Bank Supervision: Removing References to Reputation Risk

Reference: Bulletin 2026-23

Official publication: Read the full Bulletin 2026-23 on the agency website

On June 2, 2026, the Office of the Comptroller of the Currency (OCC) announced a coordinated effort with the Federal Deposit Insurance Corporation (FDIC) and the Board of Governors of the Federal Reserve System to update the framework of bank supervision. Through the issuance of Bulletin 2026-23, the agencies have collectively reissued fifteen interagency guidance documents with a specific and consequential modification: the removal of all references to “reputation risk.” This action represents a significant refinement of supervisory standards, signaling a shift toward more objective risk metrics and potentially narrowing the scope of examiner discretion in areas that have historically been difficult to quantify. For legal counsel and compliance officers, this update necessitates a thorough review of internal risk taxonomies and a strategic realignment of how non-financial risks are reported and mitigated.

Executive Summary

• Interagency Alignment: The OCC, FDIC, and Federal Reserve have acted in concert to reissue 15 guidance documents, ensuring a uniform approach to risk terminology across the federal banking agencies.
• Removal of Reputation Risk: The primary change is the deletion of “reputation risk” as a standalone or referenced risk category within these specific documents, moving away from a traditionally subjective supervisory concept.
• Focus on Quantifiable Risk: This update suggests that issues previously categorized under reputation risk may now be absorbed into more concrete categories such as operational, strategic, or compliance risk.
• Administrative Streamlining: The agencies aim to reduce ambiguity in examinations by focusing on risks that directly impact safety and soundness through measurable financial or operational failures.
• Immediate Policy Review: Institutions are expected to identify which internal policies were mapped to these 15 documents and determine if their internal risk appetite statements require adjustment.
• No Change to Statutory Authority: While the guidance terminology has changed, the underlying statutory authority of the agencies to supervise for safety and soundness remains intact.

What the Regulator Issued

The Office of the Comptroller of the Currency issued Bulletin 2026-23, titled “Bank Supervision: Removing References to Reputation Risk.” This bulletin serves as the formal notification that the OCC, alongside the FDIC and the Federal Reserve Board, has reissued 15 interagency guidance documents. The sole purpose of this reissuance was to remove references to reputation risk. This coordinated action follows years of industry and regulatory debate regarding the nebulous nature of reputation risk and its utility in formal enforcement and supervisory ratings.

Historically, reputation risk was defined as the risk to current or projected financial condition and resilience arising from negative public opinion. By removing these references, the agencies are likely responding to the 2021 interagency final rule on the role of guidance, which clarified that guidance does not have the force and effect of law and that examiners should not issue matters requiring attention (MRAs) based solely on guidance. Scrubbing reputation risk—a category often criticized for being too subjective—further aligns the agencies’ supervisory practices with the principle of objective, data-driven oversight.

Who Is Impacted

The impact of Bulletin 2026-23 extends to all financial institutions supervised by the OCC, including national banks, federal savings associations, and federal branches and agencies of foreign banking organizations. Additionally, because this was an interagency effort, state member banks (supervised by the Federal Reserve) and state non-member banks (supervised by the FDIC) are similarly affected by the updates to the 15 reissued documents. Compliance departments, internal audit teams, and Chief Risk Officers should be particularly attentive to this change, as it may alter the language used in future Reports of Examination (ROE) and supervisory correspondence.

Key Dates and Deadlines

The reissued guidance documents and the corresponding Bulletin 2026-23 were effective upon publication on June 2, 2026. While the bulletin does not specify a deadline for banks to update their internal documents, institutions should move expeditiously to align their internal frameworks with the revised interagency standards to avoid discrepancies during the next examination cycle.

Practical Action Checklist

1. Document Identification: Obtain the full list of the 15 reissued interagency guidance documents referenced in Bulletin 2026-23 and compare them against the institution’s current regulatory compliance library.
2. Terminology Audit: Conduct a comprehensive search across internal risk management policies, procedures, and training manuals for references to “reputation risk” that were explicitly tied to the now-superseded guidance.
3. Risk Taxonomy Realignment: Determine if risks previously identified as “reputation risk” should be reclassified under “operational risk,” “strategic risk,” or “compliance risk” to remain consistent with the updated federal framework.
4. Board Reporting Updates: Review Board-level reporting templates and Risk Appetite Statements (RAS) to ensure that terminology reflects the current supervisory environment and focuses on quantifiable impact.
5. Chief Risk Officer Briefing: Prepare a memorandum for the CRO and the Risk Committee of the Board outlining the potential shift in examiner focus away from public opinion and toward operational resilience.
6. Internal Audit Scope Review: Advise internal audit to update their workpapers and testing scripts to ensure they are evaluating risk against the current, reissued versions of the interagency guidance.
7. Exam Preparation: Review recent Matters Requiring Attention (MRAs) or supervisory comments related to reputation risk; determine if the removal of the term in the underlying guidance provides a basis for requesting a closure or reclassification of those items.
8. Vendor Management Review: Assess third-party risk management policies. Often, vendor “reputation risk” is a core component of due diligence; consider if this should be reframed as “service provider operational risk” or “legal risk.”
9. ESG and Social Responsibility Alignment: For institutions with robust Environmental, Social, and Governance (ESG) frameworks, evaluate how these initiatives are categorized. If they were previously justified primarily through “reputation risk” guidance, they may need a more direct tie to strategic or financial risk.
10. Regulatory Relations Check-in: During the next scheduled meeting with the OCC Examiner-in-Charge (EIC), proactively discuss how the agency intends to implement these changes during the upcoming supervisory cycle.
11. Legal Review of Disclosures: Consult with legal counsel to ensure that public disclosures (such as 10-K risk factors) remain accurate while reflecting the updated regulatory terminology.
12. Training Refresh: Update compliance training modules for staff to ensure that the concept of risk is communicated in a manner consistent with the new interagency standards.

Open Questions / Watch Items

• Subsumed Risks: It remains unclear how examiners will handle issues that were purely reputational. Will they find ways to squeeze these concerns into “operational risk,” or will they cease commenting on them altogether?
• CAMELS Ratings: Will the removal of reputation risk from guidance lead to a broader revision of the Uniform Financial Institutions Rating System (CAMELS), specifically within the “Management” component?
• State-Level Divergence: It is possible that state banking regulators may continue to utilize reputation risk metrics, creating a potential divergence for state-chartered banks versus national banks.
• Enforcement Trends: Monitor whether this change results in a decrease in MRAs related to non-financial conduct or if it simply results in a shift in the labeling of those MRAs.

My Law Tampa publishes this memorandum as part of our commitment to providing timely and analytical updates on regulatory developments affecting the financial services industry. Our focus remains on the intersection of administrative law and bank supervision, ensuring that stakeholders have the technical clarity needed to navigate complex regulatory shifts.

This memorandum is provided for informational purposes only and does not constitute legal advice. The content herein does not create an attorney-client relationship between the reader and My Law Tampa. Financial institutions should consult with qualified legal counsel to discuss the specific application of these regulatory changes to their unique operational profiles.

Source Materials

• Official publication: Bulletin 2026-23
• Regulator archive: OCC memo archive
• Memo library: browse the full regulatory memo archive
• Related memo: FFIEC Proposes Significant Revisions to CAMELS Rating System to Enhance Transparency and Risk Focus
• Related memo: OCC Codifies National Bank Authority Over Real Estate Escrow Accounts
• Related memo: OCC Issues Final Preemption Determination on State Interest-on-Escrow Laws