# Revisions to the Large Financial Institution Rating System and Framework for the Supervision of Insurance Organizations
**AGENCY:**
Board of Governors of the Federal Reserve System (Board).
**ACTION:**
Final notice.
**SUMMARY:**
The Board is adopting a final notice to revise its Large Financial Institution (LFI) rating system (LFI Framework) and the rating system for depository institution holding companies significantly engaged in insurance activities (Insurance Supervisory Framework, together with the LFI Framework, Frameworks) to more appropriately identify as “well managed” firms that have sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions, including stressful ones. The final notice also replaces the presumption in the Frameworks that firms with one or more Deficient-1 component ratings will be subject to a formal or informal enforcement action with a statement that such firms may be subject to a formal or informal enforcement action, depending on particular facts and circumstances. The final notice also removes a reference to reputational risk in the Insurance Supervisory Framework.
**DATES:**
Effective January 16, 2026.
**FOR FURTHER INFORMATION CONTACT:**
Marta Chaffee, Senior Associate Director, (202) 263-4814, Juan Climent, Deputy Associate Director, (202) 872-7526, Catherine Tilford, Deputy Associate Director, (202) 452-5240, April Snyder, Assistant Director, (202) 452-3099, Missaka Nuwan Warusawitharana, Manager, (202) 452-3461, Devyn Jeffereis, Lead Financial Institution Policy Analyst, (202) 452-2729, and Ricardo Duque Gabriel, Economist, (202) 313-1664, Division of Supervision and Regulation; or Reena Sahni, Deputy General Counsel, (202) 527-2911, Jay Schwarz, Deputy Associate General Counsel, (202) 452-2970, David Cohen, Counsel, (202) 452-5259, Vivien Lee, Attorney, (202) 452-2029, and Daniel Parks, Attorney, (771) 210-7183, Legal Division. For users of TTY-TRS, please call 711 from any telephone, anywhere in the United States or (202) 263-4869.
**SUPPLEMENTARY INFORMATION:**
**Table of Contents**
I. Introduction
A. Background
1. LFI Framework
2. Insurance Supervisory Framework
B. Proposal and Overview of Comments Received
II. Overview of Final Notice and Comments Received
A. General Comments
B. LFI Framework Definition of “Well Managed”
C. LFI Framework Enforcement Action Presumption
D. Insurance Supervisory Framework Definition of “Well Managed” and Enforcement Action Presumption
E. Changes to Appendix B: Framework for the Supervision of Insurance Organizations
III. Economic Analysis
A. Baseline
B. Revisions to the Frameworks Contained in the Final Notice Relative to Baseline
C. Analysis of Benefits and Costs
1. Benefits
a. Supervisory Efficiency and Efficacy
b. Reduction of Compliance Costs and Other Impediments to Growth
2. Costs
D. Conclusion
IV. Administrative Law Matters
A. Solicitation of Comments and Use of Plain Language
B. Paperwork Reduction Act
C. Regulatory Flexibility Act
D. Riegle Community Development and Regulatory Improvement Act of 1994
Appendix A—Text of the Large Financial Institution Rating System
Appendix B—Text of the Insurance Supervisory Framework
**I. Introduction**
**A. Background**
The Board supervises and regulates companies that control one or more banks (bank holding companies) and companies that are not bank holding companies that control one or more savings associations (savings and loan holding companies, together with bank holding companies, depository institution holding companies). Congress gave the Board regulatory and supervisory authority for bank holding companies through the enactment of the Bank Holding Company Act of 1956 (BHC Act). [^1] The Board's regulation and supervision of savings and loan holding companies began in 2011 when provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) [^2] transferring supervision and regulation of savings and loan holding companies from the Office of Thrift Supervision to the Board took effect. [^3] Upon this transfer, the Board became the federal supervisory agency for all depository institution holding companies, including a portfolio of depository institution holding companies significantly engaged in insurance activities (supervised insurance organizations). [^4] The Board has developed supervisory rating frameworks for its supervised entities, based on their size and complexity, to assess their financial and operational strength.
[^1] Ch. 240, 70 Stat. 133.
[^2] Public Law 111-203, 124 Stat. 1376 (2010).
[^3] Dodd-Frank Act tit. III, 124 Stat. at 1520-70.
[^4] Specifically, a supervised insurance organization is a depository institution holding company that is an insurance underwriting company, or that has over 25 percent of its consolidated assets held by insurance underwriting subsidiaries, or has been otherwise designated as a supervised insurance organization by the Federal Reserve.
**1. LFI Framework**
The Board adopted the LFI Framework in 2018 and issued related guidance in 2019. [^5] The Board designed the LFI Framework to align with the Federal Reserve's supervisory programs and practices, enhance the clarity and consistency of supervisory assessments and communications of supervisory findings and implications, and provide transparency related to the supervisory consequences of a given rating. The LFI Framework applies to bank holding companies and non-insurance, non-commercial savings and loan holding companies with total consolidated assets of $100 billion or more, and U.S. intermediate holding companies of foreign banking organizations established under Regulation YY with total consolidated assets of $50 billion or more.
[^5] 83 FR 58724 (Nov. 21, 2018); SR Letter 19-3/CA Letter 19-2, Large Financial Institution (LFI) Rating System (Feb. 26, 2019), *https://www.federalreserve.gov/supervisionreg/srletters/sr1903.htm.*
The LFI Framework evaluates whether a firm possesses sufficient financial and operational strength and resilience to maintain safe and sound operations and comply with laws and regulations, including those related to consumer protection, through a range of conditions. It includes three components: (1) Capital Planning and Positions; (2) Liquidity Risk Management and Positions; and (3) Governance and Controls. [^6] Each component is rated based on a four-point non-numeric scale: Broadly Meets Expectations, [^7] Conditionally Meets Expectations, [^8] Deficient-1, [^9] and Deficient-2. [^10]
[^6]*See* SR Letter 19-3/CA Letter 19-2.
[^7] Indicates that a firm's practices and capabilities broadly meet supervisory expectations, and the firm possesses sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions.
[^8] Indicates that there are certain material financial or operational weaknesses in a firm's practices or capabilities that may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business.
[^9] Indicates that there are financial or operational deficiencies in a firm's practices or capabilities, which put the firm's prospects for remaining safe and sound through a range of conditions at significant risk.
[^10] Indicates that there are financial or operational deficiencies in a firm's practices or capabilities which present a threat to the firm's safety and soundness or have already put the firm in an unsafe and unsound condition.
The BHC Act defines the term “well managed” [^11] and identifies certain benefits that may be available to a firm that meets the criteria. [^12] A bank holding company that is “well managed,” and that is “well managed” at each of its depository institution subsidiaries, among other requirements, may elect to be treated as a financial holding company. [^13] A financial holding company may engage in a broader range of nonbanking activities, such as securities underwriting and dealing, than a bank holding company that has not made such an election. [^14] The BHC Act permits a firm that is “well managed” to engage in certain expansionary activities, and to pursue investments in, and acquisitions of, certain nonbank financial companies, without obtaining prior Board approval. [^15] The loss of “well managed” status can constrain a banking organization that is a financial holding company; can limit the banking organization from benefiting from certain expedited processing of applications available to “well managed” firms; and can limit the scope of certain new activities and acquisitions permissible for the firm. [^16] This can include limitations on acquisitions of, and investments in, companies engaged in certain financial activities without prior approval by the Board. [^17]
[^11] 12 U.S.C. 1841(o)(9). Under the BHC Act, “well managed” means a company or depository institution that has achieved (i) “a CAMEL composite rating of 1 or 2 (or an equivalent rating under an equivalent rating system),” and (ii) “at least a satisfactory rating for management, if such a rating is given.”
[^12]*See, e.g.,* 12 U.S.C. 1843(j)(4)(B).
[^13]*See* 12 U.S.C. 1843(l).
[^14] For a bank holding company to qualify as a financial holding company and engage in certain financial activities, the bank holding company and each of its depository institution subsidiaries must be “well capitalized” and “well managed.” *See* 12 U.S.C. 1843(l)(1).
[^15]*See* 12 U.S.C. 1843(l).
[^16]*See, e.g.,* 12 U.S.C. 1842(d) and 1843( *l* ); 12 CFR 225.4(b)(6), 225.14, 225.22(a), 225.23; 12 CFR 211.9(b), 211.10(a)(14), 211.34; and 12 CFR 223.41.
[^17]*See, e.g.,* 12 CFR 225.83(d)(2).
The LFI Framework states that a “well managed” firm has sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions, including stressful ones. [^18] Previously under the LFI Framework, a firm that received a rating of Deficient-1 or Deficient-2 in any component rating was not considered “well managed” for purposes of the BHC Act and for certain other purposes. [^19] When issuing the LFI Framework, the Board explained that a banking organization was not in satisfactory condition overall unless it was considered sound in each of the key areas of capital, liquidity, and governance and controls. A Deficient-1 component rating was, and continues to be, issued when financial or operational deficiencies at a firm put the firm's prospects for remaining safe and sound through a range of conditions at significant risk, but the firm's current condition is not considered to be materially threatened. Moreover, the LFI Framework established a presumption that the Board would impose a formal or informal enforcement action on any firm with a Deficient-1 or Deficient-2 component rating.
[^18]*See* SR Letter 19-3/CA Letter 19-2, Large Financial Institution (LFI) Rating System (Feb. 26, 2019), *https://www.federalreserve.gov/supervisionreg/srletters/sr1903.htm.*
[^19] For purposes of determining whether a firm is considered “well managed” under section 2(o)(9) of the BHC Act, the Federal Reserve considers the three component ratings, taken together, to be equivalent to assigning a standalone composite rating. 83 FR 58724, 58730 (Nov. 21, 2018). The LFI Framework does not designate any of the three component ratings as a management rating, because each component evaluates different aspects of a firm's management.
**2. Insurance Supervisory Framework**
The Board's current supervisory approach for noninsurance depository institution holding companies assesses holding companies whose primary risks are related to the business of banking. The risks arising from insurance activities, however, are materially different from traditional banking risks. The top-tier holding company for some supervised insurance organizations is an insurance underwriting company, which is subject to supervision and regulation by the relevant state insurance regulator as well as consolidated supervision by the Board; for all supervised insurance organizations, insurance regulators supervise and regulate the business of insurance underwriting companies. Additionally, the state insurance regulators have established Statutory Accounting Principles through the National Association of Insurance Commissioners to help assess the risks of insurance companies, some of which do not produce consolidated financial statements based on generally accepted accounting principles.
Because of these differences, the Board tailored its supervision and regulation of supervised insurance organizations. In 2022, the Board adopted the Insurance Supervisory Framework. [^20] In addition, in 2023, the Board established a risk-based capital framework designed specifically for supervised insurance organizations. [^21]
[^20] 87 FR 60160 (Oct. 4, 2022); SR Letter 22-8, Framework for the Supervision of Insurance Organizations (Sept. 28, 2022), *https://www.federalreserve.gov/supervisionreg/srletters/SR2208.htm.*
[^21] 88 FR 82950 (Nov. 27, 2023); 12 CFR part 217, subpart J.
The Insurance Supervisory Framework is modeled after the LFI Framework. The Board designed the Insurance Supervisory Framework to reflect supervisory requirements and expectations applicable to supervised insurance organizations. Further, within the Insurance Supervisory Framework, the application of supervisory guidance and the assignment of supervisory resources is based explicitly on a supervised insurance organization's complexity and individual risk profile. [^22]
[^22] For example, the Insurance Supervisory Framework classifies supervised insurance organizations as either complex or noncomplex.
Similarly to the LFI Framework, the Insurance Supervisory Framework includes three components (Capital Management, Liquidity Management, and Governance and Controls), with each component rated based on a four-point non-numeric scale (Broadly Meets Expectations, [^23] Conditionally Meets Expectations, [^24] Deficient-1, [^25] and Deficient-2 [^26] ).
[^23] Indicates a supervised insurance organization's practices and capabilities broadly meet supervisory expectations and that the holding company effectively serves as a source of managerial and financial strength for its depository institution(s) and possesses sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of stressful yet plausible conditions.
[^24] Indicates a supervised insurance organization's practices and capabilities are generally considered sound, but certain supervisory issues are sufficiently material that if not resolved in a timely manner during the normal course of business, they may put the firm's prospects for remaining safe and sound, and/or the holding company's ability to serve as a source of managerial and financial strength for its depository institution(s), at risk.
[^25] Indicates that financial or operational deficiencies in a supervised insurance organization's practices or capabilities put its prospects for remaining safe and sound, and/or the holding company's ability to serve as a source of managerial and financial strength for its depository institution(s), at significant risk.
[^26] Indicates that financial or operational deficiencies in a supervised insurance organization's practices or capabilities present a threat to its safety and soundness, have already put it in an unsafe and unsound condition, and/or make it unlikely that the holding company will be able to serve as a source of financial and managerial strength to its depository institution(s).
Like firms subject to the LFI Framework, certain supervised insurance organizations that lose their “well managed” status may be restricted from engaging in certain expansionary activities and pursuing investments in, and acquisitions of, certain nonbank financial companies without obtaining prior Board approval. [^27] Previously, under the Insurance Supervisory Framework, a supervised insurance organization had to receive a rating of Conditionally Meets Expectations or better in each of the three rating components in order to be considered “well managed.” The Board explained that each rating is defined specifically for supervised insurance organizations with particular emphasis on the obligation that firms serve as a source of financial and managerial strength for their depository institution(s). [^28] A Deficient-1 component rating was, and continues to be, issued when financial or operational deficiencies at a firm put its prospects for remaining safe and sound, and/or the holding company's ability to serve as a source of managerial and financial strength for its depository institution(s), at significant risk. Moreover, the Insurance Supervisory Framework established a presumption that a firm with a Deficient-1 or Deficient-2 rating would be subject to an enforcement action.
[^27]*See* 12 CFR 225.83 and 238.66(b).
[^28] 87 FR 60160 (Oct. 4, 2022).
**B. Proposal and Overview of Comments Received**
On July 15, 2025, the Board invited comment on a proposal to revise the Frameworks such that firms with only one Deficient-1 component rating and two component ratings of Conditionally Meets Expectations or Broadly Meets Expectations would be considered “well managed.” [^29] A firm rated “Deficient-1” in two or more rating components or “Deficient-2” in any rating component would continue not to be considered “well managed.” The proposed revisions reflected experience with the LFI Framework since its introduction in 2018. This experience demonstrates that a firm that has a Deficient-1 rating in an individual component while maintaining a rating of Broadly Meets Expectations or Conditionally Meets Expectations in its other two components would generally have sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions due to its overall robustness. [^30] The proposed revisions also sought to reflect the financial and operational strength and resilience of firms subject to the Frameworks. In addition, the proposal aimed to better align the application of the Frameworks with the operation of the Board's other existing ratings frameworks, none of which determine a firm's composite rating, which is relevant to its “well managed” status, based solely on a single component rating.
[^29] 90 FR 31641 (July 15, 2025).
[^30] For firms subject to the Insurance Supervisory Framework, the proposal reflected that these firms have sufficient financial and operational strength to serve as a source of strength for their depository institutions through a range of stressful yet plausible conditions.
In addition, the Board proposed removing the presumption in the Frameworks that firms with one or more Deficient-1 component ratings will be subject to a formal or informal enforcement action. Instead, under the proposal, the Frameworks would state that firms with one or more Deficient-1 component ratings may be subject to a formal or informal enforcement action, depending on particular facts and circumstances. The proposed revision aimed to align the standard for initiating enforcement actions with other rating frameworks. The proposal maintained the presumption that the Board will impose a formal enforcement action on a firm with one or more Deficient-2 component ratings. All other aspects of the Frameworks would remain unchanged under the proposal.
The Board received ten comments on the proposal. Commenters included industry groups, public interest groups, academics, members of Congress, and other interested parties. Some commenters expressed general support for the proposal and recommended expeditiously adopting the proposal. These commenters stated that the proposal would more accurately reflect a firm's financial and operational strength and resilience to maintain safe and sound operations through a range of conditions, including stressful ones, and thus appropriately increase firms' ability to expand efficiently, reduce compliance costs, and increase innovation. Further, these commenters asserted that the proposal would enable firms to more efficiently allocate resources between resolving material financial issues and serving customers and competing within the financial sector.
Other commenters opposed the proposal overall, stating that it was unnecessary and would increase risks to safety and soundness. Some of these commenters cited historical examples of firms that have failed, expressing concern that the proposal would have treated certain of these firms as “well managed.” Other commenters stated that the proposal would encourage growth in large banking organizations, presenting financial stability risks and increasing competitive disadvantages for community banks. One commenter also asserted the proposal was inconsistent with the Administrative Procedure Act (APA).
Additionally, several commenters provided more specific views on the proposal's “well managed” definition and enforcement action presumption. These comments are described in more detail throughout the remainder of this final notice. Certain commenters suggested changes to Board supervision and other supervisory rating systems which are beyond the scope of this notice.
**II. Overview of Final Notice and Comments Received**
The Board has considered all comments and is finalizing the proposal largely without change. Accordingly, under the final notice, a firm with at least two Broadly Meets Expectations or Conditionally Meets Expectations component ratings and no more than one Deficient-1 component rating will be considered “well managed” under the Frameworks. Additionally, under the final notice, the Frameworks state that firms with one or more Deficient-1 component ratings may be subject to a formal or informal enforcement action, depending on particular facts and circumstances. The final notice does not change the criteria for determining if a firm's component rating is Broadly Meets Expectations, Conditionally Meets Expectations, Deficient-1, or Deficient-2.
The final notice also updates certain references, including removing a reference to reputational risk, in the Insurance Supervisory Framework.
