Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Bank Examinations

Composite Ratings Definition List

Printable (PDF Help)

Compliance Examination Composite Ratings
Rating Rating Definition
One (1) An institution in this category maintains a strong CMS and takes action to prevent violations of law and consumer harm.
Two (2) An institution in this category maintains a CMS that is satisfactory at managing consumer compliance risk in the institution’s products and services and at substantially limiting violations of law and consumer harm.
Three (3) An institution in this category reflects a CMS deficient at managing consumer compliance risk in the institution’s products and services and at limiting violations of law and consumer harm.
Four (4) An institution in this category reflects a CMS seriously deficient at managing consumer compliance risk in the institution’s products and services and/or at preventing violations of law and consumer harm. “Seriously deficient” indicates fundamental and persistent weaknesses in crucial CMS elements and severe inadequacies in core compliance areas necessary to operate within the scope of statutory and regulatory consumer protection requirements and to prevent consumer harm.
Five (5) An institution in this category reflects a CMS critically deficient at managing consumer compliance risk in the institution’s products and services and/or at preventing violations of law and consumer harm. “Critically deficient” indicates an absence of crucial CMS elements and a demonstrated lack of willingness or capability to take the appropriate steps necessary to operate within the scope of statutory and regulatory consumer protection.

Back to Top

Community Reinvestment Action (CRA) Examination Composite Ratings
Rating Rating Definition
Outstanding (O) An institution in this group has an outstanding record of helping to meet the credit needs of its assessment area, including low- and moderate income neighborhoods, in a manner consistent with its resources and capabilities.
Satisfactory (S) An institution in this group has a satisfactory record of helping to meet the credit needs of its assessment area, including low- and moderate income neighborhoods, in a manner consistent with its resources and capabilities.
Needs to Improve (N) An institution in this group needs to improve its overall record of helping to meet the credit needs of its assessment area, including low and moderate-income neighborhoods, in a manner consistent with its resources and capabilities.
Substantial Noncompliance (SN) An institution in this group has a substantially deficient record of helping to meet the credit needs of its assessment area, including low- and moderate-income neighborhoods, in a manner consistent with its resources and capabilities.

Back to Top

Government and Municipal Securities Dealer (GSD and MSD) Examination Composite Ratings
Rating Rating Definition
One (1) A rating of "1" is indicative of management that is fully effective with respect to almost all factors and exhibits a responsiveness and ability to cope successfully with existing and foreseeable problems that may arise in the conduct of the dealer's affairs.
Two (2) A rating of "2" reflects some deficiencies but generally indicates a satisfactory record of performance in light of the dealer's particular circumstances.
Three (3) A rating of "3" reflects performance that is lacking in some measure of competence desirable to meet responsibilities of the situation in which management is found. Either it is characterized by modest talent when above-average abilities are called for, or is distinctly below average for the type and size of activity operated. Thus, its responsiveness or ability to correct less than satisfactory conditions may be lacking.
Four (4) A rating of "4" is indicative of management that is generally inferior in ability compared to the responsibilities with which it is charged.
Five (5) A rating of "5" is applicable in those instances where incompetence has been demonstrated. In these cases, problems resulting from management weakness are of such severity that management must be strengthened or replaced before sound conditions can be brought about.

