Feature Regulatory Compliance
CAMELS Rating System: What Examiners Actually Test — and What the FFIEC's First Overhaul in 30 Years Changes for Your Exam Prep
The FFIEC proposed its first material CAMELS revision in 30 years in May 2026, with comments due August 17. Here's what each component measures, what moves composite ratings, and what the proposed changes mean before they take effect.
Table of Contents
Every bank in the United States gets a number. Most bankers know their CAMELS composite rating in the same way a CEO knows their stock price — as a single figure that summarizes how the regulators see them. Far fewer understand what actually moves that number.
That matters because on May 19, 2026, the FFIEC published proposed revisions to the Uniform Financial Institutions Rating System — the framework behind every CAMELS rating since 1996. It’s the first material overhaul in thirty years. The comment deadline is August 17, 2026, and the changes are substantive enough to alter examination dynamics well before any final rule takes effect.
TL;DR
- CAMELS rates banks 1–5 across six components: Capital adequacy, Asset quality, Management, Earnings, Liquidity, and Sensitivity to market risk
- The composite is not a simple average — examiners weight components by their materiality to financial condition, and Asset quality or Liquidity weaknesses can pull the composite below what an average would indicate
- On May 19, 2026, the FFIEC proposed the first material CAMELS revision since 1996; comments due August 17, 2026
- Key proposed change: Management downgrades to 3 or above require evidence of material financial risk — process gaps and documentation issues alone no longer automatically support composite downgrades under the proposal
What CAMELS Is and Who Uses It
The Uniform Financial Institutions Rating System is the supervisory rating framework used by the OCC, Federal Reserve, FDIC, NCUA, and state banking regulators to rate every supervised depository institution in the United States. The acronym reflects the six components: Capital adequacy, Asset quality, Management, Earnings, Liquidity, and Sensitivity to market risk.
Ratings run 1 through 5. A 1 means the institution is sound across virtually all measures. A 5 means the institution has critically deficient practices, is in danger of failure, and requires immediate remedial action.
As of June 2025, 1.3% of all FDIC-supervised banks held Composite 4 or 5 ratings — the problem bank designation. That’s a small percentage of institutions representing a disproportionate share of examiner attention, enforcement resources, and regulatory stress.
CAMELS ratings are confidential — institutions cannot publish them, and they’re not disclosed publicly in any aggregate form. But they drive nearly every significant supervisory interaction: enforcement action thresholds, deposit insurance assessment rates, merger approvals, dividend restrictions, and examination frequency.
The Six Components: What Examiners Actually Measure
Capital Adequacy (C)
Capital examinations go well beyond regulatory minimums. Examiners assess whether capital levels are appropriate for the institution’s specific risk profile — not just whether Common Equity Tier 1 clears the Basel III threshold. The analysis includes capital planning, stress testing results, capital ratios relative to peer groups, and the quality of capital (whether it’s genuinely loss-absorbing).
Institutions with adequate ratios can still receive a poor Capital component rating if their capital planning is weak, if stress tests aren’t credible, or if the capital position is deteriorating in a way management hasn’t addressed. Community banks that hold concentrated CRE portfolios face heightened capital component scrutiny even when their ratios technically qualify them as well-capitalized.
Asset Quality (A)
Asset quality is the component most directly tied to financial loss. Examiners assess the volume of classified and criticized assets, the adequacy of the allowance for credit losses (ACL — the replacement term for ALLL under CECL), concentration risks, and the quality of credit administration processes.
The specific thresholds that move Asset quality ratings vary by institution size and portfolio composition, but examiners look for: classified asset ratios relative to capital, past-due and nonaccrual trends, criticized asset coverage by reserves, and whether loan policy exceptions are documented and controlled.
Asset quality downgrades frequently drag composite ratings down faster than any other component. An institution with otherwise solid financials that experiences a CRE concentration problem or a rapid increase in criticized loans can go from a Composite 2 to a Composite 3 in a single examination cycle.
Management (M)
Management is the most subjective component — and the most consequential. A weak Management rating signals to examiners that the problems they’re seeing aren’t isolated; they reflect systemic governance failures that make improvement less likely.
