Home > News & Events > Financial Institution Letters




Financial Institution Letters



[Federal Register: October 13, 1998 (Volume 63, Number 197)]
[Notices]               
[Page 54704-54711]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr13oc98-83]

=======================================================================
-----------------------------------------------------------------------

FEDERAL FINANCIAL INSTITUTIONS EXAMINATION COUNCIL

 
Uniform Interagency Trust Rating System

AGENCY: Federal Financial Institutions Examination Council.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Federal Financial Institutions Examination Council (FFIEC) 
is revising the Uniform Interagency Trust Rating System (UITRS), 
commonly referred to as the trust rating system. The revisions update 
the rating system to reflect changes that have occurred in the 
fiduciary services industry and in supervisory policies and procedures 
since the rating system was first adopted in 1978. The changes revise 
the definitions for the numerical ratings to conform to the language 
and tone of the Uniform Financial Institutions Rating System (UFIRS) 
rating definitions, commonly referred to as the CAMELS rating system; 
reformat and clarify the component rating descriptions; reorganize the 
account administration and conflicts of interest components into a new 
component addressing compliance; emphasize the quality of risk 
management processes in each of the rating components, particularly in 
the management component; add language in composite rating definitions 
to parallel the changes in the component rating descriptions; and 
explicitly identify the types of risk that are considered in assigning 
component ratings.
    The term ``financial institution'' refers to those FDIC insured 
depository institutions whose primary Federal supervisory agency is 
represented on the FFIEC. Uninsured trust companies that are chartered 
by the OCC, members of the Federal Reserve System, or subsidiaries of 
registered bank holding companies or insured depository institutions 
are also covered by this notice. The Federal supervisory agencies 
participating in this notice are: the Board of Governors of the Federal 
Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), 
the Office of the Comptroller of the Currency (OCC), and the Office of 
Thrift Supervision (OTS).

DATES: Effective October 13, 1998.

FOR FURTHER INFORMATION CONTACT:
FRB: William R. Stanley, Supervisory Trust Analyst, Specialized 
Activities, (202) 452-2744, Division of Banking Supervision and 
Regulation, Board of Governors of the Federal Reserve System, Mail Stop 
175, 20th and C Streets, NW, Washington, D.C. 20551
FDIC: John F. Harvey, Trust Review Examiner, (202) 898-6762, Division 
of Supervision, Federal Deposit Insurance Corporation, Room F2078, 550 
17th Street, NW, Washington, D.C. 20429.
OCC: Laurie A. Edlund, National Bank Examiner, (202) 874-3828, Division 
of Asset Management, Office of the Comptroller of the Currency, 250 E 
Street, SW, Mail Stop 7-7, Washington, D.C., 20219.
OTS: Larry A. Clark, Senior Manager, Compliance and Trust Programs, 
(202) 906-5628, Gary C. Jackson, Program Analyst, (202) 906-5653, 
Compliance Policy, Office of Thrift Supervision, 1700 G Street, NW, 
Washington, D.C. 20552.

SUPPLEMENTARY INFORMATION:

Background information

    On February 17, 1998, the FFIEC published a notice in the Federal 
Register (February Notice), 63 FR 7802, requesting comment on proposed 
revisions to the Uniform Interagency Trust Rating System (UITRS). The 
UITRS is an internal supervisory examination rating system used by the 
Federal supervisory agencies for evaluating the administration of 
fiduciary activities of financial institutions and uninsured trust 
companies on a uniform basis and for identifying those institutions 
requiring special supervisory attention. The UITRS was adopted on 
September 21, 1978 by the Office of the Comptroller of the Currency 
(OCC), the Federal Deposit Insurance Corporation (FDIC), and the Board 
of Governors of the Federal Reserve System (FRB), and in 1988 by the 
Federal Home Loan Bank Board, predecessor agency to the Office of 
Thrift Supervision (OTS).
    Under the UITRS, each institution is assigned a composite rating 
based on an evaluation and rating of essential components of an 
institution's fiduciary activities. The composite rating reflects the 
overall condition of an institution's fiduciary activities and is used 
by the Federal supervisory agencies to monitor aggregate trends in the 
overall administration of fiduciary activities. Under the former UITRS, 
each financial institution or trust company was assigned a composite 
rating based on an evaluation and rating of six essential components of 
an institution's fiduciary activities. These components addressed: the 
capability of management; the adequacy of operations, controls and 
audits; the management of fiduciary assets; the adequacy of account 
administration practices; the adequacy of practices relating to self-
dealing and conflicts of interest; and the quality and level of 
earnings. Both the composite and component ratings are assigned on a 1 
to 5 numerical scale. A 1 indicates the strongest performance and 
management practices, and the least degree of supervisory concern, 
while a 5 indicates the weakest performance and management practices 
and,

[[Page 54705]]

therefore, the highest degree of supervisory concern.
    The UITRS has proven to be an effective way for the Federal 
supervisory agencies to determine the condition of an institution's 
fiduciary activities. A number of changes, however, have occurred in 
the fiduciary industry and in supervisory policies and procedures since 
the rating system was first adopted. As a result, the FFIEC is making 
certain enhancements to the rating system, but is retaining its basic 
framework. The UITRS enhancements:
     Realign the UITRS rating definitions to bring them in line 
with UFIRS.
     Reduce the component rating categories from six to five, 
combining the Account Administration and Conflicts of Interest 
components into a new Compliance component.
     Require Earnings to be rated only in institutions with 
more than $100 million in total trust assets, and in all non-deposit 
trust companies. An earnings rating is not required for the remaining 
institutions (those institutions not required to file Schedule E 
1); however, each Federal supervisory agency has the option 
of requiring the earnings of these institutions to be rated using the 
alternate rating definitions where applicable.
---------------------------------------------------------------------------

    \1\ Schedule E is the Trust Income Statement of the FFIEC Annual 
Report of Trust Assets (FFIEC 001). Schedule E is required to be 
filed by each financial institution with total trust assets of more 
than $100 million as reported on line 18, column F of Schedule A, 
and by all non-deposit trust companies, whether or not they report 
any assets on Schedule A.
---------------------------------------------------------------------------

     Explicitly refer to the quality of risk management 
processes in the management component, and the identification of risk 
elements within the composite and component rating definitions.

