Menu

Menu

Menu

Menu

Menu

Menu

Menu

Menu

Menu

Loading Results

CAMELS overhaul, resolution reset, SEC filer relief and AML executive order – May 29, 2026

  • May 29, 2026

Change remains a constant in financial services regulation

Read "our take" on the latest developments and what they mean.

FFIEC proposes first changes to CAMELS rating system in 30 years

What happened? On May 19th, the Federal Financial Institutions Examination Council (FFIEC) issued a notice of proposed rulemaking to revise the Uniform Financial Institutions Rating System, commonly known as CAMELS.1

What would the proposal do? The proposal would retain the six-component CAMELS structure but recalibrate how component and composite ratings are assigned, with stated goals of increasing transparency and focusing ratings on factors that materially affect an institution's financial condition and risk profile. Notable changes include:

  • Deemphasis of the Management component. The proposal would remove the existing language directing examiners to give "special consideration" to the Management rating in determining a bank’s composite rating. It would also narrow the Management component's evaluation factors, removing those related to management depth and succession, responsiveness to auditor and supervisory recommendations, and willingness to serve community banking needs. Under the proposal, Management ratings of 3 or worse would generally be reserved for cases where a bank’s risk management weaknesses result in material financial risk, unreliable financial or regulatory reporting, a failure to safeguard assets, or significant noncompliance with law or regulation.
  • Removal of risk management language from non-Management components. References to "management's ability to identify, measure, monitor, and control" risks would be stripped from the Capital, Asset Quality, Earnings, Liquidity, and Sensitivity components and replaced with language focused on the institution's financial condition and the effectiveness of its practices.
  • Revised composite and component rating definitions. The proposal introduces more standardized terminology ("strong," "satisfactory," "less than satisfactory," "deficient," "critically deficient" for financial condition; "effective," "adequate," "inadequate," "deficient" for risk management) and clarifies that risk management weaknesses that do not result in observable deterioration of financial condition or material financial risk would not, on their own, support a composite rating of 4 or worse.
  • Narrower role for specialty review findings. Findings from specialty reviews (e.g., compliance, CRA, information systems) would influence CAMELS ratings only to the extent they affect overall financial condition, represent material financial risk, or reflect significant noncompliance with laws and regulations.
  • Constraints on supervisory discretion. The proposal would limit the evaluation of additional factors to exceptional circumstances or in response to evolving business practices, with examiners required to document their rationale.
  • Additions to Sensitivity to Market Risk component. The proposal would incorporate more specific considerations into this component, including factors related to net interest income performance and exposure to interest rate volatility.

What's next? Comments on the proposal are due by August 17th. Following the comment period, each FFIEC member agency (Fed, OCC, FDIC, NCUA, CFPB) would need to separately adopt the revisions into its supervisory processes.

Our Take

A tighter CAMELS lens puts greater weight on financial performance and material risk

The proposal is a coordinated effort by the five federal banking agencies to shift the focus of supervision away from the subjective judgment of management capabilities and toward observable financial and compliance outcomes. For institutions that have long viewed “Management” ratings and their weight on bank’s composite results (and firm strategy) as unduly subjective and at times incongruous with actual financial performance, the direction of travel is welcome. However, a stronger focus on financial outcomes ties ratings to measures that will tend to lag underlying changes in risk-taking and risk control effectiveness. It is also worth noting that less examiner subjectivity means supervisory teams would have less ability to adjust composite ratings more tightly constrained by financial condition considerations upwards as well as downwards.

For banks, the shift in focus of the rating components reinforces the need for quality data and analysis of key financial inputs such as loan classification and review, deposit analysis, capital modelling, projected fee income, and exposure to interest rate volatility. For examination teams, it raises the bar for assessing the materiality of risks across a broad set of exposures and for determining when weaknesses in governance or risk management are sufficiently consequential to affect financial condition. Among those qualitative components that will remain, examiners may struggle to see the distinction between the expunged language around ”management's ability to identify, measure, monitor, and control" risk and the assessment of risk “effectiveness”, meaning that some significant degree of examiner judgment will remain, even as long-standing criticism from the industry on the double counting of management and risk management factors is addressed.