Management is rated on board oversight, strategic planning, internal controls, audit function effectiveness, MRA remediation track record, succession planning, and the adequacy of risk management processes. Examiners explicitly consider management’s responsiveness to prior examination findings. An institution that receives an MRA and demonstrates meaningful remediation within the agreed timeline shows examiners something. An institution that receives the same MRA repeatedly — the “repeat finding” pattern — shows something different.
The May 2026 FFIEC proposal directly addresses Management ratings, as discussed below. Under the current framework, Management can be downgraded for process and documentation failures that don’t yet manifest as financial risk. The proposal would change that.
Earnings (E)
Earnings examinations assess quality as much as quantity. Examiners look for earnings that are sustainable, recurring, and not dependent on one-time items or aggressive accounting assumptions. Net income volatility, net interest margin trends, noninterest income composition, and efficiency ratios all feed the Earnings component.
Institutions with positive but declining NIM, high expense ratios, or earnings heavily reliant on provision reversals or securities gains typically receive Earnings ratings that underweight the headline number. The examiner is assessing whether today’s earnings are a reliable indicator of future performance.
Liquidity (L)
Liquidity examinations intensified after March 2023 — the failure of Silicon Valley Bank made clear that a bank could have adequate capital ratios and still fail due to a liquidity crisis driven by uninsured deposit concentration and unrealized securities losses. Examiners now focus heavily on:
- The composition of the deposit base and concentration of large uninsured depositors
- Non-maturity deposit (NMD) behavioral assumptions and their sensitivity to rate and stress scenarios
- Contingency funding plan testing — documented tests under stressed conditions, not just plans on paper
- Available liquidity sources and their reliability under stress (Federal Home Loan Bank advance capacity, Fed discount window access, correspondent lines)
- HTM portfolio unrealized losses and their interaction with regulatory capital under stress
An institution that hasn’t stress-tested its NMD assumptions since 2021 — before the rate environment changed materially — will face direct examiner challenge on the credibility of its liquidity position.
Sensitivity to Market Risk (S)
Sensitivity examinations assess exposure to interest rate risk, foreign exchange risk, commodity price risk, and equity price risk — with interest rate risk dominating for most depository institutions. Examiners evaluate the sophistication and accuracy of the institution’s interest rate risk models, the governance over model assumptions, and whether management actually uses the model outputs in decision-making.
After 2023, Sensitivity examinations expanded to include assessment of unrealized losses in the securities portfolio and their potential liquidity impact — blurring the line between the S and L components in a way the 2026 FFIEC proposal may formalize.
How the Composite Rating Works
The composite is not computed; it’s determined by examiner judgment, weighted toward the components with the greatest materiality to the institution’s overall financial condition. That distinction matters.
| Composite | Label | Meaning | Regulatory Consequences |
|---|---|---|---|
| 1 | Strong | Sound in all material respects; no supervisory concerns | Streamlined exam process; eligible for all regulatory approvals |
| 2 | Satisfactory | Fundamentally sound; moderate weaknesses correctable in normal course | Standard examination frequency; generally eligible for regulatory approvals |
| 3 | Fair | Weaknesses that, if not corrected, may become more pronounced; management may be unwilling or unable to address problems | Increased exam frequency; informal supervisory actions; acquisitions and dividends may be restricted |
| 4 | Marginal | Immoderate weaknesses; serious financial or managerial deficiencies; requires close regulatory attention | Formal enforcement action likely; significant business activity restrictions; higher FDIC assessment rates |
| 5 | Unsatisfactory | Critically deficient; failure is a real possibility without immediate remedial action | Formal enforcement; conservatorship or receivership if not corrected |
An institution with five 2-rated components and one 4-rated component does not receive a Composite 2. If that 4-rated component is Asset quality or Liquidity, the composite will almost certainly move to a 3 — and could move to a 4 if the weakness is severe enough. The composite reflects the total risk profile, not the average of the parts.
The May 2026 Proposed Revisions: What’s Changing
The FFIEC’s proposed revisions to the UFIRS, published May 19, 2026 with an August 17 comment deadline, address five significant areas.
