial and operational 
strength and resilience to maintain safe and sound operations 
through a range of conditions.\4\
---------------------------------------------------------------------------

    \4\ Hereinafter, when ``safe and sound'' or ``safety and 
soundness'' is used in this framework, related expectations apply to 
the consolidated organization and a firm's critical operations and 
banking offices.
---------------------------------------------------------------------------

    The LFI rating system is comprised of three components, 
described below:
     Capital Planning and Positions: An evaluation of (i) 
the effectiveness of a firm's governance and planning processes used 
to determine the amount of capital necessary to cover risks and 
exposures, and to support activities through a range of conditions; 
and (ii) the sufficiency of a firm's capital positions to comply 
with applicable regulatory requirements and to support the firm's 
ability to continue to serve as a financial intermediary through a 
range of conditions.
     Liquidity Risk Management and Positions: An evaluation 
of (i) the effectiveness of a firm's governance and risk management 
processes used to determine the amount of liquidity necessary to 
cover risks and exposures, and to support activities through a range 
of conditions; and (ii) the sufficiency of a firm's liquidity 
positions to comply with applicable regulatory requirements and to 
support the firm's ongoing obligations through a range of 
conditions.
     Governance and Controls: An evaluation of the 
effectiveness of a firm's (i) board of directors, (ii) management of 
core business lines and independent risk management and controls, 
and (iii) recovery planning (for domestic LISCC firms only).\5\ This 
rating assesses a firm's effectiveness in aligning strategic 
business objectives with the firm's risk tolerance and risk 
management capabilities; maintaining strong, effective, and 
independent risk management and control functions, including 
internal audit; promoting compliance with laws and regulations, 
including those related to consumer protection; and otherwise 
planning for the ongoing resiliency of the firm.\6\
---------------------------------------------------------------------------

    \5\ References to ``board'' or ``board of directors'' in this 
framework includes the equivalent to a board of directors, as 
appropriate, as well as committees of the board of directors or the 
equivalent thereof, as appropriate.
    A ``business line'' is a defined unit or function of a financial 
institution, including associated operations and support, that 
provides related products or services to meet the firm's business 
needs and those of its customers. ``Core business lines'' are 
defined as those business lines in which a significant control 
disruption, failure or loss event would result in a material loss of 
revenue, profit, franchise value, or result in significant consumer 
harm. Supervisory expectations applicable to management of core 
business lines apply equally to the management of critical 
operations. Additionally, critical operations are to be sufficiently 
resilient to be maintained, continued, and funded even in the event 
of a firm's material financial distress or failure.
    At this time, recovery planning expectations only apply to 
domestic BHCs subject to the Federal Reserve's LISCC supervisory 
framework. Should the Federal Reserve expand the scope of recovery 
planning expectations to encompass additional firms, this rating 
will reflect such expectations for the broader set of firms.
    There are eight domestic firms in the LISCC portfolio: (1) Bank 
of America Corporation; (2) Bank of New York Mellon Corporation; (3) 
Citigroup, Inc.; (4) Goldman Sachs Group, Inc.; (5) JP Morgan Chase 
& Co.; (6) Morgan Stanley; (7) State Street Corporation; and (8) 
Wells Fargo & Company. In this guidance, these eight firms may 
collectively be referred to as ``domestic LISCC firms.''
    \6\ ``Risk tolerance'' is defined as the aggregate level and 
types of risk the board and senior management are willing to assume 
to achieve the firm's strategic business objectives, consistent with 
applicable capital, liquidity, and other requirements and 
constraints.
---------------------------------------------------------------------------

