Rule2026-06947
Prohibition on the Use of Reputation Risk by Regulators
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
April 10, 2026
Effective
June 9, 2026
Issuing agencies
Treasury DepartmentComptroller of the CurrencyFederal Deposit Insurance Corporation
Abstract
The Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation are adopting a final rule to codify the elimination of reputation risk from their supervisory programs. Among other things, the rule prohibits the agencies from criticizing or taking adverse action against an institution on the basis of reputation risk. The rule also prohibits the agencies from requiring, instructing, or encouraging an institution to close an account, to refrain from providing an account, product, or service, or to modify or terminate any product or service on the basis of a person or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of politically disfavored but lawful business activities perceived to present reputation risk. The rule further forbids the agencies from taking any supervisory action or other adverse action against an institution, a group of institutions, or the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities that the agencies or its personnel disagree with or disfavor.
Full Text
<html>
<head>
<title>Federal Register, Volume 91 Issue 69 (Friday, April 10, 2026)</title>
</head>
<body><pre>
[Federal Register Volume 91, Number 69 (Friday, April 10, 2026)]
[Rules and Regulations]
[Pages 18279-18294]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2026-06947]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
12 CFR Parts 1, 4, and 30
[Docket ID OCC-2025-0142]
RIN 1557-AF34
FEDERAL DEPOSIT INSURANCE CORPORATION
12 CFR Parts 302 and 364
RIN 3064-AG12
Prohibition on the Use of Reputation Risk by Regulators
AGENCY: Office of the Comptroller of the Currency, Treasury, and
Federal Deposit Insurance Corporation.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Office of the Comptroller of the Currency and the Federal
Deposit Insurance Corporation are adopting a final rule to codify the
elimination of reputation risk from their supervisory programs. Among
other things, the rule prohibits the agencies from criticizing or
taking adverse action against an institution on the basis of reputation
risk. The rule also prohibits the agencies from requiring, instructing,
or encouraging an institution to close an account, to refrain from
providing an account, product, or service, or to modify or terminate
any product or service on the basis of a person or entity's political,
social, cultural, or religious views or beliefs, constitutionally
protected speech, or solely on the basis of politically disfavored but
lawful business activities perceived to present reputation risk. The
rule further forbids the agencies from taking any supervisory action or
other adverse action against an institution, a group of institutions,
or the institution-affiliated parties of any institution that is
designed to punish or discourage an individual or group from engaging
in any lawful political, social, cultural, or religious activities,
constitutionally protected speech, or, for political reasons, lawful
business activities that the agencies or its personnel disagree with or
disfavor.
DATES: The final rule is effective June 9, 2026.
FOR FURTHER INFORMATION CONTACT:
OCC: Jonathan Fink, Director, Bank Advisory, Joanne Phillips,
Counsel, or Collin Berger, Attorney, Chief Counsel's Office, (202) 649-
5490, Office of the Comptroller of the Currency, 400 7th Street SW,
Washington, DC 20219. If
[[Page 18280]]
you are deaf, hard of hearing, or have a speech disability, please dial
7-1-1 to access telecommunications relay services.
FDIC: Legal Division: Sheikha Kapoor, Assistant General Counsel,
(202) 898-3960; James Watts, Counsel, (202) 898-6678.
SUPPLEMENTARY INFORMATION:
I. Introduction
On October 30, 2025, the Office of the Comptroller of the Currency
(OCC) and the Federal Deposit Insurance Corporation (FDIC)
(collectively, the agencies) published in the Federal Register a notice
of proposed rulemaking \1\ to remove the use of reputation risk from
their supervisory programs. Among other things, the proposed rule would
also have prohibited the agencies from requiring, instructing, or
encouraging an institution to close an account, to refrain from
providing an account, product, or service, or to modify or terminate
any product or service on the basis of a person or entity's political,
social, cultural, or religious views or beliefs, constitutionally
protected speech, or solely on the basis of politically disfavored but
lawful business activities perceived to present reputation risk. The
proposed rule further would have forbidden the agencies from taking any
supervisory action or other adverse action against an institution, a
group of institutions, or the institution-affiliated parties of any
institution that is designed to punish or discourage an individual or
group from engaging in any lawful political, social, cultural, or
religious activities, constitutionally protected speech, or, for
political reasons, lawful business activities that the agencies or its
personnel disagree with or disfavor. Following review of the comments
received on the proposal, the agencies are finalizing the proposed
rule, with minor modifications. The agencies have updated the final
rule's definition of ``reputation risk'' to include an express
reference to the operational condition of the institution. The agencies
have also modified the prohibition on taking supervisory action or
other adverse action designed to punish or discourage lawful business
activities that the ``supervisor'' disagrees with or disfavors. The
agencies have updated this provision to use language broader than
``supervisor'' to clarify that bias from any individual at the agency
is not a permissible basis for agency action.
---------------------------------------------------------------------------
\1\ See ``Prohibition on Use of Reputation Risk by Regulators,''
90 FR 48825 (October 30, 2025).
---------------------------------------------------------------------------
Under 12 U.S.C. 1(a), the OCC is charged with assuring the safety
and soundness of and compliance with laws and regulations, fair access
to financial services, and fair treatment of customers by the
institutions and other persons subject to its jurisdiction. Similarly,
the FDIC has statutory authority to administer the affairs of the
Corporation, which includes a framework for banking supervision.
Further, the FDIC's Board of Directors has the authority to prescribe
rules and regulations as it may deem necessary to carry out the
provisions of the Federal Deposit Insurance Act, and the OCC is
authorized to prescribe rules and regulations to carry out the
responsibilities of the office.
Based on these authorities, the subjectivity of reputation risk,
the inefficacy of reputation risk at identifying risks to safety and
soundness or other statutory mandates, and the potential for regulatory
overreach and abuse, the agencies have removed reputation risk from
their supervisory frameworks and are codifying this change in relevant
regulations.
II. Background
The agencies believe that banking regulators' use of the concept of
reputation risk as a basis for supervisory criticisms increases
subjectivity in banking supervision without adding material value from
a safety and soundness perspective. The agencies believe that most
activities that could negatively impact an institution's reputation do
so through traditional risk channels (e.g., credit risk, market risk,
and operational risk, among others) on which supervisors already focus
and already have sufficient authority to address. At the same time,
supervising for reputation risk as a standalone risk adds substantial
subjectivity to bank supervision and can be abused. It also diverts
bank and agency resources from more salient risks without adding
material value from a safety and soundness perspective or ensuring
greater compliance with the law. To improve the efficiency and
effectiveness of their supervisory programs, the agencies have removed
reputation risk from their supervisory frameworks and are proposing to
codify this change in relevant regulations. This change would also
respond to concerns expressed in Executive Order 14331, Guaranteeing
Fair Banking for All Americans,\2\ that the use of reputation risk can
be a pretext for restricting law-abiding individuals' and businesses'
access to financial services on the basis of political or religious
beliefs or lawful business activities.
---------------------------------------------------------------------------
\2\ 90 FR 38925 (Aug. 12, 2025).
---------------------------------------------------------------------------
The agencies' supervisory experience has shown that the use of
reputation risk in the supervisory process does not increase the safety
and soundness of supervised institutions because supervisors have
little ability to predict ex ante whether or how certain activities or
customer relationships present reputation risks that could threaten the
safety and soundness of an institution.\3\ In contrast, risks like
credit risk and liquidity risk are more concrete and measurable and
allow supervisors to more objectively assess a banking institution's
financial condition. Assessments of these risks reflect perceptions of
a bank's financial condition consistent with objective principles.
Conversely, an independent consideration of reputation risk by
supervisors has not resulted in consistent or predictable assessments
of material financial risk. Instead, by focusing on reputation risk,
supervisors attempt to understand and anticipate public opinion
regarding issues and events and then to attempt to directly connect
this public opinion regarding issues and events to an institution's
condition in ways that have proven nearly impossible to assess or
quantify with accuracy. The agencies' attempts to identify reputation
risks and their potential effects on institutions have not resulted in
increased safety for supervised institutions as supervisors have not
been able to accurately predict
[[Page 18281]]
the public's reaction to business decisions made by institutions.
---------------------------------------------------------------------------
\3\ In carrying out its responsibility, the OCC has refined its
examination program based on more than 160 years of experience
supervising financial institutions and monitoring developments in
the financial industry. In the late 1980s and the 1990s, the OCC and
other financial regulators shifted toward supervision frameworks
that were organized by particular risks. In 1995, the OCC launched
an examination program it called ``supervision by risk'' that led to
the current risk-based supervision approach to examinations. In the
supervision by risk program, the OCC focused on nine categories of
risk: credit risk, interest rate risk, liquidity risk, price risk,
foreign exchange risk, transaction risk, compliance risk, strategic
risk, and reputation risk. The program later morphed into the OCC's
current risk-based framework, which focuses on eight risk
categories, with transaction risk renamed as operational risk and
foreign exchange risk eliminated as a stand-alone risk. This risk-
based supervision program focuses on evaluating risk, identifying
existing and emerging problems, and ensuring that bank management
takes corrective action to address problems before a bank's safety
and soundness is compromised. Similarly, as regulators shifted
toward risk-based supervision in the 1990s, the FDIC added
references to reputation risk to manuals and guidance, and
supervisors cited reputation risk in formal and informal enforcement
actions in subsequent years. Generally, the FDIC's supervision
framework has evaluated a variety of risks, such as liquidity risk,
interest rate risk, operational risk, and reputational risk.
---------------------------------------------------------------------------
In other words, there is no clear evidence that supervisory
interference in banks' activities or relationships in the interest of
protecting the banks' reputations has protected banks from losses or
improved banks' performance.
In addition to not enhancing safety and soundness, focusing on
reputation risk can distract institutions and the agencies from
devoting resources to managing core financial risks--such as credit
risk, liquidity risk, and interest rate risk--that are quantifiable and
have been shown to present significant threats to institutions.
Monitoring requires dedicated resources. For example, in order to
confront such risks, institutions frequently purchase expensive risk-
monitoring models that must be maintained, implement detailed loan
review programs, hire expensive outside advisers, and provide time-
intensive training for staff. Parallel to these actions by
institutions, the agencies have limited resources and a responsibility
to use these resources in an efficient and productive manner in
furtherance of their statutory responsibilities. In the judgment of the
agencies, examining for reputation risk diverts resources that could be
better spent on other risks that have been shown to present
significant, tangible threats to institutions and that are more easily
quantified and addressed through regulatory intervention.
Moreover, the agencies' use of reputation risk in reaching
supervisory conclusions introduces subjectivity and unpredictability
into the agencies' judgments. Agency supervision more effectively
fosters safe and sound banking when supervised institutions have a
reasonable expectation of how the agencies would evaluate an activity.
