Proposed Rule2025-19715
Prohibition on Use of Reputation Risk by Regulators
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
October 30, 2025
Issuing agencies
Treasury DepartmentComptroller of the CurrencyFederal Deposit Insurance Corporation
Abstract
The Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) (collectively, the agencies) are issuing a notice of proposed rulemaking to codify the elimination of reputation risk from their supervisory programs. Among other things, the proposed rule would prohibit the agencies from criticizing or taking adverse action against an institution on the basis of reputation risk. The proposed rule would also prohibit the agencies from requiring, instructing, or encouraging an institution to close an account, to refrain from providing an account, product, or service, or to modify or terminate any product or service on the basis of a person or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of politically disfavored but lawful business activities perceived to present reputation risk.
Full Text
<html>
<head>
<title>Federal Register, Volume 90 Issue 208 (Thursday, October 30, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 208 (Thursday, October 30, 2025)]
[Proposed Rules]
[Pages 48825-48835]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-19715]
�========================================================================
�Proposed Rules
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains notices to the public of
�the proposed issuance of rules and regulations. The purpose of these
�notices is to give interested persons an opportunity to participate in
�the rule making prior to the adoption of the final rules.
�
�========================================================================
�
��Federal Register / Vol. 90, No. 208 / Thursday, October 30, 2025 /
Proposed Rules��
[[Page 48825]]
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
12 CFR Parts 1, 4, and 30
[Docket ID OCC-2025-0142]
RIN 1557-AF34
FEDERAL DEPOSIT INSURANCE CORPORATION
12 CFR Parts 302 and 364
RIN 3064-AG12
Prohibition on Use of Reputation Risk by Regulators
AGENCY: Office of the Comptroller of the Currency, Treasury, and
Federal Deposit Insurance Corporation.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: The Office of the Comptroller of the Currency (OCC) and the
Federal Deposit Insurance Corporation (FDIC) (collectively, the
agencies) are issuing a notice of proposed rulemaking to codify the
elimination of reputation risk from their supervisory programs. Among
other things, the proposed rule would prohibit the agencies from
criticizing or taking adverse action against an institution on the
basis of reputation risk. The proposed rule would also prohibit the
agencies from requiring, instructing, or encouraging an institution to
close an account, to refrain from providing an account, product, or
service, or to modify or terminate any product or service on the basis
of a person or entity's political, social, cultural, or religious views
or beliefs, constitutionally protected speech, or solely on the basis
of politically disfavored but lawful business activities perceived to
present reputation risk.
DATES: Comments must be received on or before December 29, 2025.
ADDRESSES: Comments should be directed to the agencies as follows:
OCC: Commenters are encouraged to submit comments through the
Federal eRulemaking Portal. Please use the title ``Prohibition on Use
of Reputation Risk by Regulators'' to facilitate the organization and
distribution of the comments. You may submit comments by any of the
following methods:
<bullet> Federal eRulemaking Portal--<a href="http://Regulations.gov">Regulations.gov</a>:
Go to <a href="https://regulations.gov/">https://regulations.gov/</a>. Enter Docket ID ``OCC-2025-0142''
in the Search Box and click ``Search.'' Public comments can be
submitted via the ``Comment'' box below the displayed document
information or by clicking on the document title and then clicking the
``Comment'' box on the top-left side of the screen. For help with
submitting effective comments, please click on ``Commenter's
Checklist.'' For assistance with the <a href="http://Regulations.gov">Regulations.gov</a> site, please call
1-866-498-2945 (toll free) Monday-Friday, 9 a.m.-5 p.m. EST, or email
<a href="/cdn-cgi/l/email-protection#2b594e4c5e474a5f42444558434e475b4f4e58406b4c584a054c445d"><span class="__cf_email__" data-cfemail="61130406140d0015080e0f1209040d110504120a210612004f060e17">[email protected]</span></a>.
<bullet> Mail: Chief Counsel's Office, Attention: Comment
Processing, Office of the Comptroller of the Currency, 400 7th Street
SW, Suite 3E-218, Washington, DC 20219.
<bullet> Hand Delivery/Courier: 400 7th Street SW, Suite 3E-218,
Washington, DC 20219.
Instructions: You must include ``OCC'' as the agency name and
Docket ID ``OCC-2025-0142'' in your comment. In general, the OCC will
enter all comments received into the docket and publish the comments on
the <a href="http://Regulations.gov">Regulations.gov</a> website without change, including any business or
personal information provided such as name and address information,
email addresses, or phone numbers. Comments received, including
attachments and other supporting materials, are part of the public
record and subject to public disclosure. Do not include any information
in your comment or supporting materials that you consider confidential
or inappropriate for public disclosure.
You may review comments and other related materials that pertain to
this action by the following method:
<bullet> Viewing Comments Electronically--<a href="http://Regulations.gov">Regulations.gov</a>:
Go to <a href="https://regulations.gov/">https://regulations.gov/</a>. Enter Docket ID ``OCC-2025-0142''
in the Search Box and click ``Search.'' Click on the ``Dockets'' tab
and then the document's title. After clicking the document's title,
click the ``Browse All Comments'' tab. Comments can be viewed and
filtered by clicking on the ``Sort By'' drop-down on the right side of
the screen or the ``Refine Comments Results'' options on the left side
of the screen. Supporting materials can be viewed by clicking on the
``Browse Documents'' tab. Click on the ``Sort By'' drop-down on the
right side of the screen or the ``Refine Results'' options on the left
side of the screen checking the ``Supporting & Related Material''
checkbox. For assistance with the <a href="http://Regulations.gov">Regulations.gov</a> site, please call 1-
866-498-2945 (toll free) Monday-Friday, 9 a.m.-5 p.m. EST, or email
<a href="/cdn-cgi/l/email-protection#9deff8fae8f1fce9f4f2f3eef5f8f1edf9f8eef6ddfaeefcb3faf2eb"><span class="__cf_email__" data-cfemail="ee9c8b899b828f9a8781809d868b829e8a8b9d85ae899d8fc0898198">[email protected]</span></a>.
The docket may be viewed after the close of the comment period in
the same manner as during the comment period.
FDIC: You may submit comments to the FDIC, identified by RIN 3064-
AG12, by any of the following methods:
<bullet> Agency Website: <a href="https://www.fdic.gov/federal-register-publications">https://www.fdic.gov/federal-register-publications</a>. Follow instructions for submitting comments on the FDIC's
website.
<bullet> Email: <a href="/cdn-cgi/l/email-protection#f794989a9a92998384b7b1b3beb4d9909881"><span class="__cf_email__" data-cfemail="fb989496969e958f88bbbdbfb2b8d59c948d">[email protected]</span></a>. Include RIN 3064-AG12 in the
subject line of the message.
<bullet> Mail: Jennifer M. Jones, Deputy Executive Secretary,
Attention: Comments--RIN 3064-AG12, Federal Deposit Insurance
Corporation, 550 17th Street NW, Washington, DC 20429.
<bullet> Hand Delivery/Courier: Comments may be hand-delivered to
the guard station at the rear of the 550 17th Street NW building
(located on F Street NW) on business days between 7 a.m. and 5 p.m.
Public Inspection: Comments received, including any personal
information provided, may be posted without change to <a href="https://www.fdic.gov/federal-register-publications">https://www.fdic.gov/federal-register-publications</a>. Commenters should submit
only information they wish to make available publicly. The FDIC may
review, redact, or refrain from posting all or any portion of any
comment that it may deem to be inappropriate for publication, such as
irrelevant or obscene material. The FDIC may post only a single
representative example of identical or substantially identical
comments, and in such cases will generally identify the number of
identical or substantially identical comments represented by the posted
example. All comments that have been redacted, as well as those that
have not been posted, that contain comments on
[[Page 48826]]
the merits of this notice will be retained in the public comment file
and will be considered as required under all applicable laws. All
comments may be accessible under the Freedom of Information Act.
FOR FURTHER INFORMATION CONTACT:
OCC: Jonathan Fink, Director, Bank Advisory, Joanne Phillips,
Counsel, or Collin Berger, Attorney, Chief Counsel's Office, (202) 649-
5490, Office of the Comptroller of the Currency, 400 7th Street SW,
Washington, DC 20219. If you are deaf, hard of hearing or have a speech
disability, please dial 7-1-1 to access telecommunications relay
services.
FDIC: Legal Division: Sheikha Kapoor, Assistant General Counsel,
(202) 898-3960; James Watts, Counsel, (202) 898-6678.
