RATING SYSTEMS—Trust Activities

The Uniform Interagency Trust Rating System (UITRS) was adopted on September 21, 1978 by the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), and the Board of Governors of the Federal Reserve System (FRB), and in 1988 by the Federal Home Loan Bank Board, predecessor agency to the Office of Thrift Supervision (OTS). Over the years, the UITRS has proven to be an effective internal supervisory tool for evaluating the fiduciary activities of financial institutions on a uniform basis and for identifying those institutions requiring special attention.

A number of changes have occurred in both the banking industry and the federal supervisory agencies’ policies and procedures which prompted a review and revision of the 1978 rating system. The revisions to the UITRS—

These revisions are intended to promote and complement efficient examination processes. The revisions update the rating system but retain its basic framework. Consequently, the revised rating system will not result in additional regulatory burden to institutions or require additional policies or processes.

The UITRS considers certain managerial, operational, financial and compliance factors that are common to all institutions with fiduciary activities. Under this system, the supervisory agencies endeavor to ensure that all institutions with fiduciary activities are evaluated in a comprehensive and uniform manner, and that supervisory attention is appropriately focused on those institutions exhibiting weaknesses in their fiduciary operations.

Under the UITRS, the fiduciary activities of financial institutions are assigned a composite rating based on an evaluation and rating of five essential components of an institution’s fiduciary activities. These components address the following: the capability of management; the adequacy of operations, controls and audits; the quality and level of earnings; compliance with governing instruments, applicable law (including self-dealing and conflicts-of-interest laws and regulations), and sound fiduciary principles; and the management of fiduciary assets.

Composite and component ratings are assigned based on a 1 to 5 numerical scale. A 1 is the highest rating and indicates the strongest performance and risk-management practices and the least degree of supervisory concern. A 5 is the lowest rating and indicates the weakest performance and risk-management practices and, therefore, the highest degree of supervisory concern. Evaluation of the composite and components considers the size and sophistication, the nature and complexity, and the risk profile of the institution’s fiduciary activities.

The composite rating generally bears a close relationship to the component ratings assigned. However, the composite rating is not derived by computing an arithmetic average of the component ratings. Each component rating is based on a qualitative analysis of the factors comprising that component and its interrelationship with the other components. When assigning a composite rating, some components may be given more weight than others depending on the situation at the institution. In general, assignment of a composite rating may incorporate any factor that bears significantly on the overall administration of the financial institution’s fiduciary activities. Assigned composite and component ratings are disclosed to the institution’s board of directors and senior management.

The ability of management to respond to changing circumstances and to address the risks that may arise from changing business conditions, or the initiation of new fiduciary activities or products, is an important factor in evaluating an institution’s overall fiduciary-risk profile and the level of supervisory attention warranted. For this reason, the management component is given special consideration when assigning a composite rating.

The ability of management to identify, measure, monitor, and control the risks of its fiduciary operations is also taken into account when assigning each component rating. It is recognized, however, that appropriate management practices may vary considerably among financial institutions, depending on the size, complexity, and risk profiles of their fiduciary activities. For less-complex institutions engaged solely in traditional fiduciary activities and whose directors and senior managers are actively involved in the oversight and management of day-to-day operations, relatively basic management systems and controls may be adequate. On the other hand, at more complex institutions, detailed and formal management systems and controls are needed to address a broader range of activities and to provide senior managers and directors with the information they need to supervise day-to-day activities.

All institutions are expected to properly manage their risks. For less-complex institutions engaging in less-risky activities, detailed or highly formalized management systems and controls are not required to receive strong or satisfactory component or composite ratings.

The following two sections contain the composite rating definitions, and the descriptions and definitions for the five component ratings.

