Appendix A - NCUA’s CAMEL Rating System (CAMEL)

NCUA’S CAMEL RATING SYSTEM (CAMEL)1

The CAMEL rating system is based upon an evaluation of five critical elements of a credit union's operations: Capital Adequacy, Asset Quality, Management, Earnings, and Liquidity/Asset-Liability Management. CAMEL is designed to take into account and reflect all significant financial, operational, and management factors examiners assess in their evaluation of a credit union's performance and risk profile.

Examiners rate credit unions based on their assessment of the individual credit union rather than against peer averages. Peer averages do not necessarily reflect credit unions are operated in a safe and sound manner. The CAMEL ratings should reflect the condition of the credit union regardless of peer performance. Examiners are expected to use their professional judgment and consider both qualitative and quantitative factors when analyzing a credit union's performance. Since numbers are often lagging indicators of a credit union's condition, the examiner must also conduct a qualitative analysis of current and projected operations when assigning CAMEL ratings.

Part of the examiner’s qualitative analysis includes an assessment of the credit union’s risk management program. In Risk Focused Examinations (RFEs), examiners assess the amount and direction of risk exposure in seven categories: Credit, Interest Rate, Liquidity, Transaction, Compliance, Reputation, and Strategic (seven risk categories) and determine how the nature and extent of these risks affect one or more CAMEL components.

Although the CAMEL composite rating should normally bear a close relationship to the component ratings, the examiner does not derive the composite rating solely by computing an arithmetic average of the component ratings. Examiners consider the interrelationships between CAMEL components when assigning the overall rating. Some of the evaluation factors are reiterated under one or more of the components to reinforce the interrelationships between components. The following two sections contain the component and composite ratings.

CAMEL COMPOSITE RATINGS

Rating 1 - Credit unions in this group are sound in every respect and generally have components rated 1 and 2. Any weaknesses are minor and can be handled in a routine manner by the board of directors and management. These credit unions are the most capable of withstanding unpredictable business conditions and are resistant to outside influences such as economic instability in their trade area. These credit unions are in substantial compliance with laws and regulations. As a result, they exhibit sound performance and risk management practices relative to the credit union’s size, complexity, and risk profile, and give no cause for supervisory concern.

Rating 2 – Credit unions in this group are fundamentally sound. For a credit union to receive this rating, generally no component rating should be more severe than a 3. Only moderate weaknesses are present and are well within the board of directors’ and management’s capabilities and willingness to correct. These credit unions are stable and are capable of withstanding business fluctuations. These credit unions are in substantial compliance with laws and regulations. Overall risk management practices are satisfactory relative to the credit union’s size, complexity, and risk profile. There are no material supervisory concerns and, as a result, the supervisory response is informal and limited.

Rating 3 - Credit unions in this group exhibit some degree of supervisory concern in one or more of the component areas. These credit unions exhibit a combination of weaknesses that may range from moderate to severe; however, the magnitude of the deficiencies generally will not cause a component to be rated more severely than 4. Management may lack the ability or willingness to effectively address weaknesses within appropriate time frames. Credit unions in this group generally are less capable of withstanding business fluctuations and are more vulnerable to outside influences than those rated a composite 1 or 2. Additionally, these credit unions may be in significant noncompliance with laws and regulations. Risk management practices may be less than satisfactory relative to the credit union’s size, complexity, and risk profile. These credit unions require more than normal supervision which may include enforcement actions. Failure appears unlikely, however, given overall strength and financial capacity of these credit unions.

Rating 4 - Credit unions in this group generally exhibit unsafe and unsound practices or conditions. There are serious financial or managerial deficiencies that result in unsatisfactory performance. The problems range from severe to critically deficient. The weaknesses and problems are not being satisfactorily addressed or resolved by the board of directors and management. Credit unions in this group generally are not capable of withstanding business fluctuations.