**A. General Comments**
*Support for the Proposal.* Multiple commenters generally supported the proposal and recommended that the Board expeditiously adopt it. These commenters suggested that the proposal would increase the ability of firms to expand efficiently, increase innovation, and more accurately reflect the quality of firm management. The commenters discussed deficiencies in the previous LFI Framework, including that it overemphasizes less important, procedural considerations at the expense of core, material financial risks.
The commenters also suggested that the proposal would increase efficiency. One commenter noted that the proposal may reduce compliance costs, make examinations and remediation more efficient, and enable firms to allocate resources more effectively to resolve material financial issues, resulting in greater lending opportunities. Another commenter stated that the proposal would promote economic growth by allowing institutions without material safety and soundness concerns to invest resources to serve customers and to compete within the financial sector.
*Safety and Soundness.* Several commenters expressed concerns related to the proposal's effect on safety and soundness. Several commenters opposed the proposed changes, noting that supervisory ratings, as currently constructed, are highly predictive of bank failure and provide valuable information on institutional health. These commenters noted that agency research suggests that agency ratings outperform purely financial metrics in predicting future firm performance. Another commenter expressed concern that the proposal would expose holding companies' insured depository institution subsidiaries to certain risks and allow non-bank affiliates to receive subsidies arising from an insured depository institution's access to the federal safety net. This commenter stated that such a result is inconsistent with Congressional intent to ensure only well managed holding companies hold an interest in non-bank entities. One commenter emphasized the importance of the Governance and Controls component to safety and soundness, noting it is the primary means to evaluate management's ability to manage novel and emerging risks, especially those that are difficult to quantify. [^31] The commenter noted that governance lapses are leading indicators of larger systemic breakdowns. [^32] Consequently, the commenter asserted that inadequate governance and risk management at large firms not only affects the safety and soundness of a firm but also amplifies systemic vulnerability across the banking sector. Another commenter expressed concern that a firm with a single Deficient-1 component rating and two Conditionally Meets Expectations component ratings would be considered “well managed” despite existing deficiencies, which could negatively impact financial stability.
[^31] One commenter asserted that climate change is a source of risk to safety and soundness that is unaccounted for under the proposal.
[^32] Similarly, one commenter stated that the proposal downplays the importance of Governance and Controls, which history has demonstrated is very important for large banks. The commenter cited previous instances in which the Board or other agencies have fined large firms for Governance and Controls failures and instances in which failures in management led to firm failures.
The Board agrees that supervisory ratings provide valuable information about a firm's financial and non-financial strengths. The revisions reflect experience with the LFI Framework since its introduction in 2018. This experience demonstrates that a firm that has a Deficient-1 rating in an individual component while maintaining a rating of Broadly Meets Expectations or Conditionally Meets Expectations in its other two components would generally have sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions due to its overall robustness. These “well managed” firms would generally be able to serve as a source of strength for their insured depository institution subsidiaries. In addition, firms subject to the Frameworks would continue to be subject to section 23A of the Federal Reserve Act and the Board's Regulation W, which limits an insured depository institution's ability to transfer its subsidy arising from the institution's access to the federal safety net. [^33]
[^33] 67 FR 76560 (Dec. 12, 2002).
Further, with the revisions, the LFI Framework continues to evaluate the effectiveness of a firm's Capital Planning and Positions, Liquidity Risk Management and Positions, and Governance and Controls, including the ability of firms to identify and manage material financial risks. Similarly, the Insurance Supervisory Framework continues to evaluate the effectiveness of a firm's Capital Management, Liquidity Management, and Governance and Controls, and includes the ability of firms to identify and manage material financial risks. The final notice does not deemphasize any single component rating. [^34] Instead, the revisions ensure that “well managed” determinations take a comprehensive approach and reflect the overall strength of a firm across the three components of the Frameworks. The Frameworks will continue to allow supervisors to communicate concerns about risks and assign ratings based on the level of supervisory concern.
[^34] The Governance and Controls component rating evaluates critical practices and capabilities that provide for the firm's ongoing financial and operational resiliency through a range of conditions.
*Comparison to Silicon Valley Bank Financial Group.* Several commenters used Silicon Valley Bank Financial Group (SVBFG) or Silicon Valley Bank (SVB) as examples to raise concerns with the proposal, noting that SVBFG would have been considered “well managed” under the proposal, and therefore asserting the proposed rating system lacks credibility. One commenter stated the proposal does not address the problem with supervisory rating systems identified by the SVB failure. Specifically, the commenter stated that the problems identified by the SVB failure, which are not addressed under the proposal, include supervisors' focus on multiple nonmaterial management issues while failing to adequately identify and remediate material vulnerabilities with capital and liquidity.
The failure of SVB involved a number of bank risk management and supervisory failures and presented issues that were broader than a firm's “well managed” status under the LFI Framework. Many of these issues are outside the scope of the final notice, but will be considered in any future efforts to make more comprehensive changes to supervisory ratings systems, including efforts to increase emphasis on material financial risks.
*Large Bank Prioritization.* Several commenters expressed concerns that the proposal encourages growth in large banking organizations, which presents financial stability risks and increases competitive disadvantages for community banks. One commenter stated that the proposal would encourage expansion and mergers involving large firms that are not well managed and would thus intensify consolidation in the financial sector. Another commenter raised concerns about the impact of the proposal on community banks, claiming that the proposal would establish two different sets of rules, with standards for large firms being more lenient than those for community banks.
The final notice does not aim to create more lenient standards for large firms relative to community banks. An application to engage in expansionary activities that requires prior Board approval or non-objection would continue to be reviewed under applicable statutory factors, including, in certain instances, how such proposals would impact competition and financial stability. [^35] Further, while certain firms with a single Deficient-1 component rating would no longer be statutorily limited from engaging in new activities and acquisitions permissible only for “well managed” firms without Board approval, the Federal Reserve will consider specific concerns underlying a Deficient-1 component rating in evaluating any application from a firm to engage in new or expansionary activities to the extent those concerns are relevant to the evaluation of a particular statutory factor.
[^35]*See, e.g.,* 12 U.S.C. 1842(c); 12 U.S.C. 1843(j)(2).
In addition, the final notice better aligns the Frameworks with supervisory rating systems that apply to other banking organizations, none of which determine a firm's composite rating, which is relevant to its “well managed” status, based solely on a single component rating. Further, most large firms evaluated under the Frameworks are subject to additional regulatory requirements that are not applicable to smaller firms. [^36] Certain enhanced regulatory requirements are considered when determining a firm's rating under the Frameworks.
[^36]*See e.g.,* 12 CFR 252.
*Arbitrary and Capricious.* One commenter claimed that the proposal is arbitrary and capricious and contrary to the APA, describing the Board's analysis as cursory in nature and asserting that it fails to adequately support the substance of the proposal. In particular, the commenter noted that the Board failed to offer an analysis of the competitive effects of the proposal on small-business and agricultural lending. The rulemaking record, including the additional analysis in Section III of this final notice, demonstrates analysis of the proposal and final notice that is consistent with the requirements of the APA.
*Timing Considerations.* The Board received several comments related to the effective date of the revisions. Some commenters supported quick adoption of the proposal. Another commenter requested clarification on the effective date. One commenter requested the Board extend the comment period. The Board notes that the proposal's comment period was 30 days, which satisfies the requirements of the APA. The limited changes contemplated by the proposal, and the fact that the request for an extension was submitted in conjunction with other substantive comments regarding the proposal, indicate that the Board provided sufficient time for public consideration and comment. As noted above, the effective date for the final notice is November 17, 2025.
*Comments Outside the Scope of the Proposal.* Some commenters suggested potential changes to the Frameworks that were outside the scope of the proposal. For instance, many commenters suggested changes to other aspects of Board supervision and other supervisory rating systems. As mentioned in the proposal, the Board plans to consider more comprehensive changes to supervisory rating systems, including the Frameworks, that apply to Federal Reserve-supervised institutions in the future. As part of these efforts, the Board will consider the additional potential changes submitted by commenters including comments related to changes to the examination process and the process for issuing and rescinding 4(m) agreements.
*Composite Rating.* In the proposal, the Board included questions regarding whether a composite rating should be added to the Frameworks. The Board did not receive any comments that supported implementing a composite rating and several commenters put forth arguments against inclusion of a composite rating. Therefore, the Board is not adding a composite rating to the Frameworks. The revisions ensure that “well managed” determinations take a comprehensive approach and reflect the overall strength of a firm across the three components.
*Insurance Supervisory Framework.* While the Board did not receive any comments specific to the Insurance Supervisory Framework, the Board recognizes that some comments may be relevant to the Insurance Supervisory Framework. Accordingly, the Board has considered such comments in the context of the Insurance Supervisory Framework and is finalizing the revisions to the Frameworks largely without change.
**B. LFI Framework Definition of “Well Managed”**
The proposal would have revised the LFI Framework such that a firm with at least two Broadly Meets Expectations or Conditionally Meets Expectations component ratings and no more than one Deficient-1 component rating would be considered “well managed” under the LFI Framework. A firm would not have been considered “well managed” under the LFI Framework if it received a Deficient-1 for two or more component ratings. A firm would also not have been considered “well managed” under the LFI Framework if it received a Deficient-2 for any of the component ratings.
Several commenters supported the proposal's changes to the “well managed” definition, whereas other commenters opposed such changes. Commenters that supported the changes noted their agreement with certain rationales included in the proposal. Commenters that opposed the changes stated the changes would negatively impact safety and soundness and would decrease incentives for firms to resolve outstanding deficiencies, eroding the deterrent value of supervision.
Specifically, some commenters opposed the proposal's changes to the “well managed” definition, claiming that the proposal was inconsistent with the BHC Act. [^37] Certain commenters stated that the definition of “well managed” in the proposal was more permissive than a CAMELS composite rating of 2. [^38] One commenter noted that the Deficient-1 rating, which signifies that a holding company “is unable to remediate deficiencies in the normal course of business,” is inconsistent with the definition of a CAMELS composite rating of 2, which states that only “moderate weaknesses are present and are well within the board of directors' and management's capabilities and willingness to correct.” This commenter further stated that the presence of a Deficient-1 rating was inconsistent with the CAMELS composite rating of 2 which states that a firm is “in substantial compliance with laws and regulations.” Other commenters stated that the Governance and Controls component rating is effectively a management rating and so would need to be satisfactory for a firm to be “well managed” under the BHC Act. However, another commenter disagreed, noting the proposal was consistent with the BHC Act.
[^37] One commenter raised a separate legal concern, stating that the proposal would be inconsistent with the requirement that “comparable” capital and management standards be applied to a foreign bank that operates a branch in the United States under the principle of national treatment. The Board considers the revisions to be consistent with 12 U.S.C. 1843(l)(3).
[^38] Supra note 11.
After considering the relevant comments, the Board is finalizing the changes to the “well managed” definition as proposed. The revisions reflect experience with the LFI Framework since its introduction in 2018. This experience demonstrates that a firm that has a Deficient-1 rating in an individual component while maintaining a rating of Broadly Meets Expectations or Conditionally Meets Expectations in its other two components would generally have sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions due to its overall robustness. These revisions will result in the LFI Framework more appropriately reflecting the financial and operational strength and resilience of firms subject to the LFI Framework. As discussed in the Board's November 2024 Supervision and Regulation Report, most banks are well capitalized; liquidity and funding conditions are stable compared to 2023; and asset quality generally remains sound. [^39] Likewise, the results of the Federal Reserve Board's 2025 annual bank stress test show that large banks are well positioned to weather a severe recession, while staying above minimum capital requirements and continuing to lend to households and businesses. [^40] The revisions will also align the application of the LFI Framework more closely with the operation of other existing supervisory rating systems.
[^39] Board of Governors of the Federal Reserve System, Supervision and Regulation Report (Nov. 2024), *https://www.federalreserve.gov/publications/files/202411-supervision-and-regulation-report.pdf.*
[^40] Board of Governors of the Federal Reserve System, 2025 Federal Reserve Stress Test Results (June 2025), *https://www.federalreserve.gov/publications/files/2025-dfast-results-20250627.pdf.*
The proposal noted that potential costs of the revisions might include a slight increase in risk-taking and that firms may be marginally less incentivized to remediate single Deficient-1 component ratings. However, the possibility of losing “well managed” status due to a further rating decline to Deficient-2 provides an incentive to address deficiencies promptly. Moreover, supervisors will continue to monitor the remediation of supervisory issues and retain the ability to impose enforcement actions when appropriate.
Additionally, the proposal and final notice are consistent with the BHC Act. Consistent with the CAMELS framework, the revisions allow for a firm with a less than satisfactory component rating to be considered “well managed” if other component ratings are satisfactory. For example, under the CAMELS framework, a firm may receive one or more component ratings of 3 (less than satisfactory) and still achieve a composite rating of 2. [^41] The CAMELS framework contemplates that a firm may be fundamentally sound despite potential deficiencies in individual component ratings. [^42] Additionally, the Board explained in the proposal that a Deficient-1 component rating can be indicative of a discrete deficiency. Such a deficiency may not indicate material non-compliance with law or regulation.
[^41]*See* SR 96-38, Uniform Financial Institutions Rating System (Dec. 27, 1996) (defining firms with a composite 2 rating as being “fundamentally sound,” that generally have “no component rating more severe than 3”).
[^42] For example, a 3 rating in liquidity may evidence a “lack ready access to funds on reasonable terms” or “significant weaknesses in funds management practices.” Id.
The Governance and Controls component is not a “management” rating and the LFI Framework has never contained a management rating. When adopting the LFI Framework in 2018, the Board explained that the LFI Framework would not designate any of the three component ratings as a “management” rating because each component includes an evaluation of aspects that are relevant to a firm's management. For example, in evaluating the Capital Planning and Positions component rating under the LFI Framework, examiners should consider aspects of management such as the extent to which a firm maintains sound capital planning practices through effective governance and oversight; effective risk management and controls; and maintenance of updated capital policies and contingency plans for addressing potential shortfalls. In contrast, the Capital component rating in CAMELS includes a more limited evaluation of management considerations. [^43]
[^43] With respect to the Capital component rating in CAMELS, it is stated that examiners should consider the “ability of management to address emerging needs for additional capital.”
Accordingly, allowing firms with a single Deficient-1 rating in Governance and Controls (and at least a Conditionally Meets Expectations rating in the other two components) to be “well managed” is consistent with the BHC Act, as Governance and Controls is not a management rating. A Deficient-1 rating in Governance and Controls would not reflect management deficiencies to the same extent that a component rating of 3 for Management would under the CAMELS framework, as key aspects of a firm's management would not be incorporated into the Governance and Controls rating.
**C. LFI Framework Enforcement Action Presumption**
The proposal would have removed the presumption in the LFI Framework that firms with one or more Deficient-1 component ratings will be subject to a formal or informal enforcement action. Instead, under the proposal, a firm with one or more Deficient-1 component ratings may be subject to a formal or informal enforcement action, depending on particular facts and circumstances. The proposal maintained a presumption that the Board would impose a formal enforcement action on a firm with one or more Deficient-2 component ratings.
Commenters were mixed on their support for removing the enforcement presumption. One commenter stated that the presence of an enforcement action presumption is inconsistent with a CAMELS composite 2 rating. Another commenter stated that a presumption of an enforcement action on a firm due to its receipt of a Deficient-1 rating is inconsistent with the legal standard of an “unsafe and unsound practice” under the Federal Deposit Insurance Act (FDIA), because a Deficient-1 rating is meant to indicate “issues that put the firm's prospects for remaining safe and sound through a range of conditions at significant risk” and that “the firm's current condition is not considered to be materially threatened.”
In contrast, several commenters expressed concern that removing the enforcement presumption for firms with Deficient-1 ratings would weaken the incentive for banks to correct problems identified by examiners. Another commenter stated that the failure of SVB demonstrates that firms should be required to quickly remediate their identified supervisory issues and that the proposal would not achieve this.
After considering all comments, the Board is finalizing the changes to the enforcement action presumption as proposed. The revisions remove the enforcement presumption for firms with one or multiple Deficient-1 ratings [^44] and instead note that enforcement actions will be considered on a case-by-case basis depending on relevant facts and circumstances. Such an approach is generally consistent with the Board's practices when issuing an enforcement action to firms subject to other ratings frameworks. [^45] The Board will continue only to take formal and informal enforcement actions if the relevant standards are met. [^46]
[^44] There have been instances where the Board previously did not take formal and informal enforcement actions when Deficient-1 ratings were issued due to the particular relevant facts and circumstances underlying the issue resulting in the Deficient-1 rating.
[^45] For example, the Board has previously explained that firms with a composite 3 rating under the CAMELS framework, “require more than normal supervision, which may include formal or informal enforcement actions.” *See* SR Letter 96-38, Uniform Financial Institutions Rating System (Dec. 27, 1996), *https://www.federalreserve.gov/boarddocs/srletters/1996/sr9638.htm.*
[^46] 12 U.S.C. 1818.
As noted above, under the revisions, firms still need to promptly resolve outstanding deficiencies. Moreover, supervisors will continue to monitor the remediation of supervisory issues and retain the ability to impose a formal or informal enforcement action for firms with Deficient-1 ratings, as appropriate, depending on relevant facts and circumstances.