The agencies have not been able to clearly explain how banks should
measure the reputation risk from different activities, business
partners, or clients, nor have the agencies been able to clearly
articulate the criteria for which activities, business partners, or
clients are deemed to present reputation risk.\4\ Without clear
standards, the agencies' supervision for reputation risk has been
inconsistent and has at times reflected individual perspectives of
agency staff rather than data-driven conclusions. This can result in
agency staff implicitly or explicitly encouraging institutions to
restrict access to banking services on the basis of staff's personal
views of a group's or individual's political, social, cultural, or
religious views or beliefs, constitutionally protected speech, or
politically disfavored but lawful business activities. Different
stakeholders may have different perspectives on how such activities or
relationships impact an institution's reputation, if at all, which
creates unpredictability and inconsistency for regulated entities.
Additionally, the subjective nature of supervisory decisions about
reputation risk introduces the potential for political or other biases
to enter into the supervisory process. Thus, supervisory judgments
about reputation risk can create subjective regulatory interference in
day-to-day business decisions of banks that should be based on neutral
market factors. This practice can also result in distortions to
industries and the U.S. economy, as the agencies use reputation risk to
choose winners and losers among market participants and industries.
Given the difficulty of measuring reputation risk in an accurate and
precise way, it is inappropriate for the agencies' supervisors to
examine supervised institutions against this risk.
---------------------------------------------------------------------------
\4\ Supervised institutions have similarly been unable to
explain this in their own risk management programs.
---------------------------------------------------------------------------
More importantly, when a supervised institution alters its behavior
to comply with supervisory expectations relating to reputation risk
management, such as by closing an account or choosing not to enter into
or continue a business relationship with a customer or industry that it
would otherwise maintain, it is forgoing an opportunity to maintain or
build a profitable business relationship that may otherwise be
consistent with sound risk management practices. Accordingly, the
agencies' past practice of encouraging supervised institutions to alter
their behavior due to reputation risk may have adversely impacted
institutions' earnings, capital positions, and safety and soundness. In
this way, the agencies' prior focus on reputation risk may have caused
supervised institutions to be less safe and sound than had they been
permitted to engage in lawful business activities without these
limitations resulting from supervisory expectations surrounding
reputation risk.
In addition, examining for reputation risk can result in agency
personnel or leadership implicitly or explicitly encouraging
institutions to restrict access to banking services on the basis of
agency personnel's personal views of a group's or individual's
political, social, cultural, or religious views or beliefs,
constitutionally protected speech, or politically disfavored but lawful
business activities. Denying lawful businesses access to financial
services can further have negative effects on the economy by hindering
the growth of these lawful businesses and consequently interfering with
the job creation and the economic activity their operations could
generate.
Moreover, even if reputation risk could be quantified, the agencies
lack evidence that reputation risk, in the absence of identified
financial or operational risks, is a factor that can hurt an
institution's safety and soundness. Although there are examples of
risks such as credit risk and liquidity risk being the primary driver
of an institution's unsafe or unsound condition, the agencies have not
seen evidence that reputation risk can be the primary driver of an
institution being in unsafe or unsound condition. When reputational
issues are identified as a cause of harm that has impacted a supervised
institution's financial condition, there are typically other more
significant factors, such as those relating to the institution's
capital, asset quality, liquidity, earnings, or interest rate
sensitivity, that are the primary drivers of the institution's weakened
financial condition. The OCC's analysis shows that the agency will not
lose information useful to anticipate regulated institutions' failure
by ceasing to produce reputation risk ratings in the Risk Assessment
System (RAS) ratings system, as the RAS reputation risk ratings do not
forecast failure after accounting for the CAMELS composite rating and
components. Instead, only RAS ratings that assess fundamental financial
risks predict failure risk once CAMELS ratings are accounted for.
In addition, there is no evidence that ceasing to impose Matters
Requiring Attention (MRAs) that focus on reputation risk will harm the
agencies' ability to anticipate and resolve failure risk. The agencies'
analysis shows that MRAs that either mention reputation risk in the MRA
description or include reputation risk as either a primary or secondary
risk have no ability to predict bank failures.
The OCC's supervision is required by law to focus on the safety and
soundness of its institutions and compliance with laws and regulations
as well as, as applicable, fair access to financial services and fair
treatment of customers.\5\ The FDIC is responsible for the supervision
and examination of State nonmember banks, including for safety and
soundness principles.\6\ In furtherance of these objectives, the
agencies' supervision should focus on
[[Page 18282]]
concrete risks and objective criteria directly related to applicable
statutory requirements. In the agencies' experience, using reputation
risk in its supervisory process does not further this mission.
---------------------------------------------------------------------------
\5\ 12 U.S.C. 1.
\6\ See 12 U.S.C. 1811 et seq. The FDIC also insures the
deposits of insured depository institutions and manages
receiverships of failed depository institutions.
---------------------------------------------------------------------------
III. Overview of the Notices of Proposed Rulemaking and General Summary
of Comments
The proposed rule sought to codify the removal of reputation risk
from the OCC and FDIC's supervisory programs. The proposed rule would
have prohibited the agencies from criticizing, formally or informally,
or taking adverse action against an institution on the basis of
reputation risk. In addition, under the proposal, the agencies would be
prohibited from requiring, instructing, or encouraging an institution
or its employees to refrain from contracting with or to terminate or
modify a contract with a third party, including an institution-
affiliated party, on the basis of reputation risk. The proposed rule
also stated that the agencies could not require, instruct, or encourage
an institution or its employees to refrain from doing business with or
to terminate or modify a business relationship with a third party,
including an institution-affiliated party, on the basis of reputation
risk. The proposed rule would have also prevented the agencies from
requiring, instructing, or encouraging an institution to enter into a
contract or business relationship with a third party on the basis of
reputation risk. The proposed rule would have further prohibited the
agencies from requiring, instructing, or encouraging an institution or
an employee of an institution to terminate a contract with, discontinue
doing business with, or modify the terms under which it will do
business with a person or entity on the basis of the person's or
entity's political, social, cultural, or religious views or beliefs,
constitutionally protected speech, or solely on the basis of the third
party's involvement in politically disfavored but lawful business
activities perceived to present reputation risk.
The proposed rule was solely focused on the functions and
activities of the OCC and the FDIC. The proposed rule did not include
prohibitions, restrictions, or requirements on the self-directed
activities of supervised institutions or institution-affiliated
parties.
The proposed rule provided definitions of several terms used in the
rule, including ``adverse action,'' ``doing business with,''
``institution,'' ``institution-affiliated party,'' and ``reputation
risk.''
The prohibitions of the proposed rule would have applied to actions
taken on the basis of reputation risk; political, social, cultural, or
religious views and beliefs; constitutionally protected speech; or
solely based on bias against politically disfavored but lawful business
activities perceived to present reputation risk. The proposed rule
would not have prohibited criticism, supervisory feedback, or other
actions to address traditional risk channels related to safety and
soundness and compliance with applicable laws, including credit risk,
market risk, and operational risk (including cybersecurity, information
security, and illicit finance), provided that such criticism,
supervisory feedback or other action addressing these other risks was
not a pretext designed to covertly continue supervision for reputation
risk.
Under the proposed rule, the OCC planned to make seven conforming
amendments to the OCC's regulations to eliminate references to
reputation risk. These conforming amendments would be made in (1) the
list of risks a national bank shall consider, as appropriate, as set
out in 12 CFR part 1 of the OCC regulations; and (2) the safety and
soundness standards set forth in 12 CFR part 30 of the OCC regulations,
including the OCC guidelines. The OCC regulations at 12 CFR part 30
would include six conforming amendments.\7\
---------------------------------------------------------------------------
\7\ See 91 FR 16156 (Apr. 1, 2026) (rescission of appendix E of
12 CFR part 30 effective May 1, 2026).
---------------------------------------------------------------------------
Under the proposed rule, the FDIC planned to make one conforming
amendment to the FDIC's regulations relating to reputation risk. This
amendment would be made in the safety and soundness standards set forth
in 12 CFR part 364 of the FDIC's regulations.\8\ Under the proposed
rule, the FDIC would eliminate the reference to reputation risk in the
regulation.
---------------------------------------------------------------------------
\8\ 12 CFR part 364.
---------------------------------------------------------------------------
The agencies received comments on many areas of the proposed rule.
The commenters represented government entities, congresspeople,
industry trade groups, nonprofits, financial institutions, other types
of businesses, and individuals. The agencies received a mix of comments
both supporting and opposing the proposed rule. Many commenters made
suggestions for alternatives to the rule or for ways to strengthen or
alter the rule.
IV. Overview of Final Rule
The agencies have decided to adopt the proposed rule with minor
modifications.
A. Comments Regarding the Need for and Adoption of the Rule
Although the agencies received comments both supporting and
opposing the proposed rule, the majority of comment letters expressed
support. Many commenters urged the agencies to adopt the proposed rule
because they perceived reputation risk to be ill-suited as a
supervisory tool. These commenters expressed concern that reputation
risk is subjective and hard to measure in a predictable or quantitative
fashion. These observations mirrored the agencies' experience with the
shortcomings of reputation risk as a supervisory tool, as discussed
above in the ``Background'' section. The commenters explained that this
subjectivity interfered with both banks and other regulators for FDIC-
insured banks, such as State banking agencies, being able to anticipate
Federal regulators' perspectives and concerns. These commenters also
noted that regulators' focus on reputation risk, and the consequent
need for financial institutions to focus on anticipating regulators'
concerns regarding reputation risk, distract from more material risks
or better use of resources. The agencies agree with these observations
by commenters on the harms of including reputation risk in the
supervisory program.
In contrast, other commenters opposed the proposed rule and stated
that examination for reputation risk is necessary to support bank
safety and soundness. In contrast to the commenters who stated that
reputation risk cannot be measured quantitatively or objectively, one
commenter stated that it could be measured accurately. However, this
commenter did not recommend an actionable method that the agencies
could adopt for such a measurement, and the regulators are not aware of
an objective and reliable method for measuring reputation risk.
Some of these commenters stated that damage to a bank's reputation
can cause substantial financial harm to a bank. As support for this
assertion, some commenters cited the spring 2023 bank failures, which
they claimed happened due to reputational harms to the financial
institutions involved. However, those failures were caused by, among
other contributing factors, a lack of public confidence in the
financial condition of the institutions; the agencies have not
identified non-financial reputation risk as among them. The final rule
is adopting from the proposed rule a definition of reputation risk that
specifically excludes issues that could negatively impact public
[[Page 18283]]
perception for reasons ``clearly and directly related to the financial
condition of the institution.'' Thus, the concerns that caused the
public to cease doing business with the institutions affected by the
spring 2023 bank failures were not the types of concerns that would
fall under the definition of reputation risk in the final rule and for
which the agencies would be prevented from supervising. Indeed, the
Spring 2023 failures were examples of the types of material financial
risks on which regulators and institutions need to focus and from which
they can be distracted by more nebulous and not-financially-related
reputation risk concerns.
Some commenters argued that removing supervision for reputation
risk downplays the importance of customer loyalty and trust. However,
the agencies have not observed that supervision for reputation risk
helps support customer loyalty to financial institutions, an area that
banks compete on. Indeed, as another commenter explained, policing for
reputation risk concerns can actually harm an institution's customer
loyalty. This commenter explained how financial institutions could harm
their reputations by closing accounts on the basis of religious or
political bias and thus how attempts to mitigate reputation risk can
actually harm financial institutions. The commenter provided an example
of negative publicity that a bank purportedly experienced after closing
the commenter's account allegedly for religious reasons.