Composite ratings are based on a careful evaluation of how an institution conducts its fiduciary activities. The review encompasses the capability of management, the soundness of policies and practices, the quality of service rendered to the public, and the effect of fiduciary activities upon the soundness of the institution. The five key components used to assess an institution’s fiduciary activities are the capability of management; the adequacy of operations, controls and audits; the quality and level of earnings; compliance with governing instruments, applicable law (including self-dealing and conflicts-of-interest laws and regulations), and sound fiduciary principles; and the management of fiduciary assets. The composite ratings are defined as follows:

Administration of fiduciary activities is sound in every respect. Generally, all components are rated 1 or 2. Any weaknesses are minor and can be handled in a routine manner by management. The institution is in substantial compliance with fiduciary laws and regulations. Risk-management practices are strong relative to the size, complexity, and risk profile of the institution’s fiduciary activities. Fiduciary activities are conducted in accordance with sound fiduciary principles and give no cause for supervisory concern.

Administration of fiduciary activities is fundamentally sound. Generally, no component rating should be more severe than 3. Only moderate weaknesses are present and are well within management’s capabilities and willingness to correct. Fiduciary activities are conducted in substantial compliance with laws and regulations. Overall risk-management practices are satisfactory relative to the institution’s size, complexity, and risk profile. There are no material supervisory concerns and, as a result, the supervisory response is informal and limited.

Administration of fiduciary activities exhibits some degree of supervisory concern in one or more of the component areas. A combination of weaknesses exists that may range from moderate to severe; however, the magnitude of the deficiencies generally does not cause a component to be rated more severely than 4. Management may lack the ability or willingness to effectively address weaknesses within appropriate time frames. Additionally, fiduciary activities may reveal some significant noncompliance with laws and regulations. Risk-management practices may be less than satisfactory relative to the institution’s size, complexity, and risk profile. While problems of relative significance may exist, they are not of such importance as to pose a threat to the trust beneficiaries generally, or to the soundness of the institution. The institution’s fiduciary activities require more-than-normal supervision and may include formal or informal enforcement actions.

Fiduciary activities generally exhibit unsafe and unsound practices or conditions, resulting in unsatisfactory performance. The problems range from severe to critically deficient and may be centered around inexperienced or inattentive management, weak or dangerous operating practices, or an accumulation of unsatisfactory features of lesser importance. The weaknesses and problems are not being satisfactorily addressed or resolved by the board of directors and management. There may be significant noncompliance with laws and regulations. Risk-management practices are generally unacceptable relative to the size, complexity, and risk profile of fiduciary activities. These problems pose a threat to the account beneficiaries generally and, if left unchecked, could evolve into conditions that could cause significant losses to the institution and ultimately undermine the public confidence in the institution. Close supervisory attention is required, which means, in most cases, formal enforcement action is necessary to address the problems.

Fiduciary activities are conducted in an extremely unsafe and unsound manner. Administration of fiduciary activities is critically deficient in numerous major respects, with problems resulting from incompetent or neglectful administration, flagrant and/or repeated disregard for laws and regulations, or a willful departure from sound fiduciary principles and practices. The volume and severity of problems are beyond management’s ability or willingness to control or correct. Such conditions evidence a flagrant disregard for the interests of the beneficiaries and may pose a serious threat to the soundness of the institution. Continuous close supervisory attention is warranted and may include termination of the institution’s fiduciary activities.

Each of the component-rating descriptions is divided into three sections: a narrative description of the component; a list of the principal factors used to evaluate that component; and a description of each numerical rating for that component. Some of the evaluation factors are reiterated under one or more of the other components to reinforce the interrelationship among components. The listing of evaluation factors is in no particular order of importance.

This rating reflects the capability of the board of directors and management, in their respective roles, to identify, measure, monitor, and control the risks of an institution’s fiduciary activities. It also reflects their ability to ensure that the institution’s fiduciary activities are conducted in a safe and sound manner, and in compliance with applicable laws and regulations. Directors should provide clear guidance regarding acceptable risk-exposure levels and ensure that appropriate policies, procedures, and practices are established and followed. Senior fiduciary management is responsible for developing and implementing policies, procedures, and practices that translate the board’s objectives and risk limits into prudent operating standards.