There may be significant noncompliance with laws and regulations. Risk management practices are generally unacceptable relative to the credit union’s size, complexity, and risk profile. Close supervisory attention is required, which means, in most cases, enforcement action is necessary to address the problems. Credit unions in the group pose a risk to the National Credit Union Share Insurance Fund (NCUSIF). Failure is a distinct possibility if the problems and weaknesses are not satisfactorily addressed and resolved.

Rating 5 – Credit unions in this group exhibit extremely unsafe and unsound practices and conditions; exhibit a critically deficient performance; often contain inadequate risk management practices relative to the credit union’s size, complexity, and risk profile; and are of the greatest supervisory concern. The volume and severity of problems are beyond management's ability or willingness to control or correct. Immediate outside financial or other assistance is needed in order for the credit union to be viable. Ongoing supervisory attention is necessary. Credit unions in this group pose a significant risk to the NCUSIF and failure is highly probable.

CAPITAL

A credit union is expected to maintain capital commensurate with the nature and extent of risk to the institution and the ability of management to identify, measure, monitor, and control these risks. The effect of credit, market, and other risk on the credit union’s financial condition is considered when evaluating capital adequacy. The types and quantity of risk inherent in a credit union’s activities will determine the extent to which it may be necessary to maintain capital to properly reflect the potentially adverse consequences these risks may have on the institution’s capital. Regulatory capital requirements are minimum levels and separate and distinct from a credit union’s need to maintain capital commensurate with the level of risk inherent in operations. A credit union’s capital adequacy is based upon, but not limited to, an assessment of the following evaluation factors. The order of these factors does not signify a level of importance.

  • Capital level and quality of capital;
  • Overall financial condition;
  • The ability of management to address emerging needs for additional capital;
  • Compliance with risk-based net worth requirements;
  • Composition of capital;
  • Interest and dividend policies and practices;
  • Quality, type, liquidity, and diversification of assets, with particular reference to classified assets;
  • Loan and investment concentrations;
  • Balance sheet composition including the nature and amount of market risk, concentration risk, and risk associated with nontraditional activities;
  • Growth plans and past experience managing growth;
  • Volume and risk characteristics of new business initiatives;
  • Ability of management to control and monitor risk;
  • Earnings quality and composition;
  • Liquidity and asset-liability management;
  • Extent of contingent liabilities and existence of pending litigation;
  • Field of membership; and
  • Economic environment.

RATINGS

A capital adequacy rating of 1 indicates sound capital relative to the credit union’s current and prospective risk profile.

A rating of 2 indicates satisfactory capital relative to the credit union’s current and prospective risk profile.

A capital adequacy rating of 3 reflects less than satisfactory capital that does not fully support the credit union’s current and prospective risk profile. The rating indicates a need for improvement.

A capital adequacy rating of 4 indicates deficient capital. In light of the credit union’s current and prospective risk profile, viability of the credit union may be threatened. Financial support from outsiders may be required.

A rating of 5 indicates critically deficient capital in light of the credit union’s current and prospective risk profile such that the credit union’s viability is threatened. Immediate assistance from external sources or financial support is required.

ASSET QUALITY

The asset quality rating reflects the quantity of existing and potential credit risk associated with the loan and investment portfolios, other real estate owned (OREO), and other assets, as well as off-balance sheet transactions. The ability of management to identify, measure, monitor, and control credit risk is also reflected here. The evaluation of asset quality should consider the adequacy of the allowance for loan and lease losses and weigh the exposure to counterparty issuer or borrower default under actual or implied contractual agreements. All other risks that may affect the value or marketability of a credit union’s assets, including but not limited to the seven risk categories, should be considered.

A credit union’s asset quality is based upon, but not limited to, an assessment of the following evaluation factors. The order of these factors does not signify a level of importance.