Agencies issue resolution plan feedback; Comptroller abstains

What happened? On May 22nd, the Fed and FDIC published feedback letters for resolution plans submitted in July 2025 by the eight largest and most complex U.S. banking organizations, as well as by 56 foreign banking organizations. Comptroller of the Currency Jonathan Gould abstained from the vote to publish the feedback and issued a statement on his decision.

What was in the agencies’ feedback? The agencies did not identify any shortcomings or deficiencies2 in any of the resolution plans reviewed. The agencies noted that firms had resolved previously identified derivatives‑related deficiencies from earlier review cycles. The feedback focused on the agencies’ assessment of firms’ progress in meeting the assurance framework requirement, which evaluates whether firms can demonstrate through testing, governance, and independent validation that key resolution capabilities would function as intended under stress. The letters also assessed firms’ responses to the two special analysis questions included in this cycle, examining how firms would execute their resolution strategies if financial resources were lower than expected and identifying the actions and legal considerations that could affect resolvability and execution.

What did Comptroller Gould say? In his statement, Gould explained that his abstention from the vote reflected his fundamental legal and policy concerns with the resolution planning framework itself. He argued that the expectations around resolution planning have accumulated via feedback letters and guidance rather than through notice-and-comment rulemaking, which he described as a flawed and, in his view, extra-legal process. He cited resolution-specific capital and liquidity constructs ‒ including resolution liquidity adequacy and positioning (RLAP) and resolution liquidity execution need (RLEN) ‒ as examples of requirements that emerged through this process. He also expressed concern about the continued expansion of expectations through concepts such as assurance frameworks and contingency strategies and questioned the incremental value of additional capability testing. He called for a reassessment of resolution planning guidance and for extending the time between plan submissions.

What's next? In his statement on the feedback letters, FDIC Chairman Travis Hill stated that the agency is aiming to propose amendments to resolution planning for large insured depository institutions (IDIs) “in the coming weeks” and that he expects to engage with the Fed on reconsidering elements of their joint resolution planning requirements with an objective to “rescind or modify requirements where the benefits do not justify the burdens.”

Our Take

Resolution planning may be nearing a reset

Comptroller Gould’s abstention statement builds on past remarks expressing a deep scepticism of the resolution planning regime as a significant regulatory burden that is not outweighed by value provided to impacted firms or the financial system. At the same time, his criticisms come at a point when resolution planning is demonstrably mature (as evidenced by the lack of shortcomings and deficiencies in this cycle) after firms have devoted significant time, resources, and senior management attention to building credible execution capabilities. While the 2023 bank failures raised questions as to the practical value of these plans at the time of resolution, over a decade of iterative submissions have provided regulators with extensive insight into firm structure, legal entities, funding, and operational dependencies. That makes resolution planning difficult to fully displace, even as concerns grow about its real‑world utility in a failure scenario and the accumulation of requirements through iterative feedback. Although Gould cannot change resolution planning requirements independently, the level of detail and public nature of his statement signals that he is pushing strongly for change through his position as an FDIC Board member. While Chairman Hill’s statement is more measured in tone, it nonetheless signals alignment with the need to recalibrate aspects of the resolution framework. Taken together, their statements increase the likelihood that the Fed and the FDIC will recommend adjustments that aim to balance burden with benefit, including longer submission cycles, reduced documentation requirements, and increased alignment between holding company and IDI resolution plans.

SEC proposes overhaul of public company filer status framework

What happened? On May 19th, the SEC proposed two rulemakings that would reduce reporting requirements for SEC-registered companies. One proposal would consolidate the SEC’s five filer categories into two: large accelerated filer (LAF) and non-accelerated filer (NAF), with a new sub-category of small non-accelerated filer for the smallest issuers. Another proposal would significantly expand access to shelf registration and pre-offering communications to a broader population of public companies.