Depending on the nature and scope of an institution’s fiduciary activities, management practices may need to address some or all of the following risks: reputation, operating or transaction, strategic, compliance, legal, credit, market, liquidity and other risks. Sound management practices are demonstrated by active oversight by the board of directors and management; competent personnel; adequate policies, processes, and controls that consider the size and complexity of the institution’s fiduciary activities; and effective risk-monitoring and management information systems. This rating should reflect the board’s and management’s ability as it applies to all aspects of fiduciary activities in which the institution is involved.

The management rating is based upon an assessment of the capability and performance of management and the board of directors, including, but not limited to, the following evaluation factors:

Ratings. A rating of 1 indicates strong performance by management and the board of directors and strong risk-management practices relative to the size, complexity, and risk profile of the institution’s fiduciary activities. All significant risks are consistently and effectively identified, measured, monitored, and controlled. Management and the board are proactive and have demonstrated the ability to promptly and successfully address existing and potential problems and risks.

A rating of 2 indicates satisfactory management and board performance and risk-management practices relative to the size, complexity, and risk profile of the institution’s fiduciary activities. Moderate weaknesses may exist, but are not material to the sound administration of fiduciary activities and are being addressed. In general, significant risks and problems are effectively identified, measured, monitored, and controlled.

A rating of 3 indicates management and board performance that needs improvement or risk-management practices that are less than satisfactory given the nature of the institution’s fiduciary activities. The capabilities of management or the board of directors may be insufficient for the size, complexity, and risk profile of the institution’s fiduciary activities. Problems and significant risks may be inadequately identified, measured, monitored, or controlled.

A rating of 4 indicates deficient management and board performance or risk-management practices that are inadequate considering the size, complexity, and risk profile of the institution’s fiduciary activities. The level of problems and risk exposure is excessive. Problems and significant risks are inadequately identified, measured, monitored, or controlled and require immediate action by the board and management to protect the assets of account beneficiaries and to prevent erosion of public confidence in the institution. Replacing or strengthening management or the board may be necessary.

A rating of 5 indicates critically deficient management and board performance or risk-management practices. Management and the board of directors have not demonstrated the ability to correct problems and implement appropriate risk-management practices. Problems and significant risks are inadequately identified, measured, monitored, or controlled and now threaten the continued viability of the institution or its administration of fiduciary activities, and pose a threat to the safety of the assets of account beneficiaries. Replacing or strengthening management or the board of directors is necessary.

This rating reflects the adequacy of the institution’s fiduciary operating systems and internal controls in relation to the volume and character of business conducted. Audit coverage must assure the integrity of the financial records, the sufficiency of internal controls, and the adequacy of the compliance process.

The institution’s fiduciary operating systems, internal controls, and audit function subject it primarily to transaction and compliance risk. Other risks, including reputation, strategic, and financial risk, may also be present. The ability of management to identify, measure, monitor, and control these risks is reflected in this rating.

The operations, internal controls, and auditing rating is based upon, but not limited to, an assessment of the following evaluation factors:

Ratings. A rating of 1 indicates that operations, internal controls, and auditing are strong in relation to the volume and character of the institution’s fiduciary activities. All significant risks are consistently and effectively identified, measured, monitored, and controlled.

A rating of 2 indicates that operations, internal controls, and auditing are satisfactory in relation to the volume and character of the institution’s fiduciary activities. Moderate weaknesses may exist but are not material. Significant risks, in general, are effectively identified, measured, monitored, and controlled.

A rating of 3 indicates that operations, internal controls, or auditing need improvement in relation to the volume and character of the institution’s fiduciary activities. One or more of these areas are less than satisfactory. Problems and significant risks may be inadequately identified, measured, monitored, or controlled.

A rating of 4 indicates deficient operations, internal controls, or audits. One or more of these areas are inadequate or the level of problems and risk exposure is excessive in relation to the volume and character of the institution’s fiduciary activities. Problems and significant risks are inadequately identified, measured, monitored, or controlled and require immediate action. Institutions with this level of deficiencies may make little provision for audits or may evidence weak or potentially dangerous operating practices in combination with infrequent or inadequate audits.