Comments Received and Changes Made

    The FFIEC received two public comments from industry trade 
associations regarding the proposed revisions to the UITRS. Both 
commenters generally favored the changes made, in particular the 
emphasis on risk management, the changes to the UITRS to conform to the 
language and tone of the UFIRS, and the considerations given to the 
earnings component when evaluating a small trust department.
    Examiners field tested the revised rating system during 61 bank and 
thrift fiduciary examinations conducted between February and May 1998. 
The examiners provided comments regarding the revised rating system. 
Examiner response was generally favorable, and no significant problems 
or unanticipated rating differences were encountered between the former 
and updated UITRS. Some of the examiner comments recommended clarifying 
changes to various aspects of the revised rating system.
    The FFIEC carefully considered each comment and examiner response 
and made certain changes. The following discussion describes the 
comments received (both through public comment and agency field 
testing) and changes made to the UITRS in response to those comments. 
The updated UITRS is included at the end of this Notice.

February Notice Specific Questions

    In addition to requesting general comments regarding the proposed 
system, the FFIEC invited comments on four specific questions:
    (1) Does the proposal capture the essential risk areas of the 
fiduciary services industry?
    The majority of the responses to this question were positive, and 
no changes were made.
    (2) Does the proposed management component adequately assess the 
quality of the board of directors' and management's oversight regarding 
its fiduciary responsibility and its ability to identify and manage all 
areas of risk involved in the exercise of its fiduciary powers?
    The majority of the responses to this question were positive, and 
no changes were made.
    (3) Are there any components which should be added to or deleted 
from the proposal?
    The majority of the responses received regarding the components 
were favorable. A number of examiners recommended strengthening the 
conflict of interest section of the Compliance component. Several 
examiners also requested clarification of the application of the 
optional earnings rating to the Earnings component. These concerns are 
addressed later in this Notice.
    (4) Are the definitions for the individual components and the 
composite numerical ratings in the proposal consistent with the 
language and tone of the UFIRS definitions?
    The majority of the responses to this question were positive. The 
agencies received several examiner comments recommending changes to 
address minor inconsistencies in wording throughout the UITRS. Many of 
these minor wording changes were made to improve the consistency of the 
rating system.

Compliance Component

    The February notice combined the former Account Administration and 
Conflicts of Interest components into a new Compliance component. The 
new component assesses the institution's compliance with the terms of 
governing instruments, applicable laws and regulations, sound fiduciary 
principles, and internal policies and procedures. In addition, the new 
component addresses compliance with applicable laws, regulations, and 
internal policies and procedures on a broader, institution-wide basis 
by focusing on compliance and strategic risk.
    Several examiners expressed concern that the new rating component 
de-emphasizes the seriousness of self-dealing and conflicts of 
interest. The FFIEC emphasizes that self-dealing and other conflicts of 
interest, and the associated risks to the institution, continue to be 
areas of great importance and concern. The intent of the new Compliance 
component was not to de-emphasize the seriousness or importance of 
self-dealing or other conflicts of interest. Accordingly, the 
description of the new component and its rating definitions has been 
revised and expanded to clarify the importance of these issues.

Earnings Component

    Under the former UITRS, an Earnings rating was required for all 
institutions. The February notice proposed several changes to the 
Earnings component. An earnings rating would be required for 
institutions with more than $100 million in total trust assets (as 
reported on FFIEC 001 Schedule A, line 18, column F) and for non-
deposit trust companies. An earnings rating would not be required for 
the remaining institutions (those institutions not required to file 
Schedule E of FFIEC 001); however, each Federal supervisory agency 
would have the option of requiring the earnings of these institutions 
to be rated using either the rating definitions designated for Schedule 
E filers or, in accordance with the agency's implementing guidelines, 
the definitions for the alternate ratings.
    The majority of the comments received on the Earnings component 
changes were positive; however, several examiners requested that the 
FFIEC clarify various aspects of this component. In response, the FFIEC 
added an evaluation factor section for the alternate earnings rating, 
and separated the two rating definitions. In addition, each agency will 
issue implementing guidance addressing the

[[Page 54706]]

applicability of the Earnings rating to its supervised institutions.

Implementation Date

    The FFIEC recommends that the Federal supervisory agencies 
implement the updated UITRS January 1, 1999. This date ensures that 
institutions with examinations commenced in 1999 will be assessed under 
the updated UITRS.

