Federal Reserve Revises Risk Management Rating Guidelines: Key Changes for Banks
On June 23, 2025, the Federal Reserve revised its long-standing guidance on rating risk management processes at state member banks and bank holding companies (SR Letter 95-51). While the core framework remains intact, the revision includes a notable change that removes references to reputational risk from the evaluation criteria. This update reflects the Fed's evolving approach to risk assessment and warrants attention from bank management and boards of directors.
What Changed: Removal of Reputational Risk
The primary change in the June 2025 revision involves removing references to reputational risk from the "Federal Reserve Guidelines for Rating Risk Management at State Member Banks and Bank Holding Companies." This modification suggests the Federal Reserve is streamlining its risk management evaluation framework to focus on more quantifiable and directly controllable risk categories.
Previously, examiners considered reputational risk as part of their comprehensive risk assessment. The removal of these references indicates that while reputational considerations remain important to overall bank management, they are no longer formally incorporated into the specific risk management rating methodology.
What Remains Unchanged: Core Risk Management Framework
Despite this revision, the fundamental structure of risk management evaluation remains robust and comprehensive. Banks must continue to demonstrate effective management of five primary risk categories:
Credit Risk: Potential borrower or counterparty default
Market Risk: Adverse movements in interest rates, foreign exchange rates, or equity prices
Liquidity Risk: Both funding liquidity and market liquidity challenges
Operational Risk: System failures, control breaches, fraud, or catastrophic events
Legal Risk: Unenforceable contracts, lawsuits, or adverse judgments
The Four Pillars Still Stand
The Fed's evaluation continues to focus on four essential elements of sound risk management:
Active board and senior management oversight
Adequate policies, procedures, and limits
Robust risk measurement, monitoring, and management information systems
Comprehensive internal controls with appropriate separation of duties
The five-point rating scale (1-5, with 1 being the strongest) continues to apply, and risk management ratings still carry significant weight in determining overall Management ratings under the CAMEL and BOPEC systems.
Implications for Your Institution
Immediate Actions
Review current risk management documentation to ensure it aligns with the streamlined framework focusing on the five core risk categories
Assess whether any internal policies specifically reference reputational risk as part of formal risk management processes and consider whether updates are needed
Ensure board and senior management understand that while reputational considerations remain important for overall bank strategy, they are no longer part of the formal risk management rating
Strategic Considerations
Focus resources on the core risk categories that remain central to regulatory evaluation
Strengthen documentation and processes around credit, market, liquidity, operational, and legal risk management
Maintain robust internal controls with particular attention to separation of duties, as this remains a critical examination focus
Broader Context: Regulatory Evolution
This revision reflects the Federal Reserve's ongoing effort to refine its supervisory framework. By removing reputational risk from formal risk management ratings, the Fed appears to be focusing on risks that are more directly measurable and controllable through specific management processes and internal controls.
This change aligns with broader regulatory trends toward more precise, quantifiable risk assessment methodologies while recognizing that some risks—like reputational risk—may be better addressed through overall governance and strategic management rather than specific risk management processes.
Looking Ahead
While this revision represents a targeted adjustment rather than a fundamental overhaul, it signals the Fed's continued evolution in supervisory approach. Banks should expect ongoing refinements to regulatory guidance as financial markets, technology, and risk management practices continue to evolve.
The timing of this revision—nearly 30 years after the original guidance was issued—also demonstrates the Federal Reserve's commitment to keeping its supervisory framework current and relevant to modern banking practices.
Banks should view this revision as an opportunity to refocus their risk management documentation and processes on the areas that will continue to receive primary regulatory attention: credit, market, liquidity, operational, and legal risks, supported by strong governance, policies, monitoring systems, and internal controls.
This alert is based on the June 23, 2025 revision to Federal Reserve SR Letter 95-51. Banks should consult with their regulatory counsel and advisors for institution-specific guidance on implementing these updates.