Examination Rating System

AGENCY:

Federal Housing Finance Agency.

ACTION:

Notice.

SUMMARY:

The Federal Housing Finance Agency (FHFA) is adopting a new examination rating system to be used when examining Fannie Mae and Freddie Mac (Enterprises), the Federal Home Loan Banks (Banks) (collectively, regulated entities), and the Banks' Office of Finance. The new rating system is based on a “CAMELSO” framework and requires an assessment of seven individual components dealing with Capital, Asset quality, Management, Earnings, Liquidity, Sensitivity to market risk, and Operational risk. The new system replaces those that had been developed by FHFA's predecessor agencies.

DATES:

FHFA will use the new rating system for all examinations commencing after January 1, 2013.

FOR FURTHER INFORMATION CONTACT:

Karen Walter, Senior Associate Director, Division of Supervision Policy and Support, (202) 649-3405, Karen.Walter@fhfa.gov, or Carol Connelly, Principal Examination Specialist, Division of Supervision Policy and Support, (202) 649-3232, Carol.Connelly@fhfa.gov, Federal Housing Finance Agency, 400 Seventh Street SW., Washington, DC 20024.

SUPPLEMENTARY INFORMATION:

I. Background

A. Notice and Request for Comments

In June 2012, FHFA published a notice and request for public comments (Notice) relating to a new rating system to be used when examining the Enterprises, Banks, and Office of Finance. See 77 FR 36536 (June 19, 2012). The 30-day comment period closed on July 19, 2012 without FHFA receiving any comment letters. Accordingly, FHFA is adopting the new examination rating system as proposed in the Notice, with the exception of the minor revisions noted below, which FHFA is making to clarify certain aspects of the new system.

B. Finance Agency's Statutory Authorities

Effective July 30, 2008, the Housing and Economic Recovery Act of 2008 (HERA), Public Law 110-289, 122 Stat. 2654 (2008), created FHFA as an independent agency of the Federal Government and transferred to it the supervisory and oversight responsibilities over the Enterprises and Banks that formerly had been vested with the Office of Federal Housing Enterprise Oversight (OFHEO) and the Federal Housing Finance Board (Finance Board), respectively. HERA provided that the Enterprises and the Banks were to be subject to the supervision and regulation of FHFA, and granted the Director of FHFA general regulatory authority over those regulated entities. 12 U.S.C. 4511(b). As regulator, FHFA is charged with ensuring that the Banks and Enterprises operate in a safe and sound manner, comply with applicable laws, and carry out their statutory missions. 12 U.S.C. 4513(a). The Director is authorized to exercise whatever incidental powers are necessary or appropriate to fulfilling his duties and responsibilities in overseeing the Banks and Enterprises, and to issue any regulations, guidelines or orders as are necessary to carry out his duties. 12 U.S.C. 4513(a)(2), 4526(a). The Director is also required to conduct an annual on-site examination of each Bank and Enterprise to determine its financial condition and to ensure that it operates in a safe and sound manner, and is authorized to conduct other examinations whenever he deems it to be appropriate or necessary. 12 U.S.C. 4517(a), (b).

C. Existing Examination Rating Systems

As described in the Notice, FHFA examinations staff continues to use the examination rating systems that had been developed by its predecessor agencies. The FHFA's Division of Federal Home Loan Bank Regulation uses the Federal Home Loan Bank Rating System for assigning examination ratings to the Banks and the Office of Finance. That system had been developed by the Finance Board and was adopted after having been published for comment in the Federal Register. See 72 FR 547 (January 5, 2007). That rating system was a numeric system based on a four-point scale. The FHFA examinations staff also continues to use the rating system developed by OFHEO in connection with its examination of the Enterprises. The OFHEO rating system was based on a non-numeric four-point scale ranging from “No or Minimal Concerns” to “Critical Concerns.” Although those existing examination rating systems differ in certain respects, both effectively addressed governance, capital adequacy and earnings, credit risk, market risk, and operational risk, which reflects the similarity in the financial risks to which the Banks and Enterprises are exposed. Because of those similarities, FHFA determined that it could improve its examination process by developing a single rating system that could be used when examining the Enterprises, the Banks, and the Banks' Office of Finance.

