Management Ratings

Management The capability of the board of directors and management, in their respective roles, to identify, measure, monitor, and control the risks of an institution’s activities and to ensure a financial institution’s safe, sound, and efficient operation in compliance with applicable laws and regulations is reflected in this rating. Generally, directors need to be actively involved in day-to-day operations; however, they must provide clear guidance regarding acceptable risk exposure levels and ensure that appropriate policies, procedures, and practices have been established. Senior management is responsible for developing and implementing policies, procedures, and practices that translate the board’s goals, objectives, and risk limits into prudent operating standards. Depending on the nature and scope of an institution’s activities, management practices may need to address some or all of the following risks: credit, market, operating or transaction, reputation, strategic, compliance, legal, liquidity, and other risks. Sound management practices are demonstrated by active oversight by the board of directors and management; competent personnel; adequate policies, processes, and controls taking into consideration the size and sophistication of the institution; maintenance of an appropriate audit program and internal control environment; and effective risk monitoring and management information systems. This rating should reflect the board and management’s ability as it applies to all aspects of banking operations as well as other financial service activities in which the institution is involved. The capability and performance of management and the board of directors is rated based upon, but not limited to, an assessment of the following evaluation factors:  The level and quality of oversight and support of all institution activities by the board of directors and management;  The ability of the board of directors and management, in their respective roles, to plan for, and respond to, risks that may arise from changing business conditions or the initiation of new activities or products;  The adequacy of, and conformance with, appropriate internal policies and controls addressing the operations and risks of significant activities;  The accuracy, timeliness, and effectiveness of management information and risk monitoring systems appropriate for the institution’s size, complexity, and risk profile;  The adequacy of audits and internal controls to promote effective operations and reliable financial and regulatory reporting; safeguard assets; and ensure compliance with laws, regulations, and internal policies;  Compliance with laws and regulations;  Responsiveness to recommendations from auditors and supervisory authorities;  Management depth and succession;  The extent that the board of directors and management is affected by, or susceptible to, dominant influence or concentration of authority;  Reasonableness of compensation policies and avoidance of self-dealing;  Demonstrated willingness to serve the legitimate banking needs of the community; and  The overall performance of the institution and its risk profile. Ratings A rating of 1 indicates strong performance by management and the board of directors and strong risk management practices relative to the institution’s size, complexity, and risk profile. All significant risks are consistently and effectively identified, measured, monitored, and controlled. Management and the board have demonstrated the ability to promptly and successfully address existing and potential problems and risks. A rating of 2 indicates satisfactory management and board performance and risk management practices relative to the institution’s size, complexity, and risk profile. Minor weaknesses may exist, but are not material to the safety and soundness of the institution and are being addressed. In general, significant risks and problems are effectively identified, measured, monitored, and controlled. A rating of 3 indicates management and board performance that need improvement or risk management practices that are less than satisfactory given the nature of the institution’s activities. The capabilities of management or the board of directors may be insufficient for the type, size, or condition of the institution. Problems and significant risks may be inadequately identified, measured, monitored, or controlled.

A rating of 4 indicates deficient management and board performance or risk management practices that are inadequate considering the nature of an institution’s activities. The level of problems and risk exposure is excessive. Problems and significant risks are inadequately identified, measured, monitored, or controlled and require immediate action by the board and management to preserve the soundness of the institution. Replacing or strengthening management or the board may be necessary. A rating of 5 indicates critically deficient management and board performance or risk management practices. Management and the board of directors have not demonstrated the ability to correct problems and implement appropriate risk management practices. Problems and significant risks are inadequately identified, measured, monitored, or controlled and now threaten the continued viability of the institution. Replacing or strengthening management or the board of directors is necessary.