Text of the Revised Uniform Interagency Trust Rating System

Uniform Interagency Trust Rating System

Introduction
    The Uniform Interagency Trust Rating System (UITRS) was adopted on 
September 21, 1978 by the Office of the Comptroller of the Currency 
(OCC), the Federal Deposit Insurance Corporation (FDIC), and the Board 
of Governors of the Federal Reserve System (FRB), and in 1988 by the 
Federal Home Loan Bank Board, predecessor agency to the Office of 
Thrift Supervision (OTS). Over the years, the UITRS has proven to be an 
effective internal supervisory tool for evaluating the fiduciary 
activities of financial institutions on a uniform basis and for 
identifying those institutions requiring special attention.
    A number of changes have occurred in both the banking industry and 
the Federal supervisory agencies' policies and procedures which 
prompted a review and revision of the 1978 rating system. The revisions 
to the UITRS:
     Realign the UITRS rating definitions to bring them in line 
with the Uniform Financial Institutions Rating System (UFIRS).
     Reduce the component rating categories from six to five, 
combining the Account Administration and Conflicts of Interest 
components into a new Compliance component.
     Require Earnings to be rated only in institutions with 
more than $100 million in total trust assets, and in all non-deposit 
trust companies. An earnings rating is not required for the remaining 
institutions (those institutions not required to file FFIEC 001 
Schedule E); 2 however, each Federal supervisory agency has 
the option of requiring the earnings of these institutions to be rated 
using the alternate rating definitions where applicable.
---------------------------------------------------------------------------

    \2\ Schedule E is the Trust Income Statement of the FFIEC Annual 
Report of Trust Assets (FFIEC 001). Schedule E is required to be 
filed by each financial institution with total trust assets of more 
than $100 million as reported on line 18, column F of Schedule A, 
and by all non-deposit trust companies, whether or not they report 
any assets on Schedule A.
---------------------------------------------------------------------------

     Explicitly refer to the quality of risk management 
processes in the management component, and the identification of risk 
elements within the composite and component rating definitions.
    These revisions are intended to promote and complement efficient 
examination processes. The revisions update the rating system but 
retain its basic framework. Consequently, the revised rating system 
will not result in additional regulatory burden to institutions or 
require additional policies or processes.
    The UITRS considers certain managerial, operational, financial and 
compliance factors that are common to all institutions with fiduciary 
activities. Under this system, the supervisory agencies endeavor to 
ensure that all institutions with fiduciary activities are evaluated in 
a comprehensive and uniform manner, and that supervisory attention is 
appropriately focused on those institutions exhibiting weaknesses in 
their fiduciary operations.
Overview
    Under the UITRS, the fiduciary activities of financial institutions 
are assigned a composite rating based on an evaluation and rating of 
five essential components of an institution's fiduciary activities. 
These components address the following: the capability of management; 
the adequacy of operations, controls and audits; the quality and level 
of earnings; compliance with governing instruments, applicable law 
(including self-dealing and conflicts of interest laws and 
regulations), and sound fiduciary principles; and the management of 
fiduciary assets.
    Composite and component ratings are assigned based on a 1 to 5 
numerical scale. A 1 is the highest rating and indicates the strongest 
performance and risk management practices and the least degree of 
supervisory concern. A 5 is the lowest rating and indicates the weakest 
performance and risk management practices and, therefore, the highest 
degree of supervisory concern. Evaluation of the composite and 
components considers the size and sophistication, the nature and 
complexity, and the risk profile of the institution's fiduciary 
activities.
    The composite rating generally bears a close relationship to the 
component ratings assigned. However, the composite rating is not 
derived by computing an arithmetic average of the component ratings. 
Each component rating is based on a qualitative analysis of the factors 
comprising that component and its interrelationship with the other 
components. When assigning a composite rating, some components may be 
given more weight than others depending on the situation at the 
institution. In general, assignment of a composite rating may 
incorporate any factor that bears significantly on the overall 
administration of the financial institution's fiduciary activities. 
Assigned composite and component ratings are disclosed to the 
institution's board of directors and senior management.
    The ability of management to respond to changing circumstances and 
to address the risks that may arise from changing business conditions, 
or the initiation of new fiduciary activities or products, is an 
important factor in evaluating an institution's overall fiduciary risk 
profile and the level of supervisory attention warranted. For this 
reason, the management component is given special consideration when 
assigning a composite rating.
    The ability of management to identify, measure, monitor, and 
control the risks of its fiduciary operations is also taken into 
account when assigning each component rating. It is recognized, 
however, that appropriate management practices may vary considerably 
among financial institutions, depending on the size, complexity and 
risk profiles of their fiduciary activities. For less complex 
institutions engaged solely in traditional fiduciary activities and 
whose directors and senior managers are actively involved in the 
oversight and management of day-to-day operations, relatively basic 
management systems and controls may be adequate. On the other hand, at 
more complex institutions, detailed and formal management systems and 
controls are needed to address a broader range of activities and to 
provide senior managers and directors with the information they need to 
supervise day-to-day activities.
    All institutions are expected to properly manage their risks. For 
less complex institutions engaging in less risky activities, detailed 
or highly formalized management systems and controls are not required 
to receive strong or satisfactory component or composite ratings.
    The following two sections contain the composite rating 
definitions, and the descriptions and definitions for the five 
component ratings.
Composite Ratings
    Composite ratings are based on a careful evaluation of how an 
institution conducts its fiduciary activities. The