Assignment of the LFI Component Ratings

    Each LFI component rating is assigned along a multi-level scale 
(Satisfactory/Satisfactory Watch, Deficient-1, and Deficient-2). A 
``Satisfactory'' rating indicates that the firm is considered safe 
and sound and broadly meets supervisory expectations. A 
``Satisfactory Watch'' rating is a conditional ``Satisfactory'' 
rating and is discussed in greater detail below. A ``Deficient-1'' 
rating indicates that although the firm's current condition is not 
considered to be materially threatened, there are financial and/or 
operational deficiencies that put its prospects for remaining safe 
and sound through a range of conditions at significant risk. A 
``Deficient-2'' rating indicates that financial and/or operational 
deficiencies materially threaten the firm's safety and soundness, or 
have already put the firm in an unsafe and unsound condition.
    Supervisors may assign a ``Satisfactory Watch'' component rating 
which indicates that the firm is generally considered safe and 
sound; however certain issues are sufficiently material that, if not 
resolved in a timely manner in the normal course of business, would 
put the firm's prospects for remaining safe and sound through a 
range of conditions at risk.\7\ Use of the ``Satisfactory Watch'' 
rating is consistent with existing supervisory practice of giving 
notice that the Federal Reserve is likely to downgrade a firm to a 
less-than-satisfactory rating if identified weaknesses are not 
resolved in a timely manner. The ``Satisfactory Watch'' rating may 
also be used for firms previously rated ``Deficient'' when 
circumstances warrant.
---------------------------------------------------------------------------

    \7\ For purposes of the LFI rating system, ``during the normal 
course of business'' is when the Federal Reserve believes that 
supervisory issues can be resolved via remediation or mitigation 
(through compensating controls and/or a reduced risk profile) in a 
timely manner without material changes to, or investments in, a 
firm's governance, risk management or internal control structures, 
practices, or capabilities.
---------------------------------------------------------------------------

    A ``Satisfactory Watch'' rating is not intended to be used for a 
prolonged period. Firms that receive a ``Satisfactory Watch'' rating 
will have a specified timeframe to fully resolve issues leading to 
that rating (as is the case with all supervisory issues), generally 
no longer than 18 months.\8\ If the firm

[[Page 39060]]

successfully resolves the issues leading to the ``Satisfactory 
Watch'' rating, the firm would typically be upgraded to 
``Satisfactory'' as it has demonstrated an ability to successfully 
remediate or mitigate these issues in a timely manner in the normal 
course of business. However, if the firm fails to timely remediate 
or mitigate those issues, this failure would generally be viewed as 
evidence that the firm lacks sufficient financial and/or operational 
capabilities to remain safe and sound through a range of conditions. 
In these instances the firm would typically be downgraded to a 
``Deficient'' rating.
---------------------------------------------------------------------------

    \8\ The timeframe initially specified by the Federal Reserve for 
resolving issues will become more precise over time, and may be 
extended as circumstances warrant. As noted in current guidance, 
defined timeframes for resolving supervisory issues are communicated 
within either ``Matters Requiring Attention'' (MRAs) or ``Matters 
Requiring Immediate Attention'' (MRIAs). See SR letter 13-13/CA 
letter 13-10, ``Supervisory Considerations for the Communication of 
Supervisory Findings,'' at https://www.federalreserve.gov/supervisionreg/srletters/sr1313.htm. Proposed guidance which would 
replace SR letter 13-13 has been released for public comment. An 
enforcement action will also specify the timeframe for a firm to 
resolve deficiencies.
---------------------------------------------------------------------------

    When a firm is rated ``Satisfactory Watch,'' supervisors would 
focus on determining whether a firm's issues are related to each 
other, similar in nature or root cause, or constitute a pattern 
reflecting deeper governance or risk management weaknesses, 
warranting a downgrade to a ``Deficient'' rating.
    The weighting of individual elements within each LFI component 
rating will depend on their relative contribution to the rating 
definitions outlined below. For example, a limited number of 
significant deficiencies--or even just one significant deficiency--
noted for management of a single core business line could be viewed 
as sufficiently important to warrant a ``Deficient'' Governance and 
Controls component rating, even if the firm meets supervisory 
expectations under the Governance and Controls component in all 
other respects.
    A standalone composite rating is not assigned under the LFI 
rating system. The three LFI component ratings are designed to 
clearly communicate supervisory assessments and associated 
consequences to a firm for the core areas (capital, liquidity, and 
governance and controls) considered critical to an LFI's strength 
and resilience.
    Under the LFI rating system, a firm must be rated 
``Satisfactory'' or ``Satisfactory Watch'' for each of its component 
ratings to be considered ``well managed'' in accordance with various 
statutes and regulations.\9\ A ``well managed'' firm has sufficient 
financial and operational strength and resilience to maintain safe 
and sound operations through a range of conditions.
---------------------------------------------------------------------------