D. Proposed Examination Rating System

As described in the Notice, FHFA relies on its annual on-site examinations, as well as on periodic visitations and off-site monitoring, to ensure that the Banks and the Enterprises operate in a safe and sound manner, comply with applicable laws, and carry out their housing finance missions. On-site examinations ensure that FHFA carries out its oversight responsibilities and constitute the cornerstone of the agency's safety and soundness supervision program. As such, it is important that the manner in which the examinations are conducted and the manner in which the examination findings are organized and presented address key areas of the entities' business that present risks to their financial condition, performance, and safe and sound operations. The new examination rating system further refines the means of FHFA's communicating examination results, so that it may better identify and address supervisory concerns that may arise.

II. New Examination Rating System

The new examination rating system is the same as described in the Notice, with the exception of the minor revisions noted below. The new system is risk-focused, which means that each regulated entity and the Office of Finance will be assigned a composite rating based on an evaluation of various aspects of its operations. Specifically, the composite rating of a Bank or an Enterprise will be based on an evaluation and rating of the following seven individual components: Capital, Asset quality; Management; Earnings; Liquidity; Sensitivity to market risk; and Operational risk, and will be referred to as the Entity's “CAMELSO” rating. That rating system is similar to the “CAMELS” rating system used by the federal banking regulators for depository institutions. For the Banks' joint office, the Office of Finance, the composite rating will be based primarily on an evaluation of two components, Management and Operational risk. Because the Office of Finance principally issues and services joint debt instruments on behalf of the Banks, and does not maintain or fund an investment portfolio, the other components are not relevant to assessing its condition, performance, and risk management.

Under the new rating system, each Bank and Enterprise, as well as the Office of Finance, will be assigned a composite numerical rating from “1” to “5.” A “1” rating indicates the lowest degree of supervisory concern, while a “5” rating indicates the highest level of supervisory concern. The composite rating of each Bank, the Enterprises, and the Office of Finance will reflect the ratings of the underlying components, which also will be rated on a scale of “1” to “5.” As is the case under the current rating system, the composite rating is not an arithmetic average of the component ratings. Instead, the relative importance of each component will be determined on a case-by-case basis, within the parameters established by this rating system.

In the version of the examination rating system published with the Notice, each of the seven components on which the entities are to be evaluated included a list of “evaluative factors” relating to the particular component. In the version of the examination rating system being adopted with this Notice, FHFA has made modest revisions or additions to the evaluative factors or the components, which are described briefly below.

Under the “Capital” component, FHFA has revised the fourth bullet paragraph of evaluative factors, relating to off-balance sheet activities, to refer to the “level and composition” inherent in those activities. The prior version had referred to the risk exposure represented by those activities. Under the “Asset Quality” component, FHFA has added an explicit reference to “advances” within the component itself, as well as a new fifth bullet paragraph for the evaluative factors, relating to the level and trend of charge-offs. Under the “Management” component, FHFA has added a new eighth bullet paragraph addressing the adequacy of anti-money laundering processes and other processes to identify, manage or report financial fraud. Under the “Earnings” component, FHFA has revised the language of the first evaluative factor modestly and added a reference to earnings from “core business activities.” Under the “Operational Risk” component, FHFA has added two new evaluative factors (the third and fourth bullet paragraphs) regarding management's ability to identify and control operational risk and the effectiveness of controls over third party vendors. In all other respects, the content of this examination rating system is the same as the content of the system published for notice and comment.