  • The quality of loan underwriting, policies, procedures, and practices;
  • The internal controls and due diligence procedures in place to review new loan programs, high concentrations, and changes in underwriting procedures and practices of existing programs;
  • The level, distribution, and severity of classified assets;
  • The adequacy of the allowance for loan and lease losses and other asset valuation reserves;
  • The level and composition of nonaccrual and restructured assets;
  • The ability of management to properly administer its assets, including the timely identification and collection of problem assets;
  • The existence of significant growth trends indicating erosion or improvement in asset quality;
  • The existence of loan concentrations that present undue risk to the credit union;
  • The appropriateness of investment policies and practices;
  • The investment risk factors when compared to capital and earnings structure; and
  • The effect of fair (market) value of investments compared to book value of investments.

RATINGS

A rating of 1 indicates sound asset quality and credit administration practices. Identified weaknesses are minor in nature and risk exposure is modest in relation to capital adequacy and management’s abilities. Asset quality is of minimal supervisory concern.

A rating of 2 indicates satisfactory asset quality and credit administration practices. The level and severity of classifications and other weaknesses warrant a limited level of supervisory attention. Risk exposure is commensurate with capital adequacy and management’s abilities.

A rating of 3 is assigned when asset quality or credit administration practices are less than satisfactory. Trends may be stable or indicate deterioration in asset quality or an increase in risk exposure. The level and severity of classified assets, other weaknesses, and risk require an elevated level of supervisory concern. There is generally a need to improve credit administration and risk management practices.

A rating of 4 is assigned to credit unions with deficient asset quality or credit administration practices. The levels of risk and problem assets are significant, inadequately controlled, and subject the credit union to potential losses that, if left unchecked, may threaten the credit union’s viability.

A rating of 5 represents critically deficient asset quality or credit administration practices that present an imminent threat to the credit union’s viability.

MANAGEMENT

The capabilities of the board of directors and management, in their respective roles, to identify, measure, monitor, and control the risks of a credit union’s activities and to ensure a credit union’s safe, sound, and efficient operation in compliance with applicable laws and regulations is reflected in this rating. Generally, directors need not be actively involved in day-to-day operations; however, they provide clear guidance establishing acceptable risk exposure levels thru appropriate policies, procedures, and practices. Senior management is responsible for developing and implementing policies, procedures, and practices that translate the board’s goals, objectives, and risk limits into prudent operating standards.

Management practices need to address the seven risk categories and other risks commensurate with the nature and scope of a credit union’s activities. Sound management practices are demonstrated by active oversight by the board of directors and management; competent personnel; adequate policies, processes, and controls taking into consideration the size and sophistication of the credit union; maintenance of an appropriate audit program and internal control environment; and effective risk monitoring and management information systems. This rating should reflect the board’s and management’s ability as it applies to all aspects of the credit union’s operations as well as other financial service activities in which the credit union is involved.

The ability of management to respond to changing business conditions, or the initiation of new activities or products, is an important factor in evaluating a credit union’s overall risk profile and the level of supervisory attention warranted. For this reason, the management component is given special consideration when assigning the composite rating. The capability and performance of management and the board of directors is also rated based upon, but not limited to, an assessment of the following evaluation factors:

CORPORATE GOVERNANCE

The board of directors and management have a fiduciary responsibility to the members to maintain very high standards of professional conduct including but not limited to:

  1. Appropriateness of compensation policies. Management compensation policies should be supported. The board needs to ensure performance standards are in place for senior management and an effective formal evaluation process is used and documented.
  2. Avoidance of conflict of interest. Appropriate policies and procedures for avoidance of conflicts of interest and management of potential conflicts of interest should be in place.
  3. Professional ethics and behavior. The board of directors and management should not use the credit union for unauthorized or inappropriate personal gain. Credit union property should not be used for anything other than authorized activities. Management should act ethically and impartially in carrying out appropriate credit union policies and procedures.

STRATEGIC PLANNING

Strategic planning involves a systematic process to develop a long-term vision for the credit union. The strategic plan incorporates all areas of a credit union's operations and sets broad goals enabling credit union management to make sound decisions. The strategic plan should identify risks and threats to the organization and outline methods to address them.