[[Page 54707]]

review encompasses the capability of management, the soundness of 
policies and practices, the quality of service rendered to the public, 
and the effect of fiduciary activities upon the soundness of the 
institution. The five key components used to assess an institution's 
fiduciary activities are: the capability of management; the adequacy of 
operations, controls and audits; the quality and level of earnings; 
compliance with governing instruments, applicable law (including self-
dealing and conflicts of interest laws and regulations), and sound 
fiduciary principles; and the management of fiduciary assets. The 
composite ratings are defined as follows:
    Composite 1. Administration of fiduciary activities is sound in 
every respect. Generally all components are rated 1 or 2. Any 
weaknesses are minor and can be handled in a routine manner by 
management. The institution is in substantial compliance with fiduciary 
laws and regulations. Risk management practices are strong relative to 
the size, complexity, and risk profile of the institution's fiduciary 
activities. Fiduciary activities are conducted in accordance with sound 
fiduciary principles and give no cause for supervisory concern.
    Composite 2. Administration of fiduciary activities is 
fundamentally sound. Generally no component rating should be more 
severe than 3. Only moderate weaknesses are present and are well within 
management's capabilities and willingness to correct. Fiduciary 
activities are conducted in substantial compliance with laws and 
regulations. Overall risk management practices are satisfactory 
relative to the institution's size, complexity, and risk profile. There 
are no material supervisory concerns and, as a result, the supervisory 
response is informal and limited.
    Composite 3. Administration of fiduciary activities exhibits some 
degree of supervisory concern in one or more of the component areas. A 
combination of weaknesses exists that may range from moderate to 
severe; however, the magnitude of the deficiencies generally does not 
cause a component to be rated more severely than 4. Management may lack 
the ability or willingness to effectively address weaknesses within 
appropriate time frames. Additionally, fiduciary activities may reveal 
some significant noncompliance with laws and regulations. Risk 
management practices may be less than satisfactory relative to the 
institution's size, complexity, and risk profile. While problems of 
relative significance may exist, they are not of such importance as to 
pose a threat to the trust beneficiaries generally, or to the soundness 
of the institution. The institution's fiduciary activities require more 
than normal supervision and may include formal or informal enforcement 
actions.
    Composite 4. Fiduciary activities generally exhibit unsafe and 
unsound practices or conditions, resulting in unsatisfactory 
performance. The problems range from severe to critically deficient and 
may be centered around inexperienced or inattentive management, weak or 
dangerous operating practices, or an accumulation of unsatisfactory 
features of lesser importance. The weaknesses and problems are not 
being satisfactorily addressed or resolved by the board of directors 
and management. There may be significant noncompliance with laws and 
regulations. Risk management practices are generally unacceptable 
relative to the size, complexity, and risk profile of fiduciary 
activities. These problems pose a threat to the account beneficiaries 
generally and, if left unchecked, could evolve into conditions that 
could cause significant losses to the institution and ultimately 
undermine the public confidence in the institution. Close supervisory 
attention is required, which means, in most cases, formal enforcement 
action is necessary to address the problems.
    Composite 5. Fiduciary activities are conducted in an extremely 
unsafe and unsound manner. Administration of fiduciary activities is 
critically deficient in numerous major respects, with problems 
resulting from incompetent or neglectful administration, flagrant and/
or repeated disregard for laws and regulations, or a willful departure 
from sound fiduciary principles and practices. The volume and severity 
of problems are beyond management's ability or willingness to control 
or correct. Such conditions evidence a flagrant disregard for the 
interests of the beneficiaries and may pose a serious threat to the 
soundness of the institution. Continuous close supervisory attention is 
warranted and may include termination of the institution's fiduciary 
activities.
Component Ratings
    Each of the component rating descriptions is divided into three 
sections: a narrative description of the component; a list of the 
principal factors used to evaluate that component; and a description of 
each numerical rating for that component. Some of the evaluation 
factors are reiterated under one or more of the other components to 
reinforce the interrelationship among components. The listing of 
evaluation factors is in no particular order of importance.
    Management. This rating reflects the capability of the board of 
directors and management, in their respective roles, to identify, 
measure, monitor and control the risks of an institution's fiduciary 
activities. It also reflects their ability to ensure that the 
institution's fiduciary activities are conducted in a safe and sound 
manner, and in compliance with applicable laws and regulations. 
Directors should provide clear guidance regarding acceptable risk 
exposure levels and ensure that appropriate policies, procedures and 
practices are established and followed. Senior fiduciary management is 
responsible for developing and implementing policies, procedures and 
practices that translate the board's objectives and risk limits into 
prudent operating standards.
    Depending on the nature and scope of an institution's fiduciary 
activities, management practices may need to address some or all of the 
following risks: reputation, operating or transaction, strategic, 
compliance, legal, credit, market, liquidity and other risks. Sound 
management practices are demonstrated by: active oversight by the board 
of directors and management; competent personnel; adequate policies, 
processes, and controls that consider the size and complexity of the 
institution's fiduciary activities; and effective risk monitoring and 
management information systems. This rating should reflect the board's 
and management's ability as it applies to all aspects of fiduciary 
activities in which the institution is involved.
    The management rating is based upon an assessment of the capability 
and performance of management and the board of directors, including, 
but not limited to, the following evaluation factors:

     The level and quality of oversight and support of 
fiduciary activities by the board of directors and management, 
including committee structure and adequate documentation of 
committee actions.
     The ability of the board of directors and management, 
in their respective roles, to plan for, and respond to, risks that 
may arise from changing business conditions or the introduction of 
new activities or products.
     The adequacy of, and conformance with, appropriate 
internal policies, practices and controls addressing the operations 
and risks of significant fiduciary activities.
     The accuracy, timeliness, and effectiveness of 
management information and risk monitoring systems appropriate for 
the institution's size, complexity, and fiduciary risk profile.
     The overall level of compliance with laws, regulations, 
and sound fiduciary principles.

[[Page 54708]]

     Responsiveness to recommendations from auditors and 
regulatory authorities.
     Strategic planning for fiduciary products and services.
     The level of experience and competence of fiduciary 
management and staff, including issues relating to turnover and 
succession planning.
     The adequacy of insurance coverage.
     The availability of competent legal counsel.
     The extent and nature of pending litigation associated 
with fiduciary activities, and its potential impact on earnings, 
capital, and the institution's reputation.
     The process for identifying and responding to fiduciary 
customer complaints.

