Changeflow GovPing Banking & Finance FDIC and OCC Ban Regulators' Use of Reputation ...
Priority review Rule Added Final

FDIC and OCC Ban Regulators' Use of Reputation Risk in Bank Supervision

Favicon for www.federalregister.gov FR: Federal Deposit Insurance Corporation
Published
Detected
Email

Summary

The FDIC and OCC published a final rule prohibiting bank examiners from using reputation risk as a basis for supervisory criticism or enforcement actions. The rule removes informal guidance practices that critics argued allowed regulators to pressure banks over public perception rather than actual safety and soundness concerns. Federally chartered and state-chartered banks subject to OCC and FDIC supervision are directly affected.

View original document View source feed page

What changed

The final rule prohibits OCC and FDIC examiners from citing reputation risk as grounds for supervisory criticism, enforcement actions, or formal mandates against banks. This eliminates informal supervisory practices where regulators pressured banks to avoid activities perceived negatively in public discourse, even when those activities were legally permissible. The rule affects examination procedures under 12 CFR 30 and 364 for OCC and FDIC-supervised institutions respectively.

Banks and compliance officers should prepare for potential changes in examination processes and documentation standards. Institutions previously subject to informal reputation-based guidance may see shifts in how supervisory findings are communicated and challenged. Risk management frameworks should be reviewed to align with the new prohibition on reputation risk citations in examination reports.

What to do next

  1. Review internal policies on how supervisory feedback is documented and challenged
  2. Update compliance procedures to address examiner criticism standards
  3. Monitor for implementation guidance from OCC and FDIC examiners

Archived snapshot

Apr 10, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Legal Status This site displays a prototype of a “Web 2.0” version of the daily
Federal Register. It is not an official legal edition of the Federal
Register, and does not replace the official print version or the official
electronic version on GPO’s govinfo.gov.

The documents posted on this site are XML renditions of published Federal
Register documents. Each document posted on the site includes a link to the
corresponding official PDF file on govinfo.gov. This prototype edition of the
daily Federal Register on FederalRegister.gov will remain an unofficial
informational resource until the Administrative Committee of the Federal
Register (ACFR) issues a regulation granting it official legal status.
For complete information about, and access to, our official publications
and services, go to About the Federal Register on NARA's archives.gov.

The OFR/GPO partnership is committed to presenting accurate and reliable
regulatory information on FederalRegister.gov with the objective of
establishing the XML-based Federal Register as an ACFR-sanctioned
publication in the future. While every effort has been made to ensure that
the material on FederalRegister.gov is accurately displayed, consistent with
the official SGML-based PDF version on govinfo.gov, those relying on it for
legal research should verify their results against an official edition of
the Federal Register. Until the ACFR grants it official status, the XML
rendition of the daily Federal Register on FederalRegister.gov does not
provide legal notice to the public or judicial notice to the courts.

Legal Status

Rule

You may be interested in this older document that published on 10/30/2025 with action 'Notice of proposed rulemaking.' View Document

Prohibition on the Use of Reputation Risk by Regulators

A Rule by the Comptroller of the Currency and the Federal Deposit Insurance Corporation on 04/10/2026

  • 1.

1.

| Docket ID OCC-2025-0142
(2 Documents) | | | |
| --- | | | |
| Date | | Action | Title |
| | 2026-04-10 | Final rule. | Prohibition on the Use of Reputation Risk by Regulators |
| | 2025-10-30 | Notice of proposed rulemaking. | Prohibition on Use of Reputation Risk by Regulators |

Enhanced Content - Related Documents

  • Public Comments Enhanced Content - Public Comments This feature is not available for this document.

Enhanced Content - Public Comments
- Regulations.gov Data Enhanced Content - Regulations.gov Data Additional information is not currently available for this document.

Enhanced Content - Regulations.gov Data

- Sharing Enhanced Content - Sharing Shorter Document URL https://www.federalregister.gov/d/2026-06947 Email Email this document to a friend Enhanced Content - Sharing

  • Print Enhanced Content - Print
  • Other Formats Enhanced Content - Other Formats This document is also available in the following formats:

JSON Normalized attributes and metadata XML Original full text XML MODS Government Publishing Office metadata More information and documentation can be found in our developer tools pages.

Enhanced Content - Other Formats
- Public Inspection Public Inspection This PDF is FR Doc. 2026-06947 as it appeared on Public Inspection on
04/09/2026 at 8:45 am.

It was viewed
58
times while on Public Inspection.

If you are using public inspection listings for legal research, you
should verify the contents of the documents against a final, official
edition of the Federal Register. Only official editions of the
Federal Register provide legal notice of publication to the public and judicial notice
to the courts under 44 U.S.C. 1503 & 1507. Learn more here.