SUPPLEMENTARY INFORMATION:
I. Background and Policy Objectives
The agencies believe that banking regulators' use of the concept of
reputation risk as a basis for supervisory criticisms increases
subjectivity in banking supervision without adding material value from
a safety and soundness perspective. Although the agencies recognize the
importance of a bank's reputation, most activities that could
negatively impact an institution's reputation do so through traditional
risk channels (e.g., credit risk, market risk, and operational risk,
among others) on which supervisors already focus and already have
sufficient authority to address. At the same time, supervising for
reputation risk as a standalone risk adds substantial subjectivity to
bank supervision and can be abused. It also diverts bank and agency
resources from more salient risks without adding material value from a
safety and soundness perspective. To improve the efficiency and
effectiveness of their supervisory programs, the agencies have removed
reputation risk from their supervisory frameworks and are proposing to
codify this change in relevant regulations. This change would also
respond to concerns expressed in Executive Order 14331, Guaranteeing
Fair Banking for All Americans,\1\ that the use of reputation risk can
be a pretext for restricting law-abiding individuals' and businesses'
access to financial services on the basis of political or religious
beliefs or lawful business activities.
---------------------------------------------------------------------------
\1\ 90 FR 38925 (Aug. 7, 2025).
---------------------------------------------------------------------------
The agencies' supervisory experience has shown that the use of
reputation risk in the supervisory process does not increase the safety
and soundness of supervised institutions because supervisors have
little ability to predict ex ante whether or how certain activities or
customer relationships present reputation risks that could threaten the
safety and soundness of an institution.\2\ In contrast, risks like
credit risk and liquidity risk are more concrete and measurable and
allow examiners to more objectively assess a banking institution's
financial condition. Assessments of these risks may reflect perceptions
of a bank's financial condition consistent with objective principles.
Conversely, an independent consideration of reputation risk by
examiners has not resulted in consistent or predictable assessments of
material financial risk. Instead, by focusing on reputation risk, the
agencies have instructed examiners to attempt to map events to public
opinion and then public opinion to an institution's condition in ways
that have proven nearly impossible to assess or quantify with accuracy.
The agencies' attempts to identify reputation risks and their potential
effects on institutions have not resulted in increased safety for
supervised institutions as supervisors have not been able to accurately
predict the public's reaction to business decisions made by
institutions.
---------------------------------------------------------------------------
\2\ In carrying out its responsibility, the OCC has refined its
examination program based on more than 160 years of experience
supervising financial institutions and monitoring developments in
the financial industry. In the late 1980s and the 1990s, the OCC and
other financial regulators shifted toward supervision frameworks
that were organized by particular risks. In 1995, the OCC launched
an examination program it called ``supervision by risk'' that led to
the current risk-based supervision approach to examinations. In the
supervision by risk program, the OCC focused on nine categories of
risk: credit risk, interest rate risk, liquidity risk, price risk,
foreign exchange risk, transaction risk, compliance risk, strategic
risk, and reputation risk. The program later morphed into the OCC's
current risk-based framework, which focuses on eight risk
categories, with transaction risk renamed as operational risk and
foreign exchange risk eliminated as a stand-alone risk. This risk-
based supervision program focuses on evaluating risk, identifying
existing and emerging problems, and ensuring that bank management
takes corrective action to address problems before a bank's safety
and soundness is compromised. Similarly, as regulators shifted
toward risk-based supervision in the 1990s, the FDIC added
references to reputation risk to manuals and guidance, and
supervisors cited reputation risk in formal and informal enforcement
actions in subsequent years. Generally, the FDIC's supervision
framework has evaluated a variety of risks, such as liquidity risk,
interest rate risk, operational risk, and reputational risk.
---------------------------------------------------------------------------
In other words, there is no clear evidence that interference in
banks' activities or relationships in the interest of protecting the
banks' reputations has protected banks from losses or improved banks'
performances.
In addition to not enhancing safety and soundness, focusing on
reputation risk can distract institutions and the agencies from
devoting resources to managing core financial risks--such as credit
risk, liquidity risk, and interest rate risk--that are quantifiable and
have been shown to present significant threats to institutions.
Monitoring requires dedicated resources. For example, in order to
confront such risks, institutions frequently purchase expensive risk-
monitoring models that must be maintained, implement detailed loan
review programs, hire expensive outside advisers, and provide time-
intensive training for staff. Parallel to these actions by
institutions, the agencies have limited resources and a responsibility
to use these resources in an efficient and productive manner in
furtherance of their statutory responsibilities. In the judgment of the
agencies, examining for reputation risk diverts resources that could be
better spent on other risks that have been shown to present
significant, tangible threats to institutions and that are more easily
quantified and addressed through regulatory intervention.
Moreover, the agencies' use of reputation risk in reaching
supervisory conclusions introduces subjectivity and unpredictability
into the agencies' judgments. Regardless of how much the agencies
refine their supervisory approaches to reflect differences among
institutions, agency supervision more effectively fosters safe and
sound banking when supervised institutions have a reasonable
expectation of how the agencies would evaluate an activity. The
agencies have not clearly explained how banks should measure the
reputation risk from different activities, business partners, or
clients, nor have the agencies clearly articulated the criteria for
which activities, business partners, or clients are deemed to present
reputation risk. Without clear standards, the agencies' supervision for
reputation risk has been inconsistent and has at times reflected
individual perspectives rather than data-driven conclusions. Different
stakeholders may have different perspectives on how such activities or
relationships impact an institution's reputation, if at all, which
creates unpredictability and inconsistency for regulated entities.
Additionally, the subjective nature of supervisory decisions about
reputation risk introduces the potential for political or other biases
into the supervisory process. Thus, supervisory judgments about
reputation risk can create subjective regulatory interference in day-
to-day business decisions that are better left to the judgment of the
regulated institutions. Given the
[[Page 48827]]
difficulty of measuring reputation risk in an accurate and precise way,
it is inappropriate for the agencies' supervisors to examine supervised
institutions against this risk.
More importantly, when a supervised institution alters its behavior
to comply with supervisory expectations relating to reputation risk
management, such as by closing an account or choosing not to enter into
or continue a business relationship with a customer that it would
otherwise maintain, it is forgoing an opportunity to maintain or build
a profitable business relationship that may otherwise be consistent
with sound risk management practice. Accordingly, the agencies' past
practice of encouraging supervised institutions to alter their behavior
due to reputation risk may have adversely impacted institutions'
earnings, capital positions, and safety and soundness. In this way, the
agencies' prior focus on reputation risk may have caused supervised
institutions to be less safe and sound than had they been permitted to
engage in lawful business activities without these limitations
resulting from supervisory expectations surrounding reputation risk.
In addition, examining for reputation risk can result in agency
examiners implicitly or explicitly encouraging institutions to restrict
access to banking services on the basis of examiners' personal views of
a group's or individual's political, social, cultural, or religious
views or beliefs, constitutionally protected speech, or politically
disfavored but lawful business activities. This can result in unfair
treatment of different groups and impermissible restrictions on a
group's or individual's ability to access financial services. This
practice can also result in distortions to industries and the U.S.
economy, as the agencies' examiners use reputation risk to choose
winners and losers among market participants and industries.
Moreover, even if reputation risk could be quantified, the agencies
lack evidence that reputation risk, in the absence of identified
financial or operational risks, is a factor that can hurt an
institution's safety and soundness. While there are examples of risks
like credit risk and liquidity risk being the primary driver of an
institution's unsafe or unsound condition, the agencies have not seen
evidence that reputation risk can be the primary driver of an
institution being in unsafe or unsound condition. When reputational
issues are identified as a root cause of harm that has impacted a
supervised institution's financial condition, there are typically other
more significant factors, such as those relating to the institution's
capital, asset quality, liquidity, earnings, or interest rate
sensitivity, that are the primary drivers of the institution's weakened
financial condition. The OCC's supervision is required by law to focus
on the safety and soundness of its institutions and compliance with
laws and regulations as well as, as applicable, fair access to
financial services and fair treatment of customers.\3\ The FDIC is
responsible for the supervision and examination of state nonmember
banks, including for safety and soundness principles.\4\ In furtherance
of these objectives, the agencies' supervision should focus on concrete
risks and objective criteria directly related to applicable statutory
requirements. In the agencies' experience, using reputation risk in its
supervisory process does not further this mission.
---------------------------------------------------------------------------
\3\ 12 U.S.C. 1.
\4\ See 12 U.S.C. 1811 et seq. The FDIC also insures the
deposits of insured depository institutions and manages
receiverships of failed depository institutions.
