Malzahn Strategic - Minneapolis, MN skyline

Reputational Risk: Assess It or Ignore It?

Reputational Risk: Assess it or ignore it?

Reputational Risk: Assess it or ignore it? On June 23, 2025, the Federal Reserve Board announced that “reputational risk will no longer be a component of examination programs in its supervision of banks.” The SR 95-51 (SUP) letter’s attachment was revised to remove references to reputational risk. The Fed plans to work with the other regulatory agencies, so they change or eliminate language referring to reputational risk in their manuals. This is good news as far as less “pre-judging” against financial institutions that desired to service higher risk businesses. However, institutions cannot ignore this important risk which is impacted by all the other risk categories. Therefore, when conducting your Enterprise Risk Management (ERM) risk assessment, ensure you continue assessing your reputational risk.

What is Reputational Risk?

Reputation risk is the risk to earnings or capital arising from negative public opinion. This affects the institution’s ability to establish new relationships or services or continue servicing existing relationships. This risk can expose the institution to litigation, financial loss, or damage to its reputation. Reputation risk exposure is present throughout the organization and is why institutions have the responsibility to exercise an abundance of caution in dealing with their customers and community.

Your institution’s reputation is all you’ve got! The day you lose your reputation in the community you lose credibility which leads to losing customers and employees. Your institution will cease to exist. And death comes quickly! The Federal Reserve’s statement states: “This change does not alter the Board’s expectation that banks maintain strong risk management to ensure safety and soundness and compliance with law and regulation nor is it intended to impact whether and how Board-supervised banks use the concept of reputational risk in their own risk management practices.” This means, institutions are still responsible for managing their reputational risk.

It’s all about the “M”!

When I was the Chief Risk Officer of the bank, I will never forget the words the head examiner told me. He said, “It’s all about the ‘M’ in the CAMELS rating.” In other words, examiners will always look at the Board’s and management’s ability to manage and control risk. Examiners rate institutions on the qualitative and quantitative aspects of the institution’s overall process for identifying, measuring, monitoring, and controlling risk. The other important aspect is for the institution to facilitate appropriate follow up action. Getting a “finding” on an exam is bad. This is a violation of any of the applicable banking regulations or of your own policies. But when examiners give you a “repeat violation,” your institution loses credibility and they implement stronger enforcement actions. No more grace. Unfortunately, sometimes there are external factors that are out of management’s control. Therefore, they focus on the risk management process.

Other Risk Categories

Lack of, or deficiencies in internal controls and inadequate separation of duties can contribute to unsafe and unsound practices. These practices, if systemic, can then lead to significant losses and compromise the financial integrity of the institution. You immediately incur reputational risk. Below are all the risk categories that can impact your Reputation Risk:

  1. Credit
  2. Liquidity
  3. Interest Rate Risk (IRR)
  4. Capital
  5. Earnings
  6. Strategic
  7. Operational
  8. Technology
  9. Compliance/Regulatory & Legal
  10. Human Resources
  11. Model

Conclusion

All these risk categories are interrelated and if your institution experiences one risk, it immediately impacts a second category and sometimes multiple risk categories. Your ERM Risk Assessment should assess each risk category to have a comprehensive risk assessment at the highest level. The goal is to arrive at your institution’s top risks to ensure you have mitigating strategies to address each top risk.

Reputational Risk: Assess it or ignore it? Ensure you continue assessing your Reputational Risk along with the other important risk categories. Don’t ignore it. Without your reputation intact, there is nothing left. Your customers will suffer and your community will also experience the consequences.

Overcoming Objections to Positive Pay Services

Overcoming Objections to Positive Pay Services

By overcoming objections to Positive Pay services, you create a win-win solution for both your customers and your institution. Positive Pay is one of the most valuable Treasury Management solutions your institution offers to businesses to prevent fraud. However, for some Treasury Management Officers (TMOs), it’s the hardest service to sell. Why? Because typically, business customers have five key objections to paying for this valuable service.

The best opportunity to sell Positive Pay to your new business customers is during the prospecting process. Both business bankers and TMOs must understand how this service works and who’s liable if the customer experiences fraud. In this blog, we discuss what the top five objections are and how you, as a salesperson, can overcome those objections.

