Download the Full Comment Letter [PDF]

Chief Counsel’s Office 
Attention: Comment Processing 
Office of the Comptroller of the Currency 
400 7th Street SW, Suite 3E-218 
Washington, DC 20429
Docket ID OCC-2025-0174 

Jennifer M. Jones
Deputy Executive Secretary 
Federal Deposit Insurance Corporation
500 17th Street NW Washington, DC 20219 
RIN 3064-AG16

Re: Unsafe or Unsound Practices, Matters Requiring Attention

Dear Sir or Madam:

The Conference of State Bank Supervisors [1] (“CSBS”) provides the following comments and recommendations on the notice of proposed rulemaking (“proposal”) issued by the Office of the Comptroller of the Currency (“OCC”) and the Federal Deposit Insurance Corporation (“FDIC”) (collectively, the “agencies”) to define the term “unsafe or unsound practice” for purposes of Section 8 of the Federal Deposit Insurance Act [2] (“FDI Act”) and to revise the supervisory framework for issuing matters requiring attention (“MRAs”) and other supervisory communications. [3]

CSBS has consistently advocated for the federal banking agencies to tailor regulatory and supervisory requirements to the size, complexity, risk profile, and business model of financial institutions. The OCC, FDIC, and Federal Reserve have all recently taken steps to refocus their supervision on core risks that could materially harm an institution’s financial condition. [4] State regulators are similarly focused on ensuring that our supervisory efforts prioritize the timely identification and remediation of deficiencies that could pose heightened risk to a bank’s financial condition. Striking an appropriate balance will help ensure that the federal regulatory environment for banks is not only right-sized, but also durable over time. This tailored and resilient framework will help provide regulatory certainty for banks, reduce compliance costs, stimulate the economy, and promote competition and innovation.

The current proposal represents a significant step by the agencies to sharpen their focus and elevate material financial risks in the supervisory process, specifically by codifying in regulation new standards and criteria for taking an enforcement action or issuing an MRA based on an “unsafe or unsound practice.”

Comments and recommendations on the proposal are organized as follows:

• Definitions, Terms, and Standards for Citing an Unsafe or Unsound Practice or Issuing an MRA
• Interplay Between MRAs and CAMELS Ratings
• Coordination with State Regulators and the Federal Reserve 

I. Definitions, Terms, and Standards for Citing an Unsafe or Unsound Practice or Issuing an MRA

a. The agencies should ensure that any new definitions, terms, and standards for issuing an MRA or taking an enforcement action based on an unsafe or unsound practice effectively capture the types and variety of risks that could pose material harm to an institution’s financial condition.

The agencies request comment on further defining, quantifying, or exemplifying terms such as “material harm,” “materially,” or tying material harm more specifically to impacts on an institution’s capital or liquidity. [5] The proposal strikes an appropriate balance between describing what would constitute an unsafe or unsound practice or rise to the level of an MRA without overly prescribing the factors or risks that could negatively impact an institution’s safety and soundness. This is especially important given the dynamic nature of financial services and the inherent challenges supervising, and thus identifying risks related to, novel financial products. Accordingly, the agencies should refrain from adopting more precise or quantitative measures for the proposed terms or standards, and they should also refrain from placing heightened emphasis on particular aspects of an institution’s financial condition, such as capital or liquidity.

Bank business models, practices, and markets are dynamic and varied, and these (and many other) factors combine to shape individual institutions’ risk profiles and exposures. Emphasizing impacts to capital or liquidity over earnings or sensitivity to market risk, or similarly establishing quantitative thresholds for materiality, could lead to a supervisory approach that ignores the unique characteristics and operating environment of individual institutions and their associated risks.