In the agencies' experience, supervising for reputation risk
requires the agencies to determine which sides of potentially
contentious political, social, and religious issues will be favored by
the customers of the regulated institutions. Attempting to ensure
``customer loyalty'' for regulated institutions by preventing regulated
institutions from providing services for businesses, individuals, or
activities that may offend customers requires the agencies to
accurately predict public sentiment regarding controversial issues. The
agencies have not shown the ability to accurately do this in a
consistent and reliable manner, and efforts to predict public opinion
have distracted both regulators and the regulated from focusing on
risks they can understand and predict.
Commenters were divided on whether supervision for reputation risk
harms the integrity of the banking system and banking regulation. One
commenter stated that removing supervision for reputation risk would
harm the integrity of the banking system, the political institutions,
U.S. elections, and ultimately national security. However, as another
commenter noted, the agencies' efforts to take sides in ongoing public
debates can harm the stability of the banking system because whichever
side the regulators decide against and denounce as causing reputational
harm to financial institutions will lose faith and trust in the
regulators, thus harming the credibility that U.S. financial regulatory
structure relies upon. For the reasons explained by this commenter, the
agencies believe that the harm to their public legitimacy that will
come from entering into contentious public debates outside of their
statutory responsibilities is greater than the potential for not
supervising for reputation risk to cause harm, risk which the agencies
believe to be highly unlikely for the reasons described above.
Another commenter stated that the proposed rule strips away an
important means of recognizing discrimination and extremism in
financial institutions. This commenter argued that reputation risk has
been a regulatory tool that allowed early intervention in developing
patterns of discriminatory or predatory banking practices by banks.
Another commenter, similarly, was concerned that removing examination
for reputation risk would cause financial institutions to lose their
ability to detect emerging threats such as certain fraud schemes. Other
commenters were likewise concerned that removing supervision for
reputation risk would remove deterrence from banks engaging in
predatory practices such as fraudulent account scandals or from
providing services for people who have committed crimes. Similarly,
another commenter argued that the agencies should consider that
removing reputation risk could lead to increased incidence of illegal
and risky activities that might be flagged by reputation risk
monitoring. In the same vein, one commenter opined that removing
examination for reputation risk would increase unethical behavior by
banks. This same commenter further stated that the agencies must
consider that removing reputation risk could lead to worsening service
for customers. However, the final rule does not repeal or alter any of
the existing laws or regulations prohibiting discriminatory or
predatory banking practices, and there is no evidence suggesting it
could lead to worsening customer service. Moreover, issues stemming
from a lack of customer service fall outside of what is being
considered to be a reputation risk, as defined in the final regulation.
Illegal discrimination and predatory practices will continue to be
forbidden, and the agencies will continue to expect their regulated
institutions to comply with all applicable laws addressing these
issues. Moreover, the proposed rule does not alter the legal
requirements and supervisory expectations around the detection and
prevention of fraud. The removal of reputation risk from the agencies'
supervisory programs will not impact the agencies' continued
examination for compliance with these types of laws, but rather will
allow the agencies to better allocate its resources during
examinations.
B. Comments Regarding Harms From Regulators Pressuring Banks To Stop
Serving Certain Industries Due to Perceived Reputation Risks
Some commenters argued that economic harm to both individuals and
to the broader economy resulted from debanking customers due to
perceived reputation risk. Some of these comments were from individuals
or trade organizations whose members had been debanked despite the
benefits that they believed their industry or business offered to the
economy. These commenters argued that their members were engaged in
lawful business operations, complied with extensive regulations as
applicable, and employed many Americans. Other commenters noted that
financial institutions benefit from greater engagement with all
industries in the U.S. economy and that such financial institutions are
financially harmed by being prevented from doing business with certain
sectors due to reputational concerns. These observations about the
harms from regulators pressuring banks to stop serving certain
industries under the guise of protecting against reputation risk are
generally consistent with the agencies' understanding of supervision
for reputation risk. The agencies agree with these observations about
these harms and that the agencies should not be requiring, instructing,
or encouraging an institution to close an account, to refrain from
providing an account, product, or service, or to modify or terminate
any product or service on the basis of a perceived reputation risk.
One commenter expressed concern about the ``economic distortion''
created by the use of reputation risk and by the regulators picking
economic winners and losers. Another commenter similarly noted that
debanking due to reputation risk can also open the door to what the
commenter described as an ``economic heckler's veto'' by any
economically powerful entity, such as a customer or investor. This
commenter
[[Page 18284]]
argued that allowing an economically powerful entity to pressure an
institution to not provide services to certain businesses by claiming
that such would create reputation risk could, in practice, give
outsized weight to those who already have economic or financial power.
In support of banks' discretion, one commenter stated that
businesses such as those involving digital assets or fossil fuels are
not members of a protected class and therefore are not entitled to
guaranteed access to the banking system. Similarly, another commenter
stated that the government should not be favoring certain sectors by
preventing financial institutions from debanking them. However, the
rule both as proposed and as adopted here only constrains agency action
and does not compel or restrict any actions by financial institutions.
As noted, the agencies agree with the concerns about economic
distortions caused by regulators favoring or disfavoring certain legal
businesses over other legal businesses. It is not the role of financial
regulators to pick winners and losers among lawful businesses or to
attempt to suppress lawful businesses.
C. Legal and Constitutional-Related Concerns Regarding the Agencies'
Use of Reputation Risk
Some commenters contended that the use of reputation risk as a
supervisory tool violates multiple parts of the U.S. Constitution. For
example, some commenters expressed the concern that reputation risk has
been used to chill free speech. One commenter also argued that the use
of reputation risk is in violation of the Fifth Amendment of the
Constitution because it is unconstitutionally vague. Other commenters
argued that the use of reputation risk infringes on Americans' Second
Amendment right to bear arms by causing debanking in the firearms
industry.
The agencies believe that, regardless of the constitutionality of
using reputation risk, removing it will reduce the subjectivity of the
supervisory program and thus improve the oversight of financial
institutions. Thus, agencies do not need to determine whether there
would be further issues regarding constitutionality. Therefore, the
agencies see removing reputation risk from the supervisory program as a
prudent measure to address the potential for such transgressions.
Commenters also alleged that the use of reputation risk violated
the Administrative Procedure Act (APA). Specifically, these commenters
argued that the agencies' prior use of reputation risk violated the APA
requirement that agency actions not be arbitrary or capricious, that
substantive rules be promulgated through notice-and-comment procedures,
and that agencies act within their statutory authority. The agencies
believe that, regardless of consistency with APA requirements, removing
reputation risk will be of benefit by providing less opportunity for
subjectivity in the future. Thus, this concern is another reason that
the agencies have decided to adopt the final rule.
D. Suggestions for Alternatives To Removing Reputation Risk From the
Supervisory Program
Several commenters suggested that the agencies reform the use of
reputation risk in its supervisory program rather than remove the
concept entirely. These commenters argued that the agencies could
establish clearer standards and metrics for measuring reputation risk
to make it more objective. However, these commenters did not propose
methods for accomplishing this that would be actionable and effective,
and, in the agencies' experience, such standards and metrics do not
exist in a form that is accurate and consistent. Moreover, even if
reputation risk could be monitored through clearer standards or
metrics, as explained above, agency experience has not shown a clear
and consistent connection between reputation risk and actual financial
harm to regulated institutions. Therefore, even if clearer standards or
metrics could be established, the resources necessary to formulate such
clearer metrics would still not be well spent because it is not clear
that the purported risk being measured actually impacts financial
institutions' safety and soundness.
E. Comments Regarding Evidence of Debanking
Several commenters argued that the agencies had not presented
sufficient evidence that debanking occurred that was caused by
regulators' concerns regarding reputation risk. In contrast, other
commenters alleged that they or their members had been debanked due to
political biases that were labeled as reputation risk. The agencies
believe that the potential for reputation risk to be misused in this
manner supports removal from the agencies' supervisory program.\9\
---------------------------------------------------------------------------
\9\ See, e.g., Staff of H. Comm. on Oversight & Gov't Reform,
113th Cong., ``The Department of Justice's `Operation Choke Point':
Illegally Choking Off Legitimate Businesses?'' (Comm. Print 2014),
<a href="https://oversight.house.gov/wp-content/uploads/2014/05/Staff-Report-Operation-Choke-Point1.pdf">https://oversight.house.gov/wp-content/uploads/2014/05/Staff-Report-Operation-Choke-Point1.pdf</a>; Staff of H. Comm. on Fin. Servs., 119th
Cong., ``Operation Choke Point 2.0: Biden's Debanking of Digital
Assets'' (Comm. Print 2025), <a href="https://financialservices.house.gov/uploadfiles/2025-11-30--_fsc_debanking_report_final_1.pdf">https://financialservices.house.gov/uploadfiles/2025-11-30--_fsc_debanking_report_final_1.pdf</a>; Staff of
Minority of S. Comm. on Banking, Hous., & Urb. Affs., 119th Cong.,
``Supplemental Memorandum: Analysis of CFPB Consumer Complaints
Related to Debanking,'' (Comm. Print 2025) (analysis to supplement
February 5, 2025, committee hearing on ``Investigating the Real
Impacts of Debanking in America''), <a href="https://www.banking.senate.gov/imo/media/doc/debanking_complaints_analysis.pdf">https://www.banking.senate.gov/imo/media/doc/debanking_complaints_analysis.pdf</a>; Exec. Order No.
14331, 90 FR 38925 (Aug. 7, 2025) (``Bank regulators have used
supervisory scrutiny and other influence over regulated banks to
direct or otherwise encourage politicized or unlawful debanking
activities. `Operation Chokepoint,' for example, was a well-
documented and systemic means by which Federal regulators pushed
banks to minimize their involvement with individuals and companies
engaged in lawful activities and industries disfavored by regulators
based on factors other than individualized, objective, risk-based
standards.'').
---------------------------------------------------------------------------
F. Comments Alleging That the Agencies Failed To Consider Certain
Aspects of the Rule
One commenter argued that the agencies had not presented enough
evidence that ceasing to examine for reputation risk would lead to
better supervisory outcomes. To the contrary, as the agencies explained
above in the ``Background'' section, while there are examples of risks
like credit risk and liquidity risk being the primary driver of an
institution's unsafe or unsound condition, the agencies have not seen
evidence that reputation risk can be the primary driver of an
institution being in unsafe or unsound condition. Even in cases when
reputational issues are identified as a cause of harm that has impacted
a supervised institution's financial condition, there are typically
other more significant factors, such as those relating to the
institution's capital, asset quality, liquidity, earnings, or interest
rate sensitivity, that are the primary drivers of the institution's
weakened financial condition.
Commenters also alleged that the rule failed to consider the loss
to the Deposit Insurance Fund from not examining for reputation risk.
