Join our mailing list to receive the latest updates and alerts Flag Subscribe

This article has been updated from its published version.

On April 30, 2026, the Federal Reserve issued an Updated Statement of Supervisory Operating Principles (Memo) dated April 26, 2026, which enhances and replaces its October 29, 2025, Statement of Supervisory Operating Principles (Statement). The Memo provides some guidance on additional issues not addressed in the original Statement and provides clarifications on certain items. Both the Memo and the Statement provide guidance to Federal Reserve Board Supervision & Regulation and Reserve Bank staff related to Vice Chair for Supervision Michelle Bowman’s priorities and operating principles announced in August 2025. The priorities and operating principles are intended to change how supervision is conducted, with a goal to strengthen supervision of activities related to the most important risks threatening the safety and soundness of banks. There is a lot in the Memo, and the content that is most important will vary from institution to institution. However, three key changes are: (i) how examiners and supervisory staff will evaluate Matters Requiring Attention (MRA), Matters Requiring Immediate Attention (MRIA), and requirements in enforcement actions; (ii) changing the weight provided to the management and risks management components of the CAMELS and RFI/C(D) rating processes; and (iii) returning to the use of supervisory observations.

MRAs, MRIAs, and Enforcement Action Requirements

The Memo provides three main points related to MRAs, MRIAs, and enforcement action requirements. Significantly, unless an institution’s internal audit function is rated unsatisfactory, examiners and supervisory staff are not to perform validation work when the institution’s internal audit has validated the item as fully remediated. This is a welcome departure from the regulatory activity for at least the last twenty years where MRAs, MRIAs, and enforcement actions remained open for what feels like indefinitely, all while regulators waited to perform their own testing, often conducted during more than one examination.

In addition, seasoning is no longer required. Staff are supposed to monitor the bank during examination activity after termination of the MRA, MRIA, or enforcement action deficiency. That subsequent monitoring is then used to see if the deficiency reoccurs rather than requiring the validated solution to prove itself over multiple cycles. Regulatory agencies have often in the past several years required an institution to pass regulatory testing during multiple examination cycles before resolving an MRA, MRIA, or enforcement action. Combined with the agency’s need to do its own testing rather than relying on the institution’s satisfactory internal audit function, this helped make resolution feel like it was never coming.

Finally, staff is supposed to focus only on the deficiencies during the review and not conduct additional reviews on issues not directly related to the MRA, MRIA, or enforcement action requirement. This is another welcome departure. In the past several years, if an issue showed up during the review and/or was one of the new regulatory priorities of the agency related to the products/services/processes being reviewed, those were brought into the review, and the MRA, MRIA, or enforcement action requirement could not be closed. Under the new guidance, if something is identified that is not part of the original deficiency, that should not be considered in resolving the original MRA, MRIA, or enforcement action item.

Management and Risk Management Ratings

The Memo specifically states that the management and risk management components used in the CAMELS and RFI/C(D) ratings are not to be weighted greater than other components when determining the composite rating. The CAMELS rating for depository institutions evaluates Capital adequacy, Assets, Management capability, Earnings, Liquidity and Sensitivity (to market risks). In addition to the individual components, a composite rating is provided for the depository institution. The RFI/C(D) rating system assesses Risk management, Financial condition, and potential Impact of the nondepository entities on the subsidiary depository institution(s), with a Composite score and Depository institution rating.

The RFI/C(D) is a Federal Reserve supervisory rating system for bank holding companies (BHCs) and savings and loan holding companies (SLHCs) that have total consolidated assets of less than $100 billion. The rating is used in part to evaluate the holding company’s and its subsidiary depository institution’s risks to the subsidiary depository institution(s). How the RFI/C(D) ratings are used depends on whether the BHC or SLHC is complex, whether it has total consolidated assets of more than $3 billion, whether it has more than one subsidiary depository institution, or whether it is nontraditional. A nontraditional holding company generally is one in which most or all of its nondepository entities are otherwise regulated by a functional regulator and its depository subsidiary(ies) are small in relation to the nondepository entities. More information related to the overall RFI/C(D) rating system can be found in Attachment Two to SR 19-04.