**D. Insurance Supervisory Framework Definition of “Well Managed” and Enforcement Action Presumption**
The proposal would have made parallel changes to the “well managed” determination under the Insurance Supervisory Framework, such that a firm with at least two Broadly Meets Expectations or Conditionally Meets Expectations component ratings and no more than one Deficient-1 component rating would have been considered “well managed” under the Insurance Supervisory Framework. Under the proposal, a firm would not have been considered “well managed” under the Insurance Supervisory Framework if it received a Deficient-1 rating for two or more component ratings. A firm would continue not to be considered “well managed” under the Insurance Supervisory Framework if it received a Deficient-2 rating for any of the component ratings. Additionally, the proposal made parallel changes to the Insurance Supervisory Framework to remove the presumption that firms with one or more Deficient-1 component ratings would be subject to an enforcement action. Instead, under the proposal, firms subject to the Insurance Supervisory Framework with one or more Deficient-1 component ratings may be subject to a formal or informal enforcement action, depending on particular facts and circumstances. The proposal maintained the presumption that a firm with one or more Deficient-2 component ratings would be subject to a formal enforcement action by the Board.
While the Board did not receive any comments specific to the Insurance Supervisory Framework, the Board considered relevant comments in the supervised insurance organization context and is finalizing as proposed the changes to the “well managed” definition and enforcement action presumption under the Insurance Supervisory Framework.
**E. Changes to Appendix B: Framework for the Supervision of Insurance Organizations**
This final notice makes minor changes to Appendix B: Framework for the Supervision of Insurance Organizations by updating certain references, including by removing a reference to reputational risk in its description of model risk. The Board has made clear that reputational risk is no longer a component that will be considered in examination programs and that this concept will be removed from supervisory materials. [^47] Safety and soundness concerns that motivated the Board's prior inclusion of reputational risk in supervision are adequately addressed through other existing risk types.
[^47]*See* Board of Governors of the Federal Reserve System, “Federal Reserve Board announces that reputational risk will no longer be a component of examination programs in its supervision of banks” (June 23, 2025), available at *https://www.federalreserve.gov/newsevents/pressreleases/bcreg20250623a.htm.*
**III. Economic Analysis**
As outlined in previous sections, the revisions to the Frameworks contained in the final notice reflect experience with the LFI Framework since its introduction in 2018; better align the application of the Frameworks with the operation of the Board's other supervisory rating systems; and better reflect the financial and operational strength and resilience of firms subject to the Frameworks. The Board assessed the economic impact of the revisions to the Frameworks contained in the final notice on firms, on supervisory efficiency and efficacy, and on the broader economy. Specifically, the Board evaluated the potential impact on firms that will become “well managed” and the broader implications of adopting this change. The Board also evaluated the potential effects of the Frameworks' elimination of the presumption of enforcement actions in certain cases.
Additionally, the Board considered comments raised regarding the economic analysis of the proposal which are discussed in more detail throughout this section. While some commenters noted limitations in the economic analysis of the proposal, others thought that the economic analysis provided clear justification for the proposal.
The revisions to the Frameworks contained in the final notice will increase the number of firms that are “well managed” under the Frameworks and potentially reduce the number of enforcement actions for these firms, which have sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of stressful conditions. Overall, firms that become “well managed” may face reduced enforcement-related compliance costs and fewer regulatory impediments to pursue certain activities, including investments in, and acquisitions of, certain non-bank financial companies.
The economic analysis is structured into four parts. Section III.A provides an overview of the baseline (that is, the previous Frameworks), describes the current state of the assignment of ratings, and discusses how these ratings can affect a firm's “well managed” status. Section III.B discusses the revisions to the Frameworks contained in the final notice, outlines the specific changes being implemented, and estimates the change in the number of “well managed” firms under the final notice. Section III.C analyzes the potential benefits and costs associated with the changes relative to the baseline. Section III.D concludes.
**A. Baseline**
The previous Frameworks (discussed in detail in Section I.A) establish the baseline for the economic analysis. The Board has assessed the benefits and costs of the revisions to the Frameworks contained in the final notice (discussed in detail in Section III.C) relative to this baseline.
Under the previous Frameworks, a firm whose holding company received a Deficient-1 or Deficient-2 in any component rating was not considered “well managed.” Furthermore, there was a presumption that firms with one or more Deficient-1 component ratings would be subject to a formal or informal enforcement action.
The ability of a banking organization to engage in certain activities under the BHC Act depends on the ratings of the holding company and the holding company's depository institution subsidiaries, which are assigned by the relevant federal banking agency. For instance, for a bank holding company to qualify as a financial holding company and engage in certain financial activities, a bank holding company and all its depository institution subsidiaries must be “well capitalized” and “well managed.” Thus, regardless of its LFI ratings, a U.S. bank holding company may not be able to engage in certain expansionary activities if any of its subsidiary depository institutions' management or composite CAMELS rating is 3 or worse. A foreign banking organization (FBO) that has a combined ROCA (Risk Management, Operational Controls, Compliance, Asset Quality) rating of 3 or worse for its U.S. branches and agencies is not able to engage in certain activities under the BHC Act. Additionally, an FBO that has a combined U.S. operations (CUSO) rating of 3 or worse is similarly restricted. Thus, as discussed in this section, a “well managed” firm refers to a banking organization where the holding company and all relevant subsidiaries are “well managed;” for FBOs, this means that their ROCA ratings and CUSO ratings are also at least satisfactory.
For the firms whose holding companies had LFI ratings in the third quarter of 2025, Figure 1 displays their ratings between the first quarter of 2020 to the third quarter of 2025 and categorizes them into three groups. The first category, “Not Satisfactory DI/FBO Ratings Only,” shown in black, represents the number of firms whose depository institutions' composite or management ratings or whose combined ROCA or CUSO ratings were 3 or worse and whose holding company had all three LFI component ratings of either Broadly Meets Expectations or Conditionally Meets Expectations. The second category, “Not Satisfactory LFI Ratings Only,” shown in dark grey, represents the number of firms where the holding company had one or more Deficient-1 or Deficient-2 LFI component ratings, but the subsidiary depository institutions' composite and management ratings and combined ROCA and CUSO ratings, if applicable, were 1 or 2. The third category, “Not Satisfactory LFI and DI/FBO Ratings,” in light grey color, represents the number of firms whose subsidiary depository institutions' composite or management ratings or whose combined ROCA or CUSO ratings, if applicable, were 3 or worse and whose holding company had one or more Deficient-1 or Deficient-2 LFI component ratings. As of the third quarter of 2025, 17 out of 36 firms whose holding companies were subject to the LFI Framework were classified as not “well managed” at the holding company and/or depository institution <sub>48 49</sub> level.
[^48] For FBOs, this includes their ROCA ratings and CUSO ratings.
[^49] Note that, for comparison purposes, this sample only includes firms that were subject to the LFI Framework in the third quarter of 2025. Thus, the number of firms increases throughout the sample.
Figure 1 reveals an increase in the number of not “well managed” firms until early 2024, followed by a reversal. Ratings at the holding company and at the depository institution and FBO level usually coincide, and both contribute to, a firm being not “well managed,” as demonstrated by the large area of light grey bars. Nevertheless, LFI ratings alone can result in a non-trivial number of firms being not “well managed,” as demonstrated by the dark grey bars. As of the third quarter of 2025, three firms were not “well managed” solely due to their LFI ratings. Moreover, there were very few instances when a firm was not “well managed” based only on the ratings of its subsidiaries or U.S. branches and agencies or operations—only eleven instances in the whole period according to Figure 1—as demonstrated by the black bars.
In the second quarter of 2025, the average common equity tier 1 capital (CET1) ratio for not “well managed” firms subject to the LFI Framework was approximately 3 percentage points higher compared to their “well managed” peers. [^50] Moreover, between the first quarter of 2020 and the second quarter of 2025, the average CET1 capital over standardized approach risk weighted assets of large financial institutions increased by more than 1 percentage point. This indicates a potential misalignment between the results of the current LFI Framework and the financial condition of these firms. [^51] Furthermore, the associated presumption of an enforcement action in these cases may have caused the Board to allocate examination, remediation, and enforcement resources to financially strong firms.
[^50] The average CET1 capital over standardized approach risk weighted assets between the first quarter of 2020 and the second quarter of 2025 across large financial institutions was approximately 13.4 percent.
[^51] Accordingly, commenters stated that if the banking system as a whole is characterized as strong and resilient, the majority of large banks should not be rated as not “well managed.”
Some commenters challenged the validity of drawing conclusions based on data over this time period. The only economic recession since the global financial crisis has been the COVID-19 crisis, which some commenters asserted is unusual in terms of government intervention and, therefore, may not be an appropriate time period for analysis. [^52] The Board notes that it is only possible to analyze the LFI Framework after its implementation. Although the time period included in the analysis includes a macroeconomic environment that includes a novel type of shock, the data used in the analysis provide valuable insights into the overall economic impact of the proposal.
[^52]*See* National Bureau of Economic Research, “US Business Cycle Expansions and Contractions,” *https://www.nber.org/research/data/us-business-cycle-expansions-and-contractions* (last accessed September 16, 2025)
Some commenters expressed concerns with the Board's discussion on misalignment between the LFI Framework and the financial condition of firms subject to the LFI Framework. One commenter noted that, contrary to the analysis in the proposal, certain measures of capital ratios have declined in recent years for large firms, tracking the downward trajectory of LFI ratings. This commenter stated that the leverage ratio should be used to measure bank capital instead of the risk-weighted regulatory capital ratio. By contrast, one commenter agreed with the Board's analysis that the upward trend in the number of firms being considered not “well managed” until 2024 has occurred during a period when the regulatory capital ratios of large financial institutions as a group remained generally stable around 13 percent. Consistent with this comment, research suggests that the risk-weighted measure better aligns incentives for both efficient lending and risk-taking during normal times. [^53] Moreover, the leverage ratio is intended to generally serve as a backstop to risk-based requirements. [^54]
[^53]*See* Greenwood, Robin, Samuel Gregory Hanson, Jeremy C. Stein & Adi Sunderam. “Strengthening and Streamlining Bank Capital Regulation.” *Brookings Papers on Economic Activity* (Fall 2017).
[^54]*See* 90 FR 30780, 30782 (July 10, 2025).
Additionally, one commenter noted that Congress requires separate assessments of whether a firm is “well managed” and “well capitalized,” which recognizes that strong capital does not necessarily indicate competent management. Accordingly, the commenter claims that the Board's justification of the proposal by pointing to the capital levels of firms subject to the LFI Framework is flawed, as collapsing these statutory requirements contradicts Congressional intent.
The Board agrees that assessments of whether a banking organization is “well managed” and “well capitalized” are separate and distinct. However, areas of financial strength, including capital and liquidity, are relevant to a firm's “well managed” status, as “well managed” firms under the LFI Framework must have “sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions, including stressful ones.” Thus, a large number of not “well managed” firms, despite clear indications of large firms' financial strength, may suggest a misalignment between the LFI Framework and the financial and operational strength and resilience of firms subject to the LFI Framework. Under the LFI Framework, a firm would need to be satisfactory with respect to multiple areas of firm management, not solely capital, to be considered “well managed.”
**B. Revisions to the Frameworks Contained in the Final Notice Relative to Baseline**
As discussed in detail in Section II, the revisions to the Frameworks contained in the final notice maintain all elements of the previous Frameworks except for two key changes. These two key changes are that the criteria for a firm to be “well managed” under the Frameworks are adjusted, and the enforcement action presumption is modified.
The impact of these revisions will vary depending on the number of firms whose holding company has a Deficient-1 rating for one component and a Broadly Meets Expectations or Conditionally Meets Expectations for the remaining two components. In addition to the direct effect on a firm's “well managed” status, LFI ratings are an input to the CUSO rating for foreign banking organizations and there might be other interrelations between ratings that are hard to quantify. <sup>55</sup> Consequently, assessing the impact of the LFI Framework change alone and assuming that all other ratings would not be affected might underestimate the true effect, and thus provides a lower bound. Conversely, the upper bound of the proposal's effects would be obtained by computing the number of not “well managed” firms as determined by LFI ratings alone, which assumes that the depository institution or FBO ratings are not more limiting on the firm than the LFI ratings. Therefore, the Board calculated the number of not “well managed” firms for both the baseline and the revisions to the LFI Framework contained in the final notice (Revised LFI Framework) under the following two metrics:
*Metric 1:* Not “well managed” firms under the BHC Act (based on LFI rating, or bank CAMELS rating, or equivalent for FBOs).
*Metric 2:* Not “well managed” holding companies under the LFI Framework.
Metric 1 is equivalent to the sum of all 3 categories presented in Figure 1. Metric 2 corresponds to the sum of two categories “Not Satisfactory LFI Ratings Only” and “Not Satisfactory LFI and DI/FBO Ratings” in Figure 1. Table 1 presents the estimated number of not “well managed” firms under both the baseline and the Revised LFI Framework for both metrics, which uses a sample of all 36 firms subject to the LFI Framework in the third quarter of 2025.
| | Baseline framework | Metric 1 | Metric 2 | Revised framework | Metric 1 | Metric 2 |
| --- | --- | --- | --- | --- | --- | --- |
| Number of Firms | 17 | 17 | 14 | 10 | | |
As of the third quarter of 2025, under the baseline, 17 out of 36 firms would be considered not well managed if LFI ratings and depository institution/FBO ratings were considered (Metric 1), and 17 out of 36 firms would be considered not well managed if only the LFI ratings were considered (Metric 2). Under the Revised LFI Framework, 14 out of 36 firms would be not “well managed” under Metric 1 and only 10 out of 36 firms would be classified as not “well managed” under Metric 2 considering the LFI ratings only. The expected effect of the revisions to the LFI Framework contained in the final notice likely lies between Metric 1 and Metric 2. On one hand, Metric 1 may underestimate the impact of the proposal when viewed over time due to potential future changes to ratings at the depository institution/FBO level and the fact that LFI ratings are an input to CUSO ratings for foreign banking organizations. [^56] On the other hand, Metric 2 overestimates the impact by not considering any ratings other than the LFI ratings. Overall, these results imply that the final notice would change the “well managed” status of firms subject to the LFI Framework in the near term by between 3 and 7 firms. Figure 2 illustrates the share of not “well managed” firms under the baseline and the Revised LFI Framework over time, using either Metric 1 (left panel) or Metric 2 (right panel). The share increased between the first quarter of 2020 to the third quarter of 2025, with a notable and sharp increase in 2023.
[^55]*See* 83 FR 58724, 58727 (Nov. 21, 2018) (“[T]he LFI rating assigned to the U.S. IHC would be an input into the rating of the combined U.S. operations of a foreign bank.”).
[^56] 83 FR 58724 (Nov. 21, 2018).
Figure 2 documents that the estimated impact, under both metrics, is not driven by the choice of using the third quarter of 2025 data to evaluate the change. In fact, across the sample period, the revisions to the LFI Framework contained in the final notice under both Metric 1 and Metric 2 would have consistently resulted in a smaller share of firms that are not “well managed.”
Likewise, of the 4 firms subject to the Insurance Supervisory Framework as of the third quarter of 2025, 1 of these firms will become “well managed” under the revisions to the Insurance Supervisory Framework contained in the final notice.
[^57] Note that, for comparison purposes, this sample only includes firms that were subject to the LFI Framework in the third quarter of 2025. Thus, the number of firms increases throughout the sample.
**C. Analysis of Benefits and Costs**
This section assesses the benefits and costs of the revisions to the Frameworks contained in the final notice relative to the baseline. The consequences of modifying the Frameworks primarily stem from allocating supervisory resources more efficiently and from potentially altering a firm's “well managed” status and the subsequent implications, as well as modifying the enforcement action presumption. The previous section estimated that the number of impacted firms stemming from the revisions to the LFI Framework will be between 3 and 7 out of 36, using the third quarter of 2025 as the baseline. Further, under the revisions to the Insurance Supervisory Framework contained in the final notice, 1 firm will become “well managed” out of 4 firms subject to the Insurance Supervisory Framework. Therefore, the benefits and costs of the proposed changes that are discussed below will materialize in part for those firms and more broadly, over the long run, through revised rating frameworks that align ratings more closely with the financial condition of the supervised firms.
**1. Benefits**
**a. Supervisory Efficiency and Efficacy**
The revisions to the Frameworks contained in the final notice remove the presumption that firms with one or more Deficient-1 component ratings will be subject to a formal or informal enforcement action. They also change the definition of “well managed” to better reflect the firms' overall condition and to align with other supervisory rating frameworks, as described above. This alignment across frameworks and reflection of firms' overall condition could lead to more consistent and effective supervision.
The changes could also allow supervisors to allocate resources more efficiently, concentrating on significant risks, and thus enhancing overall supervision. For instance, the removal of the presumption in the Frameworks that firms with one or more Deficient-1 component ratings will be subject to a formal or informal enforcement action could provide supervisory teams with the ability to more efficiently allocate resources based on the severity of the issues that are identified and the needed remediation.
One commenter asserted that less burden on supervisors was not worth the impact on safety and soundness. As discussed in Section II.A, the Frameworks will still allow supervisors to communicate concerns about risks and assign ratings based on the level of supervisory concern. Further, supervisors will retain the ability to impose a formal or informal enforcement action for firms with Deficient-1 ratings, as appropriate, depending on relevant facts and circumstances. The Board will continue only to take formal and informal enforcement actions if the relevant standards are met. [^58]
[^58] 12 U.S.C. 1818.
**b. Reduction of Compliance Costs and Other Impediments to Growth**
Firms that become “well managed” as a result of this final notice may experience reduced compliance costs and associated burdens on management resulting from removing the presumption of certain enforcement actions. This reduction in enforcement-related expenses and efforts could enable institutions to invest more resources in core business operations. Consequently, this reallocation of resources has the potential to promote innovation and growth, as firms may have increased capacity to develop new products, services, or technologies that benefit consumers and the broader economy. It could also permit them to focus more managerial attention on tackling business challenges, thus supporting the financial intermediation activities of these firms.
