On April 7, 2026, the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC) finalized a joint rule that formally eliminates ‘reputational risk’ as a basis for bank supervision (OCC Bulletin 2026-12; FDIC FIL-13-2026).
While the change may appear technical, it represents a meaningful reset in how regulators expect banks to articulate, document, and defend risk decisions, particularly those involving customer relationships, product offerings, and politically sensitive industries.
For compliance officers, internal auditors, and risk management leaders, this rule is less about removing a risk concept and more about re‑anchoring supervision to objective, defensible safety‑and‑soundness fundamentals.
What Changed And Why It Matters
The final rule explicitly prohibits the FDIC and OCC from criticizing or taking adverse supervisory action against a bank solely on the basis of reputational risk. The agencies define reputational risk as the risk that an activity could negatively impact public perception of the institution for reasons unrelated to the financial or operational condition of the institution.
The rule further prohibits regulators from requiring, instructing, or encouraging an institution to close customer accounts or take other actions based on political, social, cultural, or religious views, constitutionally protected speech, or lawful but politically disfavored business activities.
Why Regulators Stepped Away from Reputational Risk
In issuing the final rule, regulators acknowledged that reputational risk introduces excessive subjectivity into supervision. According to the OCC, reliance on reputational risk increases subjectivity in banking supervision without adding material value from a safety and soundness perspective.
FDIC Board materials echoed this position, noting that most reputational issues emerge through traditional risk channels such as credit, liquidity, operational, or compliance risk areas where examiners already maintain sufficient authority (FDIC Board Memorandum, April 7, 2026).
Comptroller of the Currency Jonathan V. Gould underscored this shift, stating: “Reputation risk is not a sound basis for supervision. Regulators and banks have too often used it as a pretext for decisions that have nothing to do with safety and soundness” (Comptroller Statement, April 7, 2026).
What This Does Not Mean for Banks
The elimination of reputational risk does not relax expectations for strong risk management. Banks remain fully accountable for managing BSA/AML, consumer compliance, credit, concentration, operational, and legal risks. As the FDIC emphasized, reputational harm typically manifests as a result of weaknesses in these foundational risk areas, not as a standalone risk category.
Account Closures, De‑Risking, and the De‑Banking Debate
The agencies were clear that the rule does not prohibit de‑risking. Instead, it addresses concerns that reputational risk was used as a pretext for restricting law‑abiding individuals’ and businesses’ access to financial services. Banks may still exit relationships, but decisions must be grounded in objective, documented risk drivers.
Implications for Compliance, Risk and Internal Audit
This rule elevates the importance of clear risk articulation. Account closures should tie directly to identifiable compliance, credit, or operational risks. Many institutions are revisiting enterprise risk management (ERM) taxonomies and removing reputational risk as a standalone category. Instead, they are treating reputation as an outcome of unmanaged core risk, which is an approach that is consistent with regulatory intent.
What to Expect During Examinations
Supervisory scrutiny remains robust, but regulators have signaled a greater emphasis on transparency and objectivity. As the OCC noted, this change helps clarify that regulators do not make business decisions for banks and strengthens confidence in the supervisory process.
Big Picture Takeaway
This rule reflects a broader effort to discipline bank supervision and center it on measurable fundamentals. For compliance and audit leaders, the message is clear: manage real risk, measure real risk, and document real risk. Public perception alone is no longer a supervisory trigger.
About Schneider Downs Financial Services
The Schneider Downs Financial Services industry group supports financial institutions as they navigate evolving risk, regulatory, and governance challenges. Our professionals work with institutions to strengthen internal audit, risk advisory, and related risk management programs that support sound decision‑making, operational effectiveness, and regulatory expectations.
Through services spanning internal audit, risk advisory, IT risk advisory, third‑party risk management, fraud risk advisory, and enterprise risk and compliance, we help financial institutions design and enhance resilient, risk‑based programs aligned with their strategic objectives and operating environment.
To learn more, visit our Financial Services Industry Group page.