---------------------------------------------------------------------------
II. Description of the Proposed Rule and Changes
Based on the above-described supervisory experience and the
ineffectiveness of using reputation risk to improve the safety and
soundness of supervised institutions, the agencies have removed
reputation risk from their supervisory frameworks and are proposing to
codify this change in relevant regulations. This proposed rule would be
a regulation as defined in section 5 of Executive Order 14192. The
proposed rule would be a significant regulatory action for the purposes
of Executive Order 12866. The proposed elimination of reputation risk
supervision is deregulatory.
Under 12 U.S.C. 1(a), the OCC is charged with assuring the safety
and soundness of, and compliance with laws and regulations, fair access
to financial services, and fair treatment of customers by, the
institutions and other persons subject to its jurisdiction. Similarly,
the FDIC has statutory authority to administer the affairs of the
Corporation, which includes a framework for banking supervision.\5\
Further, the FDIC's Board of Directors has the authority to prescribe
rules and regulations as it may deem necessary to carry out the
provisions of the Federal Deposit Insurance Act,\6\ and the OCC is
authorized to prescribe rules and regulations to carry out the
responsibilities of the office.\7\
---------------------------------------------------------------------------
\5\ See 12 U.S.C. 1819(a), 1820(a).
\6\ 12 U.S.C. 1819(a)(Tenth), 1820(g).
\7\ 12 U.S.C. 93a.
---------------------------------------------------------------------------
Based on these authorities, the subjectivity of reputation risk,
the inefficacy of reputational risk at identifying risks to safety and
soundness or other statutory mandates, and the potential for regulatory
overreach and abuse, the agencies have removed reputation risk from
their supervisory frameworks and are proposing regulations to codify
this change in relevant regulations. The proposed rule would not alter
or affect the ability of an institution to make business decisions
regarding its customers or third-party arrangements and to manage them
effectively, consistent with safety and soundness and compliance with
applicable laws.
The proposed rule would prohibit the agencies from criticizing,
formally or informally, or taking adverse action against an institution
on the basis of reputation risk. In addition, under the proposal, the
agencies would be prohibited from requiring, instructing, or
encouraging an institution or its employees to refrain from contracting
with or to terminate or modify a contract with a third party, including
an institution-affiliated party, on the basis of reputation risk. The
agencies also could not require, instruct, or encourage an institution
or its employees to refrain from doing business with or to terminate or
modify a business relationship with a third party, including an
institution-affiliated party, on the basis of reputation risk. The
proposed rule would also prevent the agencies from requiring,
instructing, or encouraging an institution to enter into a contract or
business relationship with a third party on the basis of reputation
risk. The proposed rule would further prohibit the agencies from
requiring, instructing, or encouraging an institution or an employee of
an institution to terminate a contract with, discontinue doing business
with, or modify the terms under which it will do business with a person
or entity on the basis of the person's or entity's political, social,
cultural, or religious views or beliefs, constitutionally protected
speech, or solely on the basis of the third party's involvement in
politically disfavored but lawful business activities perceived to
present reputation risk.
This prohibition would not affect requirements intended to prohibit
or reject transactions or accounts associated with Office of Foreign
Assets Control-sanctioned persons, entities, or jurisdictions. Such
prohibitions and rejections would not be based specifically on ``the
person's or entity's political, social, cultural, or religious views or
beliefs, constitutionally protected speech, or politically
[[Page 48828]]
disfavored but lawful business activities perceived to present
reputation risk.'' The prohibition also does not affect the agencies'
authority to enforce the requirements of the provisions of United
States Code title 31, chapter 53, subchapter II regarding reporting on
monetary transactions.\8\ However, due to the broad nature of Bank
Secrecy Act (BSA) \9\ and anti-money laundering (AML) supervision,
there is a risk that BSA/AML focused supervisory actions could
indirectly address reputation risk. The proposal would prohibit
supervisors from using BSA and anti-money laundering concerns as a
pretext for reputation risk. In addition, although the agencies would
continue to consider the statutory factors required with respect to
certain applications,\10\ the proposal would prohibit supervisors from
using these provisions as a pretext for reputation risk, as described
in this proposal, in making determinations regarding such applications.
---------------------------------------------------------------------------
\8\ 15 U.S.C. 5311 et seq.
\9\ Id.
\10\ See, e.g., 12 U.S.C. 1816 (requiring the FDIC to consider,
among other things, the ``general character and fitness of the
management of the depository institution'' in an application for
deposit insurance); 12 U.S.C. 1817(j)(2)(B) (requiring the agencies
to ``conduct an investigation of the competence, experience,
integrity, and financial ability of each person named'' as a
proposed acquirer of an institution following a notice of a proposed
change in control of a depository institution).
---------------------------------------------------------------------------
``Adverse action,'' as defined by the proposed rule, would include
the provision of negative feedback, including feedback in a report of
examination, a memorandum of understanding, verbal feedback, or an
enforcement action. Furthermore, ``action'' encompasses any action of
any agency employee, including any communication characterized as
informal, preliminary, or not approved by agency officials or senior
staff. A downgrade (or contribution to a downgrade) of any supervisory
rating, including a rating assigned under the Uniform Financial
Institutions Rating System or comparable rating system, also would
constitute an ``adverse action'' under the proposed rule. In addition,
a downgrade (or contribution to a downgrade) of a rating under the
Uniform Interagency Consumer Compliance Rating System or the Uniform
Rating System for Information Technology, or any other rating system,
would also constitute an ``adverse action'' under the proposed rule.
Further, a denial of a filing or licensing application or an imposition
of a capital requirement above the minimum ratios would constitute an
``adverse action'' under the proposed rule, as would any burdensome
requirements placed on an approval, the introduction of additional
approval requirements, or any other heightened requirements on an
activity or change.
The agencies are also including a general ``catch-all'' for any
other actions that could negatively impact the institution outside of
traditional supervisory channels. This catch-all is meant to include
actions such as supervisory decisions on applications for waivers
outside of the normal licensing or filing channels, applications to
engage in certain business activities for which supervisory permission
is required, or other regulatory decisions affecting institutions.
Intent is the defining characteristic for whether an agency-action
would fall into this catch-all provision. As an illustration of agency
actions that would be subject to this prohibition, the prohibition
would prevent the agencies from, for example: disapproving a proposed
member of a board of directors on the basis of an unsubstantiated
pretense where the true reason is reputation risk, denying a waiver of
bank director citizenship and residency requirements for the purpose of
inducing a bank to address perceived reputation risk somewhere in the
bank's operations, or disapproving a change of control notice because a
bank lacks internal reputation risk controls. Agency actions subject to
this prohibition would also include negative feedback that is verbal, a
condition attached to an approval, the introduction of new approval
requirements, and any other heightened requirements that are intended
to force the bank to address perceived reputation risk.
The term ``doing business with'' in the proposed rule is intended
to be construed broadly and to include business relationships both with
bank clients and with third-party service providers. It is also
intended to include the relationship of a bank with organizations or
individuals that the bank is providing with charitable services,
including as part of a community benefits agreement or as part of a
Community Reinvestment Act plan. This term is intended to include both
existing business relationships and prospective business relations.
The term ``institution-affiliated party'' has the same meaning as
in section 3 of the Federal Deposit Insurance Act.\11\
---------------------------------------------------------------------------
\11\ Public Law 81-797, 64 Stat. 873 (codified at 12 U.S.C.
1813(u)).
---------------------------------------------------------------------------
The proposed rule would define ``reputation risk'' as the risk,
regardless of how the risk is labeled by the institution or by the
agencies, that an action or activity, or combination of actions or
activities, or lack of actions or activities, of an institution could
negatively impact public perception of the institution for reasons
unrelated to the current or future financial condition of the
institution. This definition is intended to include not just risks that
the agencies or the institution identify as ``reputation risks,'' but
any similar risk based around concerns regarding the public's
perception of the institution beyond the scope of other risks in the
agencies' supervisory frameworks. This definition is not intended to
capture risks posed by public perceptions of the institution's current
or future financial condition because such perceptions relate to risks
other than reputation risk. For example, public perceptions that a bank
has insufficient liquidity and therefore is susceptible to a bank run
would not be considered reputation risk.
The prohibitions of the proposed rule would apply to actions taken
on the basis of reputation risk; political, social, cultural, or
religious views and beliefs; constitutionally protected speech; or
solely based on bias against politically disfavored but lawful business
activities perceived to present reputation risk. The proposed rule
would not prohibit criticism, supervisory feedback, or other actions to
address traditional risk channels related to safety and soundness and
compliance with applicable laws, including credit risk, market risk,
and operational risk (including cybersecurity, information security,
and illicit finance), provided that such criticism, supervisory
feedback or other actions addressing these other risks is not a pretext
by examiners aimed at reputation risk.