Back to Top

Information Technology (IT) Examination Composite Ratings
Rating Rating Definition
One (1) Financial institutions and service providers rated composite ``1'' exhibit strong performance in every respect and generally have components rated 1 or 2. Weaknesses in IT are minor in nature and are easily corrected during the normal course of business. Risk management processes provide a comprehensive program to identify and monitor risk relative to the size, complexity and risk profile of the entity. Strategic plans are well defined and fully integrated throughout the organization. This allows management to quickly adapt to changing market, business and technology needs of the entity. Management identifies weaknesses promptly and takes appropriate corrective action to resolve audit and regulatory concerns. The financial condition of the service provider is strong and overall performance shows no cause for supervisory concern.
Two (2) Financial institutions and service providers rated composite ``2'' exhibit safe and sound performance but may demonstrate modest weaknesses in operating performance, monitoring, management processes or system development. Generally, senior management corrects weaknesses in the normal course of business. Risk management processes adequately identify and monitor risk relative to the size, complexity and risk profile of the entity. Strategic plans are defined but may require clarification, better coordination or improved communication throughout the organization. As a result, management anticipates, but responds less quickly to changes in market, business, and technological needs of the entity. Management normally identifies weaknesses and takes appropriate corrective action. However, greater reliance is placed on audit and regulatory intervention to identify and resolve concerns. The financial condition of the service provider is acceptable and while internal control weaknesses may exist, there are no significant supervisory concerns. As a result, supervisory action is informal and limited.
Three (3) Financial institutions and service providers rated composite ``3'' exhibit some degree of supervisory concern due to a combination of weaknesses that may range from moderate to severe. If weaknesses persist, further deterioration in the condition and performance of the institution or service provider is likely. Risk management processes may not effectively identify risks and may not be appropriate for the size, complexity, or risk profile of the entity. Strategic plans are vaguely defined and may not provide adequate direction for IT initiatives. As a result, management often has difficulty responding to changes in business, market, and technological needs of the entity. Self-assessment practices are weak and are generally reactive to audit and regulatory exceptions. Repeat concerns may exist, indicating that management may lack the ability or willingness to resolve concerns. The financial condition of the service provider may be weak and/or negative trends may be evident. While financial or operational failure is unlikely, increased supervision is necessary. Formal or informal supervisory action may be necessary to secure corrective action.
Four (4) Financial institutions and service providers rated composite ``4'' operate in an unsafe and unsound environment that may impair the future viability of the entity. Operating weaknesses are indicative of serious managerial deficiencies. Risk management processes inadequately identify and monitor risk, and practices are not appropriate given the size, complexity, and risk profile of the entity. Strategic plans are poorly defined and not coordinated or communicated throughout the organization. As a result, management and the board are not committed to, or may be incapable of ensuring that technological needs are met. Management does not perform self-assessments and demonstrates an inability or unwillingness to correct audit and regulatory concerns. The financial condition of the service provider is severely impaired and/or deteriorating. Failure of the financial institution or service provider may be likely unless IT problems are remedied. Close supervisory attention is necessary and, in most cases, formal enforcement action is warranted.
Five (5) Financial institutions and service providers rated composite ``5'' exhibit critically deficient operating performance and are in need of immediate remedial action. Operational problems and serious weaknesses may exist throughout the organization. Risk management processes are severely deficient and provide management little or no perception of risk relative to the size, complexity, and risk profile of the entity. Strategic plans do not exist or are ineffective, and management and the board provide little or no direction for IT initiatives. As a result, management is unaware of, or inattentive to technological needs of the entity. Management is unwilling or incapable of correcting audit and regulatory concerns. The financial condition of the service provider is poor and failure is highly probable due to poor operating performance or financial instability. Ongoing supervisory attention is necessary.

Back to Top

Registered Transfer Agent (RTA) Examination Composite Ratings
Rating Rating Definition
One (1) Transfer agent activities in this group are sound in all important respects. If deficiencies are noted, they are of a minor nature and can be handled in a routine manner without further supervisory involvement.
Two (2) Transfer agent activities accorded this rating are fundamentally satisfactory, but may reflect modest weaknesses. Deficiencies are generally correctable in the normal course of business. The need for supervisory response is usually limited.
Three (3) Transfer agents with this rating are experiencing a combination of factors which require prompt corrective action. Weaknesses of some significance exist in several areas, or serious deficiencies exist in one or two areas. Considering the volume and type of business, a significant adverse impact does not exist now; but if left unchecked, the bank's ability to properly carry out its responsibilities could be endangered. More than ordinary supervisory concern exists, and additional monitoring may be necessary.
Four (4) Unsatisfactory and unacceptable conditions exist in transfer agents with this rating. Significant weaknesses exist in a number of areas, such as prolonged and repeated violations, deficient or missing controls and audits, or critically deficient policies and procedures. Service to clients and security holders is, or is likely to become, inadequate, with clearly excessive delays or frequent errors. These problems are not adequately being resolved. Affirmative action and supervision by regulatory authorities is warranted.
Five (5) A combination of critical deficiencies and adverse trends exist in transfer agents with this rating. The likelihood of ultimate continuation of transfer agent services is in serious question. Major and prolonged operational problems and serious repeated violations exist. Numerous out of proof conditions are unresolved, turnaround standards are not being met, and numerous unresolved security holder complaints exist. Depending on the volume and nature of transfer services, losses may pose a threat to capital. Immediate corrective action and continuous supervision, as required by the regulator, are necessary.