    Ratings. A rating of 1 indicates strong performance by management 
and the board of directors and strong risk management practices 
relative to the size, complexity and risk profile of the institution's 
fiduciary activities. All significant risks are consistently and 
effectively identified, measured, monitored, and controlled. Management 
and the board are proactive, and have demonstrated the ability to 
promptly and successfully address existing and potential problems and 
risks.
    A rating of 2 indicates satisfactory management and board 
performance and risk management practices relative to the size, 
complexity and risk profile of the institution's fiduciary activities. 
Moderate weaknesses may exist, but are not material to the sound 
administration of fiduciary activities, and are being addressed. In 
general, significant risks and problems are effectively identified, 
measured, monitored, and controlled.
    A rating of 3 indicates management and board performance that needs 
improvement or risk management practices that are less than 
satisfactory given the nature of the institution's fiduciary 
activities. The capabilities of management or the board of directors 
may be insufficient for the size, complexity, and risk profile of the 
institution's fiduciary activities. Problems and significant risks may 
be inadequately identified, measured, monitored, or controlled.
    A rating of 4 indicates deficient management and board performance 
or risk management practices that are inadequate considering the size, 
complexity, and risk profile of the institution's fiduciary activities. 
The level of problems and risk exposure is excessive. Problems and 
significant risks are inadequately identified, measured, monitored, or 
controlled and require immediate action by the board and management to 
protect the assets of account beneficiaries and to prevent erosion of 
public confidence in the institution. Replacing or strengthening 
management or the board may be necessary.
    A rating of 5 indicates critically deficient management and board 
performance or risk management practices. Management and the board of 
directors have not demonstrated the ability to correct problems and 
implement appropriate risk management practices. Problems and 
significant risks are inadequately identified, measured, monitored, or 
controlled and now threaten the continued viability of the institution 
or its administration of fiduciary activities, and pose a threat to the 
safety of the assets of account beneficiaries. Replacing or 
strengthening management or the board of directors is necessary.
    Operations, Internal Controls & Auditing. This rating reflects the 
adequacy of the institution's fiduciary operating systems and internal 
controls in relation to the volume and character of business conducted. 
Audit coverage must assure the integrity of the financial records, the 
sufficiency of internal controls, and the adequacy of the compliance 
process.
    The institution's fiduciary operating systems, internal controls, 
and audit function subject it primarily to transaction and compliance 
risk. Other risks including reputation, strategic, and financial risk 
may also be present. The ability of management to identify, measure, 
monitor and control these risks is reflected in this rating.
    The operations, internal controls and auditing rating is based 
upon, but not limited to, an assessment of the following evaluation 
factors:
    Operations and Internal Controls, including the adequacy of:

     Staff, facilities and operating systems;
     Records, accounting and data processing systems 
(including controls over systems access and such accounting 
procedures as aging, investigation and disposition of items in 
suspense accounts);
     Trading functions and securities lending activities;
     Vault controls and securities movement;
     Segregation of duties;
     Controls over disbursements (checks or electronic) and 
unissued securities;
     Controls over income processing activities;
     Reconciliation processes (depository, cash, vault, sub-
custodians, suspense accounts, etc.);
     Disaster and/or business recovery programs;
     Hold-mail procedures and controls over returned mail; 
and,
     Investigation and proper escheatment of funds in 
dormant accounts.

    Auditing, including:

     The independence, frequency, quality and scope of the 
internal and external fiduciary audit function relative to the 
volume, character and risk profile of the institution's fiduciary 
activities;
     The volume and/or severity of internal control and 
audit exceptions and the extent to which these issues are tracked 
and resolved; and
     The experience and competence of the audit staff.

    Ratings. A rating of 1 indicates that operations, internal 
controls, and auditing are strong in relation to the volume and 
character of the institution's fiduciary activities. All significant 
risks are consistently and effectively identified, measured, monitored, 
and controlled.
    A rating of 2 indicates that operations, internal controls and 
auditing are satisfactory in relation to the volume and character of 
the institution's fiduciary activities. Moderate weaknesses may exist, 
but are not material. Significant risks, in general, are effectively 
identified, measured, monitored, and controlled.
    A rating of 3 indicates that operations, internal controls or 
auditing need improvement in relation to the volume and character of 
the institution's fiduciary activities. One or more of these areas are 
less than satisfactory. Problems and significant risks may be 
inadequately identified, measured, monitored, or controlled.
    A rating of 4 indicates deficient operations, internal controls or 
audits. One or more of these areas are inadequate or the level of 
problems and risk exposure is excessive in relation to the volume and 
character of the institution's fiduciary activities. Problems and 
significant risks are inadequately identified, measured, monitored, or 
controlled and require immediate action. Institutions with this level 
of deficiencies may make little provision for audits, or may evidence 
weak or potentially dangerous operating practices in combination with 
infrequent or inadequate audits.
    A rating of 5 indicates critically deficient operations, internal 
controls or audits. Operating practices, with or without audits, pose a 
serious threat to the safety of assets of fiduciary accounts. Problems 
and significant risks are inadequately identified, measured, monitored, 
or controlled and now threaten the ability of the institution to 
continue engaging in fiduciary activities.
    Earnings. This rating reflects the profitability of an 
institution's fiduciary activities and its effect on the financial 
condition of the institution. The use and adequacy of budgets and 
earnings projections by functions, product lines and clients are 
reviewed and evaluated.

