“Significant deterioration in market conditions” is not a CFP trigger. It’s a feeling. And feelings don’t escalate to your board.

Most contingency funding plans pass the desk test — they describe stress scenarios, identify funding sources, and mention early warning indicators in a way that looks reasonable on paper. What they don’t do is tell anyone what, specifically, needs to happen before the CFP activates. The triggers are vague, the thresholds are unmeasured, and the ownership is ambiguous.

Examiners know this. The 2023 Interagency Addendum that came four months after Silicon Valley Bank’s collapse — OCC Bulletin 2023-25 — was explicitly focused on operational readiness, not documentation. Institutions need to demonstrate that their CFPs would actually activate when needed. And that requires triggers that are specific enough to pull.

TL;DR

• Vague triggers (“significant stress,” “market deterioration”) are a common CFP exam finding — they don’t tell anyone when to act or who acts.
• A defensible trigger framework has three tiers (Green/Yellow/Red), specific metrics, quantitative thresholds, named role-level owners, and documented rationale for each threshold level.
• Triggers should be tied to metrics you already track: deposit runoff rate, funding cost spread, uninsured deposit ratio, net cash outflow projections, and contingent line utilization are regulatorily recognized examples.
• Threshold rationale needs to be documented — historical data, risk appetite connection, and action implication. “We picked 10% because it felt right” doesn’t survive an examiner.

Why Vague Triggers Are a Regulatory Problem

The 2010 Interagency Policy Statement on Funding and Liquidity Risk Management, issued jointly by the OCC, Federal Reserve, FDIC, NCUA, and OTS, established baseline expectations: CFPs should include early warning indicators and triggers that alert management to developing stress. The 2023 Addendum sharpened that: triggers need to be actionable, and institutions need to demonstrate operational readiness to use them.

What examiners consistently find instead:

• Triggers stated as conditions, not metrics. “Sustained outflows from retail deposits” — what does sustained mean? What’s the outflow rate that triggers Yellow?
• No ownership. The CFP says “management will convene to review” but doesn’t name who management is in this context, how they’re convened, or what the timeline is.
• No documentation of threshold rationale. The 5% deposit runoff threshold was chosen by a committee three years ago and nobody remembers why.
• Triggers tied to metrics not currently tracked. The CFP requires weekly net cash outflow projections, but the institution produces them monthly. The trigger would fire too slowly.

NCUA’s guidance under §741.12 for credit unions is similarly explicit: credit unions must develop “a process for identifying a potential liquidity event before it becomes a crisis through the use of early warning indicators and event triggers that are readily observable during normal reporting processes.” Readily observable. That means if the trigger metric isn’t already in your reporting cadence, the trigger isn’t real.

The Three-Tier Trigger Framework

The standard structure for CFP triggers uses three tiers: Green (normal), Yellow (heightened monitoring), and Red (CFP activation). Each tier must have specific metrics, quantitative thresholds, responsible parties, and defined actions.

The tier structure alone isn’t enough. Each tier needs the specifics that make it functional.

Selecting and Calibrating CFP Trigger Metrics

Good CFP triggers use metrics that are already being tracked, directly observable, and meaningfully tied to the institution’s liquidity risk profile. The 2010 Interagency Policy Statement provides a recognized list of indicators; these are the ones that show up most often in well-structured CFPs.

Metric examples with illustrative threshold tiers

Note: Thresholds above are illustrative. Your institution’s thresholds should reflect your specific funding model, deposit base, and risk appetite — not generic industry averages.

For fintechs and charter applicants without traditional deposit bases, relevant trigger metrics might include warehouse line utilization, sponsor bank request-for-information (RFI) volume, payment settlement concentration with a single counterparty, or customer advance rate compared to available liquidity.

The calibration principle

Trigger thresholds aren’t arbitrary. Each one should be anchored to at least one of:

1. Historical stress data — what happened to this metric during the 2020 COVID shock, 2022–2023 rate cycle, or SVB/Signature contagion period? The threshold should catch deterioration before a historical stress level is reached, not at it.
2. Risk appetite statement — if the board-approved risk appetite for liquidity says “maintain at least 90 days of operating expenses in liquid assets,” that number should anchor the net cash outflow trigger.
3. Product or funding structure characteristics — a fintech with highly concentrated, tech-savvy depositors should calibrate runoff thresholds more aggressively than a community bank with sticky retail deposits, because the behavioral assumptions differ.

This is the documentation regulators want to see. Not just the threshold — the reasoning behind it.

Documenting Threshold Rationale

The most defensible CFPs include a brief rationale section for each trigger metric. It doesn’t need to be a research paper — three to five sentences per metric is enough — but it should answer:

• Why this metric? What risk does it measure, and how does it connect to a liquidity stress scenario?
• Why this threshold? Historical basis, risk appetite anchor, or peer benchmarking — name the source.
• What action does crossing this threshold trigger? Name the tier, name the escalation path, name the decision.