A rating of 5 indicates critically deficient operations, internal controls, or audits. Operating practices, with or without audits, pose a serious threat to the safety of assets of fiduciary accounts. Problems and significant risks are inadequately identified, measured, monitored, or controlled and now threaten the ability of the institution to continue engaging in fiduciary activities.

This rating reflects the profitability of an institution’s fiduciary activities and its effect on the financial condition of the institution. The use and adequacy of budgets and earnings projections by functions, product lines, and clients are reviewed and evaluated. Risk exposure that may lead to negative earnings is also evaluated.

An evaluation of earnings is required for all institutions with fiduciary activities. An assignment of an earnings rating, however, is required only for institutions that, at the time of the examination, have total trust assets of more than $100 million, or are a nondeposit trust company (those institutions that would be required to file Schedule E of FFIEC 001).

For institutions where the assignment of an earnings rating is not required by the UITRS, the federal supervisory agency has the option to assign an earnings rating using an alternate set of ratings. A rating will be assigned in accordance with implementing guidelines adopted by the supervisory agency. The definitions for the alternate ratings are included in the revised UITRS and may be found in the section immediately following the definitions for the required ratings.

The evaluation of earnings is based upon, but not limited to, an assessment of the following factors:

For those institutions for which a rating of earnings is mandatory, additional factors should include the following:

Ratings. A rating of 1 indicates strong earnings. The institution consistently earns a rate of return on its fiduciary activities that is commensurate with the risk of those activities. This rating would normally be supported by a history of consistent profitability over time and a judgment that future earnings prospects are favorable. In addition, management techniques for evaluating and monitoring earnings performance are fully adequate and there is appropriate oversight by the institution’s board of directors or a committee thereof. Management makes effective use of budgets and cost-analysis procedures. Methods used for reporting earnings information to the board of directors, or a committee thereof, are comprehensive.

A rating of 2 indicates satisfactory earnings. Although the earnings record may exhibit some weaknesses, earnings performance does not pose a risk to the overall institution or to its ability to meet its fiduciary obligations. Generally, fiduciary earnings meet management targets and appear to be at least sustainable. Management processes for evaluating and monitoring earnings are generally sufficient in relationship to the size and risk of fiduciary activities that exist, and any deficiencies can be addressed in the normal course of business. A rating of 2 may also be assigned to institutions with a history of profitable operations if there are indications that management is engaging in activities with which it is not familiar, or where there may be inordinately high levels of risk present that have not been adequately evaluated. Alternatively, an institution with otherwise strong earnings performance may also be assigned a 2 rating if there are significant deficiencies in its methods used to monitor and evaluate earnings.

A rating of 3 indicates less-than-satisfactory earnings. Earnings are not commensurate with the risk associated with the fiduciary activities undertaken. Earnings may be erratic or exhibit downward trends, and future prospects are unfavorable. This rating may also be assigned if management processes for evaluating and monitoring earnings exhibit serious deficiencies, provided the deficiencies identified do not pose an immediate danger to either the overall financial condition of the institution or its ability to meet its fiduciary obligations.

A rating of 4 indicates earnings that are seriously deficient. Fiduciary activities have a significant adverse effect on the overall income of the institution and its ability to generate adequate capital to support the continued operation of its fiduciary activities. The institution is characterized by fiduciary earnings performance that is poor historically, or faces the prospect of significant losses in the future. Management processes for monitoring and evaluating earnings may be poor. The board of directors has not adopted appropriate measures to address significant deficiencies.

A rating of 5 indicates critically deficient earnings. In general, an institution with this rating is experiencing losses from fiduciary activities that have a significant negative impact on the overall institution, representing a distinct threat to its viability through the erosion of its capital. The board of directors has not implemented effective actions to address the situation.