1. Management Component: Financial Materiality Threshold
Under the current framework, Management can be downgraded to a 3 based on process deficiencies, internal control gaps, or governance weaknesses even when those issues haven’t yet resulted in financial losses. An institution with adequate capital, solid earnings, and no credit quality problems can receive a Composite 3 driven entirely by a Management component downgrade for audit findings or board governance concerns.
The proposal would require that Management downgrades to 3 or above be supported by evidence of material financial risk or significant legal noncompliance — not documentation or process gaps alone. This is a meaningful shift in examiner discretion. Institutions that have received Management-driven composite downgrades for findings that were process-oriented rather than financially material may see those ratings recalibrated in future examination cycles if the proposal is finalized.
2. Specialty Exam Integration
Under the current approach, findings from specialty examinations — BSA/AML, trust, consumer compliance — can feed CAMELS component ratings without a requirement that they be financially material. A consumer compliance examination finding can cause a Management downgrade that causes a composite downgrade.
The proposal limits specialty examination findings’ impact on CAMELS to situations where those findings are financially material or reflect significant legal noncompliance. This doesn’t mean compliance findings stop mattering — it means they have to meet a materiality threshold before affecting the supervisory rating.
3. Eliminating “But Not Limited To” Language
The current UFIRS contains broad “but not limited to” language that has historically given examiners wide discretion to downgrade components based on factors not explicitly listed. The proposal removes that language, replacing it with more defined criteria.
This is a limitation on examiner discretion that the banking industry has long sought. How much practical difference it makes will depend on how the final rule is written and how supervisory guidance interprets it.
4. Removing Reputation Risk
Reputation risk is currently identified as a factor in several CAMELS components. The proposal removes it from the rating framework. This aligns with the OCC and FDIC’s 2025 interagency rule limiting reputation risk as a standalone regulatory basis — a development that’s been working through the regulatory pipeline and is now being reflected in CAMELS architecture.
5. ALLL → ACL Terminology
The proposal formally adopts “Allowance for Credit Losses” terminology throughout, replacing ALLL (Allowance for Loan and Lease Losses) — aligning the CAMELS framework with CECL. This is a housekeeping change but it matters for examination documentation alignment.
Five Exam Prep Actions for the Current Environment
1. Build Your MRA Remediation Evidence Binder
If your institution has open MRAs — Matters Requiring Attention — the Management component rating will turn significantly on whether those MRAs are being addressed credibly. The MRA remediation playbook framework that examiners expect includes: documented root cause analysis, a specific remediation plan with owner and deadline, evidence of implementation, and post-implementation testing. An MRA closed on paper without evidence of sustainable control improvement will reopen at the next exam. Build the binder before the exam, not after.
2. Stress Test Your Non-Maturity Deposit Assumptions
Post-SVB, every FDIC and OCC examination team has standing instructions to probe NMD behavioral assumptions. If your liquidity model was last updated in 2021 or 2022, the assumptions about deposit stickiness and rate sensitivity may not reflect what you actually observed during 2022–2023. Run the stress scenario that assumes 20% to 30% deposit outflow from your highest uninsured balance concentration. Document that you ran it, document the results, and document management’s response to the results. Examiners will ask.
3. Map Your KRIs to CAMELS Components
The FDIC’s 2026 examination priorities explicitly called out CRE concentration risk, consumer credit quality deterioration, and liquidity management as the top three areas of examiner focus for the current cycle. Each of those maps to specific CAMELS components. If your KRI program doesn’t have clearly defined indicators for classified asset ratios, NMD concentration percentages, and CRE concentration multiples against regulatory guidance thresholds, you’re managing to the lagging indicators examiners will find — not the leading indicators that would let you get ahead of them.
4. Prepare Your FFIEC IT Handbook Documentation
Sensitivity and Management component examinations increasingly integrate technology risk findings. The FFIEC IT Examination Handbook covers what examiners look for in information security, business continuity, and third-party technology risk. If your IT risk management program has gaps — particularly around incident response testing, third-party technology vendor oversight, or cybersecurity governance — those findings can reach both the Management and Sensitivity component ratings under the current framework.
