FDIC

Agencies Remove References to Reputation Risk in Interagency Documents

June 2, 20269 min read

Reference: FIL-09-2001

Official publication: Read the full FIL-09-2001 on the agency website

The federal banking regulatory landscape is undergoing a subtle but profound shift as the agencies move to clarify the boundaries of supervisory authority and the nature of risk assessment. By removing references to ‘reputation risk’ from a range of interagency documents, the Federal Deposit Insurance Corporation (FDIC), in conjunction with the Office of the Comptroller of the Currency (OCC) and the Board of Governors of the Federal Reserve System, is addressing long-standing criticisms regarding the subjectivity of qualitative risk categories. This memorandum analyzes the recent issuance, the underlying regulatory philosophy driving the change, and the practical steps financial institutions must take to align their internal risk management frameworks with this new supervisory direction. The removal of this terminology marks a deliberate step toward prioritizing quantifiable risks—such as credit, liquidity, and operational risks—over more qualitative and subjective categories that have historically been difficult to measure and manage with precision.

Executive Summary

  • Shift to Objective Standards: The removal of reputation risk references marks a transition away from qualitative, often subjective, supervisory findings toward a focus on risks that have a direct and measurable impact on a bank’s capital, earnings, and overall safety and soundness.
  • Interagency Alignment: This is a coordinated joint effort between the FDIC, OCC, and Federal Reserve, ensuring consistent application of the new standards across different types of charters and regulatory structures.
  • Redefining Risk Taxonomies: Institutions are encouraged to view ‘reputation’ as a consequence of other failures—such as compliance, operational, or strategic lapses—rather than a standalone risk pillar that can be independently examined or cited in isolation.
  • Governance Implications: Board and management reporting structures that previously isolated reputation risk may now need to be reconfigured to reflect how these concerns are integrated into broader operational and legal risk categories.
  • Continued Vigilance: The removal of the term from interagency documents does not eliminate the business reality of reputational harm; however, it significantly changes the language through which regulators will address such issues during examinations and enforcement proceedings.

What the Regulator Issued

The Federal Deposit Insurance Corporation (FDIC) recently published a Financial Institution Letter (FIL) titled ‘Agencies Remove References to Reputation Risk in Interagency Documents,’ which can be accessed at the following official URL: https://www.fdic.gov/news/financial-institution-letters/2026/agencies-remove-references-reputation-risk-interagency. This issuance serves as a formal update to various manuals, handbooks, and policy statements used by examiners and financial institutions alike to guide risk management practices. The primary objective of the release is to excise ‘reputation risk’ as a standalone category from interagency guidance where it was previously listed alongside more traditional risk categories like credit, interest rate, liquidity, and price risk. The agencies have clarified that this move is intended to streamline the supervisory process and ensure that enforcement actions and exam findings are rooted in the safety and soundness of the institution, rather than subjective perceptions of public sentiment.

Who Is Impacted

This regulatory update impacts all financial institutions subject to federal supervision by the FDIC, OCC, or the Federal Reserve. This includes a broad spectrum of entities, from small community banks and savings associations to mid-size institutions and systemically important financial institutions (SIFIs). Within these organizations, the primary stakeholders affected include Chief Risk Officers, Compliance Officers, Internal Auditors, and General Counsel. Furthermore, Boards of Directors will need to be briefed on how this shift affects their oversight responsibilities and the institution’s Risk Appetite Statement. While the change primarily affects how regulators communicate and document risk during the examination process, the ripple effects will be felt throughout the entire corporate governance structure, particularly in how risk is reported, monitored, and mitigated internally. Third-party service providers who assist banks with risk management or reputation monitoring will also need to adjust their service offerings to align with this revised supervisory focus.

Key Dates and Deadlines

Not specified in the release. The federal banking agencies generally implement these changes to interagency manuals and handbooks immediately upon issuance. However, institutions are typically given a transition period to adjust their internal reporting mechanisms and policy frameworks before the next formal examination cycle begins. It is recommended that institutions begin their internal reviews immediately to ensure they are prepared for the next supervisory event and can demonstrate an understanding of the updated interagency standards.