What would the filer category proposal do? The proposal would:

  • Increase threshold and seasoning periods for LAF status. The public float threshold (the market value of common equity held by non-affiliates) for LAF status would increase from the current level of $700 million to $2 billion. To be considered an LAF, a company would need to sustain this amount for two consecutive annual measurement dates (e.g., June 30) and have provided at least 60 months of Exchange Act reporting. However, newly public companies would remain NAFs for a minimum of five years following their IPO regardless of public float amount.
  • Limit SOX 404(b) auditor attestation to LAFs. Only LAFs would be required to obtain an external auditor's attestation report on internal control over financial reporting (ICFR) under Section 404(b) of the Sarbanes-Oxley Act (SOX). NAFs, including former Accelerated Filers and former Smaller Reporting Companies, would not.
  • Reduce disclosures for NAFs. NAFs would receive most of the disclosure accommodations currently available to Emerging Growth Companies and Smaller Reporting Companies. The proposal would also eliminate Item 404(d) of Regulation S-K, which currently imposes stricter related-party transaction reporting on Smaller Reporting Companies.
  • Add some new obligations for NAFs. NAFs would, for the first time, be required to disclose unresolved SEC staff comments on their Form 10-K or 20-F in those cases in which comments were received at least 180 days before fiscal year-end.

Who would benefit and by how much? The SEC estimates that 81% of public companies would qualify for some form of scaled disclosure accommodation under the filer status proposal, up from approximately 52% today. In the preamble, the SEC estimates that the change in coverage would exempt roughly 1,600 companies from the SOX 404(b) attestation requirement. The SEC notes that the LAFs remaining subject to the full disclosure regime would still account for roughly 93.5% of total public market float. The relief is therefore broad in the number of issuers but concentrated among smaller and mid-cap companies.

What would the registered offering reform proposal do? It would expand the capital-raising tools available to public companies by eliminating the public float and reporting history requirements for Form S-3 shelf registration, which enables a company to pre-register securities. These changes would make the form available to any current and timely Exchange Act reporting company, including newly public companies in their first year of reporting and former special purpose acquisition companies (SPACs).3 The SEC estimates the number of issuers eligible to register an unlimited amount of securities on Form S-3 could increase by more than 60%.

What's next? Comments on the filer category proposal are due by July 20th and comments on the registered offering reform proposal are due by July 27th. Atkins has signalled that these proposals are foundational steps with further reforms to Regulation S-K disclosure requirements expected to follow. In a speech on May 26th, he announced that the SEC is soliciting comments on potential changes to modernize the IPO process, including communication rules and alternative pathways to going public.

Our Take

Less external attestation, same management responsibility

The SEC proposals continue the administration’s push to expand capital market access by reducing the regulatory costs imposed on smaller companies. At their core, controls over financial reporting – along with an external auditor attestation over the sufficiency of those controls – provide investors with assurance that a company’s financial statements are reliable. By raising the asset threshold for required independent auditor attestation, the SEC would reduce costs for smaller companies while potentially removing this extra level of assurance for investors. If the rules are finalized as proposed, c ompanies that would become newly exempt from ICFR auditor attestation should carefully evaluate the implications for key stakeholders, including lenders, boards, and investors, many of whom may continue to place value on independent assurance even where it is no longer required.

However, even for companies that elect to take advantage of the relief, the proposal would not alter management’s core responsibilities under SOX. The rules leave in place section 404(a), which creates the obligation to establish, maintain, and assess the effectiveness of a firm’s ICFR, as well as the certifications required of both a company’s CEO and CFO that the firm’s financial statements are accurate and complete (sections 302 and 906). Nor would the proposal affect the requirement for audited financial statements, under which auditors obtain an understanding of ICFR as part of the financial statement audit. Existing attestation requirements applicable to banks and insurance companies would also remain unchanged.4 For companies on the IPO path, the longer runway before first-time 404(b) compliance is genuine relief, but the 404(a) assessment would still be required from the second annual report onward. The shift from external attestation would place a premium on the underlying capabilities that allow management to stand behind its 404(a) assessment, including well-scoped testing, disciplined governance over the ICFR program, and active audit committee oversight.

White House releases AML EO

What happened? On May 19th, 2026, the White House released an Executive Order (EO) containing changes to Bank Secrecy Act (BSA) compliance, customer due diligence (CDD), customer identification programs (CIP) and credit underwriting.

