UFIRS / CAMELS — 2026 Proposed Revisions: Interactive Change Briefing

The eight changes

Each lettered item tracks Section II of the proposing release. The left column is the framework as the release itself characterizes it; the right is the proposed text from Appendix A. Tap a card to expand.

Filter by significance

Remove the Management component's "special consideration" in the composite

The structural keystone of the proposal — the composite is no longer tilted toward Management.

High ▼

Current framework

UFIRS directs examiners to give the Management component "special consideration" when assigning a composite rating. The release notes industry observation — and the agencies' own 2000–2025 analysis — that Management has been the most influential factor in composite outcomes, especially recently.

Proposed

Delete the sentence directing special consideration. Composite weighting becomes situational: "some components may be given more weight than others depending on the institution's overall financial condition and risk profile with emphasis on material financial risks."

Why it matters

This is the lever the other changes hang on. The release frames the current language as potentially diminishing the non-Management components; removing it is meant to force a more balanced composite. Watch the interaction with RFC Q6/Q7 — the agencies are testing whether to go further and make a Management-driven composite require additional justification.

Linked comment Qs:Q6Q7

Narrow the Management component & add a material-risk threshold for a 3

Three evaluation factors deleted; ratings of 3-or-worse now gated on material financial risk.

High ▼

Current framework

Management factors include depth/succession, audit & supervisory responsiveness, community-needs willingness, and an overall-performance factor. A Management 3+ can follow from risk-management or process weaknesses generally.

Proposed

Remove three factors — "Management depth and succession," "Responsiveness to recommendations from auditors and supervisory authorities," "Demonstrated willingness to serve the legitimate banking needs of the community" — plus the redundant overall-performance factor.

A 3-or-worse generally requires risk-management practices that result in material financial risk;
or unreliable financial/regulatory reporting, failure to safeguard assets, or significant noncompliance with law or regulation.

Why it matters

Removing the community-needs and succession factors is a meaningful scope cut. The new threshold means weak processes alone — absent material financial risk or one of the three carve-outs — no longer support a Management 3. Q10 probes the redundancy risk of also routing compliance through Management.

Linked comment Qs:Q7Q8Q9Q10

Limit how specialty-review findings flow into ratings

BSA/AML, consumer compliance, CRA, IT, Trust findings only count if they hit financial condition or material risk.

High ▼

Current framework

Specialty-review findings — Compliance (incl. Consumer Compliance and BSA/AML), CRA, Government & Municipal Securities Dealers, Information Systems, Transfer Agent, Trust — are "often incorporated into the Management component rating" and can drive downgrades even when they do not reflect material financial risk.

Proposed

Such findings influence composite and component ratings only to the extent they: impact overall financial condition, represent material financial risks, or reflect significant noncompliance with laws and regulations. Trust-bank examination conclusions remain considered where they reflect financial condition / material risk.

Why it matters

A BSA/AML program deficiency that is not a material financial risk and not "significant noncompliance" would no longer, by itself, pull down the composite or Management rating. Q4 and Q5 are the precise hooks — calibration of compliance treatment and the threshold for specialty findings.

Linked comment Qs:Q4Q5

Rewrite the composite 1–5 definitions around financial performance

Each composite tier re-keyed to a financial-condition adjective; a 4 needs observable deterioration.

High ▼

Current framework

Composite definitions blend financial condition, risk management, and compliance without a consistent severity vocabulary tying the tier to financial performance.

Proposed

1 / 2: strong / satisfactory financial performance; only minor / moderate RM weakness.
3: less-than-satisfactory financial performance or inadequate RM resulting in material financial risk; significant noncompliance may also warrant a 3.
4: "deficient" financial performance — RM weaknesses that do not produce observable deterioration or material financial risk would not, alone, support a 4 or worse.
5: "critically deficient" financial performance.

Why it matters

The "would not alone support a 4 or worse" language is the operative constraint — it explicitly decouples severe ratings from process findings absent financial impact. See the Composite Ratings tab for the full proposed text of each tier.

Linked comment Qs:Q2Q6

Replace broad "identify, measure, monitor, control" language with specific factors

The generic IMMC clause comes out of five components; Management keeps it but tightens factors.

High ▼

Current framework

Capital, Asset Quality, Earnings, Liquidity, and Sensitivity each carry broad language on the "ability of management to identify, measure, monitor, and control" risk. e.g., Liquidity references the "capability of management to properly identify, measure, monitor, and control the institution's liquidity position…"

Proposed

Swap the generic clause for component-specific practice factors:

Liquidity → "effectiveness of funds management practices, including contingency funding plans and cash flow forecasting."
Capital → "effectiveness in maintaining capital levels commensurate with its risk profile and strategic priorities through a range of economic conditions."
Asset Quality / Earnings / Sensitivity → parallel specific factors (see Component tab).
Management → retains the IMMC framing in its description; factors revised for specificity & measurability.

Why it matters

This narrows what an examiner can reach in each non-Management component, and concentrates "management quality" judgments in the Management component itself — reinforcing the Lever-2 design.

Linked comment Qs:Q1Q11

Delete "but not limited to"; gate extra factors behind documentation

Closed factor lists, plus targeted clarifications to Capital, Earnings, and Sensitivity.

Medium ▼

Current framework

Component ratings are based on "but not limited to" the listed evaluation factors — an open-ended set.