With respect to the component ratings, both the original and final versions of the rating system make clear that the list of evaluative factors relating to each component is not an exhaustive listing of the factors that examiners will consider when rating an institution. Each of the revisions described above in the final version is intended to provide additional clarity about the types of factors that examiners will consider and does not materially alter the substance of what was addressed in the original version on which FHFA sought comments. Going forward, FHFA may make further revisions to the language of this examination rating system as may be necessary to promote clarity or better achieve its supervisory and examination objectives. FHFA does not intend to seek public comments prior to making any such changes. In the event that FHFA were to make significant substantive changes to the examination rating system, such as it has done by replacing the OFHEO and FHFB systems with the new CAMELSO system, it may seek public comment prior to making any changes of that magnitude.

A copy of the new examination rating system is attached to this notice. FHFA will apply the new systems to examinations of the Enterprises, Banks and the Office of Finance that commence after January 1, 2013.

III. Consideration of Differences

Section 1313 of the Safety and Soundness Act, as amended by HERA, requires the Director, prior to promulgating any regulation or taking any other formal or informal action of general applicability and future effect, including the issuance of advisory documents or examination guidance, to consider differences between the regulated entities with respect to the Banks' cooperative ownership structure; mission of providing liquidity to members; affordable housing and community development mission; capital structure; and joint and several liability. As noted previously, although the operations of the Banks and the Enterprises differ in a number of respects, they are all government sponsored enterprises with a public mission to supporting housing finance, and they all face similar risks with respect to capital adequacy, the quality their assets and management, earnings, liquidity, market risk and operational risk. The new examination rating system principally addresses the manner in which FHFA examiners are to document their assessments of the financial condition and performance of the Enterprises and the Banks in connection with their periodic examinations. Because the system does not direct the Enterprises or the Banks to do anything, it likely does not constitute “examination guidance” as that term is used in HERA. Nonetheless, in developing the new rating system, the Director has considered the differences between the Banks and the Enterprises as they relate to the above factors, and has determined that the common risks faced by the Banks and the Enterprises justify the use of a single examination rating system for all of the regulated entities.

Examination Rating System

I. Introduction and Overview

The FHFA Examination Rating System is a risk-focused rating system under which each regulated entity and the Office of Finance (OF) is assigned a composite rating based on an evaluation of various aspects of its operations. Specifically, the composite rating of a Federal Home Loan Bank or an Enterprise is based on an evaluation and rating of seven components: Capital, Asset quality; Management; Earnings; Liquidity; Sensitivity to market risk; and Operational risk (CAMELSO). The composite rating of the Office of Finance is based primarily on an evaluation of two components: Management and Operational risk.

Under the rating system, each Federal Home Loan Bank, Enterprise and the OF is assigned a composite rating from “1” to “5.” A “1” rating indicates the lowest degree of supervisory concern, while a “5” rating indicates the highest level of supervisory concern. The composite rating of each Federal Home Loan Bank and Enterprise and the OF reflects the ratings of the underlying components, which are also rated on a scale of “1” to “5.” The composite rating is not an arithmetic average of the component ratings. Instead, the relative importance of each component is determined on a case-by-case basis, within the parameters established by this rating system.

II. Composite Ratings

Composite ratings are based on a careful evaluation of: A Federal Home Loan Bank's or Enterprise's capital, asset quality, management, earnings, liquidity, sensitivity to market risk, and operational risk; and the OF's management and operational risk. A regulated entity will be assigned a composite rating of “1” to “5” as described below.

Composite 1—The regulated entity is sound in every respect and typically each component is rated “1” or “2.” Any weaknesses are minor and can be addressed in a routine manner by the board of directors and management. The regulated entity is well positioned to withstand business fluctuations and adverse changes in the economic environment. Risk management practices are effective given the regulated entity's size, complexity and risk profile, and the regulated entity is in substantial compliance with laws, regulations, and regulatory requirements.

Composite 2—The regulated entity is generally sound and most components are rated “1” or “2” and typically no component is rated more severely than a “3.” Weaknesses are moderate and the board and management have demonstrated the ability and willingness to take necessary corrective action. The regulated entity is able to withstand business fluctuations and adverse changes in the economic environment. Risk management practices are satisfactory given the regulated entity's size, complexity and risk profile, and the regulated entity is in substantial compliance with laws, regulations, and regulatory requirements.

