- Key insight: Should the FFIEC's proposed changes to CAMELS go forward they would undercut advances in risk management's organizational stature and effectiveness that took a tenuous hold on the industry in the aftermath of the 2008 crisis.
- What's at stake: Attempts to limit the evaluation of factors such as risk governance and controls undermines safety and soundness of the banking system.
- Forward look: Instead of sweeping critical factors under the regulatory rug with claims that they are too difficult to assess, regulators should identify specific criteria that contribute to effective risk management and develop an assessment of each component.
The Federal Financial Institutions Examination Council's
CAMELS ratings provide bank management teams and regulators with an aggregate snapshot of a bank's safety and soundness along five key dimensions: capital adequacy (C), asset quality (A), earnings (E), liquidity (L), and sensitivity to market risk (S) in addition to M. The M component
The FFIEC seeks to focus the management component of CAMELS on just those factors that pose a material risk to a bank. Considerations such as "responsiveness to auditors and supervisory authorities" and "management depth and succession" will no longer have a place in determining the M component rating. Moreover, factors describing the bank's risk profile are also being eliminated arguably due to perceived overlap with the other CAMELS components. Under the proposal, only after a bank hits a material risk threshold could it be assessed a CAMELS rating of 3 or worse based on deficiencies in risk management.
Material risks to a bank are a direct reflection of management decisions and the effectiveness of governance and oversight of risk-taking by boards and management teams. Are we so far removed from what transpired during the 2008 global financial crisis that we have forgotten much of what led to the extra-normal risk many banks took on in the years leading up to it? The demise of large depositories such as Washington Mutual or near collapses such as Citi were driven by the confluence of exceedingly weak risk controls and governance frameworks that lit the match for excessive risk-taking. Don't take my word for it. Even the
The proposed changes by the FFIEC to CAMELS would wind up significantly discounting these factors, which are well-established harbingers of serious bank problems — if not failure — at some point in the future. The proposed changes would therefore provide an artificially higher CAMELS rating than what actual circumstances would show and thus provide cover to management teams seeking to reduce the focus on risk management controls and oversight. Such regulatory rollbacks typically coincide with administration policies aimed at revving up the economy at the time. This ultimately turns out to be a bad idea but only after risks have built up to a level where they emerge in some form, such as another 2008-like crisis or another regional banking crisis. The fact remains that attempts to limit the evaluation of factors such as risk governance and controls undermines safety and soundness of the banking system. How many more times do we need to hear the mantra, "But this time is different?"
Stephen J. Scott, an investigator hired to audit the Federal Reserve's handling of Silicon Valley Bank before its collapse, says the probe is focused on "facts, not politics." But more than three years on, the biggest question surrounding the U.S.'s second most costly bank failure for many is who bears the blame.
Rather than eliminate several critical factors reflecting the effectiveness of risk management and governance at banks, the FFIEC should carve out a separate new component, R, to more directly assess that critical aspect of bank viability. The number and severity of regulatory actions such as a "Matters Requiring Immediate Attention" notice in addition to assessments of bank board risk committee member qualifications, senior risk management and staff turnover rates, investment in enterprise risk management and related metrics could be developed into an effective risk management rating. This approach could also be leveraged in developing an enhanced risk-based pricing framework for FDIC deposit insurance. Instead of sweeping critical factors under the regulatory rug with claims that they are too difficult to assess, regulators should identify specific criteria that contribute to effective risk management and develop an assessment of each component.
Should the FFIEC's proposed changes to CAMELS go forward they would undercut advances in risk management's organizational stature and effectiveness that took a tenuous hold on the industry in the aftermath of the 2008 crisis. With a variety of emerging risks forming in the banking sector from private credit, digital assets, and AI, among others, rather than diluting CAMELS ratings for vital attributes of risk management, the FFIEC should amplify the importance of risk management.