The proposal would also establish new standards for issuing MRAs for the purpose of focusing MRAs on core risks and deficiencies that could lead to material harm to an institution’s financial condition. The proposed MRA standard includes forward-looking components that account for reasonably expected outcomes under reasonably foreseeable conditions. The proposed standard would preclude the issuance of MRAs based on outcomes or conditions that are merely possible, while providing that an outcome or condition need not be the most likely for the agencies to issue an MRA. The proposed rule’s Supplementary Information explains the standard using the phrase “range of possible outcomes,” [6] and CSBS recommends that the agencies adopt similar phrasing in the final rule for proposed sections 12 C.F.R. §§ 4.92(b)(ii)(A) and 305.1(b)(ii)(A):

“If continued, could reasonably be expected to, under [a range of] current or reasonably foreseeable conditions…” [7]

II. Interplay Between MRAs and CAMELS Ratings

a. The agencies should permit examiners to downgrade an institution’s CAMELS composite rating to “less-than-satisfactory” without requiring an MRA or enforcement action. [8]

Under the proposal, the agencies expect that a composite rating downgrade to “less-than-satisfactory” would generally be accompanied by an MRA or enforcement action. [9] In the normal course of examinations, a composite rating downgrade to less-than-satisfactory would typically be accompanied by an MRA, but there may be instances in which a downgrade is warranted without an MRA. For example, a significant and unexpected financial loss due to an idiosyncratic event may warrant a downgrade to a “3” composite rating, even if there has not been a corresponding risk management deficiency. Issuing an MRA in such circumstances may not be warranted, and the agencies should refrain from establishing the condition or expectation that downgrading a bank to a composite rating of “3” or below requires an accompanying MRA or enforcement action.

b. The agencies should be able to issue MRAs to banks that may be uniquely exposed to material financial harm based on a reasonably foreseeable range of economic and business conditions.

Similarly, an MRA may be warranted to address an institution whose financial condition is exceptionally vulnerable to a particular and reasonably foreseeable economic shock. [10] To avoid inappropriate politicization of the supervisory process, this potential economic shock must be “reasonably foreseeable” and not merely a possibility. For example, an institution with a highly concentrated customer base or niche business model may be uniquely vulnerable to potential adverse business or economic conditions. To address these circumstances, the agencies should preserve the ability to issue MRAs to an institution that has not taken appropriate steps to mitigate the potential of outsized financial harm due to current or reasonably foreseeable business or economic conditions that could uniquely affect that bank’s safety and soundness.

c. Violations of laws or regulations should be grounds for issuing an MRA, but they may not necessarily lead to a downgrade of an institution’s composite rating or Management component rating.

Under the proposal, actual violations of state and federal banking and consumer financial laws and regulations could serve as a basis for issuing an MRA. [11] Compliance with applicable banking laws, regulations, and agency orders is a foundational element of a bank’s prudent operation and sound management, and the agencies have rightly refrained from placing any materiality conditions or considerations on such violations for MRA purposes.

However, the agencies state that they would not expect to downgrade an institution’s composite rating to less-than-satisfactory for violations of law unless the violation would likely cause material financial harm to the institution. While risks of material financial harm are a critical supervisory concern, so too are risks of material harm to an institution’s customers and operations based on violations of applicable banking and consumer financial laws and regulations. The agencies’ final rule should establish that violations of law or regulation that lead to any type of material harm to the institution or customers, financial or otherwise, could serve as grounds for a less-than-satisfactory composite rating

The proposal is silent on how the Management component rating could be impacted for violations of laws or regulations. State regulators recommend that the final rule make clear that material violations of laws and regulation remain an appropriate basis for downgrading an institution’s Management component rating, in addition to the issuance of an MRA. While certain technical violations may not lead to a Management downgrade, it would be inappropriate to further condition downgrades beyond a materiality requirement. For example, requiring such violations to be “severe or pervasive” would be too high a bar, and limiting materiality to financial harm alone could undermine compliance obligations associated with consumer harm and other legal requirements. The inability of management to meet legal or regulatory requirements must remain a component of the Management ratings in CAMELS.

III. Coordination with State Regulators and the Federal Reserve

a. If the proposal is adopted, the FDIC should engage in robust coordination with state regulators to avoid supervisory divergence, miscommunication, or confusion across the states and FDIC regions and their jointly supervised institutions.