Composite 3—The regulated entity exhibits moderate to severe weaknesses in one or more respects but most components are rated “3” or better and no component is rated more severely than a “4.” Board and management may have demonstrated a lack of willingness or ability to address identified weaknesses within appropriate timeframes. The regulated entity is generally less capable of withstanding business fluctuations and adverse changes in the economic environment than regulated entities rated a composite “1” or “2.” Risk management practices typically need improvement given the regulated entity's size, complexity and risk profile, and the regulated entity may be in non-compliance with certain laws, regulations, and/or regulatory requirements.

Composite 4—The regulated entity generally exhibits severe weaknesses in multiple respects that result in serious deficiencies and unsatisfactory performance given its risk profile. The weaknesses may range from serious to critically deficient, to unsafe or unsound practices that have not been satisfactorily addressed or resolved by the board of directors and management within approved timeframes. The regulated entity is susceptible to further deterioration in condition or performance from business fluctuations and adverse changes in the economic environment. Risk management practices are deficient given the regulated entity's size, complexity and risk profile, and the regulated entity may be in non-compliance with critical laws, regulations and regulatory requirements. The viability of the regulated entity may be threatened if the problems and weaknesses are not satisfactorily resolved within an appropriate timeframe.

Composite 5—The regulated entity exhibits a volume and severity of problems that are beyond the ability of the board of directors or management to correct. The regulated entity exhibits unsafe or unsound practices or conditions. Changes to the board of directors or management are needed and outside financial or other assistance may be needed in order for the regulated entity to be viable. Risk management practices are critically deficient given the regulated entity's size, complexity and risk profile, and the regulated entity may be in significant non-compliance with laws, regulations, and regulatory requirements.

III. Component Ratings

The composite rating is derived from the seven component ratings that are described below. Each of the component rating descriptions provides a list of evaluative factors that relate to that component. The listing of evaluative factors is not exhaustive, and is not in order of importance.

CAPITAL—when rating a regulated entity's capital, examiners determine whether the regulated entity has sufficient capital relative to the entity's risk profile. When making this determination, examiners assess:

• The extent to which the regulated entity meets (or fails to meet) applicable capital requirements (laws, regulations, orders, guidance);
• The overall financial condition of the regulated entity;
• The composition of the balance sheet, including the nature and amount of intangible assets, the composition of capital, market risk, and concentration risk;
• The level, composition and risk exposure inherent in off-balance sheet activities;
• The types and quantity of risk inherent in the regulated entity's activities and management's ability to effectively identify, measure, monitor and control each of these risks;
• The potentially adverse consequences these risks may have on the regulated entity's capital;
• The adequacy of the allowance for loan losses and other reserves, as well as the nature, trend and volume of problem assets;
• The quality and strength of earnings and the reasonableness of dividends;
• The regulated entity's prospects and plans for growth, as well as the regulated entity's past experience in managing growth;
• The ability of management to address emerging needs for additional capital; and
• The regulated entity's access to capital markets and other sources of capital.

Capital Ratings

1. A rating of 1 indicates: The level and composition of capital is strong relative to the regulated entity's risk profile. The regulated entity meets or exceeds all regulatory and statutory capital requirements and is expected to continue to be well-capitalized considering potential risks to the regulated entity. Capital management practices are strong.

2. A rating of 2 indicates: The level and composition of capital is satisfactory relative to the regulated entity's risk profile. The regulated entity meets or exceeds all regulatory and statutory capital requirements and is expected to continue to be satisfactorily capitalized considering potential risks to the regulated entity. Capital management practices are satisfactory, although minor weaknesses may be identified.

3. A rating of 3 indicates: The level and/or composition of capital needs improvement and does not fully support the regulated entity's risk profile. Although the regulated entity may currently meet or exceed minimum regulatory and statutory capital requirements, capital should be augmented when considering potential risks to the regulated entity. Capital management practices need improvement.