Between the first quarter of 2020 and the third quarter of 2025, following the implementation of the LFI Framework, the Board estimates that the loss of “well managed” status was associated with slower growth in assets and loans. Figure 3 shows that the average growth rate in total assets one year before the loss of “well managed” status (pre) is about 3.5 percent, smaller than the yearly average growth rate of firms that were always “well managed” throughout the sample (control) of approximately 6.7 percent. By contrast, in the year after a ratings downgrade that results in a firm becoming not “well managed” (post), growth in total assets dropped by more than two thirds to about 1.1 percent. The same findings hold true for growth in total loans. Taken together, this analysis indicates that the revisions to the LFI Framework contained in the final notice have the potential to promote growth at firms that become “well managed.” Moreover, as fewer firms that have sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions due to their overall robustness will be classified as not “well managed” in the future due to these changes, the changes contained in the final notice could bolster the overall growth of large banking organizations and thus foster economic activity.
While the analysis indicates a decrease in the growth of total assets and total loans as a firm moves to not “well managed,” the observed decline may reflect multiple factors beyond just the loss of “well managed” status. These factors could include underlying issues that contributed to the downgrade, such as deteriorating performance or governance challenges. Moreover, it is possible that the remediation efforts required to address the issues that led to the supervisory downgrade could be a driver of the observed slower growth, even before the status change.
[^59] This figure plots the unweighted average growth in total assets and total loans for firms which were downgraded to not “well managed” between the first quarter of 2020 and the third quarter of 2025 in the one year before (pre) and one year after (post) the change. For comparison, the yearly unweighted average growth rate of firms which were always “well managed” throughout the sample (control group) were computed. A red dashed vertical line separates the control and treated groups.
Some commenters agreed with the finding in the proposal that the loss of “well managed” status is associated with a decline in the growth of an institution's total assets and total loans, as firms have been limited in their ability to make new investments or acquisitions, expand their products, services or branch networks, and carry out internal reorganizations. Other commenters stated that rapid bank growth is not necessarily desirable, as certain research suggests rapid bank growth has been associated with a higher likelihood of distress, particularly when the growth is fueled by mergers or acquisitions. [^60] Some research suggests that certain forms of growth fueled by mergers and acquisitions, such as asset purchases and sales, generate shareholder value and improve the allocative efficiency of capital. [^61] Furthermore, the revisions to the Frameworks contained in the final notice are designed to remove an impediment to growth for firms that have the financial and operational strength and resilience to maintain safe and sound operations through a range of conditions, including stressful ones. As the final notice does not change the criteria for determining a firm's component ratings, firms that grow in a manner that poses risks to safety and soundness will be assigned component ratings that reflect that risk.
[^60]*See* W. Scott Frame, Ping McLemore & Atanas Mihov, Federal Reserve Bank of Dallas, “Haste Makes Waste: Banking Organization Growth and Operational Risk” at 2 (Aug. 2020), *https://www.dallasfed.org/-/media/documents/research/papers/2020/wp2023.pdf.*
[^61]*See* Missaka Warusawitharana, “Corporate asset purchases and sales: Theory and evidence,” 87 *Journal of Financial Economics* 471, 471-497 (Feb. 2008), *https://doi.org/10.1016/j.jfineco.2007.02.005.*
Under the revisions to the Frameworks contained in the final notice, more firms with sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions will be able to engage in certain business initiatives and strategic opportunities without obtaining prior Board approval due to the changes to the “well managed” criteria, as permitted by statute. Besides the reduction in enforcement-related compliance costs for these firms, these activities can also promote stronger growth via economies of scale. [^62] As institutions grow larger, they can spread fixed costs—such as technology investments, compliance infrastructure, and branch operations—over a broader and larger base of customers and assets, potentially improving operational efficiency.
[^62]*See* David C. Wheelock & Paul W. Wilson, “The Evolution of Scale Economies in US Banking,” 33 *Journal of Applied Economics* 16, 16-28 (June 2017), *https://doi.org/10.1002/jae.2579.*
The revisions to the Frameworks contained in the final notice could also make it easier for firms that meet the required standards of strength and resilience to expand into non-bank financial activities, which can generate economies of scope and increase opportunities for innovation. By expanding into new markets and business areas, firms could realize significant synergies from integrating banking, investment, and technology-based services. Encouraging firms' engagement with innovative financial sectors could also significantly enhance consumer access to a broader range of financial services. For example, investments in fintech could not only foster technological advancement but also contribute to broader financial sector resilience. [^63] Consumers and businesses might benefit from lower costs due to these investments, along with synergies and operational efficiencies stemming from potential investments in, or acquisitions of, non-bank financial companies. Simultaneously, firms could diversify revenue streams beyond traditional banking activities, which could enhance financial stability by reducing their reliance on particular business lines.
[^63]*See* Emma Li et al., “Banks' investments in fintech ventures,” 149 *Journal of Banking & Finance* 106754, 106754-97 (Oct. 2022), *https://dx.doi.org/10.2139/ssrn.3979248.*
Some commenters questioned whether reduced compliance costs leading to greater growth, investment, and economics of scale should be considered a benefit of the proposal, noting that poorly managed firms become riskier as they grow and are more likely to fail. Additionally, one commenter contended that the purpose of Board supervision was to encourage safety and soundness, not innovation or growth. As previously discussed, the Board emphasizes that the Frameworks will still allow supervisors to communicate concerns about risks and assign ratings based on the level of supervisory concern. The changes in the final notice will continue to support safety and soundness objectives, while also allowing for robust innovation, which facilitates growth more broadly.
Additionally, one commenter expressed that diversification by firms subject to the LFI Framework would increase systemic vulnerabilities due to perceived linkages, increasing the potential for negative spillover effects from distress at one firm to others, even if the firm ultimately remained solvent. [^64] Another commenter noted that operational risk due to increased complexity may rise with the size of a firm. Complexity and scale do carry risks as well as benefits, and the changes contained in this final notice balance these risks and benefits by amending the definition of “well managed” to account for a firm's overall financial condition.
[^64]*See* Andrew Hawley & Marco Migueis, FRB, *FEDS Notes:* Measuring the systemic importance of large US banks (Sept. 2021), *https://www.federalreserve.gov/econres/notes/feds-notes/measuring-the-systemic-importance-of-large-us-banks-20210930.html. See also* Amy G. Lorenc & Jeffery Y. Zhang, Board of Governors of the Federal Reserve System, “The Differential Impact of Bank Size on Systemic Risk,” *Finance and Economics Discussion Series* 2018-066 at 2 (2018), *https://doi.org/10.17016/FEDS.2018.066.*
In addition, a commenter stated that the Board overstates the purported benefits of the proposal because the Board has never revoked financial holding company status. [^65] However, other commenters noted that the loss of “well managed” status hampers firms' ability to innovate, be competitive, create economic growth, and serve their customers. The Board notes that a firm's “well managed” status may have relevance separate and apart from a firm's financial holding company status. [^66] Furthermore, firm activities can be limited by supervisory actions apart from loss of financial holding company status.
[^65]*See* Jeremy C. Kress, “Solving Banking's `Too Big to Manage' Problem,” 104 *Minnesota Law Review* 171 (2019).
[^66]*See, e.g.,* 12 U.S.C. 1842(d) and 1843( *l* ); 12 CFR 225.4(b)(6), 225.14, 225.22(a), 225.23;12 CFR 211.9(b), 211.10(a)(14), 211.34; and 12 CFR 223.41.
**2. Costs**
The revisions to the Frameworks contained in the final notice, while enhancing supervisory efficiency, may result in a slight increase in risk-taking by firms that have sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions. With the removal of the presumption that firms with one or more Deficient-1 component ratings will be subject to a formal or informal enforcement action, institutions might be marginally less incentivized to immediately address issues underlying a single Deficient-1 component rating.
One commenter stated that the proposal would lower the bar for large firms to be considered “well managed” and would accelerate consolidation, further concentrating market power and posing competitive challenges to smaller banks while also exacerbating the problem of too big to fail institutions. Firms that would no longer face certain regulatory constraints to undertake expansionary activities under the proposal could accumulate market share and increase concentration. Moreover, marginally greater consolidation and growth of large institutions could concentrate risk within fewer, larger entities and more complex financial institutions could become more difficult to manage, monitor, and supervise effectively. [^67]
[^67] Gary H. Stern & Ron J. Feldman, *Too Big to Fail: The Hazards of Bank Bailouts* (Forward by Paul A. Volcker) (Brookings Institution Press, 2009).
Notwithstanding, these risks are likely to be small, as firms with a Deficient-1 rating may still receive specific supervisory findings in the form of Matters Requiring Attention or Matters Requiring Immediate Attention, which would detail issues that need to be remediated. Furthermore, the possibility of becoming not “well managed” due to a further rating decline to Deficient-2 could provide an incentive for firms to address potential deficiencies. [^68] Importantly, supervisors will continue to monitor the remediation of supervisory issues and retain the ability to impose enforcement actions where necessary, thus limiting this cost and ensuring that these issues are resolved in an appropriate timeframe. Further, as noted above, an application to engage in expansionary activities that require prior Board approval or non-objection would continue to be reviewed under applicable statutory factors, including, in certain instances, how such proposals would impact competition and financial stability. [^69]
[^68] For firms subject to the Insurance Supervisory Framework, the possibility of losing “well managed” status due to further rating decline to Deficient-2 provides an incentive to address potential deficiencies promptly given the potential impact on their ability to engage in insurance underwriting activities.
[^69]*See, e.g.,* 12 U.S.C. 1842(c); 12 U.S.C. 1843(j)(2).
**D. Conclusion**
The revisions to the Frameworks contained in the final notice could alleviate constraints faced by large financial institutions and supervised insurance organizations arising from the current requirements for a firm to be considered “well managed.” By enabling firms to potentially realize economies of scale and scope, the revisions to the Frameworks could enhance operational efficiency and promote financial innovation. Supervisors retain appropriate tools to address a potential increase in risk-taking by firms. Taken together, the Board expects that the benefits of the changes to the Frameworks contained in the final notice justify the costs.
**IV. Administrative Law Matters**
**A. Solicitation of Comments and Use of Plain Language**
Section 722 of the Gramm-Leach-Bliley Act [^70] requires the Federal banking agencies to use plain language in all proposed and final rules published after January 1, 2000. The Board received no comments on these matters and believes that the final notice is written plainly and clearly.
[^70] Public Law 106-102, sec. 722, 113 Stat. 1338, 1471 (1999), 12 U.S.C. 4809.
**B. Paperwork Reduction Act**
There is no collection of information required by the final notice that would be subject to the Paperwork Reduction Act of 1995. [^71]
[^71] 44 U.S.C. 3501 *et seq.*
**C. Regulatory Flexibility Act**
The Regulatory Flexibility Act (RFA) generally requires an agency to conduct an initial regulatory flexibility analysis (IRFA) and a final regulatory flexibility analysis (FRFA) of any rule subject to notice-and-comment rulemaking requirements, unless the head of the agency certifies that the rule will not, if promulgated, have a significant economic impact on a substantial number of small entities. [^72] The final notice would not impose any obligations on regulated entities, and regulated entities would not need to take any action in response to the final notice. The Board certifies that the final notice will not have a significant economic impact on a substantial number of small entities. [^73]
[^72] 5 U.S.C. 601-612.
[^73] 5 U.S.C. 605(b).
**D. Riegle Community Development and Regulatory Improvement Act of 1994**
Pursuant to section 302(a) of the Riegle Community Development and Regulatory Improvement Act (RCDRIA), [^74] in determining the effective date and administrative compliance requirements for new regulations that impose additional reporting, disclosure, or other requirements on insured depository institutions (IDIs), each Federal banking agency must consider, consistent with principles of safety and soundness and the public interest, any administrative burdens that such regulations would place on depository institutions, including small depository institutions, and customers of depository institutions, as well as the benefits of such regulations. In addition, section 302(b) of RCDRIA requires new regulations and amendments to regulations that impose additional reporting, disclosures, or other new requirements on IDIs generally to take effect on the first day of a calendar quarter that begins on or after the date on which the regulations are published in final form. [^75] The Board has determined that the final notice would not impose additional reporting, disclosure, or other requirements on IDIs; therefore, the requirements of the RCDRIA do not apply.
[^74] 12 U.S.C. 4802(a).
[^75] 12 U.S.C. 4802.
This Appendix A and Appendix B will not publish in the CFR.
**Appendix A—Text of Proposed Large Financial Institution Rating System**
**A. Overview**
Each large financial institution (LFI) is expected to ensure that the consolidated organization (or the combined U.S. operations in the case of foreign banking organizations), including its critical operations and banking offices, remains safe and sound and in compliance with laws and regulations, including those related to consumer protection. [^76] The LFI rating system provides a supervisory evaluation of whether a covered firm possesses sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions, including stressful ones. [^77] The LFI rating system applies to bank holding companies with total consolidated assets of $100 billion or more; all non-insurance, non-commercial savings and loan holding companies with total consolidated assets of $100 billion or more; and U.S. intermediate holding companies of foreign banking organizations with combined U.S. assets of $50 billion or more established pursuant to the Federal Reserve's Regulation YY. [^78]
[^76]*See* SR Letter 12-17/CA Letter 12-14, “Consolidated Supervisory Framework for Large Financial Institutions,” at *http://www.federalreserve.gov/bankinforeg/srletters/sr1217.htm.* Hereinafter, when “safe and sound” or “safety and soundness” is used in this framework, related expectations apply to the consolidated organization and the firm's critical operations and banking offices.
“Critical operations” are a firm's operations, including associated services, functions and support, the failure or discontinuance of which, in the view of the firm or the Federal Reserve, would pose a threat to the financial stability of the United States.
“Banking offices” are defined as U.S. depository institution subsidiaries, as well as the U.S. branches and agencies of foreign banking organizations.
[^77] “Financial strength and resilience” is defined as maintaining effective capital and liquidity governance and planning processes, and sufficiency of related positions, to provide for the continuity of the consolidated organization (including its critical operations and banking offices) through a range of conditions.
“Operational strength and resilience” is defined as maintaining effective governance and controls to provide for the continuity of the consolidated organization (including its critical operations and banking offices) and to promote compliance with laws and regulations, including those related to consumer protection, through a range of conditions.
References to “financial or operational” weaknesses or deficiencies implicate a firm's financial or operational strength and resilience.
[^78] Total consolidated assets will be calculated based on the average of the firm's total consolidated assets in the four most recent quarters as reported on the firm's quarterly financial reports filed with the Federal Reserve. A firm will continue to be rated under the LFI rating system until it has less than $95 billion in total consolidated assets, based on the average total consolidated assets as reported on the firm's four most recent quarterly financial reports filed with the Federal Reserve. The Federal Reserve may determine to apply the RFI rating system or another applicable rating system in certain limited circumstances.
The LFI rating system is designed to:
• Fully align with the Federal Reserve's current supervisory programs and practices, which are based upon the LFI supervision framework's core objectives of reducing the probability of LFIs failing or experiencing material distress and reducing the risk to U.S. financial stability;
• Enhance the clarity and consistency of supervisory assessments and communications of supervisory findings and implications; and
• Provide transparency related to the supervisory consequences of a given rating.
The LFI rating system is comprised of three components:
• *Capital Planning and Positions:* An evaluation of (i) the effectiveness of a firm's governance and planning processes used to determine the amount of capital necessary to cover risks and exposures, and to support activities through a range of conditions and events; and (ii) the sufficiency of a firm's capital positions to comply with applicable regulatory requirements and to support the firm's ability to continue to serve as a financial intermediary through a range of conditions.
• *Liquidity Risk Management and Positions:* An evaluation of (i) the effectiveness of a firm's governance and risk management processes used to determine the amount of liquidity necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's liquidity positions to comply with applicable regulatory requirements and to support the firm's ongoing obligations through a range of conditions.
• *Governance and Controls:* An evaluation of the effectiveness of a firm's (i) board of directors, [^79] (ii) management of business lines and independent risk management and controls, [^80] and (iii) recovery planning (only for domestic firms that are subject to the Board's Large Institution Supervision Coordinating Committee (LISCC) Framework). [^81] This rating assesses a firm's effectiveness in aligning strategic business objectives with the firm's risk appetite and risk management capabilities; maintaining effective and independent risk management and control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise planning for the ongoing resiliency of the firm. [^82]
[^79] References to “board” or “board of directors” in this framework includes the equivalent to a board of directors, as appropriate, as well as committees of the board of directors or the equivalent thereof, as appropriate.
At this time, recovery planning expectations only apply to domestic bank holding companies subject to the Federal Reserve's LISCC supervisory framework. Should the Federal Reserve expand the scope of recovery planning expectations to encompass additional firms, this rating will reflect such expectations for the broader set of firms.
[^80] The evaluation of the effectiveness of management of business lines would include management of critical operations.
[^81] There are eight domestic firms in the LISCC portfolio: (1) Bank of America Corporation; (2) Bank of New York Mellon Corporation; (3) Citigroup, Inc.; (4) Goldman Sachs Group, Inc.; (5) JP Morgan Chase & Co.; (6) Morgan Stanley; (7) State Street Corporation; and (8) Wells Fargo & Company. In this guidance, these eight firms may collectively be referred to as “domestic LISCC firms.”
[^82] “Risk appetite” is defined as the aggregate level and types of risk the board and senior management are willing to assume to achieve the firm's strategic business objectives, consistent with applicable capital, liquidity, and other requirements and constraints.