As the agencies have explained, given the lack of evidence linking
perceived reputation risks to material financial harm at regulated
entities, the agencies do not expect an increase in bank failures due
to the removal of reputation risk from the supervisory program. Another
commenter argued that the agencies should consider that removing
reputation risk could lead to increased incidence of illegal and risky
activities that might be flagged by reputation risk monitoring.
Removing reputation risk from the supervisory program will make
[[Page 18285]]
available more resources for supervision of illegal or abusive
practices. This same commenter further stated that the agencies must
consider that removing reputation risk could lead to worsening service
for customers. However, issues stemming from a lack of customer service
fall outside of what is considered to be reputation risk as defined in
the final regulation. A commenter further alleged that there would be
capital flight to lenders in other jurisdictions with adequate
supervision of reputation risk. The commenter presented no evidence to
support his assertion that this would occur. Since the agencies ceased
examining for reputation risk in early 2025, they have seen no such
flight of capital.
G. Suggestions for Expanding the Rule
Some commenters suggested expanding the rule in various ways to
control the behavior of regulated entities. The comments included
suggestions to prohibit banks from choosing, without regulator
pressure, to debank customers based on reputational concerns or
disagreement with protected political views or speech. However, other
commenters opposed this idea, and some commenters requested clarifying
language be added that banks still retain discretion regarding whom
they do business with. These suggestions are all outside the scope of
this rulemaking, which is solely focused on the actions of the agencies
and not on controlling or addressing the actions of supervised entities
or other private parties.
In a similar vein, one commenter recommended that the rule include
a requirement that national banks and Federal savings associations must
report to the agencies information regarding all deposit account
terminations and that the rule should require the agencies to make this
information publicly available annually in a report covering deposit
account termination data for each reporting bank and savings
association along with aggregate statistics on deposit account
terminations. Similarly, other commenters suggested that all debanked
customers who had an account closed should be able to access
information from their financial institution to understand the reason
for the closure and to have a means for redress if there was an error.
Another commenter recommended that banks should be required to provide
written notice when terminating or materially modifying customer
relationships, including a statement of the reasons for such actions,
unless otherwise prohibited by law enforcement. Another suggestion
raised by commenters was that the agencies should encourage
institutions to identify customers whose accounts were closed or
services denied solely on reputation grounds and to offer those
customers a path to reinstatement, subject to standard, risk-based
underwriting. However, this rulemaking is solely focused on the actions
of the agencies, not on the actions of institutions regulated by the
agencies, so these comments and all other suggestions for expanding the
rule to monitor, control, or prohibit private entity action are all
outside the scope of this rulemaking. Other comments that provided
suggestions for improving or clarifying agency supervisory practices or
altering methods for supervisory communication beyond the removal of
reputation risk are likewise outside the scope of this rulemaking.
One commenter requested clarification that institutions would still
be expected to guard against issues that could affect their
reputations, such as fraud. Supervised institutions have legal and
supervisory requirements to be vigilant against fraud, and these
requirements are not affected by this rule.\10\ The expectation that
banks continue to follow all legal requirements for their operations
and their treatment of customers is not altered. Moreover, concerns
regarding fraud directly impact the operational and financial condition
of the institution and can directly cause consumer harm. Thus, the rule
excludes public concerns regarding these issues from the definition of
reputation risk.
---------------------------------------------------------------------------
\10\ See 12 CFR 21.11, 12 CFR 353.1, and 31 CFR 1020.320.
---------------------------------------------------------------------------
Another suggestion raised by commenters was that the agencies
should establish or publicize complaint channels enabling individuals
and businesses to report suspected reputation risk-based denials or
closures at supervised institutions. The OCC maintains a website,
<a href="https://helpwithmybank.gov/">https://helpwithmybank.gov/</a>, through which members of the public can
file a report if they believe they have been unfairly debanked or
discriminated against by their bank due to their political or religious
beliefs or lawful business activities. The FDIC maintains a similar
website at <a href="https://ask.fdic.gov/fdicinformationandsupportcenter/s/?language=en_US">https://ask.fdic.gov/fdicinformationandsupportcenter/s/?language=en_US</a>, where members of the public can file complaints about
financial institutions.
One commenter requested that the agencies clarify that the proposed
rule would not prevent examiners from engaging in constructive
conversations about business strategy, market conditions, competitive
pressures, or customer relationship management, provided such
discussions do not cross the line into criticism or adverse action
based on reputation risk or prohibited considerations. The agencies
confirm that it is not the intention of the rule to hinder this type of
communication.
H. Discussion of Specific Sections of the Final Rule and Comments
Thereon
1. Definitions
i. Definition of Adverse Action
``Adverse action,'' as defined by the rule, includes the provision
of negative feedback, including feedback in a report of examination, a
memorandum of understanding, verbal feedback, or an enforcement action.
Furthermore, ``action'' encompasses any action of any agency employee,
including any communication characterized as informal, preliminary, or
not approved by agency officials or senior staff. A downgrade (or
contribution to a downgrade) of any supervisory rating, including a
rating assigned under the Uniform Financial Institutions Rating System
or comparable rating system, also constitutes an ``adverse action.'' In
addition, a downgrade (or contribution to a downgrade) of a rating
under the Uniform Interagency Consumer Compliance Rating System or the
Uniform Rating System for Information Technology, or any other rating
system, also constitutes an ``adverse action.'' Further, a denial of a
filing or licensing application or an imposition of a capital
requirement above the minimum ratios constitutes an ``adverse action''
under the rule, as does any burdensome requirements placed on an
approval, the introduction of additional approval requirements, or any
other heightened requirements on an activity or change.
The agencies are also including in the rule a general ``catch-all''
for any other actions that could negatively impact an institution
outside of traditional supervisory channels. This catch-all is meant to
include actions such as supervisory decisions on applications for
waivers outside of the normal licensing or filing channels,
applications to engage in certain business activities for which
supervisory permission is required, or other regulatory decisions
affecting institutions. Intent is the defining characteristic for
whether an agency action would fall into this catch-all provision. As
illustrations of agency actions that are subject to this prohibition,
the prohibition prevents the agencies from, for example: disapproving a
proposed member of a board of directors on the basis of an
[[Page 18286]]
unsubstantiated pretense where the true reason is reputation risk,
denying a waiver of bank director citizenship and residency
requirements for the purpose of inducing an institution to address
perceived reputation risk somewhere in the institution's operations, or
disapproving a change of control notice because an institution lacks
internal reputation risk controls. Agency actions subject to this
prohibition also include negative feedback that is verbal, a condition
attached to an approval, the introduction of new approval requirements,
and any other heightened requirements that are intended to force the
bank to address perceived reputation risk.
The agencies received comments both supporting and opposing the
proposed definition of ``adverse action.'' Although some commenters
supported the proposed definition, one commenter stated that agencies
should be less focused on the ``intent'' of the action in the catch-all
provision because ``intent'' might be hard to prove. However, the
agencies believe that including ``intent'' is helpful to avoid
capturing agency actions that might unintentionally negatively impact a
certain industry but is not intended to have that affect. For instance,
an institution may be criticized for having a large concentration of
loans in a specific business sector without proper risk management of
the concentration risk presented. Such criticism might unintentionally
dissuade the institution from making further loans to that business
sector, but such is not the intent of the criticism, and such criticism
can be important to the safety and soundness of the institution. As
evidence of ``intent'' the agencies will look to both the effect of the
action as well as the justification for the action. For instance,
unsubstantiated or poorly substantiated claims or justification for
actions are evidence of possible ulterior motivations for actions that
have a negative effect on a religious group or lawful business.
Inconsistent application of standards or adverse actions between
similarly situated parties, especially without an explanation for the
discrepancy, can also be evidence of an intent to impermissibly punish
or discourage an individual or group from engaging in lawful political,
social, cultural, or religious activities, constitutionally protected
speech, or lawful business activity. Moreover, an agency action that
completely or effectively prevents the affected group, individual, or
business from accessing financial services or severely hinders the
group, individual, or businesses' ability to operate can be evidence of
impermissible agency intent as financial and compliance risks are not
likely to be so uniformly high as to require such a result.
Thus, the agencies are adopting the definition of ``adverse
action'' as proposed.
ii. Definition of Doing Business With
The term ``doing business with'' in the proposed rule is intended
to be construed broadly and to include business relationships both with
clients of the institution and with third-party service providers. It
is also intended to include the relationship of a bank with
organizations or individuals that the bank is providing with charitable
services, including as part of a community benefits agreement or as
part of a Community Reinvestment Act plan. This term is intended to
include both existing business relationships and prospective business
relations. No comments were received on this definition.
iii. Definition of Institution-Affiliated Party
The term ``institution-affiliated party'' has the same meaning as
in section 3 of the Federal Deposit Insurance Act.\11\ No comments were
received on this definition.
---------------------------------------------------------------------------
\11\ Public Law 81-797, 64 Stat. 873 (codified at 12 U.S.C.
1813(u)).
---------------------------------------------------------------------------
iv. Definition of Reputation Risk
Several commenters recommended that the proposed definition of
reputation risk be altered to remove the phrase ``for reasons not
clearly and directly related to the financial condition of the
institution.'' However, the agencies believe this phrase is necessary
to maintain the ability of the agencies to address public concerns that
directly relate to an institution's financial condition and solvency
because those concerns can lead to runs. Unlike public concerns about
an institution doing business with politically controversial people or
entities, concerns about an institution's financial condition have been
shown repeatedly to lead to a direct negative impact on the institution
that can cause failure.
One commenter stated that reputation risk is always directly
financially material and thus the phrase in the definition of
reputation risk that it is ``not intended to capture risks posed by
public perceptions of the institution's current or future financial
condition because such perceptions relate to risks other than
reputation risk'' is self-contradictory. However, as explained by the
agencies above in the ``Background'' section, the agencies' supervisory
experience has found that reputation risk, as defined in the rule, is
not financially material to institutions.
The agencies received comments that were divided on whether the
definition of ``reputation risk'' should include the term
``operational'' in the phrase ``for reasons not clearly and directly
related to the financial condition of the institution.'' One commenter
believed that the term ``operational'' could be used to evade the
intention of the rule to allow some consideration of reputation risk.
However, another commenter noted that including this term would be
consistent with other provisions of the rule that explicitly preserve
the agencies' authority to supervise for operational risk.
The agencies have decided to add ``operational'' into the final
rule such that the definition of ``reputation risk'' will be ``any
risk, regardless of how the risk is labeled by the institution or
regulators, that an action or activity, or combination of actions or
activities, or lack of actions or activities, of an institution could
negatively impact public perception of the institution for reasons not
clearly and directly related to the financial or operational condition
of the institution.'' The agencies agree that operational risk is a
significant concern for institutions. Public perception that an
institution could be susceptible to a breakdown in the provision of
services due to operational issues such as a cyberattack or a natural
disaster could have a direct impact on customer's willingness to do
business with an institution and thus on the institution's financial
solvency.