4. A rating of 4 indicates: The level and/or composition of capital are not adequate relative to the regulated entity's risk profile. The regulated entity may not meet all minimum regulatory and statutory capital requirements, and the viability of the entity may be in question. Capital management practices exhibit deficiencies.

5. A rating of 5 indicates: The level and composition of capital are critically deficient and the viability of the regulated entity may be threatened. The regulated entity does not meet minimum regulatory and statutory capital requirements. Outside financial assistance may be needed in order for the regulated entity to be viable.

ASSET QUALITY—when rating a regulated entity's asset quality, examiners determine the quantity of existing and potential credit risk associated with the loan and investment portfolios, advances, real estate owned, and other assets, as well as off-balance sheet transactions, and management's ability to identify, measure, monitor and control credit risk. When making this determination, examiners assess:

• The adequacy of underwriting standards;
• The soundness of credit administration practices;
• The appropriateness of risk identification and rating practices;
• The level, distribution, severity of problem, adversely classified, nonaccrual, restructured, delinquent, and nonperforming assets for both on- and off-balance sheet transactions;
• The level and trend of charge-offs;
• The adequacy of the allowance for loan losses and other asset valuation reserves;
• The credit risk arising from or reduced by off-balance sheet transactions, such as unfunded commitments, credit derivatives, and lines of credit;
• The diversification and quality of the loan and investment portfolios;
• The extent of securities underwriting activities and exposure to counterparties in trading activities;
• The existence of asset concentrations;
• The level and pace of asset growth;
• The adequacy of loan and investment policies, procedures and practices;
• The ability of management to properly administer its assets, including the timely identification and collection of problem assets;
• The adequacy of internal controls and management information systems; and
• The volume and nature of credit documentation exceptions.

Asset Quality Ratings

1. A rating of 1 indicates: Asset quality and credit risk management practices are strong. Any identified weaknesses are minor in nature and risk exposure is minimal in relation to the regulated entity's capital protection and management's ability to identify, monitor and mitigate risks

2. A rating of 2 indicates: Asset quality and credit risk management practices are satisfactory. Identified weaknesses, such as the level and severity of adversely-rated or classified assets, are moderate and in-line with the regulated entity's capital protection and management's ability to identify, monitor and mitigate risks.

3. A rating of 3 indicates: Asset quality or credit risk management practices need improvement. Identified weaknesses, such as the level and severity of adversely rated or classified assets, are significant and not in-line with the regulated entity's capital protection or management's ability to identify, monitor and mitigate risks.

4. A rating of 4 indicates: Asset quality or credit risk management practices are deficient. Identified weaknesses, such as the level of problem assets are significant and inadequately controlled. The weaknesses subject the regulated entity to potential losses, which if left unchecked may threaten the regulated entity's viability.

5. A rating of 5 indicates: Asset quality or credit risk management practices are critically deficient and may represent an imminent threat to the regulated entity's viability.

MANAGEMENT—when rating a regulated entity's management, examiners determine the capability and willingness of the board of directors and management, in their respective roles, to identify, measure, monitor, and control the risks of the regulated entity's activities and to ensure that the regulated entity's safe, sound and efficient operations are in compliance with applicable laws and regulations. When making this determination, examiners assess:

• The level and quality of oversight and support of all entity activities by the board of directors and management;
• The quality and effectiveness of strategic planning;
• The ability of the board of directors and management, in their respective roles, to plan for, and respond to, risks that may arise from changing business conditions or the initiation of new activities or products;
• The adequacy of, and conformance with, appropriate internal policies and controls addressing the operations and risks of significant activities;
• The accuracy, timeliness and effectiveness of management information and risk monitoring systems appropriate for the regulated entity's size, complexity and risk profile;
• The ability and willingness to identify, measure, monitor, and control risks across the regulated entity;
• The adequacy of audits and internal controls to promote effective operations and reliable financial and regulatory reporting; safeguard assets; and ensure compliance with laws, regulations, regulatory requirements, and internal policies;
• The adequacy of anti-money laundering processes and other processes designed to identify, manage and/or report financial fraud;
• The regulated entity's compliance with laws and regulations, including Prudential Management and Operational Standards (PMOS), Office of Minority and Women Inclusion (OMWI) and relevant provisions of the Dodd-Frank Act;
• The regulated entity's responsiveness to findings made by regulatory authorities, the regulated entity's risk management function, internal/external audit functions or outside consultants;
• The depth of management and management succession;
• The extent that the board of directors and management is affected by, or susceptible to, dominant influence or concentration of authority;
• The reasonableness and comparability of compensation and compensation policies and avoidance of self-dealing;
• The ability of the regulated entity to achieve mission-related goals and requirements, including affordable housing and community investment requirements; and
• The overall performance of the regulated entity and its risk profile.