**B. Assignment of the LFI Component Ratings**
Each LFI component rating is assigned along a four-level scale:
• *Broadly Meets Expectations:* A firm's practices and capabilities broadly meet supervisory expectations, and the firm possesses sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions. The firm may be subject to identified supervisory issues requiring corrective action. These issues are unlikely to present a threat to the firm's ability to maintain safe-and-sound operations through a range of conditions.
• *Conditionally Meets Expectations:* Certain, material financial or operational weaknesses in a firm's practices or capabilities may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business.
The Federal Reserve does not intend for a firm to be assigned a “Conditionally Meets Expectations” rating for a prolonged period, and will work with the firm to develop an appropriate timeframe to fully resolve the issues leading to the rating assignment and merit upgrade to a “Broadly Meets Expectations” rating.
A firm is assigned a “Conditionally Meets Expectations” rating—as opposed to a “Deficient” rating—when it has the ability to resolve these issues through measures that do not require a material change to the firm's business model or financial profile, or its governance, risk management, or internal control structures or practices. Failure to resolve the issues in a timely manner would most likely result in the firm's downgrade to a “Deficient” rating, since the inability to resolve the issues would indicate that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
It is recognized that completion and validation of remediation activities for select supervisory issues—such as those involving information technology modifications—may require an extended time horizon. In all instances, appropriate and effective risk mitigation techniques must be utilized in the interim to maintain safe-and-sound operations under a range of conditions until remediation activities are completed, validated, and fully operational.
• *Deficient-1:* Financial or operational deficiencies in a firm's practices or capabilities put the firm's prospects for remaining safe and sound through a range of conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require the firm to make a material change to its business model or financial profile, or its practices or capabilities.
A firm's failure to resolve the issues in a timely manner that gave rise to a “Conditionally Meets Expectations” rating would most likely result in its downgrade to a “Deficient” rating. A firm with a “Deficient-1” rating is required to take timely corrective action to correct financial or operational deficiencies and to restore and maintain its safety and soundness and compliance with laws and regulations, including those related to consumer protection. Firms with one or more “Deficient-1” component ratings may be subject to an informal or formal enforcement action, depending on particular facts and circumstances. Two or more component ratings of “Deficient-1” could be a barrier for a firm seeking Federal Reserve approval to engage in new or expansionary activities.
• *Deficient-2:* Financial or operational deficiencies in a firm's practices or capabilities present a threat to the firm's safety and soundness, or have already put the firm in an unsafe and unsound condition.
A firm with a “Deficient-2” rating is required to immediately implement comprehensive corrective measures, and demonstrate the sufficiency of contingency planning in the event of further deterioration. There is a strong presumption that a firm with a “Deficient-2” rating will be subject to a formal enforcement action, and the Federal Reserve would be unlikely to approve any proposal from a firm with this rating to engage in new or expansionary activities.
The Federal Reserve will take into account a number of individual elements of a firm's practices, capabilities, and performance when making each component rating assignment. The weighting of an individual element in assigning a component rating will depend on its impact on the firm's safety, soundness, and resilience as provided for in the LFI rating system definitions. For example, for purposes of the Governance and Controls rating, a limited number of significant deficiencies—or even just one significant deficiency—noted for management of a single material business line could be viewed as sufficiently important to warrant a “Deficient-1” for the Governance and Controls component rating, even if the firm meets supervisory expectations under the Governance and Controls component in all other respects.
Under the LFI rating system, a firm must be rated “Broadly Meets Expectations” or “Conditionally Meets Expectations” for each of the three component ratings (Capital, Liquidity, Governance and Controls), or rated “Deficient-1” in one component and “Broadly Meets Expectations” or “Conditionally Meets Expectations” for each of the other two components, to be considered “well managed” in accordance with various statutes and regulations. [^83] A firm rated “Deficient-1” for two or more rating components or “Deficient-2” for any rating component would not be considered “well managed,” which would subject the firm to various consequences. The Federal Reserve would be unlikely to approve any proposal from a firm rated “Deficient-2” for any rating component to engage in new or expansionary activities. A firm rated “Deficient-1” for two or more rating component would not be considered “well managed,” which would subject the firm to various consequences. Two or more “Deficient-1” ratings could be a barrier for a firm seeking Federal Reserve approval of a proposal to engage in new or expansionary activities, unless the firm can demonstrate that (i) it is making meaningful, sustained progress in resolving identified deficiencies and issues; (ii) the proposed new or expansionary activities would not present a risk of exacerbating current deficiencies or issues or lead to new concerns; and (iii) the proposed activities would not distract the firm from remediating current deficiencies or issues. A “well managed” firm has sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of conditions, including stressful ones.
[^83] 12 U.S.C. 1841 *et seq.* and 12 U.S.C. 1461 *et seq. See,**e.g.,* 12 CFR 225.4(b)(6), 225.14, 225.22(a), 225.23, 225.85, and 225.86; 12 CFR 211.9(b), 211.10(a)(14), and 211.34; and 12 CFR 223.41.
**C. LFI Rating Components**
The LFI rating system is comprised of three component ratings: [^84]
[^84] There may be instances where deficiencies or supervisory issues may be relevant to the Federal Reserve's assessment of more than one component area. As such, the LFI rating will reflect these deficiencies or issues within multiple rating components when necessary to provide a comprehensive supervisory assessment.
**1. Capital Planning and Positions Component Rating**
The Capital Planning and Positions component rating evaluates (i) the effectiveness of a firm's governance and planning processes used to determine the amount of capital necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's capital positions to comply with applicable regulatory requirements and to support the firm's ability to continue to serve as a financial intermediary through a range of conditions.
In developing this rating, the Federal Reserve evaluates:
• *Capital Planning:* The extent to which a firm maintains sound capital planning practices through effective governance and oversight; effective risk management and controls; maintenance of updated capital policies and contingency plans for addressing potential shortfalls; and incorporation of appropriately stressful conditions into capital planning and projections of capital positions; and
• *Capital Positions:* The extent to which a firm's capital is sufficient to comply with regulatory requirements, and to support its ability to meet its obligations to depositors, creditors, and other counterparties and continue to serve as a financial intermediary through a range of conditions.
**Definitions for the Capital Planning and Positions Component Rating**
**Broadly Meets Expectations**
A firm's capital planning and positions broadly meet supervisory expectations and support maintenance of safe-and-sound operations. Specifically:
• The firm is capable of producing sound assessments of capital adequacy through a range of conditions; *and*
• The firm's current and projected capital positions comply with regulatory requirements, and support its ability to absorb current and potential losses, to meet obligations, and to continue to serve as a financial intermediary through a range of conditions.
A firm rated “Broadly Meets Expectations” may be subject to identified supervisory issues requiring corrective action. However, these issues are unlikely to present a threat to the firm's ability to maintain safe-and-sound operations through a range of potentially stressful conditions.
A firm that does not meet the capital planning and positions expectations associated with a “Broadly Meets Expectations” rating will be rated “Conditionally Meets Expectations,” “Deficient-1,” or “Deficient-2,” and subject to potential consequences as outlined below.
**Conditionally Meets Expectations**
Certain, material financial or operational weaknesses in a firm's capital planning or positions may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business.
Specifically, if left unresolved, these weaknesses:
• May threaten the firm's ability to produce sound assessments of capital adequacy through a range of conditions; and/or
• May result in the firm's projected capital positions being insufficient to absorb potential losses, comply with regulatory requirements, and support the firm's ability to meet current and prospective obligations and to continue to serve as a financial intermediary through a range of conditions.
The Federal Reserve does not intend for a firm to be rated “Conditionally Meets Expectations” for a prolonged period. The firm has the ability to resolve these issues through measures that do not require a material change to the firm's business model or financial profile, or its governance, risk management, or internal control structures or practices. The Federal Reserve will work with the firm to develop an appropriate timeframe during which the firm would be required to resolve each supervisory issue leading to the “Conditionally Meets Expectations” rating.
The Federal Reserve will closely monitor the firm's remediation and mitigation activities; in most instances, the firm will either:
(i) Resolve the issues in a timely manner and, if no new material supervisory issues arise, be upgraded to a “Broadly Meets Expectations” rating because the firm's capital planning practices and related positions would broadly meet supervisory expectations; or
(ii) Fail to resolve the issues in a timely manner and be downgraded to a “Deficient-1” rating, because the inability to resolve the issues would indicate that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
It is possible that a firm may be close to completing resolution of the supervisory issues leading to the “Conditionally Meets Expectations” rating, but new issues are identified that, taken alone, would be consistent with a “Conditionally Meets Expectations” rating. In this event, the firm may continue to be rated “Conditionally Meets Expectations,” provided the new issues do not reflect a pattern of deeper or prolonged capital planning or positions weaknesses consistent with a “Deficient” rating.
A “Conditionally Meets Expectations” rating may be assigned to a firm that meets the above definition regardless of its prior rating. A firm previously rated “Deficient-1” may be upgraded to “Conditionally Meets Expectations” if the firm's remediation and mitigation activities are sufficiently advanced so that the firm's prospects for remaining safe and sound are no longer at significant risk, even if the firm has outstanding supervisory issues or is subject to an active enforcement action.
**Deficient-1**
Financial or operational deficiencies in a firm's capital planning or positions put the firm's prospects for remaining safe and sound through a range of conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require a material change to the firm's business model or financial profile, or its capital planning practices.
Specifically, although the firm's current condition is not considered to be materially threatened:
• Deficiencies in the firm's capital planning processes are not effectively mitigated. These deficiencies limit the firm's ability to effectively assess capital adequacy through a range of conditions; and/or
• The firm's projected capital positions may be insufficient to absorb potential losses and to support its ability to meet current and prospective obligations and serve as a financial intermediary through a range of conditions.
Supervisory issues that place the firm's safety and soundness at significant risk, and where resolution is likely to require steps that clearly go beyond the normal course of business—such as issues requiring a material change to the firm's business model or financial profile, or its governance, risk management, or internal control structures or practices—would generally warrant assignment of a “Deficient-1” rating.
A “Deficient-1” rating may be assigned to a firm regardless of its prior rating. A firm previously rated “Broadly Meets Expectations” may be downgraded to “Deficient-1” when supervisory issues are identified that place the firm's prospects for maintaining safe-and-sound operations through a range of potentially stressful conditions at significant risk. A firm previously rated “Conditionally Meets Expectations” may be downgraded to “Deficient-1” when the firm's inability to resolve supervisory issues in a timely manner indicates that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
To address these financial or operational deficiencies, the firm is required to take timely corrective action to restore and maintain its capital planning and positions consistent with supervisory expectations.
**Deficient-2**
Financial or operational deficiencies in a firm's capital planning or positions present a threat to the firm's safety and soundness, or have already put the firm in an unsafe and unsound condition.
Specifically, as a result of these deficiencies:
• The firm's capital planning processes are insufficient to effectively assess the firm's capital adequacy through a range of conditions; and/or
• The firm's current or projected capital positions are insufficient to absorb current or potential losses, and to support the firm's ability to meet current and prospective obligations and serve as a financial intermediary through a range of conditions.
To address these deficiencies, the firm is required to immediately (i) implement comprehensive corrective measures sufficient to restore and maintain appropriate capital planning capabilities and adequate capital positions; and (ii) demonstrate the sufficiency, credibility and readiness of contingency planning in the event of further deterioration of the firm's financial or operational strength or resiliency.
**2. Liquidity Risk Management and Positions Component Rating**
The Liquidity Risk Management and Positions component rating evaluates (i) the effectiveness of a firm's governance and risk management processes used to determine the amount of liquidity necessary to cover risks and exposures, and to support activities through a range of conditions; and (ii) the sufficiency of a firm's liquidity positions to comply with applicable regulatory requirements and to support the firm's ongoing obligations through a range of conditions.
In developing this rating, the Federal Reserve evaluates:
• *Liquidity Risk Management:* The extent to which a firm maintains sound liquidity risk management practices through effective governance and oversight; effective risk management and controls; maintenance of updated liquidity policies and contingency plans for addressing potential shortfalls; and incorporation of appropriately stressful conditions into liquidity planning and projections of liquidity positions; and
• *Liquidity Positions:* The extent to which a firm's liquidity is sufficient to comply with regulatory requirements, and to support its ability to meet current and prospective obligations to depositors, creditors and other counterparties through a range of conditions.
**Definitions for the Liquidity Risk Management and Positions Component Rating**
**Broadly Meets Expectations**
A firm's liquidity risk management and positions broadly meet supervisory expectations and support maintenance of safe-and-sound operations. Specifically:
• The firm is capable of producing sound assessments of liquidity adequacy through a range of conditions; *and*
• The firm's current and projected liquidity positions comply with regulatory requirements, and support its ability to meet current and prospective obligations and to continue to serve as a financial intermediary through a range of conditions.
A firm rated “Broadly Meets Expectations” may be subject to identified supervisory issues requiring corrective action. However, these issues are unlikely to present a threat to the firm's ability to maintain safe-and-sound operations through a range of potentially stressful conditions.
A firm that does not meet the liquidity risk management and positions expectations associated with a “Broadly Meets Expectations” rating will be rated “Conditionally Meets Expectations,” “Deficient-1,” or “Deficient-2,” and subject to potential consequences as outlined below.
**Conditionally Meets Expectations**
Certain, material financial or operational weaknesses in a firm's liquidity risk management or positions may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business.
Specifically, if left unresolved, these weaknesses:
• May threaten the firm's ability to produce sound assessments of liquidity adequacy through a range of conditions; and/or
• May result in the firm's projected liquidity positions being insufficient to comply with regulatory requirements, and support its ability to meet current and prospective obligations and to continue to serve as a financial intermediary through a range of conditions.
The Federal Reserve does not intend for a firm to be rated “Conditionally Meets Expectations” for a prolonged period. The firm has the ability to resolve these issues through measures that do not require a material change to the firm's business model or financial profile, or its governance, risk management, or internal control structures or practices. The Federal Reserve will work with the firm to develop an appropriate timeframe during which the firm would be required to resolve each supervisory issue leading to the “Conditionally Meets Expectations” rating.
The Federal Reserve will closely monitor the firm's remediation and mitigation activities; in most instances, the firm will either:
(i) Resolve the issues in a timely manner and, if no new material supervisory issues arise, be upgraded to a “Broadly Meets Expectations” rating because the firm's liquidity risk management practices and related positions would broadly meet supervisory expectations; or
(ii) Fail to resolve the issues in a timely manner and be downgraded to a “Deficient-1” rating, because the firm's inability to resolve those issues would indicate that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
It is possible that a firm may be close to completing resolution of the supervisory issues leading to the “Conditionally Meets Expectations” rating, but new issues are identified that, taken alone, would be consistent with a “Conditionally Meets Expectations” rating. In this event, the firm may continue to be rated “Conditionally Meets Expectations,” provided the new issues do not reflect a pattern of deeper or prolonged liquidity risk management and positions weaknesses consistent with a “Deficient” rating.
A “Conditionally Meets Expectations” rating may be assigned to a firm that meets the above definition regardless of its prior rating. A firm previously rated “Deficient-1” may be upgraded to “Conditionally Meets Expectations” if the firm's remediation and mitigation activities are sufficiently advanced so that the firm's prospects for remaining safe and sound are no longer at significant risk, even if the firm has outstanding supervisory issues or is subject to an active enforcement action.
**Deficient-1**
Financial or operational deficiencies in a firm's liquidity risk management or positions put the firm's prospects for remaining safe and sound through a range of conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require a material change to the firm's business model or financial profile, or its liquidity risk management practices.
Specifically, although the firm's current condition is not considered to be materially threatened:
• Deficiencies in the firm's liquidity risk management processes are not effectively mitigated. These deficiencies limit the firm's ability to effectively assess liquidity adequacy through a range of conditions; and/or
• The firm's projected liquidity positions may be insufficient to support its ability to meet prospective obligations and serve as a financial intermediary through a range of conditions.
Supervisory issues that place the firm's safety and soundness at significant risk, and where resolution is likely to require steps that clearly go beyond the normal course of business—such as issues requiring a material change to the firm's business model or financial profile, or its governance, risk management, or internal control structures or practices—would generally warrant assignment of a “Deficient-1” rating.
A “Deficient-1” rating may be assigned to a firm regardless of its prior rating. A firm previously rated “Broadly Meets Expectations” may be downgraded to “Deficient-1” when supervisory issues are identified that place the firm's prospects for maintaining safe and sound operations through a range of potentially stressful conditions at significant risk. A firm previously rated “Conditionally Meets Expectations” may be downgraded to “Deficient-1” when the firm's inability to resolve supervisory issues in a timely manner indicates that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
To address these financial or operational deficiencies, the firm is required to take timely corrective action to restore and maintain its liquidity risk management and positions consistent with supervisory expectations.
**Deficient-2**
Financial or operational deficiencies in a firm's liquidity risk management or positions present a threat to the firm's safety and soundness, or have already put the firm in an unsafe and unsound condition.
Specifically, as a result of these deficiencies:
• The firm's liquidity risk management processes are insufficient to effectively assess the firm's liquidity adequacy through a range of conditions; and/or
• The firm's current or projected liquidity positions are insufficient to support the firm's ability to meet current and prospective obligations and serve as a financial intermediary through a range of conditions.
To address these deficiencies, the firm is required to immediately (i) implement comprehensive corrective measures sufficient to restore and maintain appropriate liquidity risk management capabilities and adequate liquidity positions; and (ii) demonstrate the sufficiency, credibility and readiness of contingency planning in the event of further deterioration of the firm's financial or operational strength or resiliency.