5. Comment on the Proposed Rule Before August 17
If you’re a banking institution or trade association, the August 17, 2026 comment deadline on the UFIRS proposal is a genuine opportunity. The Management component change in particular — limiting downgrades to situations involving financial materiality — is a substantive shift that could affect how examiners document findings and how institutions navigate composite rating disputes. Comment letters that provide specific, evidence-based observations about implementation challenges carry weight in FFIEC rulemaking processes.
So What?
CAMELS isn’t an academic framework. It determines whether your institution can pursue acquisitions, raise capital efficiently, expand products, and avoid formal enforcement. Getting from a Composite 3 to a Composite 2 — or defending a Composite 2 against an Asset quality or Liquidity headwind — requires knowing exactly what examiners measure and what evidence they need to see.
The May 2026 FFIEC proposal changes the Management component in ways that matter for institutions that have received Management-driven downgrades based on governance and process findings. But even under the proposed rules, the path from a Composite 3 to a Composite 2 runs through documented remediation, credible KRI infrastructure, and examiner-facing evidence of improvement — not just the absence of new findings.
The KRI Library (132 Key Risk Indicators) maps directly to CAMELS component areas: capital ratios, classified asset trends, NMD concentration, earnings quality indicators, and interest rate sensitivity metrics. If your exam prep starts with identifying what the examiners will measure, the KRI Library is the place to anchor that work.
◆ Need the working template?
Start with the source guide.
These answer-first guides summarize the required fields, evidence, and implementation steps behind the templates practitioners search for.
◆ Related template
KRI Library (132 Key Risk Indicators)
132 KRIs with thresholds, data sources, and escalation triggers pre-built for financial services.
◆ Immaterial Findings · Weekly
Sharp risk & compliance insights. No fluff.
◆ FAQ
Frequently asked questions.
What does CAMELS stand for and who uses it?
How is the CAMELS composite rating calculated?
What is the FFIEC proposing to change about CAMELS in 2026?
What's the difference between a CAMELS 2 and a CAMELS 3 rating?
Can a CAMELS rating affect a bank's capital requirements or business activities?
How long does it take to improve a CAMELS rating after a downgrade?
Author
Rebecca Leung
Rebecca Leung has 8+ years of risk and compliance experience across first and second line roles at commercial banks, asset managers, and fintechs. Former management consultant advising financial institutions on risk strategy. Founder of RiskTemplates.
◆ Related framework
KRI Library (132 Key Risk Indicators)
132 KRIs with thresholds, data sources, and escalation triggers pre-built for financial services.
◆ Keep reading
Related posts.
Regulatory Compliance
The Fed's Payment Account Proposal: What Fintechs and Digital Asset Firms Need to Know Before the July 27 Comment Deadline
The Federal Reserve proposed a special-purpose Payment Account in May 2026, offering eligible fintechs direct access to Fedwire Funds and FedNow without a bank charter. The comment period closes July 27. Here's who qualifies, what compliance the Fed requires, and why your institution should care even if you're not applying yet.
Jul 7, 2026
Regulatory Compliance
SEC Cyber Disclosure Rule: What 2.5 Years of Form 8-K Filings Reveal About Your Response Program Gaps
The SEC's 4-business-day cyber incident disclosure rule has 2.5 years of enforcement history. Here's what the filings and enforcement actions reveal about common materiality determination failures — and how to build a decision protocol that survives SEC scrutiny in 2026.
Jul 5, 2026
Regulatory Compliance
GENIUS Act AML/CFT Compliance: Breaking Down the FinCEN and OFAC Rule That Drops July 18
The FinCEN/OFAC joint proposed rule for stablecoin issuers establishes a full BSA/AML compliance program requirement — SAR filing, CTR filing, CIP, CDD, and OFAC sanctions screening — with a technical wallet-blocking mandate that has no precedent in traditional financial services. Here's what Permitted Payment Stablecoin Issuers and their bank partners need to build.
Jul 4, 2026