Board of Governors of the Federal Reserve System

I cannot support the proposal to weaken the large financial institution (LFI) rating system. This proposal would undermine supervision of the largest banks by effectively allowing firms that are not well managed to be treated as though they were. Firms that are not in satisfactory condition would be allowed to undertake activities that only healthy firms should undertake, which increases risk to individual banks, consumers, and the financial system.

The proposal will reduce banks' incentives to fix their serious problems. For example, generally, only well managed firms are allowed to engage in acquisitions because such expansions in firms that are not well managed could threaten their safety and soundness. If we permit firms that have significant management weaknesses to acquire other firms, it would increase the likelihood and cost of their failure. The proposal also removes the presumption of regulatory action that accompanies a deficient rating. Moreover, the proposal is inconsistent with long-standing interpretations of our legal requirements for bank ratings. In particular, a deficient rating in governance and controls is inconsistent with the definition of "well managed," but this proposal would permit a firm to be treated as such.

The proposal allows badly managed firms to be labeled as well managed.
Treating as well managed a firm that has a deficient rating on any of the three major areas of supervision review (capital, liquidity, and governance and controls) is bad policy and risky. For example, under the proposal, a bank could have a "conditionally meets expectations" rating in two areas, and a deficient rating in the third, and still be considered well managed. This combination of ratings indicates that there are serious weaknesses in all aspects of the firm's management. It follows that the firm's management should be required to correct deficiencies before the firm can expand without increasing risks to its safety and soundness. Unless there were a composite rating that gives appropriate weight to management's ability to manage risk as evidenced by a satisfactory rating in that category, such a firm should not be considered well managed.

Under the proposal, a bank could have a deficient rating in governance and controls, which affects all aspects of its business, and still be rated as well managed. A bank could have serious deficiencies in its controls for cyber-security, which can result in serious harm to its safety and soundness, and still be rated well managed. A bank could have serious deficiencies in its anti-money laundering and anti-terrorist financing systems, and still be rated well managed. And a bank could have serious shortcomings in its consumer compliance programs, and still be rated well managed. These serious deficiencies can cause harm not only to the bank being rated, but also, as we have seen, to the financial system, to consumers, and to our society as a whole. Such a firm should not be deemed to be well managed.

The proposal removes the presumption of action to address severe deficiencies.
The proposal removes the presumption that firms will take action to remediate significant deficiencies, resulting in a "deficient-1" rating. A deficient-1 rating means that financial or operational deficiencies in a firm's practices or capabilities put the firm's prospects for remaining safe and sound through a range of conditions at significant risk. In such cases, the firm is unable to remediate the deficiencies in the normal course of business, and remediation typically requires the firm to make a material change to, for example, its business model to address the issue. Currently, when a firm has such a rating, supervisors and the firm have an expectation that a formal or informal supervisory action will be taken to fix the problem. For example, a consent order is an action that, by mutual agreement, requires the firm to make improvements in a specified time period. The proposal will remove the presumption of supervisory action, which would decrease firms' incentives and urgency to remediate serious shortcomings.

A bank holding company with a deficient governance and controls rating is not a well managed company under the law.
A deficient rating in governance and controls is inconsistent with the definition of well managed, as it has been defined in law for over a quarter century. While supervision has changed over the years, the fundamentals of how firms are judged to be well managed are the same today as when the concept was incorporated into the financial holding company (FHC) framework by the Gramm Leach Bliley Act (GLBA) of 1999. Then, as now, the definition explicitly required a satisfactory rating specifically for management, if one is given. Today, the governance and controls rating in the LFI framework is supervisors' primary means of evaluating the management of large financial institutions. It would therefore be inconsistent with the definition of the term to treat a firm with a deficient-1 rating in governance and controls as being well managed, as the proposal does.

Let me explain in greater detail what that means. GLBA amended the Bank Holding Company Act to allow bank holding companies to become FHCs if they meet certain criteria, including that any depository institution subsidiary is well managed. That was defined, in part, to mean a composite rating of 1 or 2 under the Uniform Financial Institutions Rating System (UFIRS), or an equivalent rating, and at least a rating of 2 for management, if such rating is given.¹ The Dodd-Frank Act expanded the criteria for FHCs to require that the holding company, as well as the insured depository institution, be well managed; it did not alter the existing definition of well managed.

Under UFIRS, which has not changed in relevant part since GLBA's adoption, the "management" rating focused on management quality, board oversight, risk management, internal control and audit, and compliance. The LFI framework's governance and controls component rating focuses on these same topics today.

In the preamble to the 2018 rule adopting the LFI framework, the Board justifies exclusion of a composite rating with the view that each rating category (capital, liquidity, and governance and controls) includes assessments of key aspects of a firm's practices and capabilities, including management, that are necessary to operate in a safe-and-sound manner. An approach that is more stringent than required by the law can be justified by such an argument, but not one that is weaker. It is not plausible to argue that the governance and controls rating is no longer a management rating because aspects of management are also considered in capital and liquidity ratings. The criteria for the governance and controls rating are filled with the word management—they are all about management. We give an explicit management rating (see SR 19-3/CA 19-2). We therefore cannot treat a firm as well managed if it does not at least conditionally meet expectations in governance and controls. The proposal is thus inconsistent with the statutory requirements established under GLBA for our rating system.

Conclusion
The current proposal would fundamentally change the long-established concept of well managed and would introduce greater risk to the banking system. I dissent.

1. The UFIRS rating system, known also as CAMELS (an acronym for a rating's component parts), applies to depository institutions. The LFI Framework applies to holding companies. The Board has considered a firm that is well managed under the LFI framework to have a rating equivalent to a UFIRS 1 or 2 component rating. Return to text