    \9\ 12 U.S.C. 1841 et. seq. and 12 U.S.C. 1461 et seq. See, 
e.g., 12 CFR 225.4(b)(6), 225.14, 225.22(a), 225.23, 225.85, and 
225.86; 12 CFR 211.9(b), 211.10(a)(14), and 211.34; and 12 CFR 
223.41.
---------------------------------------------------------------------------

C. LFI Rating Components

    The LFI rating system is comprised of three component ratings: 
\10\
---------------------------------------------------------------------------

    \10\ There may be instances where deficiencies or supervisory 
issues may be relevant to the Federal Reserve's assessment of more 
than one component area. As such, the LFI rating will reflect these 
deficiencies or issues within multiple rating components when 
necessary to provide a comprehensive supervisory assessment.
---------------------------------------------------------------------------

1. Capital Planning and Positions Component Rating

    The Capital Planning and Positions component rating evaluates 
(i) the effectiveness of a firm's governance and planning processes 
used to determine the amount of capital necessary to cover risks and 
exposures, and to support activities through a range of conditions; 
and (ii) the sufficiency of a firm's capital positions to comply 
with applicable regulatory requirements and to support the firm's 
ability to continue to serve as a financial intermediary through a 
range of conditions.
    In developing this rating, the Federal Reserve will evaluate:
     Capital Planning: The extent to which a firm maintains 
sound capital planning practices though strong governance and 
oversight; strong risk management and controls; maintenance of 
updated capital policies and contingency plans for addressing 
potential shortfalls; and incorporation of appropriately stressful 
conditions and events into capital planning and projections of 
capital positions; and
     Capital Positions: The extent to which a firm's capital 
is sufficient to comply with regulatory requirements, and to support 
its ability to meet its obligations to depositors, creditors, and 
other counterparties and continue to serve as a financial 
intermediary through a range of conditions.

Definitions for the Capital Planning and Positions Component Rating

Satisfactory

    A firm's capital planning and positions are considered sound and 
broadly meet supervisory expectations. Specifically:
     A firm is capable of producing sound assessments of 
capital adequacy through a range of conditions; and
     A firm's current and projected capital positions comply 
with regulatory requirements, and support its ability to absorb 
current and potential losses, to meet obligations, and to continue 
to serve as a financial intermediary through a range of conditions.
    Although a firm rated ``Satisfactory'' may have supervisory 
issues requiring corrective action, the firm is effectively 
mitigating the issues or the Federal Reserve has deemed the issues 
as unlikely to present a threat to the firm's ability to maintain 
safe and sound operations.

Satisfactory Watch

    In select circumstances, a ``Satisfactory Watch'' component 
rating may be assigned. In these instances a firm's capital planning 
and positions are generally considered sound; however certain 
supervisory issues are sufficiently material that, if not resolved 
by the firm in a timely manner during the normal course of business, 
would put the firm's prospects for remaining safe and sound through 
a range of conditions at risk.
    A ``Satisfactory Watch'' rating may be assigned to a firm that 
meets these characteristics regardless of its prior rating (that is, 
it may be assigned to a firm previously rated ``Satisfactory'' or 
``Deficient''). In either instance, the Federal Reserve will not use 
the ``Satisfactory Watch'' rating for a prolonged period. In most 
instances, the firm will either (i) resolve the issues in a timely 
manner and be assigned a ``Satisfactory'' rating, or (ii) fail to 
resolve the issues and be downgraded to a ``Deficient'' rating, as 
its inability to resolve those issues in a timely manner would 
indicate that the firm does not possess sufficient financial and 
operational capabilities to maintain its safety and soundness 
through a range of conditions.
    The Federal Reserve will provide an expected timeframe for the 
firm to remediate or mitigate each issue leading to the 
``Satisfactory Watch'' rating, and will closely monitor the firm's 
progress.