Under the proposed rule, the OCC would make seven conforming
amendments to the OCC's regulations to eliminate references to
reputation risk. These conforming amendments would be made in (1) the
list of risks a national bank shall consider, as appropriate, as set
out in 12 CFR part 1 of the OCC regulations; \12\ and (2) the safety
and soundness standards set forth in 12 CFR part 30 of the OCC
regulations, including the OCC guidelines.\13\ The
[[Page 48829]]
OCC regulations at 12 CFR part 30 would include six conforming
amendments.\14\
---------------------------------------------------------------------------
\12\ 12 CFR 1.5(a). The OCC added reputation risk between the
proposal and finalization of the regulation. See 60 FR 66157, 66161
(Dec. 21, 1995); 61 FR 63980, 63985 (Dec. 2, 1996).
\13\ 12 CFR part 30, appendices B, C, D, and E. The OCC and
other agencies jointly issued supplement A to appendix B pursuant to
15 U.S.C. 6801 and then-existing guidance. 70 FR 15737 (Mar. 29,
2005). Fifteen U.S.C. 6801(b) requires each relevant agency to
establish appropriate standards, but it does not require joint
issuances or references to reputation risk. The OCC issued appendix
C pursuant to 12 U.S.C. 1831p-1, which allows the prescription of
several types of standards but does not refer to reputation risk.
See 70 FR 6329 (Feb. 7, 2005); 12 U.S.C. 1831p-1. Appendix C
includes three references to reputation risk. The OCC issued
appendices D and E pursuant to 12 U.S.C. 1831p-1 in furtherance of
the goals of the Dodd-Frank Wall Street Reform and Consumer
Protection Act of 2010, Public Law 111-203, 124 Stat. 1376. 79 FR
54518 (Sept. 11, 2014); 81 FR 66792 (Sept. 29, 2016).
\14\ The proposal would not change 12 CFR 3.101(b) where a
definition excludes reputation risk.
---------------------------------------------------------------------------
Regulations codified in 12 CFR part 41 of the OCC regulations and
12 CFR part 334 of the FDIC's regulations refer to reputation risk
concerning certain identity theft prevention programs required by the
Fair and Accurate Credit Transactions Act of 2003.\15\ However, by
statute, guidelines and regulations for these programs must occur
jointly across certain federal agencies,\16\ so no conforming amendment
is suggested for 12 CFR part 41 or 12 CFR part 334. The OCC and FDIC
are considering making changes to 12 CFR parts 41 and 334,
respectively, in a separate, joint rulemaking in the future. Until that
separate, joint rulemaking occurs, the agencies expect to exercise
their discretion in enforcing 12 CFR parts 41 and 334 by using agency
resources to assess compliance without regard to reputation risk.
---------------------------------------------------------------------------
\15\ Public Law 108-159, 117 Stat. 1952 (codified at 15 U.S.C.
1681-1681x); see 12 CFR 41.90(b)(3)(ii); see also 12 CFR
334.90(b)(3)(ii).
\16\ See 15 U.S.C. 1681m(e); 72 FR 63720 (Nov. 9, 2007)
(discussing the definition that refers to reputation risk and
linking it to 15 U.S.C. 1681m(e)).
---------------------------------------------------------------------------
Under the proposed rule, the FDIC would make one conforming
amendment to the FDIC's regulations relating to reputation risk. This
amendment would be made in the safety and soundness standards set forth
in 12 CFR part 364 of the FDIC's regulations.\17\ The proposed rule
would eliminate the reference to reputation risk in the regulation.
---------------------------------------------------------------------------
\17\ 12 CFR part 364.
---------------------------------------------------------------------------
III. Request for Comments and Use of Plain Language
The agencies seek comment on all aspects of the proposed rule,
including the following:
1. Do commenters believe the enumerated prohibitions capture the
types of actions that add undue subjectivity to bank supervision? If
there are other prohibitions that would be warranted, please identify
such prohibitions and explain.
2. Is the definition of ``adverse action'' in the proposed rule
sufficiently clear? Should the definition be broader or narrower? Are
there other types of agency actions that should be included in the list
of ``adverse actions?'' Does the catch-all provision at the end of the
definition of ``adverse action'' appropriately capture any agency
action that is intended to punish or discourage banks on the basis of
perceived reputation risk? Is such catch-all provision sufficiently
clear?
3. Are commenters aware of any other uses of reputation risk in
supervision or in the agencies' regulations that should be addressed in
this rule? If so, please describe such uses and their effects on
institutions.
4. Do commenters believe the definition of ``reputation risk''
should be broadened or narrowed? If so, how should the definition be
broadened or narrowed? Please provide the reasoning to support any
suggested changes.
5. Do commenters understand what is meant by the phrase ``solely on
the basis of the third party's involvement in lawful business
activities that are perceived to present reputation risk?'' Could the
agencies word this prohibition more clearly? Should the word ``solely''
be included? Would it be better to say ``solely or partially?''
6. Are there alternatives to the proposed rule that would better
achieve the agencies' objective? If so, please describe any such
alternatives.
7. Are there changes to the proposed rule that would help restrict
the agencies' ability to evade the rule's requirements, including
evasion through mislabeling a risk or through using alternative adverse
actions? Is there other anti-evasion language that should be included?
8. The proposed definition of ``reputation risk'' includes risks
that could negatively impact public perception of an institution for
reasons unrelated to the financial condition of the institution. Should
this be broadened to include reasons unrelated to the financial or
operational condition of the institution?
9. Should the list of relationships that would constitute ``doing
business with'' include additional types of relationships?
10. Does the removal of reputation risk create any other unintended
consequences for the agencies or their supervised institutions?
11. Would the proposed rule have any costs, benefits, or other
effects that the agencies have not identified? If so, please describe
any such costs, benefits, or other effects.
Additionally, section 722 of the Gramm-Leach-Bliley Act \18\
requires the federal banking agencies to use plain language in all
proposed and final rules published after January 1, 2000. The agencies
have sought to present the proposed rule in a simple and
straightforward manner, and invite comment on the use of plain
language. For example:
---------------------------------------------------------------------------
\18\ Public Law 106-102, sec. 722, 113 Stat. 1338, 1471 (1999);
12 U.S.C. 4809.
---------------------------------------------------------------------------
12. Have the agencies organized the material to suit your needs? If
not, how could the agencies present the proposed rule more clearly?
13. Are the requirements in the proposed rule clearly stated? If
not, how could the proposed rule be more clearly stated?
14. Do the regulations contain technical language or jargon that is
not clear? If so, which language requires clarification?
15. Would a different format (grouping and order of sections, use
of headings, paragraphing) make the regulation easier to understand? If
so, what changes would achieve that?
16. Would more, but shorter, sections be better? If so, which
sections should be changed?
What other changes can the agencies incorporate to make the
regulation easier to understand?
IV. Expected Effects
OCC:
A. Background
As previously discussed, to improve the efficiency and
effectiveness of their supervisory programs, the agencies are proposing
revising their supervisory frameworks to remove reputation risk. The
proposed rule would prohibit the OCC from criticizing or taking adverse
actions (broadly defined) against an institution on the basis of
reputation risk. The proposed rule would define ``reputation risk'' as
the risk, regardless of how the risk is labeled by the institution or
by the agencies, that an action or activity, or combination of actions
or activities, or lack of actions or activities, of an institution
could negatively impact public perception of the institution for
reasons unrelated to the financial condition of the institution. The
proposed rule would also prohibit the agencies from requiring,
instructing, or encouraging an institution or any employee of an
institution to terminate a contract with, discontinue doing business
with, sign a contract with, initiate doing business with, modify the
terms under which it will do business with a person or entity,
[[Page 48830]]
or take any action or refrain from taking any action on the basis of
the person's or entity's political, social, cultural, or religious
views or beliefs or solely on the basis of the person's or entity's
involvement in lawful business activities perceived to present
reputational risk. The proposed rule would not prohibit criticism,
supervisory feedback, or other actions to address traditional risk
channels related to safety and soundness and compliance with applicable
laws, including credit risk, market risk, and operational risk
(including cybersecurity, information security, and illicit finance),
provided that such criticism, supervisory feedback or other actions
addressing these other risks is not a pretext by examiners aimed at
reputational risk.