Proposed

Remove "but not limited to." A general paragraph allows additional factors only if warranted by exceptional circumstances or evolving business practices, where critical to financial condition / risk profile — and examiners must document and explain the rationale. Plus clarifications:

Capital: contingent liabilities expressly in scope.
Earnings: funding costs & commodity-price earnings exposure.
Sensitivity: recent NII performance vs. rate environment, NII expectations from the balance sheet, interest-rate volatility exposure.

Why it matters

A transparency / examiner-discipline change. The documentation requirement is the enforceable part — it converts examiner discretion into a justified, on-the-record decision. Q3 asks how broadly "evolving business practices" should be read.

Linked comment Qs:Q3Q11

Standardize the severity vocabulary across all components

Two fixed adjective scales — one for financial condition, one for risk management.

Medium ▼

Current framework

Each component's 1–5 descriptions differ in language, structure, and level of detail.

Proposed

Consistent terminology:

Financial condition: strong · satisfactory · less than satisfactory · deficient · critically deficient.
Risk management: effective · adequate · inadequate · deficient.
Specific risk-management descriptions removed from the "5" rating for all components except Management.

Why it matters

Mostly drafting discipline, but the standardized scales make the financial-condition-vs-risk-management split legible at the rating level — and the Management carve-out at the "5" tier again signals where management judgment is meant to live.

Linked comment Qs:Plain language

Modernize terminology — ALLL→ACL, and remove all reputation-risk references

CECL conforming change, plus alignment with the agencies' reputation-risk removals.

Medium ▼

Current framework

Uses "allowances for loan and lease losses" (ALLL) and contains references to reputation risk.

Proposed

Replace ALLL with "allowances for credit losses" (ACL) to conform to CECL under U.S. GAAP. Remove all references to reputation risk, consistent with the Board, OCC, FDIC, and NCUA reputation-risk rulemakings (91 FR 9499; 91 FR 18279; 90 FR 48409).

Why it matters

ALLL→ACL is mechanical. The reputation-risk removal is the politically salient piece — it folds CAMELS into the broader 2025–2026 supervisory program of stripping reputation risk, and is worth flagging in any comment that addresses the framework's posture, not just its mechanics.

Linked comment Qs:General

What changes inside each component

Component-level deltas as stated in Section II and Appendix A. RM = removed · ADD = added/clarified · REV = revised/replaced

CCapital Adequacy

Ability to absorb unexpected losses across credit, market, and other risk.

REV

"Effectiveness in maintaining capital levels" through a range of economic conditions replaces the old "ability of management to address emerging needs for additional capital."

ADD

Risks from off-balance-sheet activities and contingent liabilities made explicit in the factors.

REV

ALLL → ACL throughout; broad IMMC language removed.

AAsset Quality

Quantity of existing and potential credit risk in assets and OBS exposures.

ADD

New factor: effectiveness of risk monitoring practices and timely collection of problem assets.

REV

Adequacy of ACL and other valuation allowances (CECL conforming).

Generic IMMC framing removed in favor of the specific monitoring factor.

MManagement

Board/management effectiveness in controlling material financial risks.

Factors deleted: management depth & succession; responsiveness to auditor/supervisory recommendations; willingness to serve community banking needs; redundant overall-performance factor.

ADD

Explicit factors on dominant influence / concentration of authority and avoidance of excessive compensation, self-dealing, conflicts of interest.

REV

3-or-worse threshold: generally requires RM practices producing material financial risk — or unreliable reporting, failure to safeguard assets, or significant noncompliance.

EEarnings

Quality, quantity, and trend of earnings.

ADD

Factors clarified to capture funding costs and earnings exposure to commodity prices (and FX / other instrument prices).

ADD

New factor: effectiveness of budgeting and income/expense forecasting.

REV

ALLL → ACL; provisioning factor conformed.

LLiquidity

Level and prospective sources of liquidity vs. funding needs.

REV

Broad "capability of management to identify, measure, monitor, control liquidity position…" replaced with "effectiveness of funds management practices, including contingency funding plans and cash flow forecasting."

ADD

Contingency funding plans expected to include operationalized and confirmed access to reliable funds providers.

SSensitivity to Market Risk

Degree rate / FX / commodity / price moves can hit earnings or capital.

ADD

Explicit factor: recent net interest income performance vs. the rate environment, NII expectations from the balance sheet, and interest-rate volatility exposure.

REV

"Adequacy of market risk measurement and control practices given the institution's scale and activities" replaces broad IMMC language.

Composite definitions, as proposed

Proposed text from Appendix A, with the operative change relative to the current framework noted beneath each tier.

1SOUND

Strong financial performance

Sound in every respect; generally components rated 1 or 2. Risk-management weaknesses are minor. Substantial compliance with laws and regulations. No cause for supervisory concern.

ChangeRe-keyed to "strong financial performance" with risk-management weakness held to "minor."

2SOUND

Satisfactory financial performance

Fundamentally sound; generally no component more severe than 3. Risk-management weaknesses are moderate and generally do not result in material financial risk. Substantial compliance; informal, limited supervisory response.

Change"Moderate" RM weakness expressly tied to the absence of material financial risk.

3CONCERN

Less than satisfactory — or material-risk RM

Less-than-satisfactory financial performance or inadequate risk-management practices that result in material financial risk. Significant noncompliance may also warrant a 3. More-than-normal supervision; failure appears unlikely given financial capacity.