Management Ratings

1. A rating of 1 indicates: The performance by the board of directors and management, and risk management practices relative to the regulated entity's size, complexity and risk profile are strong. All significant risks are consistently and effectively identified, measured, monitored and controlled. The regulated entity is in substantial compliance with laws, regulations and regulatory requirements, including mission-related and affordable housing goals and requirements. The board of directors and management demonstrate the ability to promptly and successfully address existing and potential problems and risks.

2. A rating of 2 indicates: The performance by the board of directors and management, and risk management practices relative to the regulated entity's size, complexity and risk profile are satisfactory. Generally, significant risks and problems are effectively identified, measured, monitored and controlled. The regulated entity is in substantial compliance with laws, regulations and regulatory requirements, including mission-related and affordable housing goals and requirements. Minor weaknesses may exist, but they are not material to the safety and soundness of the regulated entity, and are being satisfactorily addressed.

3. A rating of 3 indicates: The performance by the board of directors and management, and/or risk management practices need improvement given the regulated entity's size, complexity and risk profile. Problems and significant risks may be inadequately identified, measured, monitored or controlled. The regulated entity may be in non-compliance with laws, regulations and regulatory requirements, including mission-related and affordable housing goals and requirements. The capabilities of the board of directors or management may be insufficient for the type, size or condition of the regulated entity.

4. A rating of 4 indicates: The performance by the board of directors and management and/or risk management practices are deficient given the regulated entity's size, complexity and risk profile. Operational or performance problems and significant risks are inadequately identified, measured, monitored or controlled, and require immediate action to preserve the soundness of the regulated entity. The regulated entity may be in significant non-compliance with laws, regulations and regulatory requirements, including mission-related and affordable housing goals and requirements.

5. A rating of 5 indicates: The performance by the board of directors and management and/or risk management practices are critically deficient. Problems and significant risks are inadequately identified, measured, monitored or controlled, and may threaten the viability of the regulated entity. The regulated entity is in significant non-compliance with laws, regulations and regulatory requirements, including mission-related and affordable housing goals and requirements. The board of directors and management fail to demonstrate the ability or willingness to correct problems and implement appropriate risk management practices.

EARNINGS—when rating a regulated entity's earnings, examiners determine the quantity, trend, sustainability, and quality of earnings. When making this determination, examiners assess:

• The level, trend and stability of earnings from core business activities;
• The ability to provide for adequate capital through retained earnings;
• The quality and source of earnings, including the level of reliance on extraordinary gains, nonrecurring events, or favorable tax effects;
• The level of expenses in relations to operations;
• The adequacy of the budgeting systems, forecasting processes, and management information systems in general;
• The adequacy of provisions to maintain the allowance for loan losses and other valuation allowance accounts; and
• The earnings exposure to market risk.

Earnings Ratings

1. A rating of 1 indicates: The quality, quantity, and sustainability of earnings are strong. The regulated entity's earnings are more than sufficient to support operations and maintain adequate capital and allowance levels after considering the regulated entity's overall condition, growth and other factors.

2. A rating of 2 indicates: The quality, quantity, and sustainability of earnings are satisfactory. The regulated entity's earnings are sufficient to support operations and maintain adequate capital and allowance levels after considering the regulated entity's overall condition, growth and other factors.