Under the proposed rule, the OCC would make seven conforming
amendments to the OCC's regulations relating to reputation risk. These
conforming amendments would be made in (1) the list of risks a national
bank shall consider, as appropriate, as set out in 12 CFR part 1 of the
OCC regulations; and (2) the safety and soundness standards set forth
in 12 CFR part 30 of the OCC regulations.
B. Current Legal and Regulatory Baselines
There are two regulatory baselines that may be assessed. Under the
first baseline, on March 20, 2025, the OCC issued OCC Bulletin 2025-4
wherein the OCC issued guidance that removed references to banks'
reputation risk from its ``Comptroller's Handbook'' booklets and
guidance issuances. In addition, the OCC instructed its examiners that
they should no longer examine for reputation risk.
Therefore, under this first legal and regulatory baseline, the OCC
already discontinued reputation risk-based supervision since March
2025, and the proposed rule would create a formal legal mandate to
remove reputation risk from OCC supervision. Effectively, there would
be no additional burden, and therefore no compliance costs since
reputation risk would not be examined effective with OCC Bulletin 2025-
4. Any cost savings would be de minimis since references to bank's
reputation risk were already removed, per OCC Bulletin 2025-4.
Under the second baseline, which considers the scenario absent OCC
Bulletin 2025-4, however, the OCC would have continued to supervise
institutions for reputation risk.
C. Parties Affected by the Proposal
1. OCC-Regulated Entities Affected by the Rule
The OCC currently supervises 1,017 national banks, Federal savings
associations, trust companies and Federal branches and agencies of
foreign banks (collectively, banks).\19\ Because all OCC-regulated
banks and institutions were subject to reputation risk assessments, the
proposed rule would affect all 1,017 institutions supervised.
---------------------------------------------------------------------------
\19\ Based on OCC internal Financial Institution Data Retrieval
System (FINDRS) with data as of August 1, 2025.
---------------------------------------------------------------------------
2. Other Parties
Because the proposed rule aims to remove the influence of the
agencies' reputation risk assessments on institutions' customer
relationships, we conclude that the proposed rule could potentially
affect all OCC-regulated institutions' current and future customers.
D. Costs and Benefits
1. Cost Savings From Decreased Regulatory Compliance Burden
While the proposed rule does not address regulated institutions'
internal practices of how to address reputation risk, the OCC expects
that the proposed rule would, nonetheless, result in a decrease in
regulated institutions' costs primarily through reduced regulatory
compliance burden, relative to the second baseline. The OCC would no
longer examine for reputation risk nor issue any related adverse
supervisory actions. In turn, institutions would no longer have to
engage in reputation risk examinations and respond to any related
adverse supervisory actions. The OCC estimates that the cost savings
could be significant depending on the level of effort an institution
put forth to prepare for reputation risk examinations. Although the OCC
is unable to thoroughly quantify cost savings due to decreased
regulatory compliance burden, the OCC notes that there is a non-trivial
percentage of Matters Requiring Attention (MRAs) that mentioned
``reputation risk.'' The table below calculates the percentage of MRA-
related text summaries that mentioned the word ``reputation'' from all
available summaries. The table \20\ shows that 12.42 percent of MRAs
mentioned ``reputation risk'' in 2024. While many of these MRAs were
not solely due to reputation risk, given the persistence and increased
occurrence of reputation risk in MRAs, one could expect that removing
reputation risk would result in significant cost savings for
institutions that had to respond to reputation risk-related MRAs.
---------------------------------------------------------------------------
\20\ We measure the compliance burden by calculating the
percentage of recent MRAs that mentioned reputation risk prior to
the release of OCC Bulletin 2025-4.
----------------------------------------------------------------------------------------------------------------
Year Without reputation With reputation Total
----------------------------------------------------------------------------------------------------------------
2017.......................................... 95.66 4.34 100
2018.......................................... 90.06 9.94 100
2019.......................................... 91.16 8.84 100
2020.......................................... 90.06 9.94 100
2021.......................................... 87.23 12.77 100
2022.......................................... 88.63 11.37 100
2023.......................................... 88.87 11.13 100
2024.......................................... 87.58 12.42 100
----------------------------------------------------------------------------------------------------------------
2. Benefits From Increased Business Opportunities
The impact of the proposed rule on OCC-regulated institutions
depends significantly on the extent to which the OCC may have changed
regulated institutions' behavior in response to the OCC's expectation
in managing reputation risk, relative to the second baseline. On the
one hand, the OCC's expectations in managing reputation risk may not
have been binding; regulated institutions may internally perceive
reputation risk as an important aspect in maintaining or growing their
customer base.
On the other hand, the OCC's expectations in managing reputation
risk may have caused changes in institutions' behavior in response to
reputation risk concerns by encouraging institutions to refrain from
and/or
[[Page 48831]]
terminate existing customer relationships. A consequence of the OCC's
actions could have been preventing banks from entering into or
continuing profitable business relationships with law-abiding customers
that banks would have maintained in the absence of OCC expectations.
Indeed, in 2016 the House passed the Financial Institution Customer
Protection Act,\21\ which was meant to address alleged abuses by
Federal banking regulators that pressured financial institutions to
terminate services for legal businesses based solely on ``reputational
risk.''
---------------------------------------------------------------------------
\21\ The bill never became law because it was not passed in the
Senate.
---------------------------------------------------------------------------
While Sachdeva et al.\22\ show that targeted banks decreased
lending to and terminated relationships with affected firms that were
deemed controversial, results suggest that the firms substituted credit
through nontargeted banks under similar terms. As such, targeted credit
rationing did not substantially change the performance of the affected
firms. However, even though it did not substantially affect the
performance of the affected firms, the affected firms nonetheless had
to incur search costs and burden in finding alternatives.
---------------------------------------------------------------------------
\22\ See Kunal Sachdeva et al., Defunding Controversial
Industries: Can Targeted Credit Rationing Choke Firms?, 172 J. Fin.
Econ. 104133 (2025).
---------------------------------------------------------------------------
We conclude that the proposed rule should benefit customers by
formally eliminating reputation risk related regulatory restrictions
and constraints on their business relationships because the proposed
rule would decrease the search costs and burden associated with finding
alternatives. Additionally, we conclude that the proposed rule should
benefit regulated institutions by eliminating constraints on
relationships related to reputation risk that would otherwise be
profitable.
3. Benefits From Less Subjective Supervision
One additional benefit from the removal of reputation risk is
greater consistency and objectivity of supervisory decisions, relative
to the second baseline. This in turn, would increase the predictability
for regulated institutions to understand and manage regulators'
supervisory expectations.
In our analysis, we attempted to quantitatively compare the
subjectivity of OCC supervisory text that mentions or does not mention
the word ``reputation.'' In our analysis, we use standard natural
language processing algorithms \23\ to calculate a subjectivity score
for individual OCC supervisory texts. The supervisory text includes
descriptions of significant supervisory events and MRA text
descriptions that we also utilized in section D.1 of this document. We
calculate the subjectivity score for each individual text document, and
the scores range from 0 to 1 and scores closer to 1 are indicative of
more subjective text.
---------------------------------------------------------------------------
\23\ Specifically, we used the Python TextBlob package, which
calculates a subjectivity score based on the text provided.
---------------------------------------------------------------------------
For the significant supervisory event text data, we calculated an
average subjectivity score of 0.41 for text that mentions reputation
and an average score of 0.28 for supervisory event text that does not
mention reputation. For the MRA text data, we calculated average
subjectivity scores of 0.43 and 0.33 from text that mentions and does
not mention reputation, respectively.
FDIC:
This analysis utilizes all regulations and guidance applicable to
FDIC-supervised insured depository institutions (IDIs), as well as
information on the financial condition of IDIs as of the quarter ending
March 31, 2025, as the baseline to which the effects of the proposed
rule are estimated.
If adopted, the proposed regulations would indirectly benefit FDIC-
supervised IDIs or associated persons to the extent they would have
been the subject of an adverse action or prohibition against certain
business relationships by the agencies on the basis of reputation risk;
political, social, cultural, or religious views and beliefs;
constitutionally protected speech; or politically disfavored but lawful
business activities perceived to present reputation risk. This benefit
would occur as the IDI or associated person would avoid any costs
associated with such adverse actions or prohibitions. Additionally, the
improved efficiency and effectiveness of the FDIC's supervisory
programs may also indirectly benefit covered IDIs. Further, IDIs may
incur some voluntary costs associated with making changes to their
compliance policies and procedures. As of the quarter ending March 31,
2025, the FDIC supervised 2,835 IDIs.\24\ The FDIC does not have the
information necessary to quantify number of instances, or the
associated costs, where an IDI or person was subject to a covered
adverse action or prohibition against certain business relationships.