ChangeA 3 now requires either weak financial performance or RM weakness rising to material financial risk.

4SERIOUS

Deficient financial performance

Significant supervisory concern; RM weaknesses range from severe to critically deficient; significant noncompliance representing material financial risk may exist. Formal action usually necessary; poses risk to the DIF/SIF.

ChangeRM weaknesses that do not produce observable deterioration or material financial risk would not alone support a 4-or-worse.

5CRITICAL

Critically deficient financial performance

Highest degree of supervisory concern. Immediate outside financial or other assistance needed for viability. Significant risk of loss to the DIF/SIF; failure highly probable.

ChangeTier re-keyed explicitly to "critically deficient financial performance."

Redline — operative text, 1996 → 2026 proposed

A word-level comparison of the operative 1996 UFIRS against the proposed text in Appendix A. The 1996 baseline is the Federal Register statement at 61 FR 67021 (Dec. 19, 1996); the proposed text is Appendix A of FR Doc. 2026-09944 (91 FR 29128). Both are U.S. Government works.

~~struck~~ = removed in proposal underlined = added in proposal ⋯ unchanged ⋯ = passage carried over without material change

INT

Introduction

Reframes the system around safety & soundness and material financial risk.

▼

The Uniform Financial Institutions Rating System (UFIRS) was adopted by the Federal Financial Institutions Examination Council (FFIEC) on November 13, 1979, and updated on December 20, 1996. Over the years, the UFIRS has generally proven to be an effective internal supervisory tool for evaluating the soundness of financial institutions on a uniform basis and for identifying those institutions requiring special attention or concern.

Deleted

A number of changes, however, have occurred in the banking industry and in the Federal supervisory agencies' policies and procedures which have prompted a review and revision of the 1979 rating system. The revisions to UFIRS include the addition of a sixth component addressing sensitivity to market risks, the explicit reference to the quality of risk management processes in the management component, and the identification of risk elements within the composite and component rating descriptions.

The UFIRS evaluates the safety and soundness of a financial institution through an assessment of the institution's overall financial condition and its risk profile, with emphasis on material financial risks. The UFIRS considers the institution's financial condition, measured in terms of Capital Adequacy, Asset Quality, Earnings, Liquidity, and Sensitivity to Market Risk. The UFIRS also evaluates the effectiveness of an institution's risk management relative to its risk profile, including its ability to identify, measure, monitor, and control its risks.

The revisions to UFIRS are not intended to add to the regulatory burden of institutions or require additional policies or processes. The revisions are intended to promote and complement efficient examination processes. The revisions have been made to update the rating system, while retaining the basic framework of the original rating system. The FFIEC has identified ways to further clarify the UFIRS system to strengthen the link between supervisory ratings and safety and soundness. Specifically, the revised UFIRS retains the basic framework of the existing rating system but emphasizes factors that materially affect an institution's financial condition and risk profile. These updates will improve the effectiveness of UFIRS as a supervisory tool and increase the public's confidence in supervisors' assessment of the banking system.

The UFIRS takes into consideration certain ~~financial, managerial, and compliance~~ safety and soundness related factors that are common to all institutions. Under this system, the ~~supervisory agencies~~ FFIEC member entities endeavor to ensure that all financial institutions are evaluated in a comprehensive and uniform manner, and that supervisory attention is appropriately focused on the financial institutions exhibiting ~~financial and operational weaknesses or adverse trends~~material financial weaknesses or risks.

The UFIRS also serves as a useful vehicle for identifying problem or deteriorating financial institutions, as well as for categorizing institutions with deficiencies in particular component areas. Further, the rating system assists Congress in following safety and soundness trends and in assessing the aggregate strength and soundness of the financial industry. As such, the UFIRS assists the ~~agencies~~ FFIEC member entities in fulfilling their collective mission of maintaining stability and public confidence in the nation's financial system.

OVW

Overview

Drops the arithmetic-average sentence and the "special consideration" paragraph (Change A); rewrites the specialty/foreign-branch language (Change C).

▼

Under the UFIRS, each financial institution is assigned a composite rating that measures its overall financial condition and risk profile, with emphasis on material financial risks. The composite rating is based on an evaluation and rating of six essential components of an institution's financial condition and operations. These component factors address the adequacy of capital, the quality of assets, the capability of management, the quality and level of earnings, the adequacy of liquidity, and the sensitivity to market risk.safety and soundness. These components are Capital Adequacy, Asset Quality, Management, Earnings, Liquidity, and Sensitivity to Market Risk. Evaluations of the components take into consideration the institution's size and sophistication, the nature and complexity of its activities, and its risk profile.

Composite and component ratings are assigned based on a 1 to 5 numerical scale. A 1 indicates the highest rating, the strongest performance and risk management practices, and the least degree of supervisory concern, while a 5 indicates the lowest rating, the weakest performance, ~~inadequate risk management practices~~ and, therefore, the highest degree of supervisory concern.

The composite rating generally bears a close relationship to the component ratings assigned. ~~However, the composite rating is not derived by computing an arithmetic average of the component ratings.~~ Each component rating is based on a ~~qualitative analysis of the factors~~ rigorous assessment of the evaluation factors comprising that component ~~and its interrelationship with the other components~~. In the revised framework, financial condition and material financial risks are the predominant considerations when making rating determinations. When assigning a composite rating, some components may be given more weight than others depending on the ~~situation at the institution. In general, assignment of a composite rating may incorporate any factor that bears significantly on the overall condition and soundness of the financial institution.~~ institution's overall financial condition and risk profile with emphasis on material financial risks. Assigned composite and component ratings are disclosed to the institution's board of directors and senior management.