What does the EO contain? It calls for four key actions:

  • Report on red flags and typologies (due by July 18). The EO orders Treasury to issue a formal advisory describing red flags and typologies associated with:
    • Payroll tax evasion by employers or labor brokers employing non-work authorized individuals
    • Use of foreign identity documents, shell companies, or other methods to obscure beneficial ownership
    • Unregistered money services businesses, third-party payment processors, or peer-to-peer platforms used for off-the-books wage payments
    • Suspicious cash transactions correlated with payroll cycles
    • Financial activity indicative of labor trafficking or forced labor where proceeds are commingled or transferred abroad
    • ITIN usage to open accounts where the applicant lacks verified lawful immigration status5
  • Credit risk guidance (due by July 18). The EO directs the CFPB to issue guidance clarifying that potential deportation and loss of wages are factors lenders may consider in ability-to-repay (ATR) analyses for non-work authorized borrowers. It also calls for the federal banking regulators to issue guidance regarding the management of these credit risks.
  • Customer due diligence rulemaking (proposal due by August 17). Treasury must propose changes to BSA implementing regulations to strengthen customer due diligence (CDD) regarding (1) the collection and verification of customer identity information to assess risks associated with illicit finance, sanctions evasion and fraud; and (2) the ability and authority of firms to obtain additional information necessary to resolve material compliance concerns, including whether customers have lawful immigration status and employment authorization.
  • Customer identification program changes (due by November 15). Treasury and the federal financial regulators must consider strengthening customer identification program (CIP) requirements with specific attention to risks posed by foreign consular identification cards.

Our Take

New expectations in a less-prescriptive environment

The EO aims to formally embed immigration status and employment authorization into financial institutions’ risk assessment calculus and program design. Many of the categories to be addressed in the FinCEN report (e.g., payroll structuring, funnel accounts) overlap with existing AML priorities, but the explicit designation of ITIN-based accounts as a potential red flag is new. While the EO does not prohibit these accounts, firms may have to apply enhanced due diligence to them, setting up a fine line that they must walk to satisfy both FinCEN expectations as well as fair lending laws, including requirements of the Equal Credit Opportunity Act (ECOA).

These new expectations follow last month’s proposal from FinCEN and the banking agencies to reduce the prescriptiveness of AML regulations and instead grant firms flexibility to allocate resources and conduct activities commensurate with their risks. The EO, however, points towards prescription, providing for expanded collection of immigration status and employment eligibility, additional enhanced due diligence triggers and mandatory scrutiny of new document categories. The devil will be in the details as the regulatory agencies must now balance the EO’s requirements with the less-prescriptive regulatory direction from last month’s proposal. Firms will have to closely assess the upcoming FinCEN guidance and rule changes to determine what enhancements must be made to existing transaction monitoring (TM) programs, suspicious activity report (SAR) filing practices and CDD protocols. As firms wait for more detail, they should consider:

  • Reviewing TM scenarios and SAR practices against the EO typologies. Map these programs and practices against payroll tax evasion, nominee/funnel structures, unregistered MSBs, micro-structuring, labor trafficking indicators, and ITIN-based account activity.
  • Developing defensible enhanced due diligence protocols for ITIN-based accounts. Build a risk-tiered EDD framework for ITIN accounts covering documentation requirements, adverse action standards, and exam-ready documentation. Engage fair lending counsel early given ECOA and other fair lending considerations.
  • Assessing CDD and CIP program gaps ahead of rulemaking. Identify gaps in identity verification, beneficial ownership confirmation, and document acceptance policies, particularly around foreign consular IDs.
  • Engaging credit risk and underwriting teams on ATR implications. Assess consumer credit portfolios for exposure to non-work authorized borrowers. Evaluate whether current ATR standards, underwriting models, and fair lending controls would need updating if deportation risk and wage-loss exposure are formalized as permissible underwriting factors.

Fed issues payments account proposal

What happened? On May 20th, the Fed issued a proposal to create a “payments account” tailored to non-traditional financial institutions seeking access to the Fed’s clearing and settlement services. The proposal is substantially similar to the prototype outlined by the Fed’s December 2025 request for information (RFI). It comes one day after the White House released an EO directing the Fed to produce a report on expanding access to its payment services for firms engaged in digital assets and other novel activities.