Example of weak documentation:

“Yellow trigger: Deposit runoff exceeds normal levels.”

Example of defensible documentation:

“Yellow trigger: Weekly uninsured deposit runoff rate exceeds 2% of total uninsured deposits. Threshold set at 2% based on analysis of deposit behavior during Q4 2022 rate shock, when uninsured runoff peaked at 4.1% over eight weeks. A 2% weekly rate sustained for two weeks would represent approximately 40% of our 30-day net cash need and would require immediate escalation to begin sourcing contingent funding. Owner: Treasury. Review: Within one business day of trigger. Escalation: CFO and CRO notified, ALCO convened within 48 hours.”

That second version is what survives an exam. It shows the threshold was deliberate, connected to real data, and built into an escalation chain with real owners.

Ownership Structure for Each Trigger Tier

A CFP trigger is only functional if someone is responsible for monitoring it and acting on it. The CFP governance structure should map ownership explicitly to each tier.

Green tier: Routine monitoring by Treasury or the liquidity risk manager as part of normal reporting. No special action required.

Yellow tier: The liquidity risk manager — or whoever owns the CFP monitor function — is responsible for escalating to the CFO and CRO within one business day of a threshold breach. ALCO is briefed at the next scheduled meeting, or sooner if the metric is deteriorating rapidly.

Red tier: CFP activation is the responsibility of the liquidity committee, ALCO, or equivalent senior governance body. The CFP should specify:

• Who has authority to declare Red status
• Who convenes the committee and in what timeframe
• Who is responsible for notifying the board
• What specific funding actions begin immediately upon Red declaration

One thing that consistently fails in practice: CFPs name individuals rather than roles. When the named individual leaves, the escalation path breaks. Use role titles — Chief Financial Officer, Chief Risk Officer, Treasurer — and maintain a current role-holder registry separately from the CFP document.

Connecting Triggers to Your Evidence Binder

Regulators want to see that CFP triggers are being monitored, not just documented. The CFP evidence binder should include:

• Trigger monitoring log — a running record showing the metric value for each reporting period, the tier status, and any escalation actions taken
• Threshold rationale memo — a documented record of how each threshold was set and who approved it
• Annual recalibration record — documentation of the annual threshold review, including any adjustments made and the basis for those adjustments
• Trigger breach history — if a trigger has ever fired (even in testing), a record of the breach, escalation, and resolution

This is what an examiner compares to the CFP document. If the CFP says Yellow triggers escalate within one business day, the trigger log should show that escalation. If it doesn’t, the CFP becomes a documentary fiction.

How to Test Whether Your Triggers Are Calibrated Correctly

Documenting thresholds isn’t the same as knowing they’re right. The 2026-05-16 CFP testing guidance covers fund-flow testing, but trigger calibration has its own validation exercise:

Backward test: Pull the last two to three years of trigger metric history. Apply your current thresholds. Would they have fired Yellow in 2022 as rates rose sharply? Would they have fired Red during the SVB contagion week in March 2023? If the answer is no — and those were stress periods — the thresholds may be calibrated too loosely.

Parallel run: When setting or recalibrating thresholds, run the new thresholds alongside the old ones for 60 to 90 days without acting on them. See how often they fire. If Yellow fires every week on noise, the threshold is too tight. If it never fires during a period when actual conditions were tightening, it’s too loose.

Tabletop calibration discussion: As part of annual liquidity stress testing, present the ALCO or liquidity committee with a stress scenario and ask them: at what point would this institution have moved from Green to Yellow? Compare that judgment to your current trigger levels. Divergence is information.

So What?

Regulators aren’t asking whether your CFP has triggers. They’re asking whether those triggers would actually work under pressure — and whether you can show your work.

The minimum a defensible CFP needs is this: specific, measurable metrics; quantitative thresholds with documented rationale; role-level ownership at each tier; defined escalation timelines and actions; and a monitoring log that proves you’re tracking the metrics in real time.

Vague language is a compliance deficit. “Significant stress” tells no one when to pick up the phone. A specific threshold — “uninsured deposit runoff exceeds 2% in any rolling seven-day period” — tells Treasury exactly when to escalate and the CFP exactly which actions follow.

If your CFP triggers don’t pass the “would this have fired in time?” test for March 2023, it’s time to recalibrate.

The Financial Risk Management Kit includes a liquidity monitor with pre-built threshold formulas, a risk appetite statement template with board-level metrics and tolerances, and a committee reporting log — tools that anchor CFP trigger thresholds to real data rather than institutional guesswork.