Change A — entire paragraph deleted

The ability of management to respond to changing circumstances and to address the risks that may arise from changing business conditions, or the initiation of new activities or products, is an important factor in evaluating a financial institution's overall risk profile and the level of supervisory attention warranted. For this reason, the management component is given special consideration when assigning a composite rating.

Deleted — size/complexity narrative no longer in Overview

The ability of management to identify, measure, monitor, and control the risks of its operations is also taken into account when assigning each component rating. It is recognized, however, that appropriate management practices vary considerably among financial institutions, depending on their size, complexity, and risk profile. For less complex institutions engaged solely in traditional banking activities… At more complex institutions, on the other hand, detailed and formal management systems and controls are needed… For less complex institutions engaging in less sophisticated risk taking activities, detailed or highly formalized management systems and controls are not required to receive strong or satisfactory component or composite ratings.

Change C — specialty / foreign branch
Foreign Branch and specialty ~~examination~~ review findings and ~~the~~ ratings ~~assigned to those areas are taken into consideration, as appropriate,~~ are considered when assigning ~~component and composite~~ composite and component ratings under the UFIRS to the extent that they impact an institution's overall financial condition or pose material financial risk. ~~The specialty examination areas include: Compliance, Community Reinvestment, Government Security Dealers, Information Systems, Municipal Security Dealers, Transfer Agent, and Trust.~~ For institutions that primarily engage in trust activities (such as trust banks), Trust examination findings and ratings generally reflect the institution's overall financial condition or material financial risks, and examination conclusions are taken into consideration when assigning composite and component ratings under the UFIRS.

following two sections unchanged

CMP

Composite Ratings — intro & tiers 1–5

Each tier re-keyed to a financial-performance adjective; "withstanding business fluctuations" / "outside influences" language removed throughout.

▼

Composite ratings are based on a careful evaluation of an institution's ~~managerial, operational, financial, and compliance performance~~ financial condition and risk profile with emphasis on material financial risks. The six key components used to assess an institution~~'s financial condition and operations~~ are: ~~capital adequacy, asset quality, management capability, earnings quantity and quality, the adequacy of liquidity, and sensitivity to market risk~~ Capital Adequacy, Asset Quality, Management, Earnings, Liquidity, and Sensitivity to Market Risk. The rating scale ranges from 1 to 5, with a rating of 1 indicating: the strongest performance and risk management practices relative to the institution's size, complexity, and risk profile; and the level of least supervisory concern. A 5 rating indicates: the most critically deficient level of performance; inadequate risk management practices relative to the institution's size, complexity, and risk profile; and the greatest supervisory concern. The composite ratings are defined as follows:

Composite 1. Financial institutions in this group are sound in every respect and generally have components rated 1 or 2. Any weaknesses are minor and can be handled in a routine manner by the board of directors and management. These financial institutions are the most capable of withstanding the vagaries of business conditions and are resistant to outside influences such as economic instability in their trade area. These institutions exhibit strong financial performance. Risk management weaknesses are minor. These ~~financial~~ institutions are in substantial compliance with laws and regulations. As a result, these ~~financial institutions exhibit the strongest performance and risk management practices relative to the institution's size, complexity, and risk profile, and give~~ institutions give no cause for supervisory concern.

Composite 2. Financial institutions in this group are fundamentally sound~~. For a financial institution to receive this rating, generally~~ and generally no component rating should be more severe than 3. Only moderate weaknesses are present and are well within the board of directors' and management's capabilities and willingness to correct. These financial institutions are stable and are capable of withstanding business fluctuations. These financial institutions These institutions exhibit satisfactory financial performance. Any risk management weaknesses are moderate and generally do not result in material financial risk to the institution. These institutions are in substantial compliance with laws and regulations. ~~Overall risk management practices are satisfactory relative to the institution's size, complexity, and risk profile. There are no material supervisory concerns~~ There are no material safety and soundness concerns and, as a result, the supervisory response is informal and limited.

Composite 3. Financial institutions in this group exhibit some degree of supervisory concern in one or more of the component areas. These financial institutions exhibit a combination of weaknesses that may range from moderate to severe; however, the magnitude of the deficiencies generally will not cause a component to be rated more severely than 4. Management may lack the ability or willingness to effectively address weaknesses within appropriate time frames. Financial institutions in this group generally are less capable of withstanding business fluctuations and are more vulnerable to outside influences than those institutions rated a composite 1 or 2. Additionally, these financial institutions may be in and generally no component rating should be more severe than 4. These institutions exhibit less than satisfactory financial performance or inadequate risk management practices that result in material financial risk to the institution. There may be significant noncompliance with laws and regulations. ~~Risk management practices may be less than satisfactory relative to the institution's size, complexity, and risk profile. These~~ These financial institutions require more than normal supervision, which may include formal or informal enforcement actions. Failure appears unlikely, however, given the overall strength and financial capacity of these institutions.