Deficient-1

    Although a firm's current condition is not considered to be 
materially threatened, there are deficiencies in capital planning or 
positions that put its prospects for remaining safe and sound 
through a range of conditions at significant risk. Its practices and 
capabilities do not meet supervisory expectations, as:
     Deficiencies in a firm's capital planning processes are 
not effectively mitigated. These deficiencies limit the firm's 
ability to effectively assess capital adequacy through a range of 
conditions; and/or
     A firm's projected capital positions may be 
insufficient to absorb potential losses, and to support its ability 
to meet prospective obligations and serve as a financial 
intermediary through a range of conditions.
    These deficiencies require timely corrective action focused on 
restoring and maintaining capital planning capabilities and capital 
positions consistent with assignment of a ``Satisfactory'' component 
rating. To support supervisory efforts--and ensure the immediate 
attention of the firm's board and senior management towards 
restoring financial and operational strength and resilience as 
necessary to maintain the firm's safety and soundness through a 
range of conditions--there is a strong presumption that the firm 
will be subject to an informal or formal enforcement action by the 
Federal Reserve.
    A ``Deficient-1'' component rating could be a barrier for a firm 
seeking the Federal Reserve's approval of a proposal to engage in 
new or expansionary activities, unless the firm can demonstrate that 
(i) it is making meaningful, sustained progress in resolving 
identified deficiencies and issues; (ii) the proposed new or 
expansionary activities would not present a risk of exacerbating 
current deficiencies or issues or lead to new concerns; and (iii) 
the proposed activities would not distract the board or senior 
management from remediating current deficiencies or issues.

Deficient-2

    Deficiencies in a firm's capital planning or positions present a 
material threat to its safety and soundness, or have already put the 
firm in an unsafe and unsound condition. Its practices and 
capabilities fall well short of supervisory expectations, as:
     A firm's capital planning processes are insufficient to 
effectively assess capital adequacy through a range of conditions; 
and/or
     A firm's current and projected capital positions are 
insufficient to absorb current or potential losses, and to support 
its ability to meet current and prospective obligations and serve as 
a financial intermediary through a range of conditions.

[[Page 39061]]

    To address these deficiencies, a firm is required to (i) 
implement comprehensive corrective measures sufficient to restore 
and maintain satisfactory capital planning capabilities and adequate 
capital positions; and (ii) demonstrate the sufficiency, 
credibility, and readiness of contingency planning and options in 
the event of further escalation of financial or operational 
deficiencies. To support supervisory efforts and ensure the 
immediate attention of the firm's board and senior management in 
addressing threats to safety and soundness, there is a strong 
presumption that the firm will be subject to a formal enforcement 
action.
    The Federal Reserve would be extremely unlikely to approve any 
proposal from a firm with a ``Deficient-2'' rating to engage in new 
or expansionary activities.

2. Liquidity Risk Management and Positions Component Rating

    The Liquidity Risk Management and Positions component rating 
evaluates (i) the effectiveness of a firm's governance and risk 
management processes used to determine the amount of liquidity 
necessary to cover risks and exposures, and to support activities 
through a range of conditions; and (ii) the sufficiency of a firm's 
liquidity positions to comply with applicable regulatory 
requirements and to support the firm's ongoing obligations through a 
range of conditions.
    In developing this rating, the Federal Reserve will evaluate:
     Liquidity Risk Management: The extent to which a firm 
maintains sound liquidity risk management practices though strong 
governance and oversight; strong risk management and controls; 
maintenance of updated liquidity policies and contingency plans for 
addressing potential shortfalls; and incorporation of appropriately 
stressful conditions and events into liquidity planning and 
projections of liquidity positions; and
     Liquidity Positions: The extent to which a firm's 
liquidity is sufficient to comply with regulatory requirements, and 
to support its ability to meet current and prospective obligations 
to depositors, creditors and other counterparties through a range of 
conditions.