[[Page 54709]]

Risk exposure that may lead to negative earnings is also evaluated.
    An evaluation of earnings is required for all institutions with 
fiduciary activities. An assignment of an earnings rating, however, is 
required only for institutions that, at the time of the examination, 
have total trust assets of more than $100 million, or are a non-deposit 
trust company (those institutions that would be required to file 
Schedule E of FFIEC 001).
    For institutions where the assignment of an Earnings rating is not 
required by the UITRS, the Federal supervisory agency has the option to 
assign an earnings rating using an alternate set of ratings. A rating 
will be assigned in accordance with implementing guidelines adopted by 
the supervisory agency. The definitions for the alternate ratings are 
included in the revised UITRS and may be found in the section 
immediately following the definitions for the required ratings.
    The evaluation of earnings is based upon, but not limited to, an 
assessment of the following factors:

     The profitability of fiduciary activities in relation 
to the size and scope of those activities and to the overall 
business of the institution.
     The overall importance to the institution of offering 
fiduciary services to its customers and local community.
     The effectiveness of the institution's procedures for 
monitoring fiduciary activity income and expense relative to the 
size and scope of these activities and their relative importance to 
the institution, including the frequency and scope of profitability 
reviews and planning by the institution's board of directors or a 
committee thereof.

    For those institutions for which a rating of earnings is mandatory, 
additional factors should include the following:

     The level and consistency of profitability, or the lack 
thereof, generated by the institution's fiduciary activities in 
relation to the volume and character of the institution's business.
     Dependence upon non-recurring fees and commissions, 
such as fees for court accounts.
     The effects of charge-offs or compromise actions.
     Unusual features regarding the composition of business 
and fee schedules.
     Accounting practices that contain practices such as (1) 
unusual methods of allocating direct and indirect expenses and 
overhead, or (2) unusual methods of allocating fiduciary income and 
expense where two or more fiduciary institutions within the same 
holding company family share fiduciary services and/or processing 
functions.
     The extent of management's use of budgets, projections 
and other cost analysis procedures.
     Methods used for directors' approval of financial 
budgets and/or projections.
     Management's attitude toward growth and new business 
development.
     New business development efforts, including types of 
business solicited, market potential, advertising, competition, 
relationships with local organizations, and an evaluation by 
management of risk potential inherent in new business areas.

    Ratings. A rating of 1 indicates strong earnings. The institution 
consistently earns a rate of return on its fiduciary activities that is 
commensurate with the risk of those activities. This rating would 
normally be supported by a history of consistent profitability over 
time and a judgement that future earnings prospects are favorable. In 
addition, management techniques for evaluating and monitoring earnings 
performance are fully adequate and there is appropriate oversight by 
the institution's board of directors or a committee thereof. Management 
makes effective use of budgets and cost analysis procedures. Methods 
used for reporting earnings information to the board of directors, or a 
committee thereof, are comprehensive.
    A rating of 2 indicates satisfactory earnings. Although the 
earnings record may exhibit some weaknesses, earnings performance does 
not pose a risk to the overall institution nor to its ability to meet 
its fiduciary obligations. Generally, fiduciary earnings meet 
management targets and appear to be at least sustainable. Management 
processes for evaluating and monitoring earnings are generally 
sufficient in relationship to the size and risk of fiduciary activities 
that exist, and any deficiencies can be addressed in the normal course 
of business. A rating of 2 may also be assigned to institutions with a 
history of profitable operations if there are indications that 
management is engaging in activities with which it is not familiar, or 
where there may be inordinately high levels of risk present that have 
not been adequately evaluated. Alternatively, an institution with 
otherwise strong earnings performance may also be assigned a 2 rating 
if there are significant deficiencies in its methods used to monitor 
and evaluate earnings.
    A rating of 3 indicates less than satisfactory earnings. Earnings 
are not commensurate with the risk associated with the fiduciary 
activities undertaken. Earnings may be erratic or exhibit downward 
trends, and future prospects are unfavorable. This rating may also be 
assigned if management processes for evaluating and monitoring earnings 
exhibit serious deficiencies, provided the deficiencies identified do 
not pose an immediate danger to either the overall financial condition 
of the institution or its ability to meet its fiduciary obligations.
    A rating of 4 indicates earnings that are seriously deficient. 
Fiduciary activities have a significant adverse effect on the overall 
income of the institution and its ability to generate adequate capital 
to support the continued operation of its fiduciary activities. The 
institution is characterized by fiduciary earnings performance that is 
poor historically, or faces the prospect of significant losses in the 
future. Management processes for monitoring and evaluating earnings may 
be poor. The board of directors has not adopted appropriate measures to 
address significant deficiencies.
    A rating of 5 indicates critically deficient earnings. In general, 
an institution with this rating is experiencing losses from fiduciary 
activities that have a significant negative impact on the overall 
institution, representing a distinct threat to its viability through 
the erosion of its capital. The board of directors has not implemented 
effective actions to address the situation.
    Alternate Rating of Earnings. Alternate ratings are assigned based 
on the level of implementation of four minimum standards by the board 
of directors and management.
    These standards are:

     Standard No. 1--The institution has reasonable methods 
for measuring income and expense commensurate with the volume and 
nature of the fiduciary services offered.
     Standard No. 2--The level of profitability is reported 
to the board of directors, or a committee thereof, at least 
annually.
     Standard No. 3--The board of directors periodically 
determines that the continued offering of fiduciary services 
provides an essential service to the institution's customers or to 
the local community.
     Standard No. 4--The board of directors, or a committee 
thereof, reviews the justification for the institution to continue 
to offer fiduciary services even if the institution does not earn 
sufficient income to cover the expenses of providing those services.