Practical Action Checklist

  • Inventory Internal Policies: Conduct a comprehensive review of all internal risk management policies, procedures, and manuals that mirror the interagency documents being updated. Identify every instance where ‘reputation risk’ is cited as a primary risk category.
  • Audit Risk Taxonomy: Evaluate the institution’s Enterprise Risk Management (ERM) framework. Determine if reputation risk should be retired as a standalone pillar and instead be classified as a secondary impact factor of operational, compliance, or strategic risks.
  • Update Board Reporting: Revise monthly and quarterly risk reports provided to the Board of Directors. Ensure that the metrics and language used in these reports align with the updated supervisory nomenclature to avoid confusion during regulatory reviews.
  • Map Reputational Drivers: Create a mapping exercise that links common reputational threats, such as data breaches, consumer complaints, or public litigation, to their primary risk categories like Operational Risk or Legal and Compliance Risk.
  • Review Risk Appetite Statement (RAS): Assess whether the RAS requires modification. While an institution may choose to keep reputation as an internal monitoring metric for business reasons, it should be clear how this aligns with the safety and soundness criteria emphasized by regulators.
  • Brief Internal Audit: Ensure the internal audit team is aware of the change. Audit schedules and scopes that were previously dedicated to ‘reputation risk’ as a standalone silo may need to be redirected toward assessing the underlying operational or compliance controls that prevent reputational harm.
  • Update Training Modules: Revise compliance and risk management training materials for all staff levels to reflect the current regulatory environment and the emphasis on quantifiable, safety-and-soundness-based risk metrics.
  • Analyze Third-Party Risk: Review vendor management policies and templates. Reputation checks on third-party providers should be properly integrated into the operational due diligence process rather than standing as an isolated check-the-box exercise.
  • Consult Legal Counsel: For institutions currently under formal or informal enforcement actions, consult with counsel to determine if references to reputation risk remediation in those orders are affected by this broader policy shift.
  • Adjust Communications Strategy: Ensure that the bank’s Public Relations or Communications team understands that ‘reputational harm’ remains a significant business reality, even as the ‘risk category’ is de-emphasized for supervisory purposes.
  • Monitor Examination Manuals: Keep a close watch on forthcoming technical updates to the FDIC’s Risk Management Manual of Examination Policies and the OCC’s Comptroller’s Handbook for further implementation details.
  • Prepare for Exam Dialogue: Prepare management to discuss risk in the updated terms during the first examination cycle following this change, emphasizing the integration of qualitative factors into operational and strategic frameworks.

Open Questions / Watch Items

One of the most significant open questions remains how this shift will influence the ‘Management’ component of the CAMELS rating system. Traditionally, reputation risk was a major factor in assessing the quality of a bank’s management and its ability to identify and respond to external threats. Without ‘reputation risk’ as a formal label in interagency guidance, it is unclear if examiners will simply fold these concerns into the ‘Operational’ or ‘Compliance’ components, or if they will continue to evaluate management’s response to public perception under a different guise. The extent to which examiners continue to utilize the concept of reputation as a ‘secondary factor’ will be a critical area for monitoring in upcoming examination cycles.

Another area of concern is the impact on Community Reinvestment Act (CRA) and Fair Lending evaluations. These areas of compliance often involve significant qualitative data and public feedback. If reputation risk is no longer a standalone category, will negative public comments during a CRA protest carry less weight, or will they be re-categorized as evidence of poor strategic risk management or consumer compliance failure? The legal community will be watching closely to see if this change signals a broader trend toward the ‘de-judging’ of bank supervision, where examiners are given less discretion to issue findings based on qualitative assessments that cannot be tied back to a specific rule or financial metric. Furthermore, the industry must watch for how this shift affects existing consent orders that were heavily predicated on reputation risk findings.

My Law Tampa serves as the publisher of this regulatory update and provides a comprehensive library of legal memoranda for the financial services industry. We are dedicated to providing timely and accurate analysis of the shifting regulatory environment to assist institutions in maintaining robust compliance and risk management standards in an increasingly complex landscape.

The information provided in this memorandum is for informational purposes only and does not constitute legal advice. No attorney-client relationship is created between the reader and My Law Tampa by the publication or receipt of this document. Readers should consult with qualified legal counsel regarding their specific circumstances, internal policies, and regulatory obligations before taking any action based on this information.

Source Materials

Next Post

Related Posts

FDIC FDIC Office of Ombudsman 2025 Annual Report: Implications for Institutional Dispute Resolution

FDIC Office of Ombudsman 2025 Annual Report: Implications for Institutional Dispute Resolution

The FDIC Office of Ombudsman has released its 2025 Annual Report, providing a critical overview…
June 2, 2026
FDIC FDIC Summary of Deposits Survey and Filing Instructions for June 30, 2026

FDIC Summary of Deposits Survey and Filing Instructions for June 30, 2026

Regulatory guidance for FDIC-insured institutions regarding the annual Summary of Deposits (SOD) survey for June…
May 29, 2026
FDIC FDIC Proposes Rigorous BSA and Sanctions Standards for Permitted Payment Stablecoin Issuers

FDIC Proposes Rigorous BSA and Sanctions Standards for Permitted Payment Stablecoin Issuers

The FDIC has issued a Notice of Proposed Rulemaking (NPRM) targeting Bank Secrecy Act and…
May 22, 2026

Leave a Reply

Share