Nor does the FDIC have the information necessary to quantify the number
of IDIs that might make changes to their compliance policies and
procedures. However, the FDIC believes that such instances are very
infrequent, based on their supervisory experience. The FDIC believes
that the aggregate economic effect of any such indirect benefits or
costs is unlikely to be substantive.
---------------------------------------------------------------------------
\24\ Call Report data, March 31, 2025.
---------------------------------------------------------------------------
The FDIC invites comments on all aspects of this analysis. In
particular, would the proposed rule have any costs or benefits that the
agencies have not identified?
V. Regulatory Analysis
Paperwork Reduction Act
The Paperwork Reduction Act of 1995 \25\ (PRA) states that no
agency may conduct or sponsor, nor is the respondent required to
respond to, an information collection unless it displays a currently
valid Office of Management and Budget (OMB) control number. The
agencies have reviewed this proposed rule and determined that it does
not create any information collection or revise any existing collection
of information. Accordingly, no PRA submissions to OMB will be made
with respect to this proposed rule.
---------------------------------------------------------------------------
\25\ 44 U.S.C. 3501-3521.
---------------------------------------------------------------------------
Regulatory Flexibility Act
OCC:
In general, the Regulatory Flexibility Act (RFA) \26\ requires an
agency, in connection with a proposed rule, to prepare an initial
regulatory flexibility analysis describing the impact of the rule on
small entities (defined by the U.S. Small Business Administration (SBA)
for purposes of the RFA to include commercial banks and savings
institutions with total assets of $850 million or less and trust
companies with total assets of $47 million or less). However, under
section 605(b) of the RFA, this analysis is not required if an agency
certifies that the proposed rule would not have a significant economic
impact on a substantial number of small entities and publishes its
certification and a short explanatory statement in the Federal Register
along with its proposed rule.
---------------------------------------------------------------------------
\26\ 5 U.S.C. 601 et seq.
---------------------------------------------------------------------------
The OCC currently supervises approximately 609 small entities, all
of which may be impacted by the proposed rule.\27\ In general, the OCC
classifies the
[[Page 48832]]
economic impact on an individual small entity as significant if the
total estimated impact in one year is greater than 5 percent of the
small entity's total annual salaries and benefits or greater than 2.5
percent of the small entity's total non-interest expense. Furthermore,
the OCC considers 5 percent or more of OCC-supervised small entities to
be a substantial number. Thus, at present, 30 OCC-supervised small
entities would constitute a substantial number.
---------------------------------------------------------------------------
\27\ We base our estimate of the number of small entities on the
SBA's size thresholds for commercial banks and savings institutions,
and trust companies, which are $850 million and $47 million,
respectively. Consistent with the General Principles of Affiliation,
13 CFR 121.103(a), we count the assets of affiliated financial
institutions when determining if we should classify an OCC-
supervised institution as a small entity. We use December 31, 2024,
to determine size because a ``financial institution's assets are
determined by averaging the assets reported on its four quarterly
financial statements for the preceding year.'' See footnote 8 of the
SBA's Table of Size Standards.
---------------------------------------------------------------------------
Under the baseline with OCC Bulletin 2025-4, the proposed rule
would have a de minimis effect on small entities. Under the baseline
absent OCC Bulletin 2025-4, the proposed rule would affect all small
OCC-regulated entities and would therefore affect a significant number
of small entities. However, because the proposed rule would result in
significant cost savings for all OCC-regulated institutions, the OCC
expects the proposed rule would not have a significant adverse impact
on small entities. Thus, the OCC finds that the proposed rule would not
have a significant economic impact on a substantial number of OCC-
supervised small entities under either baseline.
FDIC:
The RFA generally requires an agency, in connection with a proposed
rule, to prepare and make available for public comment an initial
regulatory flexibility analysis that describes the impact of the
proposed rule on small entities.\28\ However, an initial regulatory
flexibility analysis is not required if the agency certifies that the
proposed rule will not, if promulgated, have a significant economic
impact on a substantial number of small entities. The SBA has defined
``small entities'' to include banking organizations with total assets
of less than or equal to $850 million.\29\ Generally, the FDIC
considers a significant economic impact to be a quantified effect in
excess of 5 percent of total annual salaries and benefits or 2.5
percent of total noninterest expenses. The FDIC believes that effects
in excess of one or more of these thresholds typically represent
significant economic impacts for FDIC-supervised institutions. As
discussed further below, the FDIC certifies that the proposed rule, if
adopted, would not have a significant economic impact on a substantial
number of FDIC-supervised small entities.
---------------------------------------------------------------------------
\28\ 5 U.S.C. 601 et seq.
\29\ The SBA defines a small banking organization as having $850
million or less in assets, where an organization's ``assets are
determined by averaging the assets reported on its four quarterly
financial statements for the preceding year.'' See 13 CFR 121.201
(as amended by 87 FR 69118, effective December 19, 2022). In its
determination, the ``SBA counts the receipts, employees, or other
measure of size of the concern whose size is at issue and all of its
domestic and foreign affiliates.'' See 13 CFR 121.103. Following
these regulations, the FDIC uses an IDI's affiliated and acquired
assets, averaged over the preceding four quarters, to determine
whether the insured depository institution is ``small'' for the
purposes of the RFA.
---------------------------------------------------------------------------
The proposed rule would, if adopted, apply only to the activities
of the FDIC. As such, this rule would not impose any obligations on
FDIC-supervised entities, and FDIC-supervised entities would not need
to take any action in response to this rule. Therefore, the FDIC
certifies that the proposed rule, if adopted, would not have a
significant economic impact on a substantial number of FDIC-supervised
small entities because proposed rule would not have any direct effect
on the public or FDIC-supervised institutions.
The FDIC invites comments on all aspects of the supporting
information provided in this RFA section. The FDIC is particularly
interested in comments on any significant effects on small entities
that the agency has not identified.
Unfunded Mandates Reform Act
The OCC has analyzed the proposed rule under the factors in the
Unfunded Mandates Reform Act of 1995 (UMRA).\30\ Under this analysis,
the OCC considered whether the proposed rule includes a Federal mandate
that may result in the expenditure by State, local, and tribal
governments, in the aggregate, or by the private sector, of $100
million or more in any one year ($187 million as adjusted annually for
inflation). Pursuant to section 202 of the UMRA,\31\ if a proposed rule
meets this UMRA threshold, the OCC would need to prepare a written
statement that includes, among other things, a cost-benefit analysis of
the proposal.
---------------------------------------------------------------------------
\30\ 2 U.S.C. 1531 et seq.
\31\ 2 U.S.C. 1532.
---------------------------------------------------------------------------
The OCC estimates that the proposal would not require additional
expenditure from OCC-regulated entities. As noted earlier, there would
likely be a decrease in expenditures due to the removal of compliance
mandates, resulting in cost savings. The OCC's estimated UMRA cost is
$0. Therefore, the OCC finds that the proposed rule does not trigger
the UMRA cost threshold. Accordingly, the OCC has not prepared the
written statement described in section 202 of the UMRA.
Riegle Community Development and Regulatory Improvement Act of 1994
Pursuant to section 302(a) of the Riegle Community Development and
Regulatory Improvement Act (RCDRIA) of 1994,\32\ in determining the
effective date and administrative compliance requirements for new
regulations that impose additional reporting, disclosure, or other
requirements on insured depository institutions, the OCC and FDIC must
consider, consistent with principles of safety and soundness and the
public interest (1) any administrative burdens that the final rule
would place on depository institutions, including small depository
institutions and customers of depository institutions and (2) the
benefits of the final rule. This rulemaking would not impose any
reporting, disclosure, or other requirements on insured depository
institutions. Therefore, section 302(a) does not apply to this final
rule.
---------------------------------------------------------------------------
\32\ 12 U.S.C. 4802(a).
---------------------------------------------------------------------------
Providing Accountability Through Transparency Act of 2023
The Providing Accountability Through Transparency Act of 2023 \33\
requires that a notice of proposed rulemaking include the internet
address of a summary of not more than 100 words in length of a proposed
rule, in plain language, that shall be posted on the internet website
<a href="http://www.regulations.gov">www.regulations.gov</a>.
---------------------------------------------------------------------------
\33\ 5 U.S.C. 553(b)(4).