    Ratings. A rating of 1 may be assigned where an institution has 
implemented all four minimum standards. If fiduciary earnings are 
lacking, management views this as a cost of doing business as a full 
service institution and believes that the negative effects of not 
offering fiduciary services are more significant than the expense of 
administrating those services.
    A rating of 2 may be assigned where an institution has implemented, 
at a minimum, at least three of the four standards. This rating may be 
assigned if the institution is not generating positive earnings or 
where formal

[[Page 54710]]

earnings information may not be available.
    A rating of 3 may be assigned if the institution has implemented at 
least two of the four standards. While management may have attempted to 
identify and quantify other revenue to be earned by offering fiduciary 
services, it has decided that these services should be offered as a 
service to customers, even if they cannot be operated profitably.
    A rating of 4 may be assigned if the institution has implemented 
only one of the four standards. Management has undertaken little or no 
effort to identify or quantify the collateral advantages, if any, to 
the institution from offering fiduciary services.
    A rating of 5 may be assigned if the institution has implemented 
none of the standards.
    Compliance. This rating reflects an institution's overall 
compliance with applicable laws, regulations, accepted standards of 
fiduciary conduct, governing account instruments, duties associated 
with account administration, and internally established policies and 
procedures. This component specifically incorporates an assessment of a 
fiduciary's duty of undivided loyalty and compliance with applicable 
laws, regulations, and accepted standards of fiduciary conduct related 
to self-dealing and other conflicts of interest.
    The compliance component includes reviewing and evaluating the 
adequacy and soundness of adopted policies, procedures, and practices 
generally, and as they relate to specific transactions and accounts. It 
also includes reviewing policies, procedures, and practices to evaluate 
the sensitivity of management and the board of directors to refrain 
from self-dealing, minimize potential conflicts of interest, and 
resolve actual conflict situations in favor of the fiduciary account 
beneficiaries.
    Risks associated with account administration are potentially 
unlimited because each account is a separate contractual relationship 
that contains specific obligations. Risks associated with account 
administration include: failure to comply with applicable laws, 
regulations or terms of the governing instrument; inadequate account 
administration practices; and inexperienced management or inadequately 
trained staff. Risks associated with a fiduciary's duty of undivided 
loyalty generally stem from engaging in self-dealing or other conflict 
of interest transactions. An institution may be exposed to compliance, 
strategic, financial and reputation risk related to account 
administration and conflicts of interest activities. The ability of 
management to identify, measure, monitor and control these risks is 
reflected in this rating. Policies, procedures and practices pertaining 
to account administration and conflicts of interest are evaluated in 
light of the size and character of an institution's fiduciary business.
    The compliance rating is based upon, but not limited to, an 
assessment of the following evaluation factors:

     Compliance with applicable federal and state statutes 
and regulations, including, but not limited to, federal and state 
fiduciary laws, the Employee Retirement Income Security Act of 1974, 
federal and state securities laws, state investment standards, state 
principal and income acts, and state probate codes;
     Compliance with the terms of governing instruments;
     The adequacy of overall policies, practices, and 
procedures governing compliance, considering the size, complexity, 
and risk profile of the institution's fiduciary activities;
     The adequacy of policies and procedures addressing 
account administration;
     The adequacy of policies and procedures addressing 
conflicts of interest, including those designed to prevent the 
improper use of ``material inside information'';
     The effectiveness of systems and controls in place to 
identify actual and potential conflicts of interest;
     The adequacy of securities trading policies and 
practices relating to the allocation of brokerage business, the 
payment of services with ``soft dollars'' and the combining, 
crossing, and timing of trades;
     The extent and permissibility of transactions with 
related parties, including, but not limited to, the volume of 
related commercial and fiduciary relationships and holdings of 
corporations in which directors, officers, or employees of the 
institution may be interested;
     The decision making process used to accept, review, and 
terminate accounts; and,
     The decision making process related to account 
administration duties, including cash balances, overdrafts, and 
discretionary distributions.

    Ratings. A rating of 1 indicates strong compliance policies, 
procedures and practices. Policies and procedures covering conflicts of 
interest and account administration are appropriate in relation to the 
size and complexity of the institution's fiduciary activities. Accounts 
are administered in accordance with governing instruments, applicable 
laws and regulations, sound fiduciary principles, and internal policies 
and procedures. Any violations are isolated, technical in nature and 
easily correctable. All significant risks are consistently and 
effectively identified, measured, monitored and controlled.
    A rating of 2 indicates fundamentally sound compliance policies, 
procedures and practices in relation to the size and complexity of the 
institution's fiduciary activities. Account administration may be 
flawed by moderate weaknesses in policies, procedures or practices. 
Management's practices indicate a determination to minimize the 
instances of conflicts of interest. Fiduciary activities are conducted 
in substantial compliance with laws and regulations, and any violations 
are generally technical in nature. Management corrects violations in a 
timely manner and without loss to fiduciary accounts. Significant risks 
are effectively identified, measured, monitored, and controlled.
    A rating of 3 indicates compliance practices that are less than 
satisfactory in relation to the size and complexity of the 
institution's fiduciary activities. Policies, procedures and controls 
have not proven effective and require strengthening. Fiduciary 
activities may be in substantial noncompliance with laws, regulations 
or governing instruments, but losses are no worse than minimal. While 
management may have the ability to achieve compliance, the number of 
violations that exist, or the failure to correct prior violations, are 
indications that management has not devoted sufficient time and 
attention to its compliance responsibilities. Risk management practices 
generally need improvement.
    A rating of 4 indicates an institution with deficient compliance 
practices in relation to the size and complexity of its fiduciary 
activities. Account administration is notably deficient. The 
institution makes little or no effort to minimize potential conflicts 
or refrain from self-dealing, and is confronted with a considerable 
number of potential or actual conflicts. Numerous substantive and 
technical violations of laws and regulations exist and many may remain 
uncorrected from previous examinations. Management has not exerted 
sufficient effort to effect compliance and may lack the ability to 
effectively administer fiduciary activities. The level of compliance 
problems is significant and, if left unchecked, may subject the 
institution to monetary losses or reputation risk. Risks are 
inadequately identified, measured, monitored and controlled.
    A rating of 5 indicates critically deficient compliance practices. 
Account administration is critically deficient or incompetent and there 
is a flagrant disregard for the terms of the governing instruments and 
interests of account beneficiaries. The institution frequently engages 
in transactions that compromise