As part of the strategic planning process, credit unions should develop a business plan for the next one or two years. The board of directors should review and approve the business plan, including a budget, in the context of its consistency with the credit union's strategic plan. The business plan is evaluated against the strategic plan to determine if the two are consistent. Examiners also assess how the plan is put into effect. The plans should be unique to and reflective of the individual credit union.

Information systems and technology (IS&T) should be included as an integral part of the credit union’s strategic plan. Examiners assess the credit union’s risk analysis, policies, and oversight of this area based on the size and complexity of the credit union and the type and volume of e-commerce systems and services2 offered. Examiners consider the criticality of e-commerce systems and services in their assessment of the overall IS&T plan.

INTERNAL CONTROLS

Internal controls play a crucial role in controlling a credit union's risks. Effective internal controls provide safeguards against system malfunctions, errors in judgment, and fraud. Without proper internal controls, management will not be able to identify and track the credit union’s exposure to risk. Controls are also essential to enable management to ensure operating units are acting within the parameters established by the board of directors and senior management.

The following seven aspects of internal controls deserve special attention:

  1. Information Systems. It is crucial that effective controls are in place to ensure the integrity, security, and privacy of information contained on the credit union’s computer systems.
  2. Segregation of Duties. The credit union should have adequate segregation of duties in every area of operation. Segregation of duties may be limited by the number of employees in smaller credit unions.
  3. Audit Program. Audit functions and processes should be commensurate with the credit union’s size, sophistication, and risk. The program should be independent, reporting to the supervisory committee without conflict or interference from management. An annual audit plan is necessary to ensure risk areas are examined, and the areas of greatest risk receive priority. Reports should be issued to management for comment and action and forwarded to the board of directors with management's response. Follow-up of any unresolved issues is essential and should be covered in subsequent reports.
  4. Record Keeping. The books of every credit union should be kept in accordance with well-established accounting principles. A credit union's records and accounts should reflect its actual financial condition and accurate results of operations. Records should be current and provide an audit trail. The audit trail should include sufficient documentation to follow a transaction from its inception through to its completion. Subsidiary records should be kept in balance with general ledger control figures.
  5. Protection of Physical Assets. A principal method of safeguarding assets is to limit access to authorized personnel. Protection of assets can be accomplished by developing operating policies and procedures for cash control, joint custody (dual control), teller operations, and physical security of the computer.
  6. Education of Staff. Credit union staff and volunteers should be thoroughly trained in specific daily operations. A training program tailored to meet management needs should be in place and cross-training programs for office staff should be present. Risk is controlled when the credit union is able to maintain continuity of operations and service to members.

OTHER MANAGEMENT ISSUES

Other key factors considered when assessing the management of a credit union follow. The order of these factors does not signify a level of importance.

  • Adequacy of the policies and procedures covering each area of the credit union’s operations (written, board approved, followed);
  • Budget performance compared against actual performance;
  • Effectiveness of systems that measure and monitor risk;
  • Risk-taking practices and methods of control to mitigate concerns;
  • Integration of risk management with planning and decision-making;
  • Responsiveness to examination and audit suggestions, recommendations, or requirements;
  • Compliance with laws and regulations;
  • Appropriateness of the products and services offered in relation to the credit union’s size and management experience;
  • Market penetration;
  • Rate structure;
  • Appropriateness of disaster preparedness planning for continuity of operations; and;
  • Succession planning for key management positions.

RATINGS

A rating of 1 indicates sound performance by management and the board of directors and sound risk management practices relative to the credit union’s size complexity, and risk profile. All significant risks are consistently and effectively identified, measured, monitored, and controlled. Management and the board have demonstrated the ability to promptly and successfully address existing and potential problems and risks.

A rating of 2 indicates satisfactory management and board practices relative to the credit union’s size, complexity, and risk profile. In general, significant risks are effectively identified, measured, monitored, and controlled. Management and the board have demonstrated the ability to promptly and successfully address existing and potential problems and risks. Minor weaknesses may exist but are not material.