**3. Governance and Controls Component Rating**
The Governance and Controls component rating evaluates the effectiveness of a firm's (i) board of directors, (ii) management of business lines and independent risk management and controls, and (iii) recovery planning (for domestic LISCC firms only). This rating assesses a firm's effectiveness in aligning strategic business objectives with the firm's risk appetite and risk management capabilities; maintaining effective and independent risk management and control functions, including internal audit; promoting compliance with laws and regulations, including those related to consumer protection; and otherwise providing for the ongoing resiliency of the firm.
In developing this rating, the Federal Reserve evaluates:
• *Effectiveness of the Board of Directors:* The extent to which the board exhibits attributes that are consistent with those of effective boards in carrying out its core roles and responsibilities, including: (i) setting a clear, aligned, and consistent direction regarding the firm's strategy and risk appetite; (ii) directing senior management regarding the board's information; (iii) overseeing and holding senior management accountable, (iv) supporting the independence and stature of independent risk management and internal audit; and (v) maintaining a capable board composition and governance structure.
• *Management of Business Lines and Independent Risk Management and Controls:*
The extent to which:
○ Senior management effectively and prudently manages the day-to-day operations of the firm and provides for ongoing resiliency; implements the firm's strategy and risk appetite; maintains an effective risk management framework and system of internal controls; and promotes prudent risk taking behaviors and business practices, including compliance with laws and regulations, including those related to consumer protection.
○ Business line management executes business line activities consistent with the firm's strategy and risk appetite; identifies and manages risks; and ensures an effective system of internal controls for its operations.
○ Independent risk management effectively evaluates whether the firm's risk appetite appropriately captures material risks and is consistent with the firm's risk management capacity; establishes and monitors risk limits that are consistent with the firm's risk appetite; identifies and measures the firm's risks; and aggregates, assesses and reports on the firm's risk profile and positions. Additionally, the firm demonstrates that its internal controls are appropriate and tested for effectiveness. Finally, internal audit effectively and independently assesses the firm's risk management framework and internal control systems, and reports findings to senior management and the firm's audit committee.
• *Recovery Planning (domestic LISCC firms only):* The extent to which recovery planning processes effectively identify options that provide a reasonable chance of a firm being able to remedy financial weakness and restore market confidence without extraordinary official sector support.
**Definitions for the Governance and Controls Component Rating**
**Broadly Meets Expectations**
A firm's governance and controls broadly meet supervisory expectations and support maintenance of safe-and-sound operations. Specifically, the firm's practices and capabilities are sufficient to align strategic business objectives with its risk appetite and risk management capabilities; [^85] maintain effective and independent risk management and control functions, including internal audit; promote compliance with laws and regulations (including those related to consumer protection); and otherwise provide for the firm's ongoing financial and operational resiliency through a range of conditions.
[^85] References to risk management capabilities includes risk management of business lines and independent risk management and control functions, including internal audit.
A firm rated “Broadly Meets Expectations” may be subject to identified supervisory issues requiring corrective action. However, these issues are unlikely to present a threat to the firm's ability to maintain safe-and-sound operations through a range of potentially stressful conditions.
A firm that does not meet supervisory expectations associated with a “Broadly Meets Expectations” rating will be rated “Conditionally Meets Expectations,” “Deficient-1,” or “Deficient-2,” and subject to potential consequences, as outlined below.
**Conditionally Meets Expectations**
Certain, material financial or operational weaknesses in a firm's governance and controls practices may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business. Specifically, if left unresolved, these weaknesses may threaten the firm's ability to align strategic business objectives with the firm's risk appetite and risk management capabilities; maintain effective and independent risk management and control functions, including internal audit; promote compliance with laws and regulations (including those related to consumer protection); or otherwise provide for the firm's ongoing resiliency through a range of conditions.
The Federal Reserve does not intend for a firm to be rated “Conditionally Meets Expectations” for a prolonged period. The firm has the ability to resolve these issues through measures that do not require a material change to the firm's business model or financial profile, or its governance, risk management, or internal control structures or practices. The Federal Reserve will work with the firm to develop an appropriate timeframe during which the firm would be required to resolve each supervisory issue leading to the “Conditionally Meets Expectations” rating.
The Federal Reserve will closely monitor the firm's remediation and mitigation activities; in most instances, the firm will either:
(i) Resolve the issues in a timely manner and, if no new material supervisory issues arise, be upgraded to a “Broadly Meets Expectations” rating because the firm's governance and controls would broadly meet supervisory expectations; or
(ii) Fail to resolve the issues in a timely manner and be downgraded to a “Deficient-1” rating, because the firm's inability to resolve those issues would indicate that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
It is possible that a firm may be close to completing resolution of the supervisory issues leading to the “Conditionally Meets Expectations” rating, but new issues are identified that, taken alone, would be consistent with a “Conditionally Meets Expectations” rating. In this event, the firm may continue to be rated “Conditionally Meets Expectations,” provided the new issues do not reflect a pattern of deeper or prolonged governance and controls weaknesses consistent with a “Deficient” rating.
A “Conditionally Meets Expectations” rating may be assigned to a firm that meets the above definition regardless of its prior rating. A firm previously rated “Deficient” may be upgraded to “Conditionally Meets Expectations” if the firm's remediation and mitigation activities are sufficiently advanced so that the firm's prospects for remaining safe and sound are no longer at significant risk, even if the firm has outstanding supervisory issues or is subject to an active enforcement action.
**Deficient-1**
Financial or operational deficiencies in a firm's governance and controls put the firm's prospects for remaining safe and sound through a range of conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require a material change to the firm's business model or financial profile, or its governance, risk management, or internal control structures or practices.
Specifically, although the firm's current condition is not considered to be materially threatened, these deficiencies limit the firm's ability to align strategic business objectives with its risk appetite and risk management capabilities; maintain effective and independent risk management and control functions, including internal audit; promote compliance with laws and regulations (including those related to consumer protection); or otherwise provide for the firm's ongoing resiliency through a range of conditions.
A “Deficient-1” rating may be assigned to a firm regardless of its prior rating. A firm previously rated “Broadly Meets Expectations” may be downgraded to “Deficient-1” when supervisory issues are identified that place the firm's prospects for maintaining safe-and-sound operations through a range of potentially stressful conditions at significant risk. A firm previously rated “Conditionally Meets Expectations” may be downgraded to “Deficient-1” when the firm's inability to resolve supervisory issues in a timely manner indicates that the firm does not possess sufficient financial or operational capabilities to maintain its safety and soundness through a range of conditions.
To address these financial or operational deficiencies, the firm is required to take timely corrective action to restore and maintain its governance and controls consistent with supervisory expectations.
**Deficient-2**
Financial or operational deficiencies in governance or controls present a threat to the firm's safety and soundness, or have already put the firm in an unsafe and unsound condition. Specifically, as a result of these deficiencies, the firm is unable to align strategic business objectives with its risk appetite and risk management capabilities; maintain effective and independent risk management and control functions, including internal audit; promote compliance with laws and regulations (including those related to consumer protection); or otherwise provide for the firm's ongoing resiliency.
To address these deficiencies, the firm is required to immediately (i) implement comprehensive corrective measures sufficient to restore and maintain appropriate governance and control capabilities; and (ii) demonstrate the sufficiency, credibility, and readiness of contingency planning in the event of further deterioration of the firm's financial or operational strength or resiliency.
**Appendix B—Text of Proposed Insurance Supervisory Framework**
**Framework for the Supervision of Insurance Organizations**
This framework describes the Federal Reserve's approach to consolidated supervision of supervised insurance organizations. [^86] The framework is designed specifically to account for the unique risks and business profiles of these firms resulting mainly from their insurance business. The framework consists of a risk-based approach to establishing supervisory expectations, assigning supervisory resources, and conducting supervisory activities; a supervisory rating system; and a description of how Federal Reserve examiners work with the state insurance regulators to limit supervisory duplication.
[^86] In this framework, a “supervised insurance organization” is a depository institution holding company that is an insurance underwriting company, or that has over 25 percent of its consolidated assets held by insurance underwriting subsidiaries, or has been otherwise designated as a supervised insurance organization by Federal Reserve staff.
**A. Proportionality—Supervisory Activities and Expectations**
Consistent with the Federal Reserve's approach to risk-based supervision, supervisory guidance is applied, and supervisory activities are conducted, in a manner that is proportionate to each firm's individual risk profile. This begins by classifying each supervised insurance organization either as complex or noncomplex based on its risk profile and continues with a risk based application of supervisory guidance and supervisory activities driven by a periodic risk assessment. The risk assessment drives planned supervisory activities and is communicated to the firm along with the supervisory plan for the upcoming cycle. Supervisory activities are focused on resolving supervisory knowledge gaps, monitoring the safety and soundness of the firm, assessing the firm's management of risks that could potentially impact its ability to act as a source of managerial and financial strength for its depository institution(s), and monitoring for potential systemic risk, if relevant.
**1. Complexity Classification and Supervised Activities**
The Federal Reserve classifies each supervised insurance organization as either complex or noncomplex based on its risk profile. The classification serves as the basis for determining the level of supervisory resources dedicated to each firm, as well as the frequency and intensity of supervisory activities.
**Complex**
Complex firms have a higher level of risk and therefore require more supervisory attention and resources. Federal Reserve dedicated supervisory teams are assigned to execute approved supervisory plans led by a dedicated Central Point of Contact. The activities listed in the supervisory plans focus on understanding any risks that could threaten the safety and soundness of the consolidated organization or a firm's ability to act as a source of strength for its subsidiary depository institution(s). These activities typically include continuous monitoring, targeted topical examinations, coordinated reviews, and an annual roll-up assessment resulting in ratings for the three rating components. The relevance of certain supervisory guidance may vary among complex firms based on each firm's risk profile. Supervisory guidance targeted at smaller depository institution holding companies, for example, may be more relevant for complex supervised insurance organizations with limited inherent exposure to a certain risk.
**Noncomplex**
Noncomplex firms, due to their lower risk profile, require less supervisory oversight relative to complex firms. The supervisory activities for these firms occur primarily during a rating examination that occurs no less often than every other year and results in the three component ratings. The supervision of noncomplex firms relies more heavily on the reports and assessments of a firm's other relevant supervisors, although these firms may also be subject to continuous monitoring, targeted topical examinations, and coordinated reviews as appropriate. The focus and types of supervisory activities for noncom plex firms are also set based on the risks of each firm.
Factors considered when classifying a supervised insurance organization as either complex or noncom plex include the absolute and relative size of its depository institution(s), its current supervisory and regulatory oversight (ratings and opinions of its supervisors, and the nature and extent of any unregulated and/or unsupervised activities), the breadth and nature of product and portfolio risks, the nature of its organizational structure, its quality and level of capital and liquidity, the materiality of any international exposure, and its interconnectedness with the broader financial system.
For supervised insurance organizations that are commencing Federal Reserve supervision, the classification as complex or noncomplex is done and communicated during the application phase after initial discussions with the firm. The firm's risk profile, including the characteristics listed above, are evaluated by staff of the Board and relevant Reserve Bank before the complexity classification is assigned by Board staff. Large, well-established, and financially strong supervised insurance organizations with relatively small depository institutions can be classified as noncomplex if, in the opinion of Board staff, the corresponding level of supervisory oversight is sufficient to accomplish its objectives. Although the risk profile is the primary basis for assigning a classification, a firm is automatically classified as complex if its depository institution's average assets exceed $100 billion. A firm may request that the Federal Reserve review its complexity classification if it has experienced a significant change to its risk profile.
The focus, frequency, and intensity of supervisory activities are based on a risk assessment of the firm completed periodically by the supervisory team and will vary among firms within the same complexity classification. For each risk described in the Supervisory Expectations section below, the supervisory team assesses the firm's inherent risks and its residual risk after considering the effectiveness of its management of the risk. The risk assessment and the supervisory activities that follow from it take into account the assessments made by and work performed by the firm's other regulators. In certain instances, Federal Reserve examiners may be able to rely on a firm's internal audit (if it is rated effective) or internal control functions in developing the risk assessment.
**2. Supervisory Expectations**
Supervised insurance organizations are required to operate in a safe and sound manner, to comply with all applicable laws and regulations, and to possess sufficient financial and operational strength to serve as a source of strength for their depository institution(s) through a range of stressful yet plausible conditions. The governance and risk management practices necessary to accomplish these objectives will vary based on a firm's specific risk profile, size, and complexity. Guidance describing supervisory expectations for safe and sound practices can be found in Supervision & Regulation (SR) letters published by the Board and other supervisory material. Supervisory guidance most relevant to a specific supervised insurance organization is driven by the risk profile of the firm. Federal Reserve examiners periodically reassess the firm's risk profile and inform the firm if different supervisory guidance becomes more relevant as a result of a material change to its risk profile.
Most supervisory guidance issued by the Board is intended specifically for institutions that are primarily engaged in banking activities. Examples of specific practices provided in these materials may differ from (or not be applicable to) the nonbanking operations of supervised insurance organizations, including for insurance operations. The Board recognizes that practices in nonbanking business lines can be different than those published in supervisory guidance without being considered unsafe or unsound. When making their assessment, Federal Reserve examiners work with supervised insurance organizations and other involved regulators, including state insurance regulators, to appropriately assess practices that may be different than those typically observed for banking operations.
This section describes general safety and soundness expectations and how the Board has adapted its supervisory expectations to reflect the special characteristics of a supervised insurance organization. The section is organized using the three rating components—Governance and Controls, Capital Management, and Liquidity Management.
**Governance and Controls**
The Governance and Controls component rating is derived from an assessment of the effectiveness of a firm's (1) board and senior management, and (2) independent risk management and controls. All firms are expected to align their strategic business objectives with their risk appetite and risk management capabilities; maintain effective and independent risk management and control functions including internal audit; promote compliance with laws and regulations; and remain a source of financial and managerial strength for their depository institution(s).
When assessing governance and controls, Federal Reserve examiners consider a firm's risk management capabilities relative to its risk exposure within the following areas: internal audit, credit risk, legal and compliance risk, market risk, model risk, and operational risk, including cybersecurity/information technology and third-party risk.
**Governance & Controls Expectations**
• Despite differences in their business models and the products offered, insurance companies and banks are expected to have effective and sustainable systems of governance and controls to manage their respective risks. The governance and controls framework for a supervised insurance organization should:
○ Clearly define roles and responsibilities throughout the organization;
○ Include policies and procedures, limits, requirements for documenting decisions, and decision-making and accountability chains of command; and
○ Provide timely information about risk and corrective action for non-compliance or weak oversight, controls, and management.
• The Board expects the sophistication of the governance and controls framework to be commensurate with the size, complexity, and risk profile of the firm. As such, governance and controls expectations for complex firms will be higher than that for noncom plex firms but will also vary based on each firm's risk profile.
• The Board expects supervised insurance organizations to have a risk management and control framework that is commensurate with its structure, risk profile, complexity, activities, and size. For any chosen structure, the firm's board is expected to have the capacity, expertise, and sufficient information to discharge risk oversight and governance responsibilities in a safe and sound manner.
In assigning a rating for the Governance and Controls component, Federal Reserve examiners evaluate:
**Board and Senior Management Effectiveness**
• The firm's board is expected to exhibit certain attributes consistent with effectiveness, including: (i) setting a clear, aligned, and consistent direction regarding the firm's strategy and risk appetite; (ii) directing senior management regarding board reporting; (iii) overseeing and holding senior management accountable; (iv) supporting the independence and stature of independent risk management and internal audit; and (v) maintaining a capable board and an effective governance structure. As the consolidated supervisor, the Board focuses on the board of the supervised insurance organization and its committees. Complex firms are expected to take into consideration the Board's guidance on board of directors' effectiveness. [^87] In assessing the effectiveness of a firm's senior management, Federal Reserve examiners consider the extent to which senior management effectively and prudently manages the day-to-day operations of the firm and provides for ongoing resiliency; implements the firm's strategy and risk appetite; identifies and manages risks; maintains an effective risk management framework and system of internal controls; and promotes prudent risk taking behaviors and business practices, including compliance with laws and regulations such as those related to consumer protection and the Bank Secrecy Act/Anti-Money Laundering and Office of Foreign Assets Control (BSA/AML and OFAC). Federal Reserve examiners evaluate how the framework allows management to be responsible for and manage all risk types, including emerging risks, within the business lines. Examiners rely to the fullest extent possible on insurance and banking supervisors' examination reports and information concerning risk and management in specific lines of business, including relying specifically on state insurance regulators to evaluate and assess how firms manage the pricing, underwriting, and reserving risk of their insurance operations.
[^87]*See* SR Letter 21-3, “Supervisory Guidance on Board of Directors' Effectiveness.”
**Independent Risk Management and Controls**
• In assessing a firm's independent risk management and controls, Federal Reserve examiners consider the extent to which independent risk management effectively evaluates whether the firm's risk appetite framework identifies and measures all of the firm's material risks; establishes appropriate risk limits; and aggregates, assesses and reports on the firm's risk profile and positions. Additionally, the firm is expected to demonstrate that its internal controls are appropriate and tested for effectiveness and sustainability.
• *Internal Audit* is an integral part of a supervised insurance organization's internal control system and risk management structure. An effective internal audit function plays an essential role by providing an independent risk assessment and objective evaluation of all key governance, risk management, and internal control processes. Internal audit is expected to effectively and independently assess the firm's risk management framework and internal control systems, and report findings to senior management and to the firm's audit committee. Despite differences in business models, the Board expects the largest, most complex supervised insurance organizations to have internal audit practices in place that are similar to those at banking organizations and as such, no modification to existing guidance is required for these firms. [^88] At the same time, the Board recognizes that firms should have an internal audit function that is appropriate to their size, nature, and scope of activities. Therefore, for noncomplex firms, Federal Reserve examiners will consider the expectations in the insurance company's domicile state's Annual Financial Reporting Regulation (NAIC Model Audit Rule 205), or similar state regulation, to assess the effectiveness of a firm's internal audit function.