What is a payments account? The proposed payments account would offer a streamlined review process for access to the Fed’s payment services. Reserve banks would be required to complete their review of payments account applications within 90 days for Tier 1 and Tier 2 institutions6 and within 45 days for Tier 3 institutions. However, the account would have significant limitations and debundling of services that come with the Fed’s full master account. Payments accounts would require prefunding; would not receive interest; would not be eligible for discount window lending or intraday credit; would not allow access to FedACH; and would be subject to mandatory overnight balance limitations.

How does the proposal differ from the December RFI? The prototype in the RFI proposed an overnight closing balance limit of the lesser of $500 million or 10% of total assets, while the proposal would set individual limitations tailored to the firm’s expected activity (not to exceed $1 billion). The proposal also includes a provision that payment account holders may be required to submit information demonstrating compliance with AML and sanctions laws.

What's next? Comments are due 60 days following publication in the Federal Register. The proposal notes that the Fed has encouraged Reserve Banks to temporarily pause decisions on access requests from Tier 3 institutions during this notice and comment period.

Our Take

As options expand for Fed payments access, firms must choose what path best suits them

Progress toward a “skinny” Fed payments account has moved rapidly following Fed Governor Waller’s October 2025 speech introducing the concept, and now that they are clearly in sight firms must weigh the trade-offs as to whether the streamlined approvals and reduced oversight they provide outweigh the services and benefits of master accounts. Payments accounts, without full account benefits, such as discount window access of interest on reserves, may be particularly attractive to (1) narrow-purpose or payments-oriented institutions such as fintechs, digital-asset custodians, and trust banks that maintain prefunded accounts and avoid intraday credit; and (2) institutions that currently depend on correspondent relationships and are seeking direct access to payments services. While payments accounts will be attractive to many Tier 3 firms that otherwise would face an uphill battle to gain access to Fed payments services, some firms that need the more robust services of a full master account may opt to explore applying for Fed membership to elevate their application into the Tier 2 category despite the additional regulations and supervision that would not otherwise apply.

The Fed is moving fast to make payment accounts available, and firms that want early access should be preparing now to apply. Specifically, interested institutions should:

  • Confirm eligibility and define a path if not yet qualified. Validate whether the firm’s charter and activities meet the Fed’s account access guidelines. If not, identify which structural or charter changes could bring the firm into scope.
  • Assess compliance and risk capabilities at bank standards. Evaluate whether AML, sanctions, fraud, cyber, governance, and operational risk programs meet depository institution expectations. This includes strong process level controls tied to specific payment products, settlement flows, and customer segments.
  • Design the payments operating model for a prefunded environment. Define how funds will move in and out of the account, how intraday activity will be forecasted, and how controls, alerts, sweeps, throttles, and reconciliations will operate. Build the payment flow controls, exception routines, and product level guardrails needed to support a good funds, zero overdraft model.
  • Assemble internal documentation and evidence. This includes charter evidence; governance structures; business planning; compliance documentation; technology architecture; and proof that the payments operating model can manage prefunding and daily liquidity safely. The goal at this stage is to build the internal backbone of an application so it can be finalized quickly once the Fed issues the final rule.

On our radar

House passes amended 21st Century ROAD to Housing Act, returning it back to Senate for further consideration. On May 20th, the House of Representatives passed an amended version of the bipartisan 21st Century ROAD to Housing Act by a vote of 396-13. The revised bill includes measures to increase housing supply, improve affordability, streamline development, and restore community banking provisions, and has been returned to the Senate for further consideration.

Lawmakers introduce legislation to modernize the discount window. On May 20th, Senators Mark Warner (D-VA) and John Kennedy (R-LA) introduced the Discount Window Preparedness Act of 2026, which would require certain banks to conduct periodic test borrowing, incorporate discount window readiness into liquidity supervision, and direct the Fed to modernize operations and study ways to reduce stigma associated with its use.

NYDFS issues guidance on cybersecurity measures in heightened threat environments. On May 21st, the New York Department of Financial Services (NYDFS) issued guidance outlining additional cybersecurity measures regulated entities should consider during periods of elevated threat risk. The guidance highlights practices to reduce vulnerabilities, enhance threat detection, and improve operational resilience, including stronger access controls, monitoring, third-party risk management, and incident response preparedness.