3. A rating of 3 indicates: The quality, quantity, or sustainability of earnings need improvement. The regulated entity's earnings may not fully support the regulated entity's operations or provide for adequate capital and/or allowance levels in relation to the regulated entity's overall condition, growth, and other factors.

4. A rating of 4 indicates: The quality, quantity, and/or sustainability of earnings are deficient. The regulated entity's earnings are insufficient to support operations and maintain adequate capital and allowance levels.

5. A rating of 5 indicates: The quality, quantity, and/or sustainability of earnings are critically deficient. The regulated entity's earnings are inadequate to cover expenses, and losses may threaten the regulated entity's viability through the erosion of capital.

LIQUIDITY—when rating a regulated entity's liquidity, examiners determine the current level and prospective sources of liquidity compared to funding needs, as well as the adequacy of funds management practices relative to the regulated entity's size, complexity and risk profile. When making this determination, examiners assess:

• The adequacy of liquidity sources to meet present and future needs and the ability of the regulated entity to meet liquidity needs without adversely affecting its operations or condition;
• The availability of assets readily convertible to cash without undue loss;
• The regulated entity's access to money markets and other secondary sources of funding;
• The level and diversification of funding sources, both on- and off-balance sheet;
• The degree of reliance on short-term, volatile sources of funding to fund longer term assets;
• The ability to securitize and sell certain pools of assets; and
• The capability and willingness of management to properly identify, measure, monitor and control the regulated entity's liquidity position, including the effectiveness of funds management strategies, liquidity policies, management information systems and contingency liquidity plans.

Liquidity Ratings

1. A rating of 1 indicates: The level of liquidity and the regulated entity's management of its liquidity position are strong. Any identified weaknesses in its liquidity management practices are minor. The regulated entity has reliable access to sufficient sources of funds on favorable terms to meet current and anticipated liquidity needs. The regulated entity meets or exceeds regulatory guidance related to liquidity.

2. A rating of 2 indicates: The level of liquidity and the regulated entity's management of its liquidity position are satisfactory. The regulated entity may have moderate weaknesses in its liquidity management practices, but these are correctable in the normal course of business. The regulated entity has reliable access to sufficient sources of funds on acceptable terms to meet current and anticipated liquidity needs. The regulated entity meets or exceeds regulatory guidance related to liquidity.

3. A rating of 3 indicates: The level of liquidity or the regulated entity's management of its liquidity position needs improvement. The regulated entity may evidence moderate weaknesses in funds management practices, or weaknesses that are not correctable in the normal course of business. The regulated entity may lack ready access to funds on reasonable terms. The regulated entity may not meet all regulatory guidance related to liquidity.

4. A rating of 4 indicates: The level of liquidity or the regulated entity's management of its liquidity position is deficient. The regulated entity may not have or be able to obtain sufficient funds on reasonable terms. The regulated entity does not meet all regulatory guidance related to liquidity.

5. A rating of 5 indicates: The level of liquidity or the regulated entity's management of its liquidity position is critically deficient. The viability of the regulated entity may be threatened and the regulated entity may need to seek immediate external financial assistance to meet maturing obligations or other liquidity needs. The regulated entity does not meet regulatory guidance related to liquidity.

SENSITIVITY TO MARKET RISK—when rating a regulated entity's sensitivity to market risk, examiners determine the degree to which changes in interest rates, foreign exchange rates, commodity prices, or equity prices can adversely affect the regulated entity's earnings or economic capital. When making this determination, examiners assess:

• The sensitivity of the regulated entity's earnings, or the economic value of its capital to adverse changes in interest rates, foreign exchange rates, commodity prices or equity prices;
• The ability of management to identify, measure, monitor and control exposure to market risk given the regulated entity's size, complexity and risk profile;
• The nature and complexity of interest rate risk exposure arising from non-trading positions; and
• The nature and complexity of market risk exposure arising from trading, asset management activities and foreign operations.