[^88] Regulatory guidance provided in SR Letter 03-5, “Amended Interagency Guidance on the Internal Audit Function and its Outsourcing” and SR Letter 13-1, “Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing” are applicable to complex supervised insurance organizations.
The principles of sound risk management described in the previous sections apply to the entire spectrum of risk management activities of a supervised insurance organization, including but not limited to:
• *Credit risk* arises from the possibility that a borrower or counterparty will fail to perform on an obligation. Fixed income securities, by far the largest asset class held by many insurance companies, is a large source of credit risk. This is unlike most banking organizations, where loans generally make up the largest portion of balance sheet assets. Life insurer investment portfolios in particular are generally characterized by longer duration holdings compared to those of banking organizations. Additionally, an insurance company's reinsurance recoverables/receivables arising from the use of third-party reinsurance and participation in regulatory required risk-pooling arrangements expose the firm to additional counterparty credit risk. Federal Reserve examiners scope examination work based on a firm's level of inherent credit risk. The level of inherent risk is determined by analyzing the composition, concentration, and quality of the consolidated investment portfolio; the level of a firm's reinsurance recoverables, the credit quality of the individual reinsurers, and the amount of collateral held for reinsured risks; and credit exposures associated with derivatives, securities lending, or other activities that may also have off-balance sheet counterparty credit exposures. In determining the effectiveness of a firm's management of its credit risk, Federal Reserve examiners rely, where possible, on the assessments made by other relevant supervisors for the depository institution(s) and the insurance company(ies). In its own assessment, the Federal Reserve will determine whether the board and senior management have established an appropriate credit risk governance framework consistent with the firm's risk appetite; whether policies, procedures and limits are adequate and provide for ongoing monitoring, reporting and control of credit risk; the adequacy of management information systems as it relates to credit risk; and the sufficiency of internal audit and independent review coverage of credit risk exposure.
• *Market risk* arises from exposures to losses as a result of underlying changes in, for example, interest rates, equity prices, foreign exchange rates, commodity prices, or real estate prices. Federal Reserve examiners scope examination work based on a firm's level of inherent market risk exposure, which is normally driven by the primary business line(s) in which the firm is engaged as well as the structure of the investment portfolio. A firm may be exposed to inherent market risk due to its investment portfolio or as result of its product offerings, including variable and indexed life insurance and annuity products, or asset/wealth management business. While interest rate risk (IRR), a category of market risk, differs between insurance companies and banking organizations, the degree of IRR also differs based on the type of insurance products the firm offers. IRR is generally a small risk for U.S. property/casualty (P/C) whereas it can be a significant risk factor for life insurers with certain life and annuity products that are spread-based, longer in duration, may include embedded product guarantees, and can pose disintermediation risk. Equity market risk can be significant for life insurers that issue guarantees tied to equity markets, like variable annuity living benefits, and for P/C insurers with large common equity allocations in their investment portfolios. Generally foreign exchange and commodity risk is low for supervised insurance organizations but could be material for some complex firms. Firms are expected to have sound risk management infrastructure that adequately identifies, measures, monitors, and controls any material or significant forms of market risks to which it is exposed.
• *Model risk* is the potential for adverse consequences from decisions based on incorrect or misused model outputs and reports. Model risk can lead to financial loss or poor business and strategic decision-making. Supervised insurance organizations are often heavily reliant on models for product pricing and reserving, risk and capital management strategic planning and other decision-making purposes. A sound model risk management framework helps manage this risk. [^89] Federal Reserve examiners take into account the firm's size, nature, and complexity, as well as the extent of use and sophistication of its models when assessing its model risk management program. Examiners focus on the governance framework, policies and controls, and enterprise model risk management through a holistic evaluation of the firm's practices. The Federal Reserve's review of a firm's model risk management program complements the work of the firm's other relevant supervisors. A sound model risk management framework includes three main elements: (1) an accurate model inventory and an appropriate approach to model development, implementation, and use; (2) effective model validation and continuous model performance monitoring; and (3) a strong governance framework that provides explicit support and structure for model risk management through policies defining relevant activities, procedures that implement those policies, allocation of resources, and mechanisms for evaluating whether policies and procedures are being carried out as specified, including internal audit review. The Federal Reserve relies on work already conducted by other relevant supervisors and appropriately collaborates with state insurance regulators on their findings related to insurance models. With respect to insurance models, the Federal Reserve recognizes the important role played by actuaries as described in actuarial standards of practice on model risk management. With respect to the business of insurance, Federal Reserve examiners focus on the firm's adherence to its own policies and procedures and the comprehensiveness of model validation rather than technical specifications such as the appropriateness of the model, its assumptions, or output. Federal Reserve examiners may request that firms provide model documentation or model validation reports for insurance and bank models when performing transaction testing.
[^89] SR Letter 11-7, “Guidance on Model Risk Management” is applicable to all supervised insurance organizations.
• *Legal risk* arises from the potential that unenforceable contracts, lawsuits, or adverse judgments can disrupt or otherwise negatively affect the operations or financial condition of a supervised insurance organization.
• *Compliance risk* is the risk of regulatory sanctions, fines, penalties, or losses resulting from failure to comply with laws, rules, regulations, or other supervisory requirements applicable to a firm. By offering multiple financial service products that may include insurance, annuity, banking, services provided by securities broker-dealers, and asset and wealth management products, provided through a diverse distribution network, supervised insurance organizations are inherently exposed to a significant amount of legal and compliance risk. As the consolidated supervisor, the Board expects firms to have an enterprise-wide legal and compliance risk management program that covers all business lines, legal entities, and jurisdictions of operation. Firms are expected to have compliance risk management governance, oversight, monitoring, testing, and reporting commensurate with their size and complexity, and to ensure compliance with all applicable laws and regulations. The principles-based guidance in existing SR letters related to legal and compliance risk is applicable to supervised insurance organizations. [^90] For both complex and noncom plex firms, Federal Reserve examiners rely on the work of the firm's other supervisors. As described in section C, Incorporating the Work of Other Supervisors, the assessments, examination results, ratings, supervisory issues, and enforcement actions from other supervisors will be incorporated into a consolidated assessment of the enterprise-wide legal and compliance risk management framework.
[^90] SR Letter 08-8, “Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliance Profiles” is applicable to complex supervised insurance organizations. For noncomplex firms, the Federal Reserve will assess legal and compliance risk management based on the guidance in SR Letter 16-11, “Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $100 Billion.”
○ Money laundering, terrorist financing and other illicit financial activity risk is the risk of providing criminals access to the legitimate financial system and thereby being used to facilitate financial crime. This financial crime includes laundering criminal proceeds, financing terrorism, and conducting other illegal activities. Money laundering and terrorist financing risk is associated with a financial institution's products, services, customers, and geographic locations. This and other illicit financial activity risks can impact a firm across business lines, legal entities, and jurisdictions. A reasonably designed compliance program generally includes a structure and oversight that mitigates these risks and supports regulatory compliance with both BSA/AML OFAC requirements. Although OFAC regulations are not part of the BSA, OFAC compliance programs are frequently assessed in conjunction with BSA/AML. Supervised insurance organizations are not defined as financial institutions under the BSA and, therefore, are not required to have an AML program, unless the firm is directly selling certain insurance products. However, certain subsidiaries and affiliates of supervised insurance organizations, such as insurance companies and banks, are defined as financial institutions under 31 U.S.C. 5312(a)(2) and must develop and implement a written BSA/AML compliance program as well as comply with other BSA regulatory requirements. Unlike banks, insurance companies' BSA/AML obligations are limited to certain products, referred to as covered insurance products. [^91] The volume of covered products, which the Financial Crimes Enforcement Network (FinCEN) has determined to be of higher risk, is an important driver of supervisory focus. In addition, as U.S. persons, all supervised insurance organizations (including their subsidiaries and affiliates) are subject to OFAC regulations. Federal Reserve examiners assess all material risks that each firm faces, extending to whether business activities across the consolidated organization, including within its individual subsidiaries or affiliates, comply with the legal requirements of BSA and OFAC regulations. In keeping with the principles of a risk-based framework and proportionality, Federal Reserve supervision for BSA/AML and OFAC primarily focuses on oversight of compliance programs at a consolidated level and relies on work by other relevant supervisors to the fullest extent possible. In the evaluation of a firm's risks and BSA/AML and OFAC compliance program, however, it may be necessary for examiners to review compliance with BSA/AML and OFAC requirements at individual subsidiaries or affiliates in order to fully assess the material risks of the supervised insurance organization.
[^91] “Covered products” means a permanent life insurance policy, other than a group life insurance policy; an annuity contract, other than a group annuity contract; or any other insurance product with features of cash value or investment. 31 CFR 1025.100(b). “Permanent life insurance policy” means an agreement that contains a cash value or investment element and that obligates the insurer to indemnify or to confer a benefit upon the insured or beneficiary to the agreement contingent upon the death of the insured. 31 CFR 1025.100(h). “Annuity contract” means any agreement between the insurer and the contract owner whereby the insurer promises to pay out a fixed or variable income stream for a period of time. 31 CFR 1025.100(a).
• *Operational risk* is the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. Operational resilience is the ability to maintain operations, including critical operations and core business lines, through a disruption from any hazard. It is the outcome of effective operational risk management combined with sufficient financial and operational resources to prepare, adapt, withstand, and recover from disruptions. A firm that operates in a safe and sound manner is able to identify threats, respond and adapt to incidents, and recover and learn from such threats and incidents so that it can prioritize and maintain critical operations and core business lines, along with other operations, services and functions identified by the firm, through a disruption.
○ *Cybersecurity/Information Technology risks* are a subset of operational risk and arise from operations of a firm requiring a strong and robust internal control system and risk management oversight structure. Information Technology (IT) and Cybersecurity (Cyber) functions are especially critical to a firm's operations. Examiners of financial institutions, including supervised insurance organizations, utilize the detailed guidance on mitigating these risks in the Federal Financial Institutions Examination Council's (FFIEC) IT Handbooks. In assessing IT/Cyber risks, Federal Reserve examiners assess each firm's:
Board and senior management for effective oversight and support of IT management;
Information/cyber security program for strong board and senior management support, integration of security activities and controls through business processes, and establishment of clear accountability for security responsibilities;
IT operations for sufficient personnel, system capacity and availability, and storage capacity adequacy to achieve strategic objectives and appropriate solutions;
Development and acquisition processes' ability to identify, acquire, develop, install, and maintain effective IT to support business operations; and
Appropriate business continuity management processes to effectively oversee and implement resilience, continuity, and response capabilities to safeguard employees, customers, assets, products, and services.
Complex and noncomplex firms are assessed in these areas. All supervised insurance organizations are required to notify the Federal Reserve of any computer-security notification incidents. [^92]
[^92] SR Letter 22-4, “Contact Information in Relation to Computer-Security Incident Notification Requirements” applies to all supervised insurance organizations.
○ *Third party risk* is also a subset of operational risk and arises from a firm's use of service providers to perform operational or service functions. These risks may be inherent to the outsourced activity or be introduced with the involvement of the service provider. When assessing effective third party risk management, Federal Reserve examiners evaluate eight areas: (1) third party risk management governance, (2) risk assessment framework, (3) due diligence in the selection of a service provider, (4) a review of any incentive compensation embedded in a service provider contract, (5) management of any contract or legal issues arising from third party agreements, (6) ongoing monitoring and reporting of third parties, (7) business continuity and contingency of the third party for any service disruptions, and (8) effective internal audit program to assess the risk and controls of the firm's third party risk management program. [^93]
[^93] SR Letter 23-4, “Interagency Guidance on Third-Party Relationships: Risk Management” applies to all supervised insurance organizations.
**Capital Management**
The Capital Management rating is derived from an assessment of a firm's current and stressed level of capitalization, and the quality of its capital planning and internal stress testing. A capital management program should be commensurate with a supervised insurance organization's complexity and risk profile. In assigning this rating, the Federal Reserve examiners evaluate the extent to which a firm maintains sound capital planning practices through effective governance and oversight, effective risk management and controls, maintenance of updated capital policies and contingency plans for addressing potential shortfalls, and incorporation of appropriately stressful conditions into capital planning and projections of capital positions. The extent to which a firm's capital is sufficient to comply with regulatory requirements, to support the firm's ability to meet its obligations, and to enable the firm to remain a source of strength to its depository institution(s) in a range of stressful, but plausible, economic and financial environments is also evaluated.
Insurance company balance sheets are typically quite different from those of most banking organizations. For life insurance companies, investment strategies may focus on cash flow matching to reduce interest rate risk and provide liquidity to support their liabilities, while for traditional banks, deposits (liabilities) are attracted to support investment strategies.
Additionally, for insurers, capital provides a buffer for policyholder claims and creditor obligations, helping the firm absorb adverse deviations in expected claims experience, and other drivers of economic loss. The Board recognizes that the capital needs for insurance activities are materially different from those of banking activities and can be different between life and property and casualty insurers. Insurers may also face capital fungibility constraints not faced by banking organizations.
In assessing a supervised insurance organization's capital management, the Federal Reserve relies to the fullest extent possible on information provided by state insurance regulators, including the firm's own risk and solvency assessment (ORSA) and the state insurance regulator's written assessment of the ORSA. An ORSA is an internal process undertaken by an insurance group to assess the adequacy of its risk management and current and prospective capital position under normal and stress scenarios. As part of the ORSA, insurance groups are required to analyze all reasonably foreseeable and relevant material risks that could have an impact on their ability to meet obligations.
The Board expects supervised insurance organizations to have sound governance over their capital planning process. A firm should establish capital goals that are approved by the board of directors, and that reflect the potential impact of legal and/or regulatory restrictions on the transfer of capital between legal entities. In general, senior management should establish the capital planning process, which should be reviewed and approved periodically by the board. The board should require senior management to provide clear, accurate, and timely information on the firm's material risks and exposures to inform board decisions on capital adequacy and actions. The capital planning process should clearly reflect the difference between the risk profiles and associated capital needs of the insurance and banking businesses.
A firm should have a risk management framework that appropriately identifies, measures, and assesses material risks and provides a strong foundation for capital planning. This framework should be supported by comprehensive policies and procedures, clear and well established roles and responsibilities, strong internal controls, and effective reporting to senior management and the board. In addition, the risk management framework should be built upon sound management information systems.
As part of capital management, a firm should have a sound internal control framework that helps ensure that all aspects of the capital planning process are functioning as designed and result in an accurate assessment of the firm's capital needs. The internal control framework should be independently evaluated periodically by the firm's internal audit function.
The governance and oversight framework should include an assessment of the principles and guidelines used for capital planning, issuance, and usage, including internal post-stress capital goals and targeted capital levels; guidelines for dividend payments and stock repurchases; strategies for addressing capital shortfalls; and internal governance responsibilities and procedures for the capital policy. The capital policy should reflect the capital needs of the insurance and banking businesses based on their risks, be approved by the firm's board of directors or a designated committee of the board, and be re-evaluated periodically and revised as necessary.
A strong capital management program will incorporate appropriately stressful conditions and events that could adversely affect the firm's capital adequacy and capital planning. As part of its capital plan, a firm should use at least one scenario that stresses the specific vulnerabilities of the firm's activities and associated risks, including those related to the firm's insurance activities and its banking activities.
Supervised insurance organizations should employ estimation approaches to project the impact on capital positions of various types of stressful conditions and events, and that are independently validated. A firm should estimate losses, revenues, expenses, and capital using sound methods that incorporate macroeconomic and other risk drivers. The robustness of a firm's capital stress testing processes should be commensurate with its risk profile.
**Liquidity Management**
The Liquidity Management rating is derived from an assessment of the supervised insurance organization's liquidity position and the quality of its liquidity risk management program. Each firm's liquidity risk management program should be commensurate with its complexity and risk profile.
The Board recognizes that supervised insurance organizations are typically less exposed to traditional liquidity risk than banking organizations. Instead of cash outflows being mainly the result of discretionary withdrawals, cash outflows for many insurance products only result from the occurrence of an insured event. Insurance products, like annuities, that are potentially exposed to call risk generally have product features ( *i.e.,* surrender charges, market value surrenders, tax treatment, etc.) that help mitigate liquidity risk.
Federal Reserve examiners tailor the application of existing supervisory guidance on liquidity risk management to reflect the liquidity characteristics of supervised insurance organizations. [^94] For example, guidance on intra-day liquidity management would only be applicable for supervised insurance organizations with material intra-day liquidity risks. Additionally, specific references to liquid assets may be more broadly interpreted to include other asset classes such as certain investment-grade corporate bonds.
[^94]*See* SR Letter 10-6, “Interagency Policy Statement on Funding and Liquidity Risk Management.”
The scope of the Federal Reserve's supervisory activities on liquidity risk is influenced by each firm's individual risk profile. Traditional property and casualty insurance products are typically short duration liabilities backed by short-duration, liquid assets. Because of this, they typically present lower liquidity risk than traditional banking activities. However, some nontraditional life insurance and retirement products create liquidity risk through features that allow payments at the request of policyholders without the occurrence of an insured event. Risks of certain other insurance products are often mitigated using derivatives. Any differences between collateral requirements related to hedging and the related liability cash flows can also create liquidity risk. The Board expects firms significantly engaged in these types of insurance activities to have correspondingly more sophisticated liquidity risk management programs.
A strong liquidity risk management program includes cash flow forecasting with appropriate granularity. The firm's suite of quantitative metrics should effectively inform senior management and the board of directors of the firm's liquidity risk profile and identify liquidity events or stresses that could detrimentally affect the firm. The metrics used to measure a firm's liquidity position may vary by type of business.