[[Page 54711]]

its fundamental duty of undivided loyalty to account beneficiaries. 
There are flagrant or repeated violations of laws and regulations and 
significant departures from sound fiduciary principles. Management is 
unwilling or unable to operate within the scope of laws and regulations 
or within the terms of governing instruments and efforts to obtain 
voluntary compliance have been unsuccessful. The severity of 
noncompliance presents an imminent monetary threat to account 
beneficiaries and creates significant legal and financial exposure to 
the institution. Problems and significant risks are inadequately 
identified, measured, monitored, or controlled and now threaten the 
ability of management to continue engaging in fiduciary activities.
    Asset Management. This rating reflects the risks associated with 
managing the assets (including cash) of others. Prudent portfolio 
management is based on an assessment of the needs and objectives of 
each account or portfolio. An evaluation of asset management should 
consider the adequacy of processes related to the investment of all 
discretionary accounts and portfolios, including collective investment 
funds, proprietary mutual funds, and investment advisory arrangements.
    The institution's asset management activities subject it to 
reputation, compliance and strategic risks. In addition, each 
individual account or portfolio managed by the institution is subject 
to financial risks such as market, credit, liquidity, and interest rate 
risk, as well as transaction and compliance risk. The ability of 
management to identify, measure, monitor and control these risks is 
reflected in this rating.
    The asset management rating is based upon, but not limited to, an 
assessment of the following evaluation factors:

     The adequacy of overall policies, practices and 
procedures governing asset management, considering the size, 
complexity and risk profile of the institution's fiduciary 
activities.
     The decision making processes used for selection, 
retention and preservation of discretionary assets including 
adequacy of documentation, committee review and approval, and a 
system to review and approve exceptions.
     The use of quantitative tools to measure the various 
financial risks in investment accounts and portfolios.
     The existence of policies and procedures addressing the 
use of derivatives or other complex investment products.
     The adequacy of procedures related to the purchase or 
retention of miscellaneous assets including real estate, notes, 
closely held companies, limited partnerships, mineral interests, 
insurance and other unique assets.
     The extent and adequacy of periodic reviews of 
investment performance, taking into consideration the needs and 
objectives of each account or portfolio.
     The monitoring of changes in the composition of 
fiduciary assets for trends and related risk exposure.
     The quality of investment research used in the 
decision-making process and documentation of the research.
     The due diligence process for evaluating investment 
advice received from vendors and/or brokers (including approved or 
focus lists of securities).
     The due diligence process for reviewing and approving 
brokers and/or counter parties used by the institution.

    This rating may not be applicable for some institutions because 
their operations do not include activities involving the management of 
any discretionary assets. Functions of this type would include, but not 
necessarily be limited to, directed agency relationships, securities 
clearing, non-fiduciary custody relationships, transfer agent and 
registrar activities. In institutions of this type, the rating for 
Asset Management may be omitted by the examiner in accordance with the 
examining agency's implementing guidelines. However, this component 
should be assigned when the institution provides investment advice, 
even though it does not have discretion over the account assets. An 
example of this type of activity would be where the institution selects 
or recommends the menu of mutual funds offered to participant directed 
401(k) plans.
    Ratings. A rating of 1 indicates strong asset management practices. 
Identified weaknesses are minor in nature. Risk exposure is modest in 
relation to management's abilities and the size and complexity of the 
assets managed.
    A rating of 2 indicates satisfactory asset management practices. 
Moderate weaknesses are present and are well within management's 
ability and willingness to correct. Risk exposure is commensurate with 
management's abilities and the size and complexity of the assets 
managed. Supervisory response is limited.
    A rating of 3 indicates that asset management practices are less 
than satisfactory in relation to the size and complexity of the assets 
managed. Weaknesses may range from moderate to severe; however, they 
are not of such significance as to generally pose a threat to the 
interests of account beneficiaries. Asset management and risk 
management practices generally need to be improved. An elevated level 
of supervision is normally required.
    A rating of 4 indicates deficient asset management practices in 
relation to the size and complexity of the assets managed. The levels 
of risk are significant and inadequately controlled. The problems pose 
a threat to account beneficiaries generally, and if left unchecked, may 
subject the institution to losses and could undermine the reputation of 
the institution.
    A rating of 5 represents critically deficient asset management 
practices and a flagrant disregard of fiduciary duties. These practices 
jeopardize the interests of account beneficiaries, subject the 
institution to losses, and may pose a threat to the soundness of the 
institution.

    Dated: October 7, 1998
Keith J. Todd,
Executive Secretary, Federal Financial Institutions Examination 
Council.
[FR Doc. 98-27328 Filed 10-9-98; 8:45 am]
BILLING CODE 6210-01-P 25%, 6720-01-P 25%, 6714-01-P 25%, 4810-33-P 25%

Last Updated 07/17/1999 communications@fdic.gov