Composite 4. Financial institutions in this group generally exhibit unsafe and unsound practices or conditions. There are serious financial or managerial deficiencies that result in unsatisfactory performance. The problems range from severe to critically deficient. The weaknesses and problems are not being satisfactorily addressed or resolved by the board of directors and management. Financial institutions in this group generally are not capable of withstanding business fluctuations. There may be significant noncompliance with laws and regulations. Risk management practices are generally unacceptable relative to the institution's size, complexity, and risk profile. a significant degree of supervisory concern. These institutions exhibit deficient financial performance. Any risk management weaknesses range from severe to critically deficient. There may be significant noncompliance with laws and regulations that represents material financial risk. Close supervisory attention is required, which means, in most cases, formal enforcement action is necessary to address the problems. Institutions in this group pose a risk of loss to the ~~deposit insurance fund~~ Deposit Insurance Fund or Share Insurance Fund. Failure is a distinct possibility if the problems and weaknesses are not satisfactorily addressed and resolved.

Composite 5. Financial institutions in this group exhibit extremely unsafe and unsound practices or conditions; exhibit a critically deficient performance; often contain inadequate risk management practices relative to the institution's size, complexity, and risk profile; and are of the greatest supervisory concern. The volume and severity of problems are beyond management's ability or willingness to control or correct. the highest degree of supervisory concern. These institutions exhibit critically deficient financial performance. Immediate outside financial or other assistance is needed ~~in order~~ for the ~~financial~~ institution to be viable. Ongoing supervisory attention is necessary. Institutions in this group pose a significant risk of loss to the ~~deposit insurance fund~~ Deposit Insurance Fund or Share Insurance Fund, and failure is highly probable.

GEN

Component Ratings — general framing

Removes the cross-component "reiteration" rationale; adds the documented additional-factor gate (Change F).

▼

Each of the component rating descriptions is divided into three sections: an introductory paragraph; a list of the ~~principal~~ evaluation factors that relate to that component; and a ~~brief~~ description of each numerical rating for that component. ~~Some of the evaluation factors are reiterated under one or more of the other components to reinforce the interrelationship between components.~~ Generally, component ratings are determined by the specific evaluation factors listed in the following sections; however, exceptional circumstances or evolving business practices could give rise to additional evaluation factors that are critical to an assessment of an institution's financial condition or risk profile with emphasis on material financial risks. If any factor beyond those listed is considered when assigning a supervisory rating, examiners should document and explain the factor. The ~~listing of evaluation factors for each component rating is~~ evaluation factors for each component rating are in no particular order of importance.

Capital Adequacy

IMMC framing removed from description; contingent liabilities added; ALLL→ACL; growth-experience factor deleted.

▼

The Capital Adequacy rating reflects a financial institution's ability to maintain sufficient capital to absorb unexpected losses from credit, market, and other risk exposures. An institution ~~A financial institution~~ is expected to maintain capital commensurate with the nature and extent of risks to the institution and the ability of management to identify, measure, monitor, and control these risks. The effect of credit, market, and other risks on the institution's financial condition should be considered when evaluating the adequacy of capital. The types and quantity of risk ~~inherent in~~ in an institution's activities ~~will determine the extent to which it may be necessary~~ determine whether it may be appropriate to maintain capital at levels above required regulatory minimums to ~~properly reflect the potentially adverse consequences that these risks may have on the institution's capital~~ appropriately support on- and off-balance sheet exposures.

Evaluation factors ~~(rated based upon, but not limited to)~~ (Capital Adequacy is rated based on an assessment of the following):

The level and quality of capital and the ~~overall financial condition of the institution~~ institution's overall financial condition.
~~The ability of management to address emerging needs for additional capital.~~ The institution's effectiveness in maintaining capital levels commensurate with its risk profile and strategic priorities through a range of economic conditions.
The nature, trend, and volume of problem assets, and the adequacy of allowances for ~~loan and lease losses and other valuation reserves~~ credit losses and other asset valuation allowances.
Balance sheet composition, including the nature and amount of intangible assets, ~~market risk, concentration risk, and risks associated with nontraditional activities~~ market risks, credit risks, concentration risks, and risks associated with other material activities.
~~Risk exposure represented by off-balance sheet activities.~~ Risks posed by off-balance sheet activities and contingent liabilities.
The quality and strength of earnings, and the reasonableness of ~~dividends~~ capital distributions relative to the institution's financial condition and material financial risks.
~~Prospects and plans for growth, as well as past experience in managing growth.~~
~~Access to capital markets and other sources of capital, including support provided by a parent holding company.~~ Access to other sources of capital, including capital markets and support provided by a sponsor, parent, or holding company.

Ratings. 1–2 unchanged in substance. 3: "exceeds minimum regulatory ~~and statutory~~ requirements." 4: ~~In light of the institution's risk profile, viability~~ Viability of the institution may be threatened, but failure does not appear imminent. 5: unchanged.

Asset Quality

Reputation/strategic/compliance risk clause removed; documentation-exceptions and MIS factors dropped; ACL conforming.

▼

The ~~asset quality~~ Asset Quality rating reflects the quantity of existing and potential credit risks associated with a financial institution's ~~the~~ loan and investment portfolios, ~~other real estate owned~~ foreclosed or repossessed assets, and other assets, as well as off-balance sheet ~~transactions. The ability of management to identify, measure, monitor, and control credit risk is also reflected here. The evaluation of asset quality should consider~~ exposures. The evaluation of asset quality includes the adequacy of ~~the allowance for loan and lease losses and weigh~~ allowances for credit losses and the exposure to counterparty, issuer, or borrower default under actual or implied contractual agreements. All other risks that may affect the value or marketability of an institution's assets, including, but not limited to, operating, market, reputation, strategic, or compliance risks, should also be considered obligor, issuer, borrower, or other counterparty defaults.