Definitions for the Liquidity Risk Management and Positions Component 
Rating

Satisfactory

    A firm's liquidity risk management and positions are considered 
sound and broadly meet supervisory expectations. Specifically:
     A firm is capable of producing sound assessments of 
liquidity adequacy through a range of conditions; and
     A firm's current and projected liquidity positions 
comply with regulatory requirements, and support its ability to meet 
current and prospective obligations and to continue to serve as a 
financial intermediary through a range of conditions.
    Although a firm rated ``Satisfactory'' may have supervisory 
issues requiring corrective action, the firm is effectively 
mitigating the issues or the Federal Reserve has deemed the issues 
as unlikely to present a threat to the firm's ability to maintain 
safe and sound operations.

Satisfactory Watch

    In select circumstances, a ``Satisfactory Watch'' component 
rating may be assigned. In these instances a firm's liquidity risk 
management and positions are generally considered sound; however 
certain supervisory issues are sufficiently material that, if not 
resolved by the firm in a timely manner during the normal course of 
business, would put the firm's prospects for remaining safe and 
sound through a range of conditions at risk.
    A ``Satisfactory Watch'' rating may be assigned to a firm that 
meets these characteristics regardless of its prior rating (that is, 
it may be assigned to a firm previously rated ``Satisfactory'' or 
``Deficient''). In either instance, the Federal Reserve will not use 
the ``Satisfactory Watch'' rating for a prolonged period. In most 
instances, the firm will either (i) resolve the issues in a timely 
manner and be assigned a ``Satisfactory'' rating, or (ii) fail to 
resolve the issues and be downgraded to a ``Deficient'' rating, as 
its inability to resolve those issues in a timely manner would 
indicate that the firm does not possess sufficient financial and 
operational capabilities to maintain its safety and soundness 
through a range of conditions.
    The Federal Reserve will provide an expected timeframe for the 
firm to remediate or mitigate each issue leading to the 
``Satisfactory Watch'' rating, and will closely monitor the firm's 
progress.

Deficient-1

    Although a firm's current condition is not considered to be 
materially threatened, there are deficiencies in liquidity risk 
management or positions that put its prospects for remaining safe 
and sound through a range of conditions at significant risk. Its 
practices and capabilities do not meet supervisory expectations, as:
     Deficiencies in a firm's liquidity risk management 
processes are not effectively mitigated. These deficiencies limit 
the firm's ability to effectively assess liquidity adequacy through 
a range of conditions; and/or
     A firm's projected liquidity positions may be 
insufficient to support its ability to meet prospective obligations 
and serve as a financial intermediary through a range of conditions.
    These deficiencies require timely corrective action, focused on 
restoration and maintenance of liquidity risk management 
capabilities and liquidity positions consistent with assignment of a 
``Satisfactory'' component rating. To support supervisory efforts--
and ensure the immediate attention of the firm's board and senior 
management towards restoring financial and operational strength and 
resilience as necessary to maintain the firm's safety and soundness 
through a range of conditions--there is a strong presumption that 
the firm will be subject to an informal or formal enforcement action 
by the Federal Reserve.
    A ``Deficient-1'' component rating could be a barrier for a firm 
seeking the Federal Reserve's approval of a proposal to engage in 
new or expansionary activities, unless the firm can demonstrate that 
(i) it is making meaningful, sustained progress in resolving 
identified deficiencies and issues; (ii) the proposed new or 
expansionary activities would not present a risk of exacerbating 
current deficiencies or issues or lead to new concerns; and (iii) 
the proposed activities would not distract the board or senior 
management from remediating current deficiencies or issues.

Deficient-2

    Deficiencies in a firm's liquidity risk management or positions 
present a material threat to its safety and soundness, or have 
already put the firm in an unsafe and unsound condition. Its 
practices and capabilities fall well short of supervisory 
expectations, as:
     A firm's liquidity risk management processes are 
insufficient to perform an effective assessment of liquidity 
adequacy through a range of conditions; and/or
     A firm's current and projected liquidity positions are 
insufficient to support its ability to meet current and prospective 
obligations and serve as a financial intermediary through a range of 
conditions.
    To address these material deficiencies, a firm is required to 
immediately (i) implement comprehensive corrective measures 
sufficient to provide for the restoration and continued maintenance 
of satisfactory liquidity risk management capabilities and adequate 
liquidity positions; and (ii) demonstrate the sufficiency, 
credibility and readiness of contingency planning and options in the 
event of further escalation of financial or operational 
deficiencies. To support supervisory efforts and ensure the 
immediate attention of the firm's board and senior management in 
addressing threats to safety and soundness, there is a strong 
presumption that the firm will be subject to a formal enforcement 
action.
    The Federal Reserve would be extremely unlikely to approve any 
proposal from a firm with a ``Deficient-2'' rating to engage in new 
or expansionary activities.