2. Prohibitions on the Use of Reputation Risk in the Supervisory
Process
Section (a) of the rule prohibits the agencies from criticizing,
formally or informally, or taking adverse action against an institution
on the basis of reputation risk. Section (b) prohibits the agencies
from requiring, instructing, or encouraging an institution or its
employees to refrain from contracting with or to terminate or modify a
contract with a third party, including an institution-affiliated party,
on the basis of reputation risk. The agencies also cannot require,
instruct, or encourage an institution or its employees to refrain from
doing business with or to terminate or modify a business relationship
with a third party, including an institution-affiliated party, on the
basis of reputation risk. Section (c) of the rule further prevents the
agencies from requiring, instructing, or
[[Page 18287]]
encouraging an institution or an employee of an institution to enter
into a contract or business relationship with a third party on the
basis of reputation risk or to terminate a contract with, discontinue
doing business with, or modify the terms under which it will do
business with a person or entity on the basis of the person's or
entity's political, social, cultural, or religious views or beliefs,
constitutionally protected speech, or solely on the basis of the third
party's involvement in politically disfavored but lawful business
activities perceived to present reputation risk. Finally, section (f)
of the rule provides that the agencies will not take any supervisory
action or other adverse action against an institution, a group of
institutions, or the institution-affiliated parties of any institution
that is designed to punish or discourage an individual or group from
engaging in any lawful political, social, cultural, or religious
activities, constitutionally protected speech, or, for political
reasons, lawful business activities that the supervisor disagrees with
or disfavors.
These prohibitions do not affect requirements intended to prohibit
or reject transactions or accounts associated with Office of Foreign
Assets Control-sanctioned persons, entities, or jurisdictions. Such
prohibitions and rejections are not based specifically on ``the
person's or entity's political, social, cultural, or religious views or
beliefs, constitutionally protected speech, or politically disfavored
but lawful business activities perceived to present reputation risk.''
The prohibition also does not affect the agencies' authority to enforce
the requirements of the provisions of United States Code title 31,
chapter 53, subchapter II regarding reporting on monetary
transactions.\12\ However, due to the broad nature of Bank Secrecy Act
(BSA) \13\ and anti-money laundering (AML) supervision, there is a risk
that BSA/AML focused supervisory actions could indirectly address
reputation risk. The rule prohibits supervisors from using BSA and
anti-money laundering concerns as a pretext for reputation risk. In
addition, although the agencies may continue to consider the statutory
factors required with respect to certain applications,\14\ the rule
prohibits supervisors from using these provisions as a pretext for
reputation risk when making determinations regarding such applications.
---------------------------------------------------------------------------
\12\ 15 U.S.C. 5311 et seq.
\13\ Id.
\14\ See, e.g., 12 U.S.C. 1816 (requiring the FDIC to consider,
among other things, the ``general character and fitness of the
management of the depository institution'' in an application for
deposit insurance); 12 U.S.C. 1817(j)(2)(B) (requiring the agencies
to ``conduct an investigation of the competence, experience,
integrity, and financial ability of each person named'' as a
proposed acquirer of an institution following a notice of a proposed
change in control of a depository institution).
---------------------------------------------------------------------------
The agencies received multiple comments on these sections. First,
on section (c), commenters were divided on whether the ``solely''
should be removed from the prohibition that the agencies will not
require, instruct, or encourage an institution or its employees to
terminate a contract with, discontinue doing business with, sign a
contract with, initiate doing business with, modify the terms under
which it will do business with a person or entity, ``solely on the
basis of the person's or entity's involvement in politically disfavored
but lawful business activities perceived to present reputation risk.''
Some commenters felt the word ``solely'' should be maintained
because otherwise banks could face regulatory uncertainty even when
legitimate risk factors are the primary basis for the decision. Other
commenters were concerned that ``solely'' should not be included
because it could be read to imply that reputation risk could be
considered, just not as a stand-alone risk.
The agencies included the word ``solely'' in this phrase to provide
the ability for regulators to discourage activities that may implicate
safety and soundness through traditional risk channels but also involve
a legitimate business activity that might be politically disfavored.
Given that the agencies still believe it is important to maintain this
flexibility, the final rule is adopting the language in this provision
as proposed and maintaining the word ``solely.'' The agencies will
consider whether an agency action that appears to have some
impermissible reputation risk considerations underlying it but proports
to be based largely on permissible concerns violates the anti-evasion
provisions in the rule.
Multiple commenters had concerns regarding the language at the end
of section (f), which states that the agencies will not ``take any
supervisory action or other adverse action against an institution, a
group of institutions, or the institution-affiliated parties of any
institution that is designed to punish or discourage an individual or
group from engaging in any lawful political, social, cultural, or
religious activities, constitutionally protected speech, or, for
political reasons, lawful business activities that the supervisor
disagrees with or disfavors.'' Some commenters requested that this
prohibition be expanded to cover all agency personnel, not just
supervisors. Similarly, another commenter suggested that the
prohibition should be extended to prohibit any attempt to discourage
lawful political or religious activity regardless of what the
supervisor thinks about the activity.
The agencies did not intend this provision to be read so narrowly
as to only cover the views of supervisory staff as compared to the
views of other members of the agencies. Thus, the agencies are changing
the wording in the final rule to cover lawful political, social,
cultural, or religious activities, constitutionally protected speech,
or, for political reasons, lawful business activities that are
disfavored by the agency or any of its personnel. This wording is to
clarify that it does not matter whether the bias comes from the head of
the agency or from an individual examiner, the bias is not a
permissible basis for agency action.
Commenters also stated that it was unclear whether references to
views and beliefs would extend to actions based on those views or
beliefs. Some commenters recommended extending the prohibition to cover
actions as well as the views or beliefs themselves. The agencies intend
for the prohibition to extend to lawful activities based on political,
social, religious, and cultural views or beliefs that do not affect
creditworthiness or other permissible risk factors such as market risk.
Although agency actions designed solely to discourage or punish a given
view or belief are impermissible, the agencies are not prevented from
considering actions that relate to permissible risk factors solely
because those actions stem, in whole or in part, from a political,
social, cultural, or religious view or belief.
Another commenter recommended that the prohibition in section (f)
against adverse action should not only cover adverse actions that are
designed to punish or discourage individuals from engaging in certain
beliefs or businesses, but also adverse actions that actually have that
effect regardless of the intent of the action. However, the agencies
are concerned that adopting such language would prevent the agencies'
ability to address important risks that are directly related to the
financial condition of the institution if the remediation measures
necessary for addressing such risks would unintentionally impact
certain businesses or individuals with certain beliefs. Thus, the
agencies are not adopting this suggestion.
[[Page 18288]]
I. Other Modifications in the Rule
Regulations codified in 12 CFR part 41 of the OCC regulations and
12 CFR part 334 of the FDIC's regulations refer to reputation risk
concerning certain identity theft prevention programs required by the
Fair and Accurate Credit Transactions Act of 2003. However, by statute,
guidelines and regulations for these programs must occur jointly across
certain Federal agencies, so no conforming amendment is suggested for
12 CFR parts 41 or 334. The OCC and FDIC are considering making changes
to 12 CFR parts 41 and 334, respectively, in a separate, joint
rulemaking in the future. Until that separate, joint rulemaking occurs,
the agencies expect to exercise their discretion in enforcing 12 CFR
parts 41 and 334 by using agency resources to assess compliance without
regard to reputation risk.
V. Impact Analysis
A. OCC Expected Effects
1. Introduction
The OCC and the FDIC are issuing a final rule to eliminate
reputation risk from their supervisory programs. The rule would
prohibit the agencies from using reputation risk in their risk
assessments of institutions that they supervise and from influencing
the relationship between the regulated institutions and their customers
based on a customer's political, social, cultural, or religious views
or beliefs or solely lawful business activities perceived to present a
reputational risk.
2. Regulatory Baselines and Conclusions
The OCC assumes that the removal of reputation risk resulted from
the final rule analyzed here rather than OCC Bulletin 2025-4. In the
OCC's assessment, the OCC accounted for the full effect of the removal
of reputation risk from supervision, rather than attributing the
removal of reputation risk to OCC Bulletin 2025-4. The analysis does so
because the statements in OCC Bulletin 2025-4 are not legally binding
and therefore only the final rule legally removes reputation risk from
bank supervision.
3. Background
As previously discussed, to improve the efficiency and
effectiveness of their supervisory programs, the agencies are proposing
revising their supervisory frameworks to remove reputation risk. The
rule would prohibit the OCC from criticizing or taking adverse actions
(broadly defined) against an institution on the basis of reputation
risk.
4. Parties Affected by the Proposal
The OCC currently supervises 997 national banks, Federal savings
associations, trust companies and Federal branches and agencies of
foreign banks (collectively, ``banks'').\15\ Because all OCC-regulated
banks and institutions were subject to reputation risk assessments, the
rule would affect all 997 institutions supervised. Because the rule
aims to remove the influence of the agencies' reputation risk
assessments on institutions' customer relationships, the OCC concludes
that the rule could potentially affect all OCC regulated institutions'
current and future customers.
---------------------------------------------------------------------------
\15\ Based on data accessed using FINDRS on March 11, 2025.
---------------------------------------------------------------------------
5. Costs and Benefits: Cost Savings to Regulated Institutions
i. Cost Savings From Decreased Regulatory Compliance Burden
The OCC expects that the rule will result in cost savings to
regulated institutions from a reduced compliance burden. The rule
reduces regulatory burden because the OCC will no longer engage in
examinations that assess, in part, issues explicitly related to
reputation risk, nor will the OCC take adverse supervisory actions
against supervised institutions related to reputation risk.
To assess institutions' cost savings from the final rule, the OCC
looked to its supervisory experience regarding expected cost savings
from the removal of reputation risk from supervision. Based on this
feedback, the OCC assessed that cost savings will depend on how much
regulated institutions' costs decrease from no longer being required to
explicitly respond to reputation risk concerns from regulators.
OCC supervisory experience also indicated that because supervisory
actions that the OCC typically took that mentioned reputation risk,
such as MRAs, almost always involved other risk issues as well, the
overall number of MRAs may not decrease. The OCC's analysis found that
most MRAs that listed reputation risk as the primary or secondary
concern also listed other risk categories as concerns as well.\16\
Nonetheless, the OCC expected that there should be some cost savings
for institutions as they no longer need to address the reputation risk
concern components of an MRA.
---------------------------------------------------------------------------
\16\ The OCC notes that there has recently been a decrease in
the overall number of MRAs that institutions currently face and are
expected to face in the future. The OCC assesses that this decrease
in current and future MRAs is due to reductions in MRAs due to other
factors than this final rule.
---------------------------------------------------------------------------
Based on an analysis of the number of MRAs that mentioned
reputation risk as a primary or secondary concern over the past 10
years, the OCC finds that roughly 17 percent of MRAs per year mention
reputation risk as primary or secondary concern (Table 1). Based on the
frequency of past MRAs that mentioned reputation risk as a concern, the
OCC expects that, if MRAs would have continued to mention reputation
risk as a concern at a similar rate in the absence of the final rule,
that OCC institutions will experience substantial cost savings from no
longer having to address reputation risk as part of an MRA may be
substantial.