Customers don’t think that fraud will ever happen to them…until it does.

Just like other accidents, tragedies, or natural disasters, people don’t think it can happen to them… until it does. Experiencing fraud in your accounts – whether personal or business – can feel like the world is ending. It is a horrible experience to live through and it can take even years to recover. Therefore, you need to learn about real life situations where others experienced fraud so you can share with your business customers. The idea is not to instill fear in them but to create awareness.

True Story: A business owner pre-signed checks and left them with the bookkeeper. One day, the business owner had an emergency and called the bookkeeper to pay a specific bill. The bookkeeper was on vacation, so she called her assistant to find the pre-signed checks in her desk drawer. She gave specific instructions to pay the bills, and the assistant did a great job. She paid the bill on time and the crisis was averted. However, she also proceeded to write a check for $3,500 to herself and cashed it. The next week when the business owner discovered that the money was gone from the account, he called the bank. In this instance, the bank was not liable because the customer signed a legitimate check. The customer was out the $3,500. With Positive Pay for checks, he would have found out the very next day and would have stopped the check from being cashed. These are the stories you need to share with customers to encourage them to sign up.

Too expensive.

The next objection is that Positive Pay is too expensive. A monthly fee of $25 to $45 is not expensive compared to the alternative of losing thousands of dollars. In contrast, Positive Pay is one of the most expensive services that institutions pay for. In addition to paying the providers, institutions also have the staff expenses. This is an expensive service to provide for your business customers and you should get paid for it. However, many institutions offer this important and valuable service for free. They claim that the expense of fraud is way higher than the expense to absorb the cost of Positive Pay. While that may be true in some cases, I disagree that it should be given away to customers. It is like a patient needing an MRI telling the doctors that they don’t want to pay for this service because it’s inconvenient and too expensive. Why should doctors give away MRI services when they invest millions of dollars on machinery plus the skilled staff? They shouldn’t and we all know they don’t. We all pay for our own MRI tests when needed.

Business customers need a tool to identify, prevent, and avoid fraud in their accounts. This takes the investment of time and money on their part. Your institution offers this amazing tool plus staff who train them and guide them through the process.

Customers don’t want to spend time uploading the checks issued batch files.

As mentioned above, it takes an effort from both the customers and the institutions to prevent and avoid fraud. If they are not willing to upload the batch of checks or ACH to ensure the institution only pays the authorized payments, then they should be responsible for fraudulent transactions. Many institutions are now requiring customers to sign a “Hold Harmless” or “Waiver” for those who refuse to use the Positive Pay services. When offered with this option from the start, most often they will agree to sign up.

They don’t like to be tied down to approve exceptions by the deadline.

Daily, the system matches the cleared items to the ones sent by the customer. All the “unmatched items” must be reviewed by the customer by a certain time in the morning. The institution does not pay these items unless the customer authorizes them to do so. Business customers need to spend time to approve or reject the checks or ACH transactions that clear daily. Although systems can override the payment authorization, this is unwise and defeats the whole purpose of the service. If customers set the system default to “pay all items without approval,” then they should hold the institution harmless.

Misconception that the bank will be liable for fraudulent checks or ACH transactions.

As shared in the above story, the customer was fully liable for the $3,500 check that was cashed fraudulently. Even then, the business banker wanted to “meet the customer half-way” and have the bank share the customer’s losses. Leadership denied the banker’s suggestion. Although, in this particular case, the customer actually signed a legitimate check, it could have been prevented. In most cases, customers experience true fraud, and it can be avoided by utilizing this Treasury Management service.

The key is education. Institutions must educate business bankers, their customers, and TMOs about Positive Pay. The entire team that services business customers must be knowledgeable about TM services and specifically on Positive Pay. Overcoming objections to Positive Pay services is challenging and it takes time but it’s worth it. The team approach is what will save thousands of dollars to institutions who are serious about preventing fraud and helping their business customers.

Need help with your Institution’s Treasury Management services? Let us know. We’re here to help.

Looking for resources to train your staff on Treasury Management? Our training system, TMClarity, solves your Treasury Management training needs.

Books by Marcia Malzahn