3. Governance and Controls Component Rating

    The Governance and Controls component rating evaluates the 
effectiveness of a firm's (i) board of directors, (ii) management of 
core business lines and independent risk management and controls, 
and (iii) recovery planning (for domestic LISCC firms only). This 
rating assesses a firm's effectiveness in aligning strategic 
business objectives with the firm's risk tolerance and risk 
management capabilities; maintaining strong, effective, and 
independent risk management and control functions, including 
internal audit; promoting compliance with laws and regulations, 
including those related to consumer protection; and otherwise 
providing for the ongoing resiliency of the firm.\11\
---------------------------------------------------------------------------

    \11\ Hereinafter, references to ``compliance with laws and 
regulations'' include laws and regulations related to banking and 
consumer protection.
---------------------------------------------------------------------------

    In developing this rating, the Federal Reserve will evaluate:
     Effectiveness of the Board of Directors: The extent to 
which the board exhibits attributes consistent with those of 
effective boards in carrying out its core roles and

[[Page 39062]]

responsibilities, including setting a clear strategy for the firm 
that aligns with the firm's risk tolerance; actively managing 
information flow and board discussions; holding senior management 
accountable for implementing the firm's strategy and risk tolerance 
in an effective manner, and for maintaining the firm's risk 
management and control framework; supporting the independence and 
stature of the firm's independent risk management and internal audit 
functions; and maintaining its effectiveness by adapting its 
composition, governance structure and practices to changes that 
occur over time.
     Management of Core Business Lines and Independent Risk 
Management and Controls
    The extent to which:
    [cir] Senior management effectively and prudently manages the 
day-to-day operations of the firm and provides for ongoing 
resiliency; implements the firm's strategy and risk tolerance; 
maintains an effective risk management framework and system of 
internal controls; and promotes prudent risk taking behaviors and 
business practices, including compliance with laws and regulations.
    [cir] Core business line management executes business line 
activities consistent with the firm's strategy and risk tolerance; 
identifies and manages risks; and ensures an effective system of 
internal controls for its operations.
    [cir] Independent risk management effectively evaluates whether 
the firm's risk tolerance appropriately captures material risks and 
is consistent with the firm's risk management capacity; establishes 
and monitors risk limits that are consistent with the firm's risk 
tolerance; identifies and measures the firm's risks; and aggregates, 
assesses and reports on the firm's risk profile and positions. 
Additionally, the firm demonstrates that its system of internal 
controls is appropriate and tested for effectiveness. Finally, 
internal audit effectively and independently assesses the firm's 
risk management framework and internal control systems, and reports 
findings to senior management and the firm's audit committee.
     Recovery Planning (domestic LISCC firms only): The 
extent to which recovery planning processes effectively identify 
options that provide a reasonable chance of a firm being able to 
remedy financial weakness and restore market confidence without 
extraordinary official sector support.

Definitions for the Governance and Controls Component Rating

Satisfactory

    A firm's governance and control practices are considered sound 
and broadly meet supervisory expectations. Specifically, a firm's 
practices and capabilities are sufficient to align strategic 
business objectives with the firm's risk tolerance and risk 
management capabilities; maintain strong and independent risk 
management and control functions, including internal audit; promote 
compliance with laws and regulations; and otherwise provide for the 
firm's ongoing resiliency through a range of conditions.
    Although a firm rated ``Satisfactory'' may have supervisory 
issues requiring corrective action, the firm is effectively 
mitigating the issues or the Federal Reserve has deemed the issues 
as unlikely to present a threat to the firm's ability to maintain 
safe and sound operations.