A rating of 3 indicates management and board performance that needs improvement or risk management practices that are less than satisfactory given the nature of the credit union’s activities. Problems and significant risks may be inadequately identified, measured, monitored, and controlled. The capabilities of management or the board of directors may be insufficient for the type, size, or condition of the institution.

A rating of 4 indicates deficient management and board performance or risk management practices that are inadequate considering the nature of a credit union’s activities. The level of problems and risk exposure is excessive. Problems and significant risks are inadequately identified, measured, monitored, or controlled and require immediate action by the board and management to preserve the soundness of the institution. Replacing or strengthening the board may be necessary.

A rating of 5 indicates critically deficient management and board performance or risk management practices. Management and the board of directors have not demonstrated the ability to correct problems and implement appropriate risk management practices. Problems and significant risks are inadequately measured, monitored, or controlled and now threaten the continued viability of the institution. Replacing or strengthening management or the board of directors is necessary.

EARNINGS

This rating reflects the adequacy of current and future earnings to fund capital commensurate with the credit union’s current and prospective financial and operational risk exposure, potential changes in economic climate, and strategic plans. Earnings can be affected by excessive or inadequately managed credit risk that may result in loan losses and require additions to the allowance for loan and lease losses, or by market risk that may unduly expose a credit union’s earnings to volatility in interest rates. The quality of earnings may also be diminished by undue reliance on extraordinary gains or nonrecurring events. Future earnings may be adversely affected by an inability to forecast or control funding and operating expenses, improperly executed or ill-advised business strategies, or poorly managed or uncontrolled exposure to other risks.

The rating of a credit union’s earnings is based upon, but not limited to, an assessment of the following evaluation factors. The order of these factors does not signify a level of importance.

  • Quality and sources of earnings;
  • Ability to fund capital commensurate with current and prospective risk through retained earnings;
  • Adequacy of valuation allowances;
  • Adequacy of budgeting systems, forecasting processes, and management information systems, in general;
  • Future earnings adequacy under a variety of economic conditions;
  • Quality and composition of assets;
  • Earnings exposure to market risk including interest rate risk; and
  • Material factors affecting the credit union's income producing ability such as fixed assets and other non-earning assets.

RATINGS

A rating of 1 indicates earnings that are sound. Adequate capital and allowance levels already exist after consideration is given to asset quality, growth, and risk factors.

A rating of 2 indicates earnings that are satisfactory. Earnings are sufficient to reach adequate capital and allowance levels after consideration is given to asset quality, growth, and risk factors.

A rating of 3 indicates earnings that need to be improved. Earnings may not fully support current and future capital and allowance funding commensurate with the credit union’s overall condition, growth, and risk factors.

A rating of 4 indicates earnings that are deficient. Earnings are insufficient to support current and future capital and allowance funding commensurate with the credit union’s overall condition, growth, and risk factors.

A rating of 5 indicates earnings that are critically deficient and represent a distinct threat to the credit union’s viability. Earnings do not support current and future capital and allowance funding commensurate with the credit overall condition, growth, and risk factors.

LIQUIDITY AND ASSET-LIABILITY MANAGEMENT

Liquidity

In evaluating the adequacy of the credit union’s liquidity position, consideration should be given to the current and prospective sources of liquidity compared to funding needs. Consideration is also given to the adequacy of asset-liability management (ALM) practices relative to the credit union’s size, complexity, and risk profile. In general, ALM management practices should ensure the credit union is able to maintain liquidity sufficient to meet financial obligations in a timely manner and meet member share and loan demands. Practices should reflect the ability of the credit union to manage unplanned changes in funding sources as well as react to changes in market conditions that affect the ability to quickly liquidate assets with minimal loss. In addition, ALM practices should ensure liquidity is not maintained at high cost or through undue reliance on funding sources that may not be available in times of financial stress or adverse changes in market conditions.

The liquidity management system should be commensurate with the complexity of the balance sheet and adequacy of capital. This includes evaluating the mechanisms in place to monitor and control risk, management’s response when risk exposure approaches or exceeds the credit union’s risk limits, and corrective action taken when necessary.