Sensitivity to Market Risk Ratings

1. A rating of 1 indicates: Market risk sensitivity is well controlled and there is minimal potential that the regulated entity's earnings performance or capital position will be adversely affected by market risk sensitivity. Risk management practices are strong for the size, sophistication and market risk accepted by the regulated entity. Earnings and capital provide substantial support for the amount of market risk taken by the regulated entity.

2. A rating of 2 indicates: Market risk sensitivity is satisfactorily controlled and there is moderate potential that the regulated entity's earnings performance or capital position will be adversely affected by market risk sensitivity. Risk management practices are satisfactory for the size, sophistication and market risk accepted by the regulated entity. Earnings and capital provide adequate support for the amount of market risk taken by the regulated entity.

3. A rating of 3 indicates: Market risk sensitivity control needs improvement or there is significant potential that the regulated entity's earnings performance or capital position will be adversely affected by market risk sensitivity. Risk management practices need improvement given the size, sophistication and market risk accepted by the regulated entity. Earnings and capital may not adequately support the amount of market risk taken by the regulated entity.

4. A rating of 4 indicates: Market risk sensitivity control is deficient or there is a high potential that the regulated entity's earnings performance or capital position will be adversely affected by market risk sensitivity. Risk management practices are deficient for the size, sophistication and market risk accepted by the regulated entity. Earnings and capital provide inadequate support for the amount of market risk taken by the regulated entity.

5. A rating of 5 indicates: Market risk sensitivity control is critically deficient or the level of market risk taken by the regulated entity may be an imminent threat to the regulated entity's viability. Risk management practices are critically deficient for the size, sophistication and level of market risk accepted by the regulated entity.

OPERATIONAL RISK—when rating a regulated entity's operational risk, examiners determine the exposure to loss from inadequate or failed internal processes, people, and systems, including internal controls and information technology, or from external events, including all direct and indirect economic losses related to legal liability, reputational setbacks, and compliance and remediation costs to the extent such costs are consequences of operational events. When making this determination examiners assess:

• The efficiency and effectiveness of operations and technology;
• The effectiveness of the operational risk framework in identifying and assessing threats posed to operations;
• The ability of management to identify, measure, monitor and control operational risk;
• The effectiveness of controls over third-party vendors;
• The quality of operational risk management in the administration of the regulated entity's mission-related activities, including affordable housing and community investment activities;
• The organizational structure, including lines of authority and responsibility for adhering to prescribed policies;
• The accuracy of recording transactions;
• The effectiveness of internal controls over financial reporting (i.e., the level of compliance with Sarbanes-Oxley section 404);
• The controls surrounding limits of authorities, including: safeguarding access to and use of records and assets; segregation of duties;
• The effectiveness of the control environment in preventing and/or detecting errors and unauthorized activity;
• The accuracy, effectiveness and security of information systems, data and management reporting;
• The effectiveness of business continuity planning; and
• The effectiveness, accuracy and security of models.

Operational Risk Ratings

1. A rating of 1 indicates: Operational risk management is strong and the number and severity of operational risk events are low. There is minimal potential that the regulated entity's earnings performance or capital position will be adversely affected by the level of operational risk.

2. A rating of 2 indicates: Operational risk management is satisfactory and the number and severity of operational risk events are moderate. There is moderate potential that the regulated entity's earnings performance or capital position will be adversely affected by the level of operational risk.

3. A rating of 3 indicates: Operational risk management needs improvement or there is significant potential that the regulated entity's earnings performance or capital position will be adversely affected by the level of operational risk. The number and severity of operational risk events are moderate to serious.

4. A rating of 4 indicates: Operational risk management is deficient or there is a high potential that the regulated entity's earnings performance or capital position will be adversely affected by the level of operational risk. The number and severity of operational risk events are serious to critical.

5. A rating of 5 indicates: Operational risk management is critically deficient or the level of operational risk taken by the regulated entity may be an imminent threat to the regulated entity's viability. The number and severity of operational risk events may threaten the regulated entity's viability.