Table 1--Percentage of MRA Listed as Reputation Risk, by Primary or Secondary Concern
----------------------------------------------------------------------------------------------------------------
Percentage of MRAs Percentage of MRAs Percentage of MRAs
listing reputation listing reputation not listing
Year risk as a primary risk as a secondary reputation as a
concern concern concern
----------------------------------------------------------------------------------------------------------------
2016.......................................... 0.65 2.14 97.21
2017.......................................... 1.50 23.96 74.54
2018.......................................... 1.68 20.44 77.87
2019.......................................... 2.02 18.71 79.27
2020.......................................... 1.88 19.91 78.21
2021.......................................... 1.43 19.07 79.50
2022.......................................... 1.10 19.60 79.30
2023.......................................... 1.21 17.73 81.06
2024.......................................... 0.65 14.68 84.67
2025.......................................... 0.00 2.19 97.81
[[Page 18289]]
2026.......................................... 0.00 0.00 100.00
-----------------------------------------------------------------
Total..................................... 1.25 15.97 82.77
----------------------------------------------------------------------------------------------------------------
ii. Benefits From Increased Business Opportunities
The impact of the rule on regulated institutions will depend on the
extent to which reputation risk concerns from regulators may have
impacted regulated institutions' behavior in response to regulatory
expectations of institutions in managing reputation risk. Based on
supervisory experience, the OCC expected that regulated institutions
may have internally perceived supervisory expectations regarding
reputation risk as a factor in their business decisions. That is,
institutions may have let perceptions regarding regulatory assessments
of reputation risks influence their decisions as to whether they would
engage in or continue customer relationships. As a consequence,
institutions may have refrained from entering into or continuing
profitable business relationships with law-abiding customers that they
may have maintained in the absence of implicit supervisory
expectations.
For example, the final rule cites several congressional reports
that suggest that there were isolated episodes where Federal regulators
allegedly pressured institutions to cease providing services to legal
businesses, based on ``reputational risk'' concerns that these
businesses presumably posed to these institutions.
In addition, a study by Sachdeva et al.,\17\ shows that reputation
risk concerns emphasized by regulators at a small number of targeted
institutions over a short period of time may have decreased lending to
and/or terminated relationships with affected firms that were deemed
controversial by regulators and law enforcement. The study's results,
however, also suggest that the firms were not irreparably harmed as
these firms were able to obtain substitute credit through other non-
targeted banks under similar terms. However, the OCC interprets the
study's results as implying that borrowers incurred costs that resulted
from having to find alternative financing. The OCC also interprets the
study's results as implying that it is possible that harm to customers
would have been greater if a larger fraction of banks had been
pressured to decrease lending or terminate relationships with affected
firms as this would have reduced the supply of alternative financing
that would have been available to the affected firms.
---------------------------------------------------------------------------
\17\ Kunal Sachdeva, Andr[eacute] F. Silva, Pablo Slutzky, Billy
Y. Xu, ``Defunding controversial industries: Can targeted credit
rationing choke firms?'' Journal of Financial Economics, Volume 172
(2025).
---------------------------------------------------------------------------
The OCC concludes the rule may benefit institutions and their
customers by eliminating perceived constraints on institutions'
decisions that could have arisen from institutions' perception of
regulators' expectations regarding reputation risks in the absence of
the rule.
iii. Benefits From Less Subjective Supervision
One additional benefit from the removal of reputation risk is
greater consistency and objectivity of supervisory decisions. This, in
turn, would increase the predictability for regulated institutions to
understand and manage regulators' supervisory expectations.
In its analysis, the OCC quantitatively compared the subjectivity
of OCC supervisory text that mentions the word reputation to
supervisory texts that do not mention the word reputation. The OCC used
standard natural language processing algorithms \18\ to calculate a
subjectivity score for individual OCC supervisory texts. The analysis
calculated the subjectivity score for each individual text document,
and the scores range from 0 to 1 with scores closer to 1 being
indicative of more subjective text. For supervisory event text, the
analysis calculated an average subjectivity score of 0.41 for text that
mentions reputation and an average score of 0.28 for supervisory event
text that does not mention reputation. For the MRA text data, the
analysis calculated average subjectivity scores of 0.43 and 0.33 from
text that mentions and does not mention reputation, respectively.
---------------------------------------------------------------------------
\18\ Specifically, the OCC used the Python TextBlob package
which calculates a subjectivity score based on the text provided.
---------------------------------------------------------------------------
Taken together, the average subjectivity scores and the score
histograms are consistent with the hypothesis that reputation risk
related supervision could have been more subjective. Therefore, to the
extent that past supervisory text reflects what supervision would have
been in the absence of the rule, the analysis suggests that the rule
could benefit regulated institutions by making supervision less
subjective and more objectively and consistently applied.
iv. Perceptions That Eliminating the Use of Reputation Risk Information
for Risk Monitoring Could Threaten the Safety and Soundness of the
National Banking System
To address concerns that the removal of reputation risk from
supervision threatens the safety and soundness of the banking system or
that the OCC may lose information on reputation risks that is needed to
identify risks to the safety and soundness of the banking system, the
OCC used historical data observed prior to the regulatory baseline to
create estimated forecast models that predict bank failures based on
the OCC Risk Assessment System (RAS) reputation risk rating while
controlling for both other regulatory risk ratings and for observed
risk factors from institutions' FFIEC 031 Call Report data filings.
The analysis shows that reputation risk ratings do not forecast
bank failures when one controls for data on OCC's CAMELS regulatory
ratings. Because reputation risk RAS ratings do not appear to have any
significant predictive power for bank failures in this analysis, the
OCC believes that this analysis at least somewhat alleviates concerns
that an end to reputation risk assessments will cause an increase in
bank failure risk or that the OCC will lose information useful to
anticipate failure risks. However, the OCC acknowledges that no
empirical analysis could completely assuage such concerns.
In addition, the OCC notes that in its analysis, there was not any
evidence that MRAs that focus on or mention reputation risk forecast
institutions' failures.
[[Page 18290]]
B. FDIC Expected Effects
This analysis utilizes all regulations and guidance applicable to
FDIC-supervised insured depository institutions (IDIs), as well as
information on the financial condition of IDIs as of the quarter ending
September 30, 2025, as the baseline to which the effects of the final
rule are estimated.
As discussed previously, the final rule will prohibit the FDIC from
criticizing, formally or informally, or taking adverse action against
an institution on the basis of reputation risk. The final rule will
also prohibit the FDIC from requiring, instructing, or encouraging an
institution to discontinue doing business with, initiate doing business
with, modify the terms under which it will do business with a person or
entity, or take any action or refrain from taking any action on the
basis of the person's or entity's political, social, cultural, or
religious views or beliefs, constitutionally protected speech, or
solely on the basis of the person's or entity's involvement in
politically disfavored but lawful business activities perceived to
present reputation risk.
Finally, the final rule will forbid the FDIC from taking any
supervisory action or other adverse action against an institution, a
group of institutions, or the institution-affiliated parties of any
institution that is designed to punish or discourage an individual or
group from engaging in any lawful political, social, cultural, or
religious activities, constitutionally protected speech, or, for
political reasons, lawful business activities that the FDIC or its
personnel disagree with or disfavor.
As of the quarter ending September 30, 2025, the FDIC supervised
2,778 IDIs.\19\ The final rule will indirectly benefit FDIC-supervised
IDIs or associated persons to the extent they would have been the
subject of an adverse action or prohibition against certain business
relationships by the agencies on the basis of reputation risk;
political, social, cultural, or religious views and beliefs;
constitutionally protected speech; or politically disfavored but lawful
business activities perceived to present reputation risk. This benefit
will result from the FDIC-supervised IDI or associated person avoiding
costs associated with such adverse actions or prohibitions. The final
rule may also improve the efficiency and effectiveness of the FDIC's
supervisory programs, which may indirectly benefit covered FDIC-
supervised IDIs. Finally, FDIC-supervised IDIs may incur some voluntary
costs associated with making changes to their compliance policies and
procedures.
---------------------------------------------------------------------------
\19\ Call Report data, September 30, 2025.
---------------------------------------------------------------------------
The FDIC does not have the information necessary to quantify the
number of instances, or the associated costs, where an FDIC-supervised
IDI or associated person was subject to a covered adverse action or
prohibition against certain business relationships. Nor does the FDIC
have the information necessary to quantify the number of FDIC-
supervised IDIs that might make changes to their compliance policies
and procedures. The FDIC believes that the aggregate economic effect of
any such indirect benefits or costs is unlikely to be substantive.
As mentioned previously, the FDIC is making two changes from the
proposed rule. First, the FDIC is making a minor clarifying change in
response to comments regarding the meaning of the word ``supervisor''
in 12 CFR 302.100(f). Second, the FDIC is revising the definition of
``reputation risk'' in 12 CFR 302.100(g) to include a specific
reference to operational risk. The FDIC does not expect that these
changes will have material economic effects. Both revisions would
clarify the text of the regulation and reduce possible confusion.
One commenter suggested that IDIs would need to undertake
substantial revisions to internal policies, training, and procedures,
among other things, as a result of the final rule. However, the final
rule applies only to the activities of the FDIC and does not require
IDIs to undertake any action.
C. Alternatives Considered
The agencies considered adopting the proposed rule without changes.
However, the agencies made two minor changes. As discussed above, these
changes clarify the text of the regulation to express the FDIC's
original intent when drafting the proposed rule and thus would have
greater net benefits relative to the proposed rule.
The agencies also considered the suggestions made by commenters
that included alternatives to the final rule. For a complete discussion
of such comments, see section IV. Overview of Final Rule. For the
reasons articulated in the aforementioned section (and above), the
agencies believe the final rule is preferred over the alternatives.
VI. Administrative Law Matters
A. Paperwork Reduction Act
The Paperwork Reduction Act of 1995 \20\ (PRA) states that no
agency may conduct or sponsor, nor is the respondent required to
respond to, an information collection unless it displays a currently
valid Office of Management and Budget (OMB) control number. The
agencies have reviewed this rule and determined that it does not create
any information collection or revise any existing collection of
information. Accordingly, no PRA submissions to OMB will be made with
respect to this rule.
---------------------------------------------------------------------------
\20\ 44 U.S.C. 3501-3521.
---------------------------------------------------------------------------
B. Regulatory Flexibility Act Analysis
OCC:
In general, the Regulatory Flexibility Act (RFA) \21\ requires an
agency, in connection with a rule, to prepare a regulatory flexibility
analysis describing the impact of the rule on small entities (defined
by the U.S. Small Business Administration (SBA) for purposes of the RFA
to include commercial banks and savings institutions with total assets
of $850 million or less and trust companies with total assets of $47
million or less). However, under section 605(b) of the RFA, this
analysis is not required if an agency certifies that the rule would not
have a significant economic impact on a substantial number of small
entities and publishes its certification and a short explanatory
statement in the Federal Register along with its rule.
---------------------------------------------------------------------------
\21\ 5 U.S.C. 601 et seq.