Changes to the FDIC’s supervisory framework for MRAs and enforcement actions could cause significant operational challenges and questions for state regulators, as well as the nearly 2,800 state-chartered institutions subject to supervision by the states and FDIC (“state nonmember banks”). [12] The proposed changes will implicate a wide range of current and future FDIC supervisory actions, and they could indirectly impact state supervisory actions as well. Avoiding miscommunication, confusion, and misalignment is paramount. The FDIC should work closely with the states, through consistent communication and implementation standards across its regional offices and headquarters, on how to resolve questions regarding:

• Outstanding FDIC Matters Requiring Board Attention (“MRBA”); [13]
• Outstanding state-issued supervisory directives;
• Follow-up on outstanding state and FDIC supervisory communications; and
• Expectations regarding FDIC treatment of future state-issued supervisory communications, recommendations, MRAs, and enforcement actions.

b. The agencies should delay a final rulemaking to coordinate with the Federal Reserve on any proposed revisions to its supervisory framework to promote consistency across the agencies.

The agencies should delay finalization of their rules until the Federal Reserve, FDIC, and OCC align on a similar or parallel supervisory framework. Otherwise, state-chartered banks subject to Federal Reserve supervision (“state member banks”) could be subject to different standards and expectations than state nonmember banks and national banks. Disparate standards would necessarily lead to state-chartered banks and state banking departments navigating varying supervisory expectations, standards, and processes depending on whether the institution is a state member or state nonmember bank. The agencies should avoid this inconsistent supervisory outcome and coordinate any final proposal.

Conclusion

CSBS has consistently supported appropriate supervisory and regulatory tailoring for our nation’s banks. Meaningful tailoring that reduces unnecessary compliance burdens, provides transparent standards, preserves essential supervisory discretion, and promotes safety and soundness and consumer protection will provide a durable, stable regulatory environment for banks.

State regulators will continue to work with the agencies as they consider new standards for issuing an MRA or taking an enforcement action based on unsafe or unsound practices. The proposed terms and standards in any final rule should enable the prompt identification and remediation of core financial risks and connect rationally and clearly to an institution’s supervisory ratings.

Sincerely,

Brandon Milhorn 

President and CEO

[1] CSBS is the nationwide organization of state banking and financial regulators from all 50 states, the District of Columbia, and the U.S. territories.

[2] 12 U.S.C. § 1818.

[3] OCC & FDIC, Notice of Proposed Rulemaking, Unsafe or Unsound Practices, Matters Requiring Attention, 90 Fed. Reg. 48835 (Oct. 30, 2025).

[4] See, e.g., Federal Reserve Board, Statement of Supervisory Operating Principles (Oct. 29, 2025)(“Examiners and other supervisory staff should prioritize their attention on a firm’s material financial risks.”)(emphasis added); see also OCC & FDIC, Notice of Proposed Rulemaking, Prohibition on Use of Reputation Risk by Regulators, 90 Fed. Reg. 48825 (Oct. 30, 2025)(“[A]n independent consideration of reputation risk by examiners has not resulted in consistent or predictable assessments of material financial risk.”)(emphasis added).

[5] Questions 6, 7, 8, 23, and 24. Supra note 3, at 48842 and 48843.

[6] Id. at 48841.

[7] Question 14 requests feedback on the “reasonably foreseeable” standard for issuance of MRAs. Id. at 48843.

[8] Question 20 solicits feedback on if the agencies should require a CAMELS composite rating downgrade of a “3” or below to be accompanied by an MRA or enforcement action. Id.

[9] Id. at 48842.

[10] Question 21 inquires about the extent to which the agencies should use MRAs to address banks that are vulnerable to potential economic shocks. Id. at 48843.

[11] Section 8 of the FDI Act provides the agencies with a broad range of enforcement powers concerning institutions and institution-affiliated parties for violations of laws and regulations. See, e.g., 12 U.S.C. §§ 1818(b)(1), (c)(1), (e)(1)(A)(i)(I).

[12] Data as of Sept. 30, 2025. Examinations of state nonmember banks may be conducted jointly by a state and the FDIC, with either agency in the lead, or independently on a schedule that alternates between a state and the FDIC.

[13] The proposal notes that for the FDIC, an MRA would replace what currently constitutes an MRBA.