Evaluation factors — selected diffs:

~~The adequacy of underwriting standards, soundness of credit administration practices, and appropriateness of risk identification practices.~~ The effectiveness of credit underwriting and administration practices.
The level, distribution, severity, and trend of problem, ~~classified~~ adversely classified, nonaccrual, restructured, modified, delinquent, and nonperforming assets for on- ~~both on-~~ and off-balance sheet transactions.
The adequacy of ~~the allowance for loan and lease losses~~ allowances for credit losses and other asset valuation ~~reserves~~ allowances.
The financial risk arising from asset concentrations. ~~The existence of asset concentrations.~~
~~The ability of management to properly administer its assets, including the timely identification and collection of problem assets.~~ → replaced by ▸ The effectiveness of risk monitoring practices and timely collection of problem assets.
~~The adequacy of internal controls and management information systems.~~
~~The volume and nature of credit documentation exceptions.~~

Ratings. Terminology standardized (Change G): a 3 shifts from "less than satisfactory… ~~There is generally a need to improve credit administration and risk management practices~~" to the streamlined "less than satisfactory asset quality or inadequate credit underwriting or administration practices"; "management's abilities" qualifiers removed from the 1 and 2 tiers.

Management — the core of the proposal

Three factors deleted (Change B); ratings ladder rebuilt around a material-financial-risk threshold.

▼

Change B + threshold

The ~~capability of~~ Management rating reflects the effectiveness of a financial institution's board of directors and management, in their respective roles, to identify, measure, monitor, and control the material financial risks associated with the institution's activities. the board of directors and management, in their respective roles, to identify, measure, monitor, and control the risks of an institution's activities and to ensure a financial institution's safe, sound, and efficient operation in compliance with applicable laws and regulations is reflected in this rating. Generally, directors need not be actively involved in day-to-day operations; however, they must provide clear guidance regarding acceptable risk exposure levels and ensure that appropriate policies, procedures, and practices have been established. Senior management is responsible for developing and implementing policies, procedures, and practices that translate the board's goals, objectives, and risk limits into prudent operating standards. Depending on the nature and scope of an institution's activities, management practices may need to address some or all of the following risks: credit, market, operating or transaction, reputation, strategic, compliance, legal, liquidity, and other risks. Sound risk management practices are demonstrated through effective board of directors and senior management oversight; risk management policies, practices, and limits; audits, internal controls, and recordkeeping; and risk monitoring and management information systems.

Evaluation factors:

The level and quality of oversight ~~and support of all institution activities~~ by the board of directors and management.
The ~~ability~~ effectiveness of the board of directors and management, in their respective roles, to plan for and ~~, and~~ respond to, risks that may arise from changing business conditions or the initiation of new activities or products.
The ~~adequacy of, and conformance with, appropriate internal policies and~~ effectiveness of controls addressing the operations and risks of significant activities.
The accuracy, timeliness, and effectiveness of management information and risk monitoring systems ~~appropriate for the institution's size, complexity, and risk profile~~.
The adequacy of audits, ~~and~~ internal controls, and recordkeeping to : promote effective operations and reliable financial and regulatory reporting;, safeguard assets;, and ensure compliance with laws~~, regulations, and internal policies~~ and regulations.
Compliance with laws and regulations.
~~Responsiveness to recommendations from auditors and supervisory authorities.~~
~~Management depth and succession.~~
The extent that ~~the board of~~ directors and ~~management is~~ management are affected by, or susceptible to, dominant influence or concentration of authority.
~~Reasonableness of compensation policies and avoidance of self-dealing.~~ Avoidance of excessive compensation, self-dealing, and conflicts of interest.
~~Demonstrated willingness to serve the legitimate banking needs of the community.~~
~~The overall performance of the institution and its risk profile.~~

Ratings — rebuilt around material financial risk:

3: A rating of 3 indicates management and board performance that need improvement or risk management practices that are less than satisfactory given the nature of the institution's activities. The capabilities of management or the board of directors may be insufficient for the type, size, or condition of the institution. Problems and significant risks may be inadequately identified, measured, monitored, or controlled. A rating of 3 indicates risk management practices including internal controls, audit, or recordkeeping, that are less than satisfactory, resulting in material financial risk to the institution. This rating also applies to institutions that have unreliable financial or regulatory reporting, have failed to safeguard assets, or are in significant noncompliance with law or regulation. The capabilities of management or the board of directors may be insufficient for the type, size, or condition of the institution.

4: …risk management practices that are inadequate considering the nature of an institution's activities. The level of problems and risk exposure is excessive. Problems and significant risks are inadequately identified, measured, monitored, or controlled and require immediate action… A rating of 4 indicates deficient risk management practices, resulting in material financial risk to the institution. The level of problems and risk exposure is excessive. Immediate action is required to preserve the soundness of the institution. Replacing or strengthening management or the board may be necessary.

5: …critically deficient management and board performance or risk management practices. Management and the board of directors have not demonstrated the ability to correct problems… Problems and significant risks are inadequately identified, measured, monitored, or controlled and now threaten the continued viability… A rating of 5 indicates critically deficient risk management practices, resulting in material financial risk to the institution. Problems and significant risks now threaten the continued viability of the institution. Replacing or strengthening management or the board of directors is likely necessary.