Public Inspection
Published Document: 2026-06947 (91 FR 18279) This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Document Headings Document headings vary by document type but may contain
the following:

  1. the agency or agencies that issued and signed a document
  2. the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to
  3. the agency docket number / agency internal file number
  4. the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions See the Document Drafting Handbook for more details.
Department of the Treasury
Office of the Comptroller of the Currency
  1. 12 CFR Parts 1, 4, and 30
  2. [Docket ID OCC-2025-0142]
  3. RIN 1557-AF34
Federal Deposit Insurance Corporation
  1. 12 CFR Parts 302 and 364
  2. RIN 3064-AG12

AGENCY:

Office of the Comptroller of the Currency, Treasury, and Federal Deposit Insurance Corporation.

ACTION:

Final rule.

SUMMARY:

The Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation are adopting a final rule to codify the elimination of reputation risk from their supervisory programs. Among other things, the rule prohibits the agencies from criticizing or taking adverse action against an institution on the basis of reputation risk. The rule also prohibits the agencies from requiring, instructing, or encouraging an institution to close an account, to refrain from providing an account, product, or service, or to modify or terminate any product or service on the basis of a person or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of politically disfavored but lawful business activities perceived to present reputation risk. The rule further forbids the agencies from taking any supervisory action or other adverse action against an institution, a group of institutions, or the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities that the agencies or its personnel disagree with or disfavor.

DATES:

The final rule is effective June 9, 2026.

FOR FURTHER INFORMATION CONTACT:

OCC: Jonathan Fink, Director, Bank Advisory, Joanne Phillips, Counsel, or Collin Berger, Attorney, Chief Counsel's Office, (202) 649-5490, Office of the Comptroller of the Currency, 400 7th Street SW, Washington, DC 20219. If ( printed page 18280) you are deaf, hard of hearing, or have a speech disability, please dial 7-1-1 to access telecommunications relay services.

FDIC: Legal Division: Sheikha Kapoor, Assistant General Counsel, (202) 898-3960; James Watts, Counsel, (202) 898-6678.

SUPPLEMENTARY INFORMATION:

I. Introduction

On October 30, 2025, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) (collectively, the agencies) published in the Federal Register a notice of proposed rulemaking [1 ] to remove the use of reputation risk from their supervisory programs. Among other things, the proposed rule would also have prohibited the agencies from requiring, instructing, or encouraging an institution to close an account, to refrain from providing an account, product, or service, or to modify or terminate any product or service on the basis of a person or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of politically disfavored but lawful business activities perceived to present reputation risk. The proposed rule further would have forbidden the agencies from taking any supervisory action or other adverse action against an institution, a group of institutions, or the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities that the agencies or its personnel disagree with or disfavor. Following review of the comments received on the proposal, the agencies are finalizing the proposed rule, with minor modifications. The agencies have updated the final rule's definition of “reputation risk” to include an express reference to the operational condition of the institution. The agencies have also modified the prohibition on taking supervisory action or other adverse action designed to punish or discourage lawful business activities that the “supervisor” disagrees with or disfavors. The agencies have updated this provision to use language broader than “supervisor” to clarify that bias from any individual at the agency is not a permissible basis for agency action.

Under 12 U.S.C. 1(a), the OCC is charged with assuring the safety and soundness of and compliance with laws and regulations, fair access to financial services, and fair treatment of customers by the institutions and other persons subject to its jurisdiction. Similarly, the FDIC has statutory authority to administer the affairs of the Corporation, which includes a framework for banking supervision. Further, the FDIC's Board of Directors has the authority to prescribe rules and regulations as it may deem necessary to carry out the provisions of the Federal Deposit Insurance Act, and the OCC is authorized to prescribe rules and regulations to carry out the responsibilities of the office.

Based on these authorities, the subjectivity of reputation risk, the inefficacy of reputation risk at identifying risks to safety and soundness or other statutory mandates, and the potential for regulatory overreach and abuse, the agencies have removed reputation risk from their supervisory frameworks and are codifying this change in relevant regulations.

II. Background

The agencies believe that banking regulators' use of the concept of reputation risk as a basis for supervisory criticisms increases subjectivity in banking supervision without adding material value from a safety and soundness perspective. The agencies believe that most activities that could negatively impact an institution's reputation do so through traditional risk channels (e.g., credit risk, market risk, and operational risk, among others) on which supervisors already focus and already have sufficient authority to address. At the same time, supervising for reputation risk as a standalone risk adds substantial subjectivity to bank supervision and can be abused. It also diverts bank and agency resources from more salient risks without adding material value from a safety and soundness perspective or ensuring greater compliance with the law. To improve the efficiