
Reputational Risk: Assess it or ignore it? On June 23, 2025, the Federal Reserve Board announced that “reputational risk will no longer be a component of examination programs in its supervision of banks.” The SR 95-51 (SUP) letter’s attachment was revised to remove references to reputational risk. The Fed plans to work with the other regulatory agencies, so they change or eliminate language referring to reputational risk in their manuals. This is good news as far as less “pre-judging” against financial institutions that desired to service higher risk businesses. However, institutions cannot ignore this important risk which is impacted by all the other risk categories. Therefore, when conducting your Enterprise Risk Management (ERM) risk assessment, ensure you continue assessing your reputational risk.
What is Reputational Risk?
Reputation risk is the risk to earnings or capital arising from negative public opinion. This affects the institution’s ability to establish new relationships or services or continue servicing existing relationships. This risk can expose the institution to litigation, financial loss, or damage to its reputation. Reputation risk exposure is present throughout the organization and is why institutions have the responsibility to exercise an abundance of caution in dealing with their customers and community.
Your institution’s reputation is all you’ve got! The day you lose your reputation in the community you lose credibility which leads to losing customers and employees. Your institution will cease to exist. And death comes quickly! The Federal Reserve’s statement states: “This change does not alter the Board’s expectation that banks maintain strong risk management to ensure safety and soundness and compliance with law and regulation nor is it intended to impact whether and how Board-supervised banks use the concept of reputational risk in their own risk management practices.” This means, institutions are still responsible for managing their reputational risk.
It’s all about the “M”!
When I was the Chief Risk Officer of the bank, I will never forget the words the head examiner told me. He said, “It’s all about the ‘M’ in the CAMELS rating.” In other words, examiners will always look at the Board’s and management’s ability to manage and control risk. Examiners rate institutions on the qualitative and quantitative aspects of the institution’s overall process for identifying, measuring, monitoring, and controlling risk. The other important aspect is for the institution to facilitate appropriate follow up action. Getting a “finding” on an exam is bad. This is a violation of any of the applicable banking regulations or of your own policies. But when examiners give you a “repeat violation,” your institution loses credibility and they implement stronger enforcement actions. No more grace. Unfortunately, sometimes there are external factors that are out of management’s control. Therefore, they focus on the risk management process.
Other Risk Categories
Lack of, or deficiencies in internal controls and inadequate separation of duties can contribute to unsafe and unsound practices. These practices, if systemic, can then lead to significant losses and compromise the financial integrity of the institution. You immediately incur reputational risk. Below are all the risk categories that can impact your Reputation Risk:
- Credit
- Liquidity
- Interest Rate Risk (IRR)
- Capital
- Earnings
- Strategic
- Operational
- Technology
- Compliance/Regulatory & Legal
- Human Resources
- Model
Conclusion
All these risk categories are interrelated and if your institution experiences one risk, it immediately impacts a second category and sometimes multiple risk categories. Your ERM Risk Assessment should assess each risk category to have a comprehensive risk assessment at the highest level. The goal is to arrive at your institution’s top risks to ensure you have mitigating strategies to address each top risk.
Reputational Risk: Assess it or ignore it? Ensure you continue assessing your Reputational Risk along with the other important risk categories. Don’t ignore it. Without your reputation intact, there is nothing left. Your customers will suffer and your community will also experience the consequences.