Earnings

Funding-cost & forecasting factors sharpened; commodity-price exposure added; ACL conforming.

▼

Evaluation factors — selected diffs:

~~The level of expenses in relation to operations.~~ The level of funding costs and noninterest expenses relative to the institution's business model.
~~The adequacy of the budgeting systems, forecasting processes, and management information systems in general.~~ The effectiveness of budgeting and income and expense forecasting.
The adequacy of provisions to maintain ~~the allowance for loan and lease losses and other valuation allowance accounts~~ allowances for credit losses and other asset valuation allowances.
The earnings exposure to market risk such as interest rate, foreign exchange, commodity price, or other financial instrument price risks ~~and price risks~~.

Description sentence adds explicit funding/operating-expense and "poorly executed business strategies" framing; ratings ladder relabeled per Change G ("need to be improved" → "less than satisfactory"; "need to be improved/deficient" terminology standardized).

Liquidity

The marquee IMMC swap; "legitimate banking needs of community" removed; contingency-access language tightened.

▼

In ~~evaluating the adequacy of a financial institution's liquidity position, consideration should be given to the~~ general, the Liquidity rating reflects the current level and prospective sources of liquidity compared to funding needs, as well as to the adequacy of funds management practices relative to the institution's size, complexity, and risk profile. In general, funds management practices should ensure that an institution is able to maintain a level of liquidity sufficient to meet its financial obligations in a timely manner and to fulfill the legitimate banking needs of its community. In general, funds management practices should ensure that a financial institution is able to maintain sufficient liquidity to meet its financial obligations in a timely manner. Practices should reflect the ~~ability of the institution~~ institution's ability to manage unplanned changes in funding sources, as well as react to changes in market conditions… Contingency funding plans should enable an institution to effectively navigate funding shortfalls or stress events and include operationalized and confirmed access to reliable funds providers.

Evaluation factors — selected diffs:

~~Access to money markets and other sources of funding.~~ Access to reliable external or contingent funding sources, particularly to address potential liquidity shortfalls.
The ~~level of diversification of funding sources~~ level of funding diversification or funding concentrations, both on- and off-balance sheet.
The degree of reliance on short-term~~, volatile sources of funds, including borrowings and brokered deposits,~~ or less stable funding sources to fund longer ~~term~~-term assets.
The ability to ~~securitize and sell certain pools of assets~~ pledge, sell, or securitize assets.
The capability of management to properly identify, measure, monitor, and control the institution's liquidity position, including the effectiveness of funds management strategies, liquidity policies, management information systems, and contingency funding plans. → ▸ The effectiveness of funds management practices, including contingency funding plans and cash flow forecasting.

Ratings. "well-developed funds management practices" → "effective funds management practices"; "present and anticipated liquidity needs" → "present, anticipated, and contingent liquidity needs"; tiers relabeled per Change G.

Sensitivity to Market Risk

"Equity prices" → "other financial instrument prices"; net-interest-income performance & expectations added.

▼

The ~~sensitivity to market risk component~~ Sensitivity to Market Risk rating reflects the degree to which changes in interest rates, foreign exchange rates, commodity prices, or ~~equity prices~~ other financial instrument prices can adversely affect a financial institution's earnings or economic capital. When evaluating this component, consideration should be given to: management's ability to identify, measure, monitor, and control market risk; the institution's size; the nature and complexity of its activities; and the adequacy of its capital and earnings in relation to its level of market risk exposure capital. When evaluating this component, the primary consideration is the level, trend, measurement, and control of market risk relative to an institution's capital and earnings.

Evaluation factors — selected diffs:

The sensitivity of the ~~financial institution's~~ institution's earnings or ~~the economic value of its~~ capital to adverse changes in interest rates, foreign exchange rates, commodity prices, or ~~equity prices~~ other financial instrument prices.
Recent net interest income performance in response to the interest rate environment, and expectations for net interest income based on the balance sheet position and exposure to interest rate volatility.
Measures of the long-term sensitivity of exposure to interest rate volatility on the institution's net economic value.
~~The ability of management to identify, measure, monitor, and control exposure to market risk given the institution's size, complexity, and risk profile.~~ The adequacy of market risk measurement and control practices given the institution's scale and activities.
The degree to which assets, liabilities, and off-balance sheet exposures are appropriately aligned… as well as other risk mitigation strategies, such as hedging.
The effectiveness of managing embedded options risk in assets and liabilities.

Ratings. Each tier loses the standalone "Risk management practices are [strong/satisfactory/…] for the size, sophistication, and market risk accepted" sentences (Change G — RM detail stripped from non-Management ladders); "well controlled / satisfactorily controlled / less than satisfactory / deficient / critically deficient" vocabulary applied.

Redline scope

This is a targeted redline: structural sections (Introduction, Overview, Composite, Component general) and the Management component are shown in full word-level diff; for Capital, Asset Quality, Earnings, Liquidity, and Sensitivity, descriptions and evaluation-factor lists are diffed in full, and the 1–5 rating ladders are summarized where the change is the systematic Change-G terminology swap. Passages marked "⋯ unchanged ⋯" carry over without material change. Verify against the official PDFs before formal citation.

The 11 comment questions

The release's specific questions, tagged to the change areas they bear on — useful for mapping comment-letter sections.