FINRA issues regulatory notice on intraday margin standards. On May 19th, FINRA published a regulatory notice providing updated interpretations of Rule 4210 to support the implementation of new intraday margin standards, which replace prior day trading margin requirements. The notice also removes outdated interpretations and introduces investor education materials related to margin accounts. The changes are effective June 4th, 2026.
Subcommittee holds hearing on modernizing the Bank Secrecy Act. On May 21st, the House Financial Services Subcommittee on National Security, Illicit Finance, and International Financial Institutions held a hearing to examine potential updates to the BSA and AML framework. The hearing focused on reporting requirements, compliance costs, and the impact of emerging technologies on illicit finance, and included discussion of recent Treasury AML rulemakings and proposed legislation related to beneficial ownership reporting.

Subcommittee holds hearing on bank-fintech partnerships and financial innovation. On May 21st, the House Financial Services Subcommittee on Digital Assets, Financial Technology, and Artificial Intelligence held a hearing on bank-fintech partnerships. The discussion focused on regulatory gaps, supervisory capacity, and the impact of these partnerships on payments, credit access, and innovation, with members and witnesses emphasizing the need for balanced oversight that supports technological advancement while maintaining consumer protection and financial stability.

CFTC continues legal efforts to assert jurisdiction over prediction markets. On May 19th, the CFTC filed a lawsuit seeking to block a Minnesota law that would criminalize the operation of certain prediction markets, marking the agency’s sixth lawsuit in recent weeks against state efforts to regulate these markets. The agency argues that federal law grants it exclusive jurisdiction under the Commodity Exchange Act and that such state laws are preempted by the federal regulatory framework.

BIS publishes research on tokenization and liquidity regulation. On May 27th, the Bank for International Settlements (BIS) released reports covering cross-border payments and bank funding. A joint report with the Institute of International Finance on Project Agorá demonstrated that tokenization can improve efficiency in wholesale cross-border payments through multi-currency settlement using tokenized central bank reserves and commercial bank deposits. Separately, a BIS working paper found that liquidity regulation, specifically the liquidity coverage ratio, is associated with lower wholesale funding costs and a shift toward longer-term bank liabilities.

Footnotes:

1CAMELS is a federal banking supervisory rating system for assessing the safety and soundness of insured depository institutions. Under the framework, supervisors assign each institution a composite rating and six component ratings: Capital Adequacy, Asset Quality, Management, Earnings, Liquidity, and Sensitivity to Market Risk, each on a 1 to 5 scale, with 1 being the strongest. Although ratings are not publicly disclosed, they are used by supervisors to calibrate the intensity of oversight, evaluate applications, and set deposit insurance assessments.

2Under the joint resolution planning framework, a “deficiency” reflects a weakness that could undermine a firm’s ability to execute its resolution strategy in a period of financial stress, while a “shortcoming” generally refers to a less severe issue that does not rise to that level but still warrants remediation. Both are formal supervisory findings and can trigger follow‑up requirements in subsequent plan submissions.

3A SPAC is a shell company created to acquire or merge with an existing private company, taking the private business public without going through the traditional IPO process.

4See, e.g., 12 CFR Part 363 (FDIC Annual Independent Audit and Reporting Requirements); National Association of Insurance Commissioners “Annual Financial Reporting Model Regulation.”

5ITINs are tax identification numbers used in cases where the customer does not have a social security number.

6The Fed applies a three-tier review system to its evaluation of applications for access to its payments services. Tier 1 institutions (federally-insured banks and credit unions) generally move more swiftly through the review process and have higher rates of approval. Tier 2 institutions (uninsured but federally-supervised institutions) receive a more elevated level of review. Tier 3 institutions (uninsured institutions that are not federally-supervised) receive the most stringent level of review and have historically had very low rates of approval.

Our Take: Financial services regulatory update – May 29, 2026

(PDF of 367.92KB)

{{filterContent.facetedTitle}}

Follow us

© 2017 - 2026 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.