---------------------------------------------------------------------------
The OCC and FDIC propose codifying the elimination of the use of
reputation risk from their risk-based supervisory frameworks. The
proposal would prohibit the agencies from forcing an institution to
refrain from contracting or doing business with an individual or entity
or to terminate, modify, or initiate a contract or business
relationship on the basis of reputation risk. The agencies also could
not force an institution to terminate a contract or discontinue or
modify a business relationship on the basis of an individual's or
entity's political, social, cultural, or religious views or beliefs,
constitutionally protected speech, or lawful business activities.
The proposal and required summary can be found for the OCC at
<a href="https://www.regulations.gov">https://www.regulations.gov</a> by searching for Docket ID OCC-2025-0142
and <a href="https://occ.gov/topics/laws-and-regulations/occ-regulations/proposed-issuances/index-proposed-issuances.html">https://occ.gov/topics/laws-and-regulations/occ-regulations/proposed-issuances/index-proposed-issuances.html</a>, and for the FDIC at
<a href="https://www.fdic.gov/resources/regulations/federal-register-publications/index.html#">https://www.fdic.gov/resources/regulations/federal-register-publications/index.html#</a>.
[[Page 48833]]
Executive Order 12866 (as Amended)
Executive Order 12866, titled ``Regulatory Planning and Review,''
as amended, requires the Office of Information and Regulatory Affairs
(OIRA), OMB, to determine whether a proposed rule is a ``significant
regulatory action'' prior to the disclosure of the proposed rule to the
public. If OIRA finds the proposed rule to be a ``significant
regulatory action,'' Executive Order 12866 requires the OCC to conduct
a cost-benefit analysis of the proposed rule and for OIRA to conduct a
review of the proposed rule prior to publication in the Federal
Register. Executive Order 12866 defines a ``significant regulatory
action'' to mean a regulatory action that is likely to (1) have an
annual effect on the economy of $100 million or more or adversely
affect in a material way the economy, a sector of the economy,
productivity, competition, jobs, the environment, public health or
safety, or State, local, or tribal governments or communities; (2)
create a serious inconsistency or otherwise interfere with an action
taken or planned by another agency; (3) materially alter the budgetary
impact of entitlements, grants, user fees, or loan programs or the
rights and obligations of recipients thereof; or (4) raise novel legal
or policy issues arising out of legal mandates, the President's
priorities, or the principles set forth in Executive Order 12866.
OIRA has determined that this proposed rule is a significant
regulatory action under section 3(f)(1) of Executive Order 12866 and,
therefore, is subject to review under Executive Order 12866. The OCC's
analysis conducted in connection with Executive Order 12866 is included
above under the ``Expected Impacts'' section of this document. The
FDIC's analysis conducted in connection with Executive Order 12866 is
also included above under the ``Expected Effects'' section of this
document.
Executive Order 14192
Executive Order 14192, titled ``Unleashing Prosperity Through
Deregulation,'' requires that an agency, unless prohibited by law,
identify at least 10 existing regulations to be repealed when the
agency publicly proposes for notice and comment or otherwise
promulgates a new regulation with total costs greater than zero.
Executive Order 14192 further requires that new incremental costs
associated with new regulations shall, to the extent permitted by law,
be offset by the elimination of existing costs associated with at least
10 prior regulations. Under either baselines with OCC Bulletin 2025-4
or absent the OCC Bulletin 2025-4, this proposed rule is a deregulatory
action under Executive Order 14192 because it results in potential cost
savings for OCC-supervised institutions.
List of Subjects
12 CFR Part 1
Banks, Banking, National banks, Reporting and recordkeeping
requirements, Securities.
12 CFR Part 4
Administrative practice and procedure, Freedom of information,
Individuals with disabilities, Minority businesses, Organization and
functions (Government agencies), Reporting and recordkeeping
requirements, Women.
12 CFR Part 30
Administrative practice and procedure, National banks, Reporting
and recordkeeping requirements.
12 CFR Part 302
Administrative practice and procedure, Banks, Banking.
12 CFR Part 364
Banks, Banking, Information.
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
12 CFR Chapter I
Authority and Issuance
For the reasons set forth in the preamble, the OCC proposes to
amend parts 1, 4, and 30 of chapter I of title 12 of the Code of
Federal Regulations as follows:
PART 1--INVESTMENT SECURITIES
0
1. The authority citation for part 1 continues to read as follows:
Authority: 12 U.S.C. 1 et seq., 24 (Seventh), and 93a.
Sec. 1.5 [Amended]
0
2. In Sec. 1.5, amend paragraph (a) by removing the phrase
``compliance, strategic, and reputation risks'' and adding in its place
the phrase ``compliance, and strategic risks''.
PART 4--ORGANIZATION AND FUNCTIONS, AVAILABILITY AND RELEASE OF
INFORMATION, CONTRACTING OUTREACH PROGRAM, POST-EMPLOYMENT
RESTRICTIONS FOR SENIOR EXAMINERS
0
3. The authority citation for part 4 continues to read as follows:
Authority: 5 U.S.C. 301, 552; 12 U.S.C. 1, 93a, 161, 481, 482,
484(a), 1442, 1462a, 1463, 1464 1817(a), 1818, 1820, 1821, 1831m,
1831p-1, 1831o, 1833e, 1867, 1951 et seq., 2601 et seq., 2801 et
seq., 2901 et seq., 3101 et seq., 3401 et seq., 5321, 5412, 5414; 15
U.S.C. 77uu(b), 78q(c)(3); 18 U.S.C. 641, 1905, 1906; 29 U.S.C.
1204; 31 U.S.C. 5318(g)(2), 9701; 42 U.S.C. 3601; 44 U.S.C. 3506,
3510; E.O. 12600 (3 CFR, 1987 Comp., p. 235).
0
4. Add subpart G, consisting of Sec. 4.91, to read as follows:
Subpart G--Enforcement and Supervision Standards
Sec.
4.91 Prohibition on use of reputation risk.
Subpart G--Enforcement and Supervision Standards
Sec. 4.91 Prohibition on use of reputation risk.
(a) The OCC will not criticize, formally or informally, or take
adverse action against an institution on the basis of reputation risk.
(b) The OCC will not require, instruct, or encourage an
institution, or any employee of an institution, to:
(1) Refrain from contracting or doing business with a third party,
including an institution-affiliated party, on the basis of reputation
risk;
(2) Terminate a contract or discontinue doing business with a third
party, including an institution-affiliated party, on the basis of
reputation risk;
(3) Sign a contract or initiate doing business with a third-party,
including an institution-affiliated party, on the basis of reputation
risk; or
(4) Modify the terms or conditions under which it contracts or does
business with a third party, including an institution-affiliated party,
on the basis of reputation risk.
(c) The OCC will not require, instruct, or encourage an
institution, or any employee of an institution, to terminate a contract
with, discontinue doing business with, sign a contract with, initiate
doing business with, modify the terms under which it will do business
with a person or entity, or take any action or refrain from taking any
action on the basis of the person's or entity's political, social,
cultural, or religious views or beliefs, constitutionally protected
speech, or solely on the basis of the person's or entity's involvement
in politically disfavored but lawful business activities perceived to
present reputation risk.
(d) The prohibitions in paragraphs (a) through (c) of this section
only apply to actions taken on the bases described in paragraphs (a)
through (c) of this section, and the prohibition in
[[Page 48834]]
paragraph (c) of this section shall not apply with respect to persons,
entities, or jurisdictions sanctioned by the Office of Foreign Assets
Control.
(e) Nothing in this section shall restrict the OCC's authority to
implement, administer, and enforce the provisions of subchapter II of
chapter 53 of title 31, United States Code.
(f) The OCC will not take any supervisory action or other adverse
action against an institution, a group of institutions, or the
institution-affiliated parties of any institution that is designed to
punish or discourage an individual or group from engaging in any lawful
political, social, cultural, or religious activities, constitutionally
protected speech, or, for political reasons, lawful business activities
that the supervisor disagrees with or disfavors.
(g) The following definitions apply in this section:
Adverse action includes:
(i) Any negative feedback delivered by or on behalf of the OCC to
the supervised institution, including in a report of examination or a
formal or informal enforcement action;
(ii) A downgrade, or contribution to a downgrade, of any
supervisory rating, including, but not limited to:
(A) Any rating under the Uniform Financial Institutions Rating
System (or any comparable rating system);
(B) Any rating under the Uniform Interagency Consumer Compliance
Rating System;
(C) Any rating under the Uniform Rating System for Information
Technology; and
(D) Any rating under any other rating system;
(iii) A denial of a licensing application;
(iv) Inclusion of a condition on any licensing application or other
approval;
(v) Imposition of additional approval requirements;
(vi) Any other heightened requirements on an activity or change;
(vii) Any adjustment of the institution's capital requirement; and
(viii) Any action that negatively impacts the institution, or an
institution-affiliated party, or treats the institution differently
than similarly situated peers.