Asset-Liability Management

Asset-liability Management (ALM) is the process of evaluating, monitoring, and controlling changes in the credit union’s market and balance sheet risk. These risks can adversely affect earnings and capital adequacy. When evaluating ALM, consideration should be given to management’s ability to identify, measure, monitor, and control risk, the credit union’s size, the nature and complexity of its activities, and the adequacy of capital and earnings in relation to its level of market risk exposure. The primary source of market risk arises from sensitivity to changes in interest rates.

This rating will reflect the overall adequacy of established policies, limits, and the effectiveness of risk optimization strategies. These policies should outline individual responsibilities, the credit union’s risk tolerance, and ensure timely monitoring and reporting to the decision makers.

Other factors to consider in evaluating liquidity and asset/liability management are listed below. The order of these factors does not signify a level of importance.

  • Interest-rate risk exposure at the instrument, portfolio, and balance sheet levels;
  • Balance sheet structure;
  • Liquidity management;
  • Qualifications of asset-liability management personnel;
  • Quality of oversight by the board and senior management;
  • Earnings and capital adequacy over changing economic climates;
  • Prudence of policies and risk limits;
  • Business plan, budgets, and projections;
  • Contingency planning to meet unanticipated liquidity events;
  • Contingency planning to handle periods of excess liquidity;
  • Cash flow budgets and projections; and
  • Integration of liquidity management and ALM with planning and decision-making.

RATINGS

A rating of 1 indicates liquidity and ALM practices are sound. There is minimal potential that the capital adequacy will be materially affected by internal and external factors such as a shift in interest rates. Liquidity and ALM are sound for the size, sophistication, and risk taken by the credit union. The degree of market risk taken by the credit union is supported. The credit union has reliable access to sufficient sources of funds on favorable terms to meet present and anticipated liquidity needs.

A rating of 2 indicates satisfactory liquidity and ALM practices. The credit union has access to sufficient sources of funds on acceptable terms to meet present and anticipated liquidity needs. Modest weaknesses may be evident in ALM. Market rate sensitivity is adequately controlled and there is only moderate potential that the adequacy of capital will be materially affected by internal and external factors such as a shift in interest rates. ALM practices are satisfactory for the size, sophistication, and market risk accepted by the credit union. The degree of market risk taken by the credit union is supported.

A rating of 3 indicates liquidity and/or ALM practices in need of improvement. Credit unions rated a 3 may lack ready access to funds on reasonable terms or may evidence significant weaknesses in ALM practices. Control of market risk needs improvement or there is significant potential the adequacy of capital will be materially affected by internal and external factors such as a shift in interest rates. Risk management practices need to be improved given the size, sophistication, and level of market risk accepted by the credit union. The degree of market risk taken by the credit union is not adequately supported.

A rating of 4 indicates deficient liquidity and/or inadequate ALM practices. Credit unions rated a 4 may not have or be able to obtain a sufficient volume of funds on reasonable terms to meet liquidity needs. The control of market risk is unacceptable or there is high potential the adequacy of capital will be materially affected by internal and external factors such as a shift in interest rates. ALM practices are deficient for the size, sophistication, and level of market risk accepted by the credit union. The degree of market risk taken by the credit union is not supported.

A rating of 5 indicates liquidity and/or ALM practices so critically deficient that the continued viability of the credit union is threatened. Credit unions rated 5 require immediate external financial assistance to meet maturing obligations or other liquidity needs. Market risk sensitivity is unacceptable or the level of the risk taken is an imminent threat to the credit union’s viability. ALM practices are inadequate for the size, sophistication, and level of market risk accepted by the credit union.


Footnotes


1 See 61 Federal Register 67021 (12/19/1996)-Federal Financial Institutions Examination Council-Uniform Financial Intuitions Rating System.

2 E-commerce services include those services a credit union provides, and member accesses, via electronic means including, but not limited to: Internet/World Wide Web services, wireless services, home banking (direct dial in) services, online bill paying services, and account transaction processing services.