Back to Top

Safety and Soundness/Risk Management Examination Composite Ratings
Rating Rating Definition
One (1) Financial institutions in this group are sound in every respect and generally have components rated 1 or 2. Any weaknesses are minor and can be handled in a routine manner by the board of directors and management. These financial institutions are the most capable of withstanding the vagaries of business conditions and are resistant to outside influences such as economic instability in their trade area. These financial institutions are in substantial compliance with laws and regulations. As a result, these financial institutions exhibit the strongest performance and risk management practices relative to the institution's size, complexity, and risk profile, and give no cause for supervisory concern.
Two (2) Financial institutions in this group are fundamentally sound. For a financial institution to receive this rating, generally no component rating should be more severe than 3. Only moderate weaknesses are present and are well within the board of directors' and management's capabilities and willingness to correct. These financial institutions are stable and are capable of withstanding business fluctuations. These financial institutions are in substantial compliance with laws and regulations. Overall risk management practices are satisfactory relative to the institution's size, complexity, and risk profile. There are no material supervisory concerns and, as a result, the supervisory response is informal and limited.
Three (3) Financial institutions in this group exhibit some degree of supervisory concern in one or more of the component areas. These financial institutions exhibit a combination of weaknesses that may range from moderate to severe; however, the magnitude of the deficiencies generally will not cause a component to be rated more severely than 4. Management may lack the ability or willingness to effectively address weaknesses within appropriate time frames. Financial institutions in this group generally are less capable of withstanding business fluctuations and are more vulnerable to outside influences than those institutions rated a composite 1 or 2. Additionally, these financial institutions may be in significant noncompliance with laws and regulations. Risk management practices may be less than satisfactory relative to the institution's size, complexity, and risk profile. These financial institutions require more than normal supervision, which may include formal or informal enforcement actions. Failure appears unlikely, however, given the overall strength and financial capacity of these institutions.
Four (4) Financial institutions in this group generally exhibit unsafe and unsound practices or conditions. There are serious financial or managerial deficiencies that result in unsatisfactory performance. The problems range from severe to critically deficient. The weaknesses and problems are not being satisfactorily addressed or resolved by the board of directors and management. Financial institutions in this group generally are not capable of withstanding business fluctuations. There may be significant noncompliance with laws and regulations. Risk management practices are generally unacceptable relative to the institution's size, complexity, and risk profile. Close supervisory attention is required, which means, in most cases, formal enforcement action is necessary to address the problems. Institutions in this group pose a risk to the deposit insurance fund. Failure is a distinct possibility if the problems and weaknesses are not satisfactorily addressed and resolved.
Five (5) Financial institutions in this group exhibit extremely unsafe and unsound practices or conditions; exhibit a critically deficient performance; often contain inadequate risk management practices relative to the institution's size, complexity, and risk profile; and are of the greatest supervisory concern. The volume and severity of problems are beyond management's ability or willingness to control or correct. Immediate outside financial or other assistance is needed in order for the financial institution to be viable. Ongoing supervisory attention is necessary. Institutions in this group pose a significant risk to the deposit insurance fund and failure is highly probable.

Back to Top

Trust Examination Composite Ratings
Rating Rating Definition
One (1) Administration of fiduciary activities is sound in every respect. Generally all components are rated 1 or 2. Any weaknesses are minor and can be handled in a routine manner by management. The institution is in substantial compliance with fiduciary laws and regulations. Risk management practices are strong relative to the size, complexity, and risk profile of the institution's fiduciary activities. Fiduciary activities are conducted in accordance with sound fiduciary principles and give no cause for supervisory concern.
Two (2) Administration of fiduciary activities is fundamentally sound. Generally no component rating should be more severe than 3. Only moderate weaknesses are present and are well within management's capabilities and willingness to correct. Fiduciary activities are conducted in substantial compliance with laws and regulations. Overall risk management practices are satisfactory relative to the institution's size, complexity, and risk profile. There are no material supervisory concerns and, as a result, the supervisory response is informal and limited.
Three (3) Administration of fiduciary activities exhibits some degree of supervisory concern in one or more of the component areas. A combination of weaknesses exists that may range from moderate to severe; however, the magnitude of the deficiencies generally does not cause a component to be rated more severely than 4. Management may lack the ability or willingness to effectively address weaknesses within appropriate time frames. Additionally, fiduciary activities may reveal some significant noncompliance with laws and regulations. Risk management practices may be less than satisfactory relative to the institution's size, complexity, and risk profile. While problems of relative significance may exist, they are not of such importance as to pose a threat to the trust beneficiaries generally, or to the soundness of the institution. The institution's fiduciary activities require more than normal supervision and may include formal or informal enforcement actions.
Four (4) Fiduciary activities generally exhibit unsafe and unsound practices or conditions, resulting in unsatisfactory performance. The problems range from severe to critically deficient and may be centered around inexperienced or inattentive management, weak or dangerous operating practices, or an accumulation of unsatisfactory features of lesser importance. The weaknesses and problems are not being satisfactorily addressed or resolved by the board of directors and management. There may be significant noncompliance with laws and regulations. Risk management practices are generally unacceptable relative to the size, complexity, and risk profile of fiduciary activities. These problems pose a threat to the account beneficiaries generally and, if left unchecked, could evolve into conditions that could cause significant losses to the institution and ultimately undermine the public confidence in the institution. Close supervisory attention is required, which means, in most cases, formal enforcement action is necessary to address the problems.
Five (5) Fiduciary activities are conducted in an extremely unsafe and unsound manner. Administration of fiduciary activities is critically deficient in numerous major respects, with problems resulting from incompetent or neglectful administration, flagrant and/or repeated disregard for laws and regulations, or a willful departure from sound fiduciary principles and practices. The volume and severity of problems are beyond management's ability or willingness to control or correct. Such conditions evidence a flagrant disregard for the interests of the beneficiaries and may pose a serious threat to the soundness of the institution. Continuous close supervisory attention is warranted and may include termination of the institution's fiduciary activities.

Back to Top

Last Updated: December 12, 2023