Doing business with means:
(i) The bank providing any product or service, including account
services;
(ii) The bank contracting with a third party for the third party to
provide a product or service;
(iii) The bank providing discounted or free products or services to
customers or third parties, including charitable activities;
(iv) The bank entering into, maintaining, modifying, or terminating
an employment relationship; or
(v) Any other similar business activity that involves a bank client
or a third party.
Institution means an entity for which the OCC makes or will make
supervisory or licensing determinations either solely or jointly.
Institution-affiliated party means the same as in section 3 of the
Federal Deposit Insurance Act (12 U.S.C. 1813(u)).
Reputation risk means any risk, regardless of how the risk is
labeled by the institution or regulators, that an action or activity,
or combination of actions or activities, or lack of actions or
activities, of an institution could negatively impact public perception
of the institution for reasons not clearly and directly related to the
financial condition of the institution.
PART 30--SAFETY AND SOUNDNESS STANDARDS
0
5. The authority citation for part 30 continues to read as follows:
Authority: 12 U.S.C. 1, 93a, 371, 1462a, 1463, 1464, 1467a,
1818, 1828, 1831p-1, 1881-1884, 3102(b) and 5412(b)(2)(B); 15 U.S.C.
1681s, 1681w, 6801, and 6805(b)(1).
Appendix B, Supplement A [Amended]
0
6. Amend appendix B to part 30, supplement A, section III, Customer
Notice, by removing ``Timely notification of customers is important to
manage an institution's reputation risk. Effective'' and adding in its
place ``Timely and effective''.
Appendix C to Part 30 [Amended]
0
7. Amend appendix C to part 30 by:
0
a. In section I, Introduction, paragraph (i), removing ''
reputation,'';
0
b. In section I, Introduction, paragraph (vi), removing the sentence
``For example, national banks and Federal savings associations should
exercise appropriate diligence to minimize potential reputation risks
when they undertake to act as trustees in mortgage securitizations.'';
and
0
c. In section II, Standards for Residential Mortgage Lending Practices,
paragraph II(B)(1), removing '' reputation,''.
Appendix D to Part 30 [Amended]
0
8. Amend appendix D to part 30, subsection II, Standards for Risk
Governance Framework, paragraph (B), by removing the phrase
``compliance risk, strategic risk, and reputation risk'' and adding in
its place the phrase ``compliance risk, and strategic risk''.
Appendix E to Part 30 [Amended]
0
9. Amend appendix E to part 30, section II, Recovery Plan, paragraph
(B)(4)(b) by removing ``, including reputational impact''.
FEDERAL DEPOSIT INSURANCE CORPORATION
12 CFR Chapter III
Authority and Issuance
For the reasons set forth in the preamble, the FDIC proposes to
amend parts 302 and 364 of chapter III of title 12 of the Code of
Federal Regulations as follows:
PART 302--REGULATIONS GOVERNING BANK SUPERVISION
0
10. The authority citation for part 302 continues to read as follows:
Authority: 5 U.S.C. 552, 12 U.S.C. 1818, 1819(a) (Seventh and
Tenth), 1831p-1.
0
11. Revise the heading for part 302 as set forth above.
0
12. Add a heading for subpart A, consisting of Sec. Sec. 302.1, 302.2,
and 302.3, to read as follows:
Subpart A--Use of Supervisory Guidance
0
13. Add subpart B, consisting of Sec. 302.100, to read as follows:
Subpart B--Prohibition on Use of Reputation Risk by Regulators
Sec.
302.100 Prohibitions.
Subpart B--Prohibition on Use of Reputation Risk by Regulators
Sec. 302.100 Prohibitions.
(a) The FDIC will not criticize, formally or informally, or take
adverse action against an institution on the basis of reputation risk.
(b) The FDIC will not require, instruct, or encourage an
institution, or any employee of an institution, to:
(1) Refrain from contracting or doing business with a third party,
including an institution-affiliated party, on the basis of reputation
risk;
(2) Terminate a contract or discontinue doing business with a third
party, including an institution-affiliated party, on the basis of
reputation risk;
(3) Sign a contract or initiate doing business with a third-party,
including an institution-affiliated party, on the basis of reputation
risk; or
(4) Modify the terms or conditions under which it contracts or does
business with a third party, including an institution-affiliated party,
on the basis of reputation risk.
[[Page 48835]]
(c) The FDIC will not require, instruct, or encourage an
institution, or any employee of an institution, to terminate a contract
with, discontinue doing business with, sign a contract with, initiate
doing business with, modify the terms under which it will do business
with a person or entity, or take any action or refrain from taking any
action on the basis of the person's or entity's political, social,
cultural, or religious views or beliefs, constitutionally protected
speech, or solely on the basis of the person's or entity's involvement
in politically disfavored but lawful business activities perceived to
present reputation risk.
(d) The prohibitions in paragraphs (a) through (c) of this section
only apply to actions taken on the bases described in paragraphs (a)
through (c) of this section, and the prohibition in paragraph (c) of
this section shall not apply with respect to persons, entities, or
jurisdictions sanctioned by the Office of Foreign Assets Control.
(e) Nothing in this section shall restrict the FDIC's authority to
implement, administer, and enforce the provisions of subchapter II of
chapter 53 of title 31, United States Code.
(f) The FDIC will not take any supervisory action or other adverse
action against an institution, a group of institutions, or the
institution-affiliated parties of any institution that is designed to
punish or discourage an individual or group from engaging in any lawful
political, social, cultural, or religious activities, constitutionally
protected speech, or, for political reasons, lawful business activities
that the supervisor disagrees with or disfavors.
(g) The following definitions apply in this section:
Adverse action includes:
(i) Any negative feedback delivered by or on behalf of the FDIC to
the supervised institution, including in a report of examination or a
formal or informal enforcement action;
(ii) A downgrade, or contribution to a downgrade, of any
supervisory rating, including, but not limited to:
(A) Any rating under the Uniform Financial Institutions Rating
System (or any comparable rating system);
(B) Any rating under the Uniform Interagency Consumer Compliance
Rating System;
(C) Any rating under the Uniform Rating System for Information
Technology;
(D) Any rating under any other rating system;
(iii) A denial of a filing pursuant to 12 CFR part 303 of the
FDIC's regulations;
(iv) Inclusion of a condition on a deposit insurance application or
other approval;
(v) Imposition of additional approval requirements;
(vi) Any other heightened requirements on an activity or change;
(vii) Any adjustment of the institution's capital requirement; and
(viii) Any action that negatively impacts the institution, or an
institution-affiliated party, or treats the institution differently
than similarly situated peers.
Doing business with means:
(i) The bank providing any product or service, including account
services;
(ii) The bank contracting with a third party for the third party to
provide a product or service;
(iii) The bank providing discounted or free products or services to
customers or third parties, including charitable activities;
(iv) The bank entering into, maintaining, modifying, or terminating
an employment relationship; or
(v) Any other similar business activity that involves a bank client
or a third party.
Institution means an entity for which the FDIC makes or will make
supervisory determinations or other decisions, either solely or
jointly.
Institution-affiliated party means the same as in section 3 of the
Federal Deposit Insurance Act (12 U.S.C. 1813(u)).
Reputation risk means any risk, regardless of how the risk is
labeled by the institution or regulators, that an action or activity,
or combination of actions or activities, or lack of actions or
activities, of an institution could negatively impact public perception
of the institution for reasons not clearly and directly related to the
financial condition of the institution.
PART 364--STANDARDS FOR SAFETY AND SOUNDNESS
0
14. The authority citation for part 364 continues to read as follows:
Authority: 12 U.S.C. 1818 and 1819(a)(Tenth), 1831p-1; 15
U.S.C. 1681b, 1681s, 1681w, 6801(b), 6805(b)(1).
Appendix B to Part 364 [Amended]
0
15. Amend appendix B to part 364, supplement A, section III, Customer
Notice, by removing ``Timely notification of customers is important to
manage an institution's reputation risk. Effective'' and adding in its
place ``Timely and effective''.
Jonathan V. Gould,
Comptroller of the Currency. Federal Deposit Insurance Corporation.
By order of the Board of Directors.
Dated at Washington, DC, on October 7, 2025.
Jennifer M. Jones,
Deputy Executive Secretary.
[FR Doc. 2025-19715 Filed 10-29-25; 8:45 am]
BILLING CODE 4810-33-6714-01-P
</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>Indexed from Federal Register on October 30, 2025.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.