Alternate rating of earnings. Alternate ratings are assigned based on the level of implementation of four minimum standards by the board of directors and management. These standards are:

A rating of 1 may be assigned where an institution has implemented all four minimum standards. If fiduciary earnings are lacking, management views this as a cost of doing business as a full-service institution and believes that the negative effects of not offering fiduciary services are more significant than the expense of administrating those services.

A rating of 2 may be assigned where an institution has implemented, at a minimum, at least three of the four standards. This rating may be assigned if the institution is not generating positive earnings or where formal earnings information may not be available.

A rating of 3 may be assigned if the institution has implemented at least two of the four standards. While management may have attempted to identify and quantify other revenue to be earned by offering fiduciary services, it has decided that these services should be offered as a service to customers, even if they cannot be operated profitably.

A rating of 4 may be assigned if the institution has implemented only one of the four standards. Management has undertaken little or no effort to identify or quantify the collateral advantages, if any, to the institution from offering fiduciary services.

A rating of 5 may be assigned if the institution has implemented none of the standards.

This rating reflects an institution’s overall compliance with applicable laws, regulations, accepted standards of fiduciary conduct, governing account instruments, duties associated with account administration, and internally established policies and procedures. This component specifically incorporates an assessment of a fiduciary’s duty of undivided loyalty and compliance with applicable laws, regulations, and accepted standards of fiduciary conduct related to self-dealing and other conflicts of interest.

The compliance component includes reviewing and evaluating the adequacy and soundness of adopted policies, procedures, and practices generally, and as they relate to specific transactions and accounts. It also includes reviewing policies, procedures, and practices to evaluate the sensitivity of management and the board of directors to refrain from self-dealing, minimize potential conflicts of interest, and resolve actual conflict situations in favor of the fiduciary-account beneficiaries.

Risks associated with account administration are potentially unlimited because each account is a separate contractual relationship that contains specific obligations. Risks associated with account administration include failure to comply with applicable laws, regulations, or terms of the governing instrument; inadequate account administration practices; and inexperienced management or inadequately trained staff. Risks associated with a fiduciary’s duty of undivided loyalty generally stem from engaging in self-dealing or other conflict-of-interest transactions. An institution may be exposed to compliance, strategic, financial, and reputation risk related to account-administration and conflicts-of-interest activities. The ability of management to identify, measure, monitor, and control these risks is reflected in this rating. Policies, procedures, and practices pertaining to account administration and conflicts of interest are evaluated in light of the size and character of an institution’s fiduciary business.

The compliance rating is based upon, but not limited to, an assessment of the following evaluation factors:

Ratings. A rating of 1 indicates strong compliance policies, procedures, and practices. Policies and procedures covering conflicts of interest and account administration are appropriate in relation to the size and complexity of the institution’s fiduciary activities. Accounts are administered in accordance with governing instruments, applicable laws and regulations, sound fiduciary principles, and internal policies and procedures. Any violations are isolated, technical in nature, and easily correctable. All significant risks are consistently and effectively identified, measured, monitored and controlled.

A rating of 2 indicates fundamentally sound compliance policies, procedures, and practices in relation to the size and complexity of the institution’s fiduciary activities. Account administration may be flawed by moderate weaknesses in policies, procedures, or practices. Management’s practices indicate a determination to minimize the instances of conflicts of interest. Fiduciary activities are conducted in substantial compliance with laws and regulations, and any violations are generally technical in nature. Management corrects violations in a timely manner and without loss to fiduciary accounts. Significant risks are effectively identified, measured, monitored, and controlled.

A rating of 3 indicates compliance practices that are less than satisfactory in relation to the size and complexity of the institution’s fiduciary activities. Policies, procedures and controls have not proven effective and require strengthening. Fiduciary activities may be in substantial noncompliance with laws, regulations, or governing instruments, but losses are no worse than minimal. While management may have the ability to achieve compliance, the number of violations that exist, or the failure to correct prior violations, are indications that management has not devoted sufficient time and attention to its compliance responsibilities. Risk-management practices generally need improvement.