Noncomplex BHCs and SLHCs with assets of $3 billion or less only receive the R and C ratings, with the R rating typically being the M rating of its subsidiary depository institution. In more recent years, risk management and management have often been used as a basis for a downgrade in composite ratings for both depository institutions and holding companies. In other words, management and risk management received heavy weighting. When issues were identified with the other rated components, the focus was on insufficient risk management and management. As a result, one impact of issues in any component was a downgrade to M and R, which often created a downgrade in the overall rating. The R rating received by these noncomplex BHCs and SLHCs (which is assigned based on Management rating of the depository institution) almost by definition led to a downgraded composite rating for the BHC or SLHC. The change in guidance to staff may have a larger impact potential in this case than for those with assets of more than $3 billion or that were otherwise complex. In addition, it is possible that more changes may come as the new guidance is rolled out to other prior supervisory guidance.

It is likely that when the RFI/C(D) rating system was created, the M was picked for these noncomplex $3 billion or less BHCs and SLHCs because of routinely providing the M more weight in the CAMELS composite. In other words, if the M is the most important aspect of the CAMELS rating and the agency is going to say that the main risk of the subsidiary depository institution is the rating for the noncomplex holding company, then they picked the M for the R rating. The recent Memo does not indicate that there should be any change to using the M from the subsidiary depository institution for the C rating, but given the overall guidance, that change may be something seen in the near future as other regulatory guidance is evaluated to take into account the principles outlined in the Memo.

For the BHCs and SLHCs with more than $3 billion in total consolidated assets, the D rating is based on the CAMELS composite of the BHC’s or SLHC’s subsidiary depository institution. Since CAMELS composites have been influenced more by the M rating in recent years and the R rating, the change in guidance in the Memo related to risk management and management may still have extra impact. The other CAMELS factors may contribute more to the overall CAMELS composite which will potentially influence/change the D rating, and the change in the guidance related to weighting the risk management rating potentially influences both the CAMELS and the RFI/C(D).

In addition, even though the guidance indicates materiality to the institution should be considered and used to weight the component ratings, the guidance also explains how financial risks are now the real focus of supervision. This may result in financial risks starting to have more influence on overall ratings. The press release announcing the new guidance states that material financial risks are the main focus of bank examinations. As such, while the guidance indicates all component ratings are weighted based on materiality to the institution, the weighting will be with a lens focused on financial risk.

Supervisory Observations

The Memo directs examiners and supervisory staff to address items that do not meet MRA or MRIA levels by making nonbinding supervisory observations. This is a reversal of 2013 guidance to eliminate such supervisory observations. Without the ability to use supervisory observations, examiners and supervisory staff were left with a choice — cite the item as an MRA or allow it to continue and get worse. This would mean risk management does not focus on potentially evolving deficiencies that can be corrected before they become truly problematic. Left with such a choice, MRAs very likely increased in the past several years. This meant that items of less significance were being treated the same as those with more significance. It also created a lot of extra work for both the institutions and the examiners. Combined with requiring seasoning, this meant deficiencies that were not material required years of validation and seasoning work. This increased the burden and staffing challenges of institutions and examiners and distracted from fixing the most important deficiencies. The guidance sums up the benefit of the reintroduction of supervisory observations this way:

This will make supervision more effective by allowing examiners and other supervisory staff to prioritize their attention on a firm’s material financial risks.

I would add that it makes both the regulatory agencies and the institutions more efficient, provides the ability for early feedback, and allows the institution to demonstrate its overall risk management process by fixing problems before the next examination.

In the end, the new guidance should be welcomed by examiners, supervisory staff, and institutions. The guidance will help refocus on those items that pose the most financial risk to the institution and indirectly to the deposit insurance fund. It will also allow both regulatory agencies and institutions to become more efficient and reduce overall staffing challenges.

Professionals

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.