Federal Reserve examiners rely to the fullest extent possible on each firm's ORSA, which requires all firms to include a discussion of the risk management framework and assessment of material risks, including liquidity risk.
Supervised insurance organizations are expected to perform liquidity stress testing at least annually and more frequently, if necessary, based on their risk profile. The scenarios used should reflect the firm's specific risk profile and include both idiosyncratic and system-wide stress events. Stress testing should inform the firm on the amount of liquid assets necessary to meet net cash outflows over relevant time periods, including at least a one-year time horizon. Firms should hold a liquidity buffer comprised of highly liquid assets to meet stressed net cash outflows. The liquidity buffer should be measured using appropriate haircuts based on asset quality, duration, and expected market illiquidity based on the stress scenario assumptions. Stress testing should reflect the expected impact on collateral requirements. For material life insurance operations, Federal Reserve examiners will rely to the greatest extent possible on information submitted by the firm to comply with the National Association of Insurance Commissioners' (NAIC) liquidity stress test framework.
The fungibility of sources of liquidity is often limited between an insurance group's legal entities. Large insurance groups can operate with a significant number of legal entities and many different regulatory and operational barriers to transferring funds among them. Regulations designed to protect policyholders of insurance operating companies can limit the transferability of funds from an insurance company to other legal entities within the group, including to other insurance operating companies. Supervised insurance organizations should carefully consider these limitations in their stress testing and liquidity risk management framework. Effective liquidity stress testing should include stress testing at the legal entity level with consideration for intercompany liquidity fungibility. Furthermore, the firm should be able to measure and provide an assessment of liquidity at the top-tier depository institution holding company in a manner that incorporates fungibility constraints.
The enterprise-wide governance and oversight framework should be consistent with the firm's liquidity risk profile and include policies and procedures on liquidity risk management. The firm's policies and procedures should describe its liquidity risk reporting, stress testing, and contingency funding plan.
**B. Supervisory Ratings**
Supervised insurance organizations are expected to operate in a safe and sound manner, to comply with all applicable laws and regulations, and to possess sufficient financial and operational strength to serve as a source of strength for their depository institution(s) through a range of stressful yet plausible conditions. Supervisory ratings and supervisory findings are used to communicate the assessment of a firm. Federal Reserve examiners periodically assign one of four ratings to each of the three rating components used to assess supervised insurance organizations. The rating components are Capital Management, Liquidity Management, and Governance & Controls. The four potential ratings are Broadly Meets Expectations, Conditionally Meets Expectations, Deficient-1, and Deficient-2. To be considered “well managed,” a firm must receive a rating of Conditionally Meets Expectations or better in each of the three rating components or a rating of Deficient-1 in one rating component and Broadly Meets Expectations or Conditionally Meets Expectations for each of the other two rating components. A firm rated Deficient-1 for two or more rating components or Deficient-2 for any rating component would not be considered “well managed.” Each rating is defined specifically for supervised insurance organizations with particular emphasis on the obligation that firms serve as a source of financial and managerial strength for their depository institution(s). High-level definitions for each rating are below, followed by more specific rating definitions for each component.
*Broadly Meets Expectations.* The supervised insurance organization's practices and capabilities broadly meet supervisory expectations. The holding company effectively serves as a source of managerial and financial strength for its depository institution(s) and possesses sufficient financial and operational strength and resilience to maintain safe-and-sound operations through a range of stressful yet plausible conditions. The firm may have outstanding supervisory issues requiring corrective actions, but these are unlikely to present a threat to its ability to maintain safe-and-sound operations and unlikely to negatively impact its ability to fulfill its obligation to serve as a source of strength for its depository institution(s). These issues are also expected to be corrected on a timely basis during the normal course of business.
*Conditionally Meets Expectations.* The supervised insurance organization's practices and capabilities are generally considered sound. However, certain supervisory issues are sufficiently material that if not resolved in a timely manner during the normal course of business, may put the firm's prospects for remaining safe and sound, and/or the holding company's ability to serve as a source of managerial and financial strength for its depository institution(s), at risk. A firm with a Conditionally Meets Expectations rating has the ability, resources, and management capacity to resolve its issues and has developed a sound plan to address the issue(s) in a timely manner. Examiners will work with the firm to develop an appropriate timeframe during which it will be required to resolve that supervisory issue(s) leading to this rating.
*Deficient-1.* Financial or operational deficiencies in a supervised insurance organization's practices or capabilities put its prospects for remaining safe and sound, and/or the holding company's ability to serve as a source of managerial and financial strength for its depository institution(s), at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require it to make material changes to its business model or financial profile, or its practices or capabilities. A firm with a Deficient-1 rating is required to take timely action to correct financial or operational deficiencies and to restore and maintain its safety and soundness and compliance with laws and regulations.
Supervisory issues that place the firm's safety and soundness at significant risk, and where resolution is likely to require steps that clearly go beyond the normal course of business—such as issues requiring a material change to the firm's business model or financial profile, or its governance, risk management or internal control structures or practices—would generally warrant assignment of a Deficient-1 rating. Firms with one or more Deficient-1 component ratings may be subject to an informal or formal enforcement action, depending on particular facts and circumstances.
*Deficient-2.* Financial or operational deficiencies in a supervised insurance organization's practices or capabilities present a threat to its safety and soundness, have already put it in an unsafe and unsound condition, and/or make it unlikely that the holding company will be able to serve as a source of financial and managerial strength to its depository institution(s). A firm with a Deficient-2 rating is required to immediately implement comprehensive corrective measures and demonstrate the sufficiency of contingency planning in the event of further deterioration.
There is a strong presumption that a firm with a Deficient-2 rating will be subject to a formal enforcement action.
**Definitions for the Governance and Controls Component Rating**
*Broadly Meets Expectations.* Despite the potential existence of outstanding supervisory issues, the supervised insurance organization's governance and controls broadly meet supervisory expectations, supports maintenance of safe-and-sound operations, and supports the holding company's ability to serve as a source of financial and managerial strength for its depository institutions(s). Specifically, the firm's practices and capabilities are sufficient to align strategic business objectives with its risk appetite and risk management capabilities; maintain effective and independent risk management and control functions, including internal audit; promote compliance with laws and regulations; and otherwise provide for the firm's ongoing financial and operational resiliency through a range of conditions. The firm's governance and controls clearly reflect the holding company's obligation to act as a source of financial and managerial strength for its depository institution(s).
*Conditionally Meets Expectations.* Certain material financial or operational weaknesses in a supervised insurance organization's governance and controls practices may place the firm's prospects for remaining safe and sound through a range of conditions at risk if not resolved in a timely manner during the normal course of business. Specifically, if left unresolved, these weaknesses may threaten the firm's ability to align strategic business objectives with its risk appetite and risk-management capabilities; maintain effective and independent risk management and control functions, including internal audit; promote compliance with laws and regulations; or otherwise provide for the firm's ongoing resiliency through a range of conditions. Supervisory issues may exist related to the firm's internal audit function, but internal audit is still regarded as effective.
*Deficient-1.* Deficiencies in a supervised insurance organization's governance and controls put its prospects for remaining safe and sound through a range of conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require a material change to the firm's business model or financial profile, or its governance, risk management or internal control structures or practices.
Examples of issues that may result in a Deficient-1 rating include, but are not limited to:
• The firm may be currently subject to, or expected to be subject to, informal or formal enforcement action(s) by the Federal Reserve or another regulator tied to violations of laws and regulations that indicate severe deficiencies in the firm's governance and controls.
• Significant legal issues may have or be expected to impede the holding company's ability to act as a source of financial strength for its depository institution(s).
• The firm may have engaged in intentional misconduct.
• Deficiencies within the firm's governance and controls may limit the credibility of the firm's financial results, limit the board or senior management's ability to make sound decisions, or materially increase the firm's risk of litigation.
• The firm's internal audit function may be considered ineffective.
• Deficiencies in the firm's governance and controls may have limited the holding company's ability to act as a source of financial and/or managerial strength for its depository institution(s).
*Deficient-2.* Financial or operational deficiencies in a supervised insurance organization's governance and controls present a threat to its safety and soundness, a threat to the holding company's ability to serve as a source of financial strength for its depository institution(s), or have already put the firm in an unsafe and unsound condition.
Examples of issues that may result in a Deficient-2 rating include, but are not limited to:
• The firm is currently subject to, or expected to be subject to, formal enforcement action(s) by the Federal Reserve or another regulator tied to violations of laws and regulations that indicate severe deficiencies in the firm's governance and controls.
• Significant legal issues may be impeding the holding company's ability to act as a source of financial strength for its depository institution(s).
• The firm may have engaged in intentional misconduct.
• The holding company may have failed to act as a source of financial and/or managerial strength for its depository institution(s) when needed.
• The firm's internal audit function is regarded as ineffective.
**Definitions for the Capital Management Component Rating**
*Broadly Meets Expectations.* Despite the potential existence of outstanding supervisory issues, the supervised insurance organization's capital management broadly meets supervisory expectations, supports maintenance of safe-and-sound operations, and supports the holding company's ability to serve as a source of financial strength for its depository institution(s).
Specifically:
• The firm's current and projected capital positions on a consolidated basis and within each of its material business lines/legal entities comply with regulatory requirements and support its ability to absorb potential losses, meet obligations, and continue to serve as a source of financial strength for its depository institution(s);
• Capital management processes are sufficient to give credibility to stress testing results and the firm is capable of producing sound assessments of capital adequacy through a range of stressful yet plausible conditions; and
• Potential capital fungibility issues are effectively mitigated, and capital contingency plans allow the holding company to continue to act as a source of financial strength for its depository institution(s) through a range of stressful yet plausible conditions.
*Conditionally Meets Expectations.* Capital adequacy meets regulatory minimums, both currently and on a prospective basis. Supervisory issues exist but these do not threaten the holding company's ability to act as a source of financial strength for its depository institution(s) through a range of stressful yet plausible conditions. Specifically, if left unresolved, these issues:
• May threaten the firm's ability to produce sound assessments of capital adequacy through a range of stressful yet plausible conditions; and/or
• May result in the firm's projected capital positions being insufficient to absorb potential losses, comply with regulatory requirements, and support the holding company's ability to meet current and prospective obligations and continue to serve as a source of financial strength to its depository institution(s).
*Deficient-1.* Financial or operational deficiencies in a supervised insurance organization's capital management put its prospects for remaining safe and sound through a range of plausible conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require a material change to the firm's business model or financial profile, or its capital management processes.
Examples of issues that may result in a Deficient-1 rating include, but are not limited to:
• Capital adequacy currently meets regulatory minimums although there may be uncertainty regarding the firm's ability to continue meeting regulatory minimums.
• Fungibility concerns may exist that could challenge the firm's ability to contribute capital to its depository institutions under certain stressful yet plausible scenarios.
• Supervisory issues may exist that undermine the credibility of the firm's current capital adequacy and/or its stress testing results.
*Deficient-2.* Financial or operational deficiencies in a supervised insurance organization's capital management present a threat to the firm's safety and soundness, a threat to the holding company's ability to serve a source of financial strength for its depository institution(s), or have already put the firm in an unsafe and unsound condition.
Examples of issues that may result in a Deficient-2 rating include, but are not limited to:
• Capital adequacy may currently fail to meet regulatory minimums or there is significant concern that the firm will not meet capital adequacy minimums prospectively.
• Supervisory issues may exist that significantly undermine the firm's capital adequacy metrics either currently or prospectively.
• Significant fungibility constraints may exist that would prevent the holding company from contributing capital to its depository institution(s) and fulfilling its obligation to serve as a source of financial strength.
• The holding company may have failed to act as source of financial strength for its depository institution when needed.
**Definitions for the Liquidity Management Component Rating**
*Broadly Meets Expectations.* Despite the potential existence of outstanding supervisory issues, the supervised insurance organization's liquidity management broadly meets supervisory expectations, supports maintenance of safe-and-sound operations, and supports the holding company's ability to serve as a source of financial strength for its depository institutions(s). The firm generates sufficient liquidity to meet its short-term and long-term obligations currently and under a range of stressful yet plausible conditions. The firm's liquidity management processes, including its liquidity contingency planning, support its obligation to act as a source of financial strength for its depository institution(s).
Specifically:
• The firm is capable of producing sound assessments of liquidity adequacy through a range of stressful yet plausible conditions; and
• The firm's current and projected liquidity positions on a consolidated basis and within each of its material business lines/legal entities comply with regulatory requirements and support the holding company's ability to meet obligations and to continue to serve as a source of financial strength for its depository institution(s).
*Conditionally Meets Expectations.* Certain material financial or operational weaknesses in a supervised insurance organization's liquidity management place its prospects for remaining safe and sound through a range of stressful yet plausible conditions at risk if not resolved in a timely manner during the normal course of business.
Specifically, if left unresolved, these weaknesses:
• May threaten the firm's ability to produce sound assessments of liquidity adequacy through a range of conditions; and/or
• May result in the firm's projected liquidity positions being insufficient to comply with regulatory requirements and support the firm's ability to meet current and prospective obligations and to continue to serve as a source of financial strength to its depository institution(s).
*Deficient-1.* Financial or operational deficiencies in a supervised insurance organization's liquidity management put the firm's prospects for remaining safe and sound through a range of stressful yet plausible conditions at significant risk. The firm is unable to remediate these deficiencies in the normal course of business, and remediation would typically require a material change to the firm's business model or financial profile, or its liquidity management processes.
Examples of issues that may result in a Deficient-1 rating include, but are not limited to:
• The firm is currently able to meet its obligations but there may be uncertainty regarding the firm's ability to do so prospectively.
• The holding company's liquidity contingency plan may be insufficient to support its obligation to act as a source of financial strength for its depository institution(s).
• Supervisory issues may exist that undermine the credibility of the firm's liquidity metrics and stress testing results.
*Deficient-2.* Financial or operational deficiencies in a supervised insurance organization's liquidity management present a threat to its safety and soundness, a threat to the holding company's ability to serve as a source of financial strength for its depository institution(s), or have already put the firm in an unsafe and unsound condition.
Examples of issues that may result in a Deficient-2 rating include, but are not limited to:
• Liquidity shortfalls may exist within the firm that have prevented the firm, or are expected to prevent the firm, from fulfilling its obligations, including the holding company's obligation to act as a source of financial strength for its depository institution(s).
• Liquidity adequacy may currently fail to meet regulatory minimums or there is significant concern that the firm will not meet liquidity adequacy minimums prospectively for at least one of its regulated subsidiaries.
• Supervisory issues may exist that significantly undermine the firm's liquidity metrics either currently or prospectively.
• Significant fungibility constraints may exist that would prevent the holding company from supporting its depository institution(s) and fulfilling its obligation to serve as a source of financial strength.
• The holding company may have failed to act as source of financial strength for its depository institution when needed.
**C. Incorporating the Work of Other Supervisors**
Similar to the approach taken by the Federal Reserve in its consolidated supervision of other firms, the oversight of supervised insurance organizations relies to the fullest extent possible, on work performed by other relevant supervisors. Federal Reserve supervisory activities are not intended to duplicate or replace supervision by the firm's other regulators and Federal Reserve examiners typically do not specifically assess firms' compliance with laws outside of its jurisdiction, including state insurance laws. The Federal Reserve collaboratively coordinates with, communicates with, and leverages the work of the Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), Securities and Exchange Commission (SEC), Financial Crimes Enforcement Network (FinCEN), Internal Revenue Service (IRS), applicable state insurance regulators, and other relevant supervisors to achieve its supervisory objectives and eliminate unnecessary burden.
Existing statutes specifically require the Board to coordinate with, and to rely to the fullest extent possible on work performed by the state insurance regulators. The Board and all state insurance regulators have entered into Memorandums of Understanding (MOU) allowing supervisors to freely exchange information relevant for the effective supervision of supervised insurance organizations. Federal Reserve examiners take the actions below with respect to state insurance regulators to support accomplishing the objective of minimizing supervisory duplication and burden, without sacrificing effective oversight:
• Routine discussions (at least annually) with state insurance regulatory staff with greater frequency during times of stress;
• Discussions around the annual supervisory plan, including how best to leverage work performed by the state and potential participation by state insurance regulatory staff on relevant supervisory activities;
• Consideration of the opinions and work done by the state when scoping relevant examination activities;
• Documenting any input received from the state and considering the assessments of and work performed by the state for relevant supervisory activities;
• Sharing and discussing with the state the annual ratings and relevant conclusion documents from supervisory activities;
• Collaboratively working with the states and the NAIC on the development of policies that affect insurance depository institution holding companies; and
• Participating in supervisory colleges.
The Federal Reserve relies on the state insurance regulators to participate in the activities above and to share proactively their supervisory opinions and relevant documents. These documents include the annual ORSA, [^95] the state insurance regulator's written assessment of the ORSA, results from its examination activities, the Corporate Governance Annual Disclosure, financial analysis memos, risk assessments, material risk determinations, material transaction filings (Form D), the insurance holding company system annual registration statement (Form B), submissions for the NAIC liquidity stress test framework, and other state supervisory material.
[^95]*See* NAIC Own Risk and Solvency Assessment (ORSA) Guidance Manual (December 2017), at *https://content.naic.org/sites/default/files/publication-orsa-guidance-manual.pdf.*
If the Federal Reserve determines that it is necessary to perform supervisory activities related to aspects of the supervised insurance organization that also fall under the jurisdiction of the state insurance regulator, it will communicate the rationale and result of these activities to the state insurance regulator.
By order of the Board of Governors of the Federal Reserve System.
Michele Taylor Fennell,
Associate Secretary of the Board.