The proposed rewrite would force examiners to anchor downgrades to financially material evidence—which moves the burden of proof, and the work, onto how you instrument your program.

For thirty years, the most consequential rating your bank receives has rested partly on an examiner's read of your judgment. That may be about to change.

On May 19, 2026, the FFIEC proposed the first comprehensive rewrite of the Uniform Financial Institutions Rating System—CAMELS—in roughly three decades. The last major revision landed in 1996 (FFIEC press release; Federal Register UFIRS notice). The comment period runs through August 17, 2026, so nothing here is settled. But the direction of travel is clear enough that credit leaders should start reading it now.

The same day, the White House issued a fintech Executive Order that pushes regulators toward easier bank–fintech partnerships. Taken together, the two actions point at the same operational reality: more of your risk will sit with third parties and models, and the way you defend your rating will lean harder on documented numbers than on narrative.

The two May 19 actions, in plain English

The CAMELS proposal does one structurally important thing: it reduces the weight—the “special consideration”—historically given to the Management (M) component, and asks examiners to weigh all six components (Capital, Asset quality, Management, Earnings, Liquidity, Sensitivity) more evenly (FDIC Chairman Travis Hill statement; Sullivan & Cromwell, May 2026).

That matters because Management has long been described as the most influential driver of the composite rating (Bank Policy Institute; American Banker). The composite, in turn, gates the things that actually constrain a bank: enforcement actions, MRAs and MRIAs, growth and expansion approvals, and M&A.

As read by advisory firms—Sullivan & Cromwell's analysis, not verbatim Federal Register text—the proposal would remove four Management evaluation factors: management depth and succession planning; responsiveness to auditor and supervisory recommendations; demonstrated willingness to serve community banking needs; and overall performance and risk profile. Treat that list as an advisory-firm reading until the text confirms it.

The proposal also reportedly tightens the threshold for a poor Management rating. A 3 or worse would generally require risk management that creates material financial exposure, unreliable financial or regulatory reporting, a failure to safeguard assets, or significant noncompliance. Composite 4 or 5 ratings would demand observable financial deterioration—risk-management deficiencies alone could not justify the downgrade (Sullivan & Cromwell; American Banker).

Two more changes sharpen the point. The familiar “but not limited to” language is reportedly gone; examiners could reach for extra factors only in “exceptional circumstances,” where the factor is “critical to the assessment,” with documented rationale (American Banker; Forvis Mazars). And specialty exam findings—compliance, IT, trust—would flow into the rating only if they hit financial condition, represent material financial risk, or reflect significant legal noncompliance (Sullivan & Cromwell).

One housekeeping change worth noting for your documentation: the text swaps “allowance for loan and lease losses” for “allowances for credit losses,” aligning the language with CECL (America's Credit Unions).

The second action, the Executive Order “Integrating Financial Technology Innovation into Regulatory Frameworks,” gives regulators 90 days to flag rules impeding bank–fintech partnerships and 180 days to encourage innovation and streamline charters, and directs the Fed to study non-bank access to Fed payment accounts. It explicitly preserves “safety and soundness” (White House fact sheet; Consumer Finance Monitor).

What shifts when Management loses “special consideration”

Here's the practical translation. Today, an examiner who is uneasy about your governance—even absent a clean financial trail—has room to express that unease in the Management rating, and that rating can pull your composite down.

Under the proposal, that discretion narrows. The downgrade would generally need to point at financially material, documented harm. That cuts both ways, and I'll come back to the downside. But for exam preparation, the implication is concrete: the burden of producing evidence shifts toward what is measurable, and toward you.

The operational pivot: instrument the program, retire the narrative

If the rating must be anchored to financially material risk, then your exam-defense file should be organized around that standard rather than around a story about how well your team manages.

Three areas carry the load.

Asset quality. This is where “material financial exposure” lives. Build the file so that classification trends, migration, concentration limits and exceptions, and your allowances for credit losses are documented, time-stamped, and tied to the numbers—not summarized in prose. If a finding can't be connected to financial condition, the proposal suggests it shouldn't be driving your rating.

Concentration. Concentration is the cleanest bridge between “risk management” and “material financial exposure.” Quantify it. Show the limits, the breaches, the remediation, and the dollar impact under stress.

Model risk. This is the load-bearing wall, and it deserves its own section below.

What to retire: the qualitative governance narrative as your primary defense. Keep your governance—the proposal doesn't make it optional, and reporting integrity and asset safeguarding are explicitly in the threshold for a poor Management rating. But narrative alone is no longer the thing that wins the rating. Documented, financially material evidence is.

For the CFO and board, the briefing is short: the proposal reportedly makes ratings harder to downgrade on judgment alone and more dependent on financial deterioration. What it does not touch is just as important. Fair-lending, CECL, and consumer-compliance examinations are separate supervisory tracks. This proposal does not change them. Don't let anyone in the room conclude that compliance risk just got cheaper.

The EO twist: more fintech partners, heavier model and third-party expectations

The Executive Order's looser partnership pathways have a direct consequence for the risk function. More fintech partnerships mean more third-party data feeds and more externally sourced or co-developed models inside your credit decisions.

The EO doesn't loosen the rules that govern those relationships. Two frameworks become load-bearing.

The interagency Third-Party Risk Management guidance—SR 23-4 (June 2023)—remains the governing TPRM framework. The EO does not touch it (Federal Reserve SR 23-4). Easier partnerships do not mean lighter diligence.

And model governance now runs through SR 26-2 (April 17, 2026), which replaced SR 11-7 and SR 21-8 with materiality-tiered model-risk oversight (Federal Reserve SR 26-2). SR 26-2—not SR 11-7—is the operative guidance. It dropped the annual revalidation mandate and carved out generative and agentic AI for separate treatment. The materiality tiering is the connective tissue here: CAMELS wants material financial risk evidenced, and SR 26-2 asks you to tier your model oversight by materiality. Use the same materiality logic in both files.

The honest read: the EO opens the front door to fintech partners while CAMELS and SR 26-2 quietly raise the bar on documenting the model and third-party risk those partners bring.

The honest take: less discretion cuts both ways

This is the part to sit with, because the practitioner community is genuinely split.

One camp welcomes the discipline. The BPI's Sarah Flowers has called the management rating “uniquely subjective... not based on any empirical or financial standard.” Davis Polk's Meg Tahyar puts the reform-minded version plainly: “The discretion needs to be anchored to something empirical.”

The other camp warns about what anchoring removes. Better Markets' Shayna Olesiuk argues that removing discretion “altogether... is a huge mistake.” MRV Associates' Mayra Rodríguez Valladares warns it could undermine safety and soundness by deemphasizing subjective, less-understood risks.

Both are right about something real, and the tension is structural. Quantitative anchoring is lagging by design. Governance failures—the SVB-style breakdown where the supervisory unease arrived before the losses—often precede the financial deterioration the new framework waits to see. “Less discretion” removes arbitrary downgrades and the early-warning latitude examiners have used to act before the numbers turn. That's a contested tradeoff, not a settled improvement, and reasonable people are arguing it in the comment file right now.

What to do before August 17

You can't comment your way out of preparing for either outcome. So do the work that pays off regardless: pull your current exam-defense file and ask, finding by finding, “Could I connect this to material financial risk with documentation today?” Where the answer is “only through narrative,” that's your gap. Map your model inventory to SR 26-2's materiality tiers and your fintech relationships to SR 23-4, and make sure the same materiality logic threads through both. None of that is wasted if the proposal changes—and all of it is overdue if it doesn't.