---------------------------------------------------------------------------
The OCC currently supervises approximately 609 small entities, all
of which may be indirectly impacted by the rule.\22\ In general, the
OCC classifies the economic impact on an individual small entity as
significant if the total estimated impact in one year is greater than 5
percent of the small entity's total annual salaries and benefits or
greater than 2.5 percent of the small entity's total non-interest
expense. Furthermore, the OCC considers 5 percent or more of OCC-
supervised small entities to be a substantial number. Thus, at present,
30 OCC-supervised small entities would constitute a substantial number.
---------------------------------------------------------------------------
\22\ The OCC bases its estimate of the number of small entities
on the SBA's size thresholds for commercial banks and savings
institutions, and trust companies, which are $850 million and $47
million, respectively. Consistent with the General Principles of
Affiliation, 13 CFR 121.103(a), The OCC counts the assets of
affiliated financial institutions when determining if it should
classify an OCC-supervised institution as a small entity. The OCC
uses December 31, 2024, to determine size because a ``financial
institution's assets are determined by averaging the assets reported
on its four quarterly financial statements for the preceding year.''
See footnote 8 of the SBA's Table of Size Standards.
---------------------------------------------------------------------------
While the OCC expects that the rule could result in substantial
cost savings for all OCC-regulated institutions in the aggregate, the
OCC does not expect that
[[Page 18291]]
the rule will have a significant impact on more than 30 OCC-supervised
small entities. To evaluate the impact of the rule on small entities,
the OCC assessed whether the cost savings would be greater than 5
percent of the small entity's total annual salaries and benefits or
greater than 2.5 percent of the small entity's total non-interest
expense for 30 or more small entities.
Analysis of internal OCC MRA data indicates that there were fewer
than 30 MRAs that had indicated reputation risk was a primary risk.
Because fewer than 30 MRAs per year list reputation risk as a primary
concern, we conclude that the removal of reputation risk from
supervision would not be likely to result in significant MRA-related
cost savings for more than 30 small entities per year. Furthermore, any
cost savings for the MRAs listed as a secondary concern would be likely
de minimis for 30 or more small entities.
Finally, because we do not expect that there will be scope for
significant cost savings from the removal of reputation risk for
reasons unrelated to MRAs, we conclude that the rule would not have a
significant impact on a substantial number of small entities for the
purposes of the RFA.
FDIC:
The Regulatory Flexibility Act (RFA) generally requires an agency,
in connection with a final rule, to prepare and make available for
public comment a final regulatory flexibility analysis that describes
the impact of the final rule on small entities.\23\ However, a final
regulatory flexibility analysis is not required if the agency certifies
that the final rule will not have a significant economic impact on a
substantial number of small entities. The Small Business Administration
(SBA) has defined ``small entities'' to include banking organizations
with total assets of less than or equal to $850 million.\24\ Generally,
the FDIC considers a significant economic impact to be a quantified
effect in excess of 5 percent of total annual salaries and benefits or
2.5 percent of total noninterest expenses. The FDIC believes that
effects in excess of one or more of these thresholds typically
represent significant economic impacts for FDIC-supervised
institutions.
---------------------------------------------------------------------------
\23\ 5 U.S.C. 601 et seq.
\24\ The SBA defines a small banking organization as having $850
million or less in assets, where an organization's ``assets are
determined by averaging the assets reported on its four quarterly
financial statements for the preceding year.'' See 13 CFR 121.201
(as amended by 87 FR 69118, effective December 19, 2022). In its
determination, the ``SBA counts the receipts, employees, or other
measure of size of the concern whose size is at issue and all of its
domestic and foreign affiliates.'' See 13 CFR 121.103. Following
these regulations, the FDIC uses an insured depository institution's
affiliated and acquired assets, averaged over the preceding four
quarters, to determine whether the insured depository institution is
``small'' for the purposes of RFA.
---------------------------------------------------------------------------
A commenter asserted of the proposed rule that, if adopted, it
would likely cause small institutions to make substantial revisions to
their policies, documentation, training, and vendor management.
However, for the avoidance of doubt, the FDIC reiterates that the
final rule applies only to the activities of the FDIC. The final rule
does not impose any obligations on FDIC-supervised institutions, and
institutions would not need to take any action in response to this
rule. Institutions' internal policies and controls, training, and other
elements that may refer to reputation risk are not directly affected by
the final rule. As such, the final rule does not have any direct
economic impact on FDIC-supervised small entities.
Based on the foregoing, the FDIC certifies that the final rule will
not have a significant economic impact on a substantial number of FDIC-
supervised small entities.
C. Plain Language
Section 722 of the Gramm-Leach Bliley Act \25\ requires the Federal
banking agencies to use plain language in all proposed and final rules
published after January 1, 2000. The agencies invited comment on the
use of plain language and have sought to present the final rule in a
simple and straightforward manner.
---------------------------------------------------------------------------
\25\ Public Law 106-102, section 722, 113 Stat. 1338, 1471
(1999); 12 U.S.C. 4809.
---------------------------------------------------------------------------
D. Unfunded Mandates Reform Act of 1995
Consistent with the Unfunded Mandates Reform Act (UMRA), the review
considers whether the mandates imposed by the rule may result in an
expenditure of $100 million or more by State, local, and tribal
governments, or by the private sector, in any one year, adjusted
annually for inflation (currently $187 million).
The OCC estimates that the proposal would not require additional
expenditure from OCC-regulated entities nor will it require
expenditures of $100 million or more by State, local, and tribal
governments, or by other segments of the private sector. Thus, the OCC
believes the rule is not a significant rule for the purposes of the
UMRA. Accordingly, the OCC has not prepared the written statement
described in section 202 of the UMRA.
E. Riegle Community Development and Regulatory Improvement Act of 1994
Pursuant to section 302(a) of the Riegle Community Development and
Regulatory Improvement Act (RCDRIA) of 1994,\26\ in determining the
effective date and administrative compliance requirements for new
regulations that impose additional reporting, disclosure, or other
requirements on insured depository institutions, the OCC and FDIC must
consider, consistent with principles of safety and soundness and the
public interest (1) any administrative burdens that the final rule
would place on depository institutions, including small depository
institutions and customers of depository institutions and (2) the
benefits of the final rule. This rulemaking would not impose any
reporting, disclosure, or other requirements on insured depository
institutions. Therefore, section 302(a) does not apply to this final
rule.
---------------------------------------------------------------------------
\26\ 12 U.S.C. 4802(a).
---------------------------------------------------------------------------
F. Congressional Review Act
Subtitle E of the Small Business Regulatory Enforcement Fairness
Act of 1996 (also known as the Congressional Review Act) defines a
``major rule'' as a rule that the Administrator of the OMB's Office of
Information and Regulatory Affairs (OIRA) finds has resulted in or is
likely to result in:
1. An annual effect on the economy of $100 million or more;
2. A major increase in costs or prices for consumers, individual
industries, Federal, State, or local government agencies, or geographic
regions; or
3. Significant adverse effects on competition, employment,
investment, productivity, innovation or on the ability of U.S.-based
enterprises to compete with foreign-based enterprises in domestic and
export markets.\27\
---------------------------------------------------------------------------
\27\ 5 U.S.C. 804(2).
---------------------------------------------------------------------------
The OMB has determined that the final rule is not a major rule for
purposes of the Congressional Review Act.
G. Executive Orders 12866 and 14192
1. Executive Order 12866
Section 3(f) of Executive Order 12866 defines a ``significant
regulatory action'' as a regulatory action that is likely to result in
a rule that may:
(1) Have an annual effect on the economy of $100 million or more or
adversely affects in a material way the economy, a sector of the
economy, productivity, competition, jobs, the environment, public
health or safety, or
[[Page 18292]]
State, local, or tribal governments or communities;
(2) Create a serious inconsistency or otherwise interfere with an
action taken or planned by another agency;
(3) Materially alter the budgetary impact of entitlements, grants,
user fees, or loan programs or the rights and obligations of recipients
thereof; or
(4) Raise novel legal or policy issues arising out of legal
mandates, the President's priorities, or the principles set forth in
Executive Order 12866.
OIRA has determined that this final rule is a significant action
under Executive Order 12866.
2. Executive Order 14192
Executive Order 14192, titled ``Unleashing Prosperity Through
Deregulation,'' was issued on January 31, 2025. Section 3(a) of
Executive Order 14192 requires an agency, unless prohibited by law, to
identify at least ten existing regulations to be repealed when the
agency publicly proposes for notice and comment or otherwise
promulgates a new regulation. In furtherance of this standard, section
3(c) of Executive Order 14192 requires that the new incremental costs
associated with new regulations shall, to the extent permitted by law,
be offset by the elimination of existing costs associated with at least
ten prior regulations. This rule is considered a deregulatory action
under Executive Order 14192.
List of Subjects
12 CFR Part 1
Banks, banking, National banks, Reporting and recordkeeping
requirements, Securities.
12 CFR Part 4
Administrative practice and procedure, Freedom of information,
Individuals with disabilities, Minority businesses, Organization and
functions (Government agencies), Reporting and recordkeeping
requirements, Women.
12 CFR Part 30
Administrative practice and procedure, National banks, Reporting
and recordkeeping requirements.
12 CFR Part 302
Administrative practice and procedure, Banks, Banking.
12 CFR Part 364
Banks, Banking, Information.
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
12 CFR Chapter I
Authority and Issuance
For the reasons set forth in the preamble, and under the authority
of 12 U.S.C. 93a, chapter I of title 12 of the Code of Federal
Regulations is amended as follows:
PART 1--INVESTMENT SECURITIES
0
1. The authority citation for part 1 continues to read as follows:
Authority: 12 U.S.C. 1 et seq., 24 (Seventh), and 93a.
Sec. 1.5 [Amended]
0
2. In Sec. 1.5, amend paragraph (a) by removing the phrase
``compliance, strategic, and reputation risks'' and adding in its place
the phrase ``compliance, and strategic risks''.
PART 4--ORGANIZATION AND FUNCTIONS, AVAILABILITY AND RELEASE OF
INFORMATION, CONTRACTING OUTREACH PROGRAM, POST-EMPLOYMENT
RESTRICTIONS FOR SENIOR EXAMINERS
0
3. The authority citation for part 4 continues to read as follows:
Authority: 5 U.S.C. 301, 552; 12 U.S.C. 1, 93a, 161, 481, 482,
484(a), 1442, 1462a, 1463, 1464 1817(a), 1818, 1820, 1821, 1831m,
1831p-1, 1831o, 1833e, 1867, 1951 et seq., 2601 et seq., 2801 et
seq., 2901 et seq., 3101 et seq., 3401 et seq., 5321, 5412, 5414; 15
U.S.C. 77uu(b), 78q(c)(3); 18 U.S.C. 641, 1905, 1906; 29 U.S.C.
1204; 31 U.S.C. 5318(g)(2), 9701; 42 U.S.C. 3601; 44 U.S.C. 3506,
3510; E.O. 12600 (3 CFR, 1987 Comp., p. 235).