Filter

Do the revisions enhance UFIRS as a safety-and-soundness tool, and should the framework be modified to further strengthen the rating ↔ S&S link?

Effectiveness→ E

Do the revisions appropriately balance financial condition vs. risk profile? Should definitions / factors be adjusted further?

Balance→ D

How far should "evolving business practices" extend in justifying additional evaluation factors? What counts as one?

Discretion→ F

How should compliance with laws/regs be weighted in composite and Management ratings? Advantages/disadvantages of differentiating material-risk vs. non-material violations; should type, severity, frequency, management's role matter?

Compliance calibration→ B,C

What threshold should make a specialty-review finding count in component/composite ratings? How much should specialty findings specifically influence Management?

Specialty threshold→ C

Should the framework expect a close composite ↔ component relationship with no single component driving the composite? Pros/cons of requiring additional justification when one component drives it?

Composite mechanics→ A,D

Should a less-than-satisfactory Management rating be rare — needing additional justification — when all other components are satisfactory? Advantages/disadvantages?

Management primacy→ A,B

Should Management factors directly assess whether compensation is excessive? Pros/cons of limiting the factor to self-dealing / conflicts of interest? Other misaligned-incentive / principal-agent factors?

Compensation→ B

Should Management factors consider whether directors/management are affected by or susceptible to dominant influence or concentration of authority?

Governance / control→ B

Do the changes effectively limit double-counting a single finding across ratings? Could embedding compliance in Management cause redundant consideration of one noncompliance issue?

Redundancy→ B,C

Does added specificity in the Sensitivity to Market Risk definitions/factors improve clarity? How to further refine for how rates, FX, commodity, or other prices affect earnings/capital?

Sensitivity / IRR→ E,F

Context & method

Provenance, procedural posture, and how this briefing handles "current vs. proposed."

Procedural posture

Issued as an FFIEC notice and request for comment — a proposed recommendation, not a rule. RFA / PRA / UMRA analyses are voluntary; no new mandates or information collections.

OIRA designated it a significant regulatory action under EO 12866 (§3(f)); reviewed by OIRA. No incremental costs expected under EO 14192.

Comment period: 90 days after Federal Register publication — published May 19, 2026 (91 FR 29128; on Public Inspection May 18), so comments close Aug 17, 2026. CSBS/SLC contacts are listed (Quist; Lambert).

Evidentiary base the agencies cite

Agencies' own analysis of CAMELS ratings 2000–2025 — composite/component correlation varies; Management most influential, especially recently.

Cites Kupiec et al. (2017) on downgrades ↔ lower loan growth and Kiser et al. (2016) on crisis-era small-bank C&I / CRE lending; Bergin & Stiroh (2021) on ratings' three functions; Berger et al. (1998) on supervisory vs. market assessments; and Correia, Luck & Verner (2025) — Supervising Failing Banks — for ratings out-informing balance-sheet metrics on failure.

Notes EGRPRA outreach as partial impetus.

Where leadership stands & the state angle

Principals' on-the-record reactions and the dual-banking-system read — useful for positioning a comment.

Principals' statements

OCC

Comptroller Jonathan Gould supports the direction — shifting supervision away from process-heavy oversight toward material financial risk — but flagged that the revisions do not, in his view, sufficiently address "double counting" within the Management component. That maps directly onto Q10 and Change C; a Q10-based comment can cite a sitting principal's reservation.

NCUA

Chairman Kyle Hauptman issued a statement on the proposal alongside the release — worth reading for the credit-union framing, given the proposal reaches all federally insured (including state-chartered) credit unions.

State-federal / dual-banking read

UFIRS is the shared rating language across the dual banking system — used by federal and state supervisors alike. The SLC/CSBS appearing on the release (Quist; Lambert) signals state buy-in to the re-anchoring on financial condition.

A more financial-condition-anchored, less process-driven rating should reduce divergence risk between state and federal exam outcomes on the same institution.

Note the asymmetry: the only federalism discussion in the release is NCUA's EO 13132 analysis for state-chartered credit unions — there is no parallel federalism analysis for state banks, which a state-side commenter may find notable.

Method & accuracy note

The "current framework" descriptions on the Changes and Component tabs are drawn from the FFIEC's own characterization in Section II of the proposing release. The Redline tab goes further: it diffs the verified operative 1996 UFIRS text — the Federal Register statement at 61 FR 67021 (Dec. 19, 1996), as reproduced verbatim in FDIC FIL-105-96 — against the proposed Appendix A text. Both are U.S. Government works.

On the two 1996 dates. Appendix A states the UFIRS was "updated on December 20, 1996," while the baseline here is cited to 61 FR 67021 (Dec. 19, 1996). These are reconcilable, not inconsistent: the FFIEC Task Force on Supervision approved the update Dec. 9, 1996; the FR notice published Dec. 19; the FDIC and Federal Reserve Boards adopted it Dec. 20 (SR 96-38); and it took effect Jan. 1, 1997. "Dec. 20" is the Board-adoption date; "Dec. 19" is the publication date.

One drafting tension worth a comment hook: proposed Composite 4 says risk-management weaknesses "range from severe to critically deficient," while the standardized risk-management vocabulary in change G is "effective / adequate / inadequate / deficient" — i.e., "severe" and "critically deficient" sit outside the new scale. The Management ratings ladder also retains "critically deficient" at the 5 tier, consistent with G's Management carve-out, but the Composite-4 phrasing does not map cleanly to either scale.