Malzahn Strategic - Minneapolis, MN skyline

Reputational Risk: Assess It or Ignore It?

Reputational Risk: Assess it or ignore it?

Reputational Risk: Assess it or ignore it? On June 23, 2025, the Federal Reserve Board announced that “reputational risk will no longer be a component of examination programs in its supervision of banks.” The SR 95-51 (SUP) letter’s attachment was revised to remove references to reputational risk. The Fed plans to work with the other regulatory agencies, so they change or eliminate language referring to reputational risk in their manuals. This is good news as far as less “pre-judging” against financial institutions that desired to service higher risk businesses. However, institutions cannot ignore this important risk which is impacted by all the other risk categories. Therefore, when conducting your Enterprise Risk Management (ERM) risk assessment, ensure you continue assessing your reputational risk.

What is Reputational Risk?

Reputation risk is the risk to earnings or capital arising from negative public opinion. This affects the institution’s ability to establish new relationships or services or continue servicing existing relationships. This risk can expose the institution to litigation, financial loss, or damage to its reputation. Reputation risk exposure is present throughout the organization and is why institutions have the responsibility to exercise an abundance of caution in dealing with their customers and community.

Your institution’s reputation is all you’ve got! The day you lose your reputation in the community you lose credibility which leads to losing customers and employees. Your institution will cease to exist. And death comes quickly! The Federal Reserve’s statement states: “This change does not alter the Board’s expectation that banks maintain strong risk management to ensure safety and soundness and compliance with law and regulation nor is it intended to impact whether and how Board-supervised banks use the concept of reputational risk in their own risk management practices.” This means, institutions are still responsible for managing their reputational risk.

It’s all about the “M”!

When I was the Chief Risk Officer of the bank, I will never forget the words the head examiner told me. He said, “It’s all about the ‘M’ in the CAMELS rating.” In other words, examiners will always look at the Board’s and management’s ability to manage and control risk. Examiners rate institutions on the qualitative and quantitative aspects of the institution’s overall process for identifying, measuring, monitoring, and controlling risk. The other important aspect is for the institution to facilitate appropriate follow up action. Getting a “finding” on an exam is bad. This is a violation of any of the applicable banking regulations or of your own policies. But when examiners give you a “repeat violation,” your institution loses credibility and they implement stronger enforcement actions. No more grace. Unfortunately, sometimes there are external factors that are out of management’s control. Therefore, they focus on the risk management process.

Other Risk Categories

Lack of, or deficiencies in internal controls and inadequate separation of duties can contribute to unsafe and unsound practices. These practices, if systemic, can then lead to significant losses and compromise the financial integrity of the institution. You immediately incur reputational risk. Below are all the risk categories that can impact your Reputation Risk:

  1. Credit
  2. Liquidity
  3. Interest Rate Risk (IRR)
  4. Capital
  5. Earnings
  6. Strategic
  7. Operational
  8. Technology
  9. Compliance/Regulatory & Legal
  10. Human Resources
  11. Model

Conclusion

All these risk categories are interrelated and if your institution experiences one risk, it immediately impacts a second category and sometimes multiple risk categories. Your ERM Risk Assessment should assess each risk category to have a comprehensive risk assessment at the highest level. The goal is to arrive at your institution’s top risks to ensure you have mitigating strategies to address each top risk.

Reputational Risk: Assess it or ignore it? Ensure you continue assessing your Reputational Risk along with the other important risk categories. Don’t ignore it. Without your reputation intact, there is nothing left. Your customers will suffer and your community will also experience the consequences.

Ready for Takeoff

Ready for Takeoff

Ready for Takeoff? An Enterprise Risk Management Guide for Bank CEOs As a bank CEO, you are the pilot of a complex and dynamic aircraft—your institution. Just like an airplane pilot must ensure everything is in order before takeoff, you too must confirm that all aspects of your bank are ready for the journey ahead. This involves meticulous planning, adherence to regulations, assembling the right team, and preparing for potential challenges.

While the consequences of an airplane disaster differ from a bank failure, both scenarios significantly impact lives daily.

Let’s delve into the critical components and a straightforward “risk assessment” that ensure a successful flight:

The Right Crew

Your crew is pivotal to your bank’s success. Imagine your First Officer as your Senior Leadership Team. Are they prepared to step up if needed? Have they received the proper training, and has it been tested?

Consider the flight attendants—equivalent to your tellers, customer service representatives, universal bankers, personal bankers, and business development officers. Are they delivering top-notch customer service? What about your ground crew, representing your operations teams, credit administration, compliance, audit, risk, technology, and human resources? Are they efficient in their behind-the-scenes roles, ensuring smooth operations and customer satisfaction?

A successful airline crew works harmoniously, striving to be the best. Similarly, your bank’s employees must be proud of their roles and work together towards the common goal of being a top-tier institution.

The Right Processes

Processes are the backbone of both aviation and banking. Does every team member follow their specific job checklist? Are potential risks mitigated? For instance, has your bank passed its safety inspections and regulatory checks? Are employees up-to-date with their training, especially concerning new technologies and cybersecurity?

A pilot’s attention to weather and procedures before takeoff is akin to your focus on the bank’s environment and regulatory landscape. Rigorous processes ensure both planes and banks operate safely and efficiently.

The Right Services

In-flight services can make or break a passenger’s experience. Does your in-flight crew prepare adequately to ensure customer satisfaction? Similarly, your bank must offer services that meet your customers’ needs. Are you providing a range of products and services that cater to your clients?

Consider the marketing of your flights—are you promoting your bank’s offerings effectively? Just as airlines need to align their services with passenger expectations, your bank must continuously evolve to meet customer demands.

The Right Passengers

Passenger management is crucial for airlines, especially regarding those seated in the exit rows. They must be capable and willing to assist in emergencies. Likewise, in banking, you must ensure you have the right customers in key positions—your Centers of Influence (COIs). These are the clients who can bring new business, deposits, or serve on advisory boards.

Having the right passengers—or customers—ensures that in times of need, your bank can rely on them for support.

Translating the Analogy to Banking

In our analogy:

  • The pilot is you, the CEO.
  • The copilot or First Officer represents the bank’s Senior Leadership Team.
  • The flight attendants are your front-line employees—tellers, customer service reps, etc.
  • The ground crew includes your operations, compliance, risk, and other behind-the-scenes teams.
  • The passengers are your customers.

While a pilot’s responsibility is for passengers’ lives, a CEO’s responsibility extends to their customers’ livelihoods. Here’s a checklist to ensure your bank is “Ready for Takeoff”:

  • Do you have the right staff in place?
  • Is there a succession plan?
  • Are your employees continually trained on their roles, new technologies, and cybersecurity?
  • Is your bank safe and sound?
  • Are your COIs effectively placed to help grow and sustain the bank?
  • Are you effectively marketing your products and services?
  • Is your bank prepared for potential disasters?

As a bank CEO, this analogy aims to help you ask the right questions about risk management. Think of your bank holistically and understand how managing risk and enhancing the customer experience are intertwined. As you implement new strategic objectives, keep these questions in mind. Your goal is to confidently say, “Ready for takeoff,” ensuring your crew is prepared, your customers are satisfied, and your bank is secure, guiding you toward your vision.

As always, we’re here to help

Books by Marcia Malzahn