0
4. Add subpart G, consisting of Sec. 4.91, to read as follows:
Subpart G--Enforcement and Supervision Standards Sec. 91 Prohibition on
use of reputation risk.
Subpart G--Enforcement and Supervision Standards
Sec. 4.91 Prohibition on use of reputation risk.
(a) The OCC will not criticize, formally or informally, or take
adverse action against an institution on the basis of reputation risk.
(b) The OCC will not require, instruct, or encourage an
institution, or any employee of an institution, to:
(1) Refrain from contracting or doing business with a third party,
including an institution-affiliated party, on the basis of reputation
risk;
(2) Terminate a contract or discontinue doing business with a third
party, including an institution-affiliated party, on the basis of
reputation risk;
(3) Sign a contract or initiate doing business with a third-party,
including an institution-affiliated party, on the basis of reputation
risk; or
(4) Modify the terms or conditions under which it contracts or does
business with a third party, including an institution-affiliated party,
on the basis of reputation risk.
(c) The OCC will not require, instruct, or encourage an
institution, or any employee of an institution, to terminate a contract
with, discontinue doing business with, sign a contract with, initiate
doing business with, modify the terms under which it will do business
with a person or entity, or take any action or refrain from taking any
action on the basis of the person's or entity's political, social,
cultural, or religious views or beliefs, constitutionally protected
speech, or solely on the basis of the person's or entity's involvement
in politically disfavored but lawful business activities perceived to
present reputation risk.
(d) The prohibitions in paragraphs (a) through (c) of this section
only apply to actions taken on the bases described in paragraphs (a)
through (c) of this section, and the prohibition in paragraph (c) of
this section shall not apply with respect to persons, entities, or
jurisdictions sanctioned by the Office of Foreign Assets Control.
(e) Nothing in this section shall restrict the OCC's authority to
implement, administer, and enforce the provisions of subchapter II of
chapter 53 of title 31, United States Code.
(f) The OCC will not take any supervisory action or other adverse
action against an institution, a group of institutions, or the
institution-affiliated parties of any institution that is designed to
punish or discourage an individual or group from engaging in any lawful
political, social, cultural, or religious activities, constitutionally
protected speech, or, for political reasons, lawful business activities
that the OCC or any of its personnel disagree with or disfavor.
(g) The following definitions apply in this section:
Adverse action includes:
(i) Any negative feedback delivered by or on behalf of the OCC to
the supervised institution, including in a report of examination or a
formal or informal enforcement action;
(ii) A downgrade, or contribution to a downgrade, of any
supervisory rating, including, but not limited to:
[[Page 18293]]
(A) Any rating under the Uniform Financial Institutions Rating
System (or any comparable rating system);
(B) Any rating under the Uniform Interagency Consumer Compliance
Rating System;
(C) Any rating under the Uniform Rating System for Information
Technology; and
(D) Any rating under any other rating system;
(iii) A denial of a licensing application;
(iv) Inclusion of a condition on any licensing application or other
approval;
(v) Imposition of additional approval requirements;
(vi) Any other heightened requirements on an activity or change;
(vii) Any adjustment of the institution's capital requirement; and
(viii) Any action that negatively impacts the institution, or an
institution-affiliated party, or treats the institution differently
than similarly situated peers.
Doing business with means:
(i) The bank providing any product or service, including account
services;
(ii) The bank contracting with a third party for the third party to
provide a product or service;
(iii) The bank providing discounted or free products or services to
customers or third parties, including charitable activities;
(iv) The bank entering into, maintaining, modifying, or terminating
an employment relationship; or
(v) Any other similar business activity that involves a bank client
or a third party.
Institution means an entity for which the OCC makes or will make
supervisory or licensing determinations either solely or jointly.
Institution-affiliated party means the same as in section 3 of the
Federal Deposit Insurance Act (12 U.S.C. 1813(u)).
Reputation risk means any risk, regardless of how the risk is
labeled by the institution or regulators, that an action or activity,
or combination of actions or activities, or lack of actions or
activities, of an institution could negatively impact public perception
of the institution for reasons not clearly and directly related to the
financial or operational condition of the institution.
PART 30--SAFETY AND SOUNDNESS STANDARDS
0
5. The authority citation for part 30 continues to read as follows:
Authority: 12 U.S.C. 1, 93a, 371, 1462a, 1463, 1464, 1467a,
1818, 1828, 1831p-1, 1881-1884, 3102(b) and 5412(b)(2)(B); 15 U.S.C.
1681s, 1681w, 6801, and 6805(b)(1).
Appendix B to Part 30 [Amended]
0
6. Amend appendix B to part 30 in supplement A, section III, by:
0
a. Removing the third sentence; and
0
b. Removing the word ``Effective'' and adding in its place ``Timely and
effective''.
Appendix C to Part 30 [Amended]
0
7. Amend appendix C to part 30 by:
0
a. In section I:
0
i. In paragraph (i), removing ``reputation,''; and
0
ii. In paragraph (vi), removing the last sentence; and
0
b. In section II, paragraph (B)(1), removing ``reputation,''.
Appendix D to Part 30 [Amended]
0
8. Amend appendix D to part 30, section II, paragraph (B), by removing
the phrase ``compliance risk, strategic risk, and reputation risk'' and
adding in its place the phrase ``compliance risk, and strategic risk''.
FEDERAL DEPOSIT INSURANCE CORPORATION
12 CFR Chapter III
Authority and Issuance
For the reasons set forth in the preamble, the FDIC proposes to
amend parts 302 and 364 of chapter III of title 12 of the Code of
Federal Regulations as follows:
PART 302--REGULATIONS GOVERNING BANK SUPERVISION
0
9. The authority citation for part 302 continues to read as follows:
Authority: 5 U.S.C. 552; 12 U.S.C. 1818, 1819(a) (Seventh and
Tenth), 1831p-1.
0
10. Revise the heading for part 302 as set forth above.
0
11. Add a heading for subpart A, consisting of Sec. Sec. 302.1, 302.2,
and 302.3, to read as follows:
Subpart A--Use of Supervisory Guidance
0
12. Add subpart B, consisting of Sec. 302.100, to read as follows:
Subpart B--Prohibition on Use of Reputation Risk by Regulators
Sec. 302.100 Prohibitions.
(a) The FDIC will not criticize, formally or informally, or take
adverse action against an institution on the basis of reputation risk.
(b) The FDIC will not require, instruct, or encourage an
institution, or any employee of an institution, to:
(1) Refrain from contracting or doing business with a third party,
including an institution-affiliated party, on the basis of reputation
risk;
(2) Terminate a contract or discontinue doing business with a third
party, including an institution-affiliated party, on the basis of
reputation risk;
(3) Sign a contract or initiate doing business with a third-party,
including an institution-affiliated party, on the basis of reputation
risk; or
(4) Modify the terms or conditions under which it contracts or does
business with a third party, including an institution-affiliated party,
on the basis of reputation risk.
(c) The FDIC will not require, instruct, or encourage an
institution, or any employee of an institution, to terminate a contract
with, discontinue doing business with, sign a contract with, initiate
doing business with, modify the terms under which it will do business
with a person or entity, or take any action or refrain from taking any
action on the basis of the person's or entity's political, social,
cultural, or religious views or beliefs, constitutionally protected
speech, or solely on the basis of the person's or entity's involvement
in politically disfavored but lawful business activities perceived to
present reputation risk.
(d) The prohibitions in paragraphs (a) through (c) of this section
only apply to actions taken on the bases described in paragraphs (a)
through (c) of this section, and the prohibition in paragraph (c) of
this section shall not apply with respect to persons, entities, or
jurisdictions sanctioned by the Office of Foreign Assets Control.
(e) Nothing in this section shall restrict the FDIC's authority to
implement, administer, and enforce the provisions of subchapter II of
chapter 53 of title 31, United States Code.
(f) The FDIC will not take any supervisory action or other adverse
action against an institution, a group of institutions, or the
institution-affiliated parties of any institution that is designed to
punish or discourage an individual or group from engaging in any lawful
political, social, cultural, or religious activities, constitutionally
protected speech, or, for political reasons, lawful business activities
that the FDIC or any of its personnel disagrees with or disfavors.
(g) Definitions.
Adverse action includes:
(i) Any negative feedback delivered by or on behalf of the FDIC to
the supervised institution, including in a report of examination or a
formal or informal enforcement action;
(ii) A downgrade, or contribution to a downgrade, of any
supervisory rating, including, but not limited to:
[[Page 18294]]
(A) Any rating under the Uniform Financial Institutions Rating
System (or any comparable rating system);
(B) Any rating under the Uniform Interagency Consumer Compliance
Rating System;
(C) Any rating under the Uniform Rating System for Information
Technology;
(D) Any rating under any other rating system;
(iii) A denial of a filing pursuant to Part 303 of the FDIC's
regulations;
(iv) Inclusion of a condition on a deposit insurance application or
other approval;
(v) Imposition of additional approval requirements;
(vi) Any other heightened requirements on an activity or change;
(vii) Any adjustment of the institution's capital requirement; and
(viii) Any action that negatively impacts the institution, or an
institution-affiliated party, or treats the institution differently
than similarly situated peers.
Doing business with means:
(i) The bank providing any product or service, including account
services;
(ii) The bank contracting with a third party for the third party to
provide a product or service;
(iii) The bank providing discounted or free products or services to
customers or third parties, including charitable activities;
(iv) The bank entering into, maintaining, modifying, or terminating
an employment relationship; or
(v) Any other similar business activity that involves a bank client
or a third party.
Institution means an entity for which the FDIC makes or will make
supervisory determinations or other decisions, either solely or
jointly.
Institution-affiliated party means the same as in section 3 of the
Federal Deposit Insurance Act (12 U.S.C. 1813(u)).
Reputation risk means any risk, regardless of how the risk is
labeled by the institution or regulators, that an action or activity,
or combination of actions or activities, or lack of actions or
activities, of an institution could negatively impact public perception
of the institution for reasons not clearly and directly related to the
financial or operational condition of the institution.
PART 364--STANDARDS FOR SAFETY AND SOUNDNESS
0
13. The authority citation for part 364 continues to read as follows:
Authority: 12 U.S.C. 1818 and 1819 (Tenth), 1831p-1; 15 U.S.C.
1681b, 1681s, 1681w, 6801(b), 6805(b)(1).
Appendix B to Part 364 [Amended]
0
14. Amend appendix B to part 364 in supplement A, section III, by:
0
a. Removing the third sentence; and
0
b. Removing the word ``Effective'' and adding in its place ``Timely and
effective''.
Jonathan V. Gould,
Comptroller of the Currency.
Federal Deposit Insurance Corporation.
By order of the Board of Directors.
Dated at Washington, DC, on April 7, 2026.
Jennifer M. Jones,
Deputy Executive Secretary.
[FR Doc. 2026-06947 Filed 4-9-26; 8:45 am]
BILLING CODE 4810-33-P; 6714-01-P
</pre></body>
</html>Indexed from Federal Register on April 10, 2026.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.