Satisfactory Watch

    Supervisors may assign a ``Satisfactory Watch'' component 
rating, which indicates that governance and controls are generally 
considered sound; however certain supervisory issues are 
sufficiently material that, if not resolved by the firm in a timely 
manner during the normal course of business, would put the firm's 
prospects for remaining safe and sound through a range of conditions 
at risk.
    A ``Satisfactory Watch'' rating may be assigned to a firm which 
meets these characteristics regardless of its prior rating (that is, 
it may be assigned to a firm previously rated ``Satisfactory'' or 
``Deficient''). In either instance, the Federal Reserve will not use 
the ``Satisfactory Watch'' rating for a prolonged period. In most 
instances, the firm will either (i) resolve the issues in a timely 
manner and be assigned a ``Satisfactory'' rating, or (ii) fail to 
resolve the issues and be downgraded to a ``Deficient'' rating, as 
its inability to resolve those issues in a timely manner would 
indicate that the firm does not possess sufficient financial and 
operational capabilities to maintain its safety and soundness 
through a range of conditions.
    The Federal Reserve will provide an expected timeframe for the 
firm to remediate or mitigate each issue leading to the 
``Satisfactory Watch'' rating, and will closely monitor the firm's 
progress.

Deficient-1

    Although a firm's current condition is not considered to be 
materially threatened, there are deficiencies in a firm's governance 
or controls that put its prospects for remaining safe and sound 
through a range of conditions at significant risk.
    The firm's practices and capabilities do not meet supervisory 
expectations, and deficiencies limit its ability to align strategic 
business objectives with the firm's risk tolerance and risk 
management capabilities; maintain strong and independent risk 
management and control functions, including internal audit; promote 
compliance with laws and regulations; and/or otherwise provide for 
the firm's ongoing resiliency through a range of conditions.
    These deficiencies require timely corrective action by the firm, 
focused on restoring and maintaining its governance and control 
capabilities consistent with a ``Satisfactory'' component rating. To 
support supervisory efforts--and ensure the immediate attention of 
the firm's board and senior management towards restoring financial 
and operational strength and resilience as necessary to maintain the 
firm's safety and soundness through a range of conditions--there is 
a strong presumption that the firm will be subject to an informal or 
formal enforcement action by the Federal Reserve.
    A ``Deficient-1'' component rating could be a barrier for a firm 
seeking the Federal Reserve's approval of a proposal to engage in 
new or expansionary activities, unless the firm can demonstrate that 
(i) it is making meaningful, sustained progress in resolving 
identified deficiencies and issues; (ii) the proposed new or 
expansionary activities would not present a risk of exacerbating 
current deficiencies or issues or lead to new concerns; and (iii) 
the proposed activities would not distract the board or senior 
management from remediating current deficiencies or issues.

Deficient-2

    Deficiencies in a firm's governance or controls present a 
material threat to its safety and soundness, or have already put the 
firm in an unsafe and unsound condition.
    Its practices and capabilities fall well short of supervisory 
expectations, and are insufficient to align strategic business 
objectives with the firm's risk tolerance and risk management 
capabilities; maintain strong and independent risk management and 
control functions, including internal audit; promote compliance with 
laws and regulations; and/or otherwise provide for the firm's 
ongoing resiliency.
    To address these material deficiencies, a firm is required to 
(i) implement comprehensive corrective measures sufficient to 
restore and maintain appropriate governance and control 
capabilities; and (ii) demonstrate the sufficiency, credibility and 
readiness of contingency planning and options in the event of 
further escalation of financial or operational deficiencies. To 
support supervisory efforts and ensure the immediate attention of 
the firm's board and senior management in addressing threats to 
safety and soundness, there is a strong presumption that the firm 
will be subject to a formal enforcement action.
    The Federal Reserve would be extremely unlikely to approve any 
proposal from a firm with a ``Deficient-2'' rating to engage in new 
or expansionary activities.

    By order of the Board of Governors of the Federal Reserve 
System, August 3, 2017.
Margaret McCloskey Shanks,
Deputy Secretary of the Board.
[FR Doc. 2017-16736 Filed 8-16-17; 8:45 am]
 BILLING CODE 6210-01-P