A rating of 4 indicates an institution with deficient compliance practices in relation to the size and complexity of its fiduciary activities. Account administration is notably deficient. The institution makes little or no effort to minimize potential conflicts or refrain from self-dealing and is confronted with a considerable number of potential or actual conflicts. Numerous substantive and technical violations of laws and regulations exist and many may remain uncorrected from previous examinations. Management has not exerted sufficient effort to effect compliance and may lack the ability to effectively administer fiduciary activities. The level of compliance problems is significant and, if left unchecked, may subject the institution to monetary losses or reputation risk. Risks are inadequately identified, measured, monitored, and controlled.

A rating of 5 indicates critically deficient compliance practices. Account administration is critically deficient or incompetent and there is a flagrant disregard for the terms of the governing instruments and interests of account beneficiaries. The institution frequently engages in transactions that compromise its fundamental duty of undivided loyalty to account beneficiaries. There are flagrant or repeated violations of laws and regulations and significant departures from sound fiduciary principles. Management is unwilling or unable to operate within the scope of laws and regulations or within the terms of governing instruments, and efforts to obtain voluntary compliance have been unsuccessful. The severity of noncompliance presents an imminent monetary threat to account beneficiaries and creates significant legal and financial exposure to the institution. Problems and significant risks are inadequately identified, measured, monitored, or controlled and now threaten the ability of management to continue engaging in fiduciary activities.

This rating reflects the risks associated with managing the assets (including cash) of others. Prudent portfolio management is based on an assessment of the needs and objectives of each account or portfolio. An evaluation of asset management should consider the adequacy of processes related to the investment of all discretionary accounts and portfolios, including collective investment funds, proprietary mutual funds, and investment advisory arrangements.

The institution’s asset-management activities subject it to reputation, compliance, and strategic risks. In addition, each individual account or portfolio managed by the institution is subject to financial risks such as market, credit, liquidity, and interest-rate risk, as well as transaction and compliance risk. The ability of management to identify, measure, monitor, and control these risks is reflected in this rating.

The asset-management rating is based upon, but not limited to, an assessment of the following evaluation factors:

This rating may not be applicable for some institutions because their operations do not include activities involving the management of any discretionary assets. Functions of this type would include, but not necessarily be limited to, directed agency relationships, securities clearing, nonfiduciary custody relationships, and transfer-agent and registrar activities. In institutions of this type, the rating for asset management may be omitted by the examiner in accordance with the examining agency’s implementing guidelines. However, this component should be assigned when the institution provides investment advice, even though it does not have discretion over the account assets. An example of this type of activity would be where the institution selects or recommends the menu of mutual funds offered to participant-directed 401(k) plans.

Ratings. A rating of 1 indicates strong asset-management practices. Identified weaknesses are minor in nature. Risk exposure is modest in relation to management’s abilities and the size and complexity of the assets managed.

A rating of 2 indicates satisfactory asset-management practices. Moderate weaknesses are present and are well within management’s ability and willingness to correct. Risk exposure is commensurate with management’s abilities and the size and complexity of the assets managed. Supervisory response is limited.

A rating of 3 indicates that asset-management practices are less than satisfactory in relation to the size and complexity of the assets managed. Weaknesses may range from moderate to severe; however, they are not of such significance as to generally pose a threat to the interests of account beneficiaries. Asset-management and risk-management practices generally need to be improved. An elevated level of supervision is normally required.

A rating of 4 indicates deficient asset-management practices in relation to the size and complexity of the assets managed. The levels of risk are significant and inadequately controlled. The problems pose a threat to account beneficiaries generally, and if left unchecked, may subject the institution to losses and could undermine the reputation of the institution.

A rating of 5 represents critically deficient asset-management practices and a flagrant disregard of fiduciary duties. These practices jeopardize the interests of account beneficiaries, subject the institution to losses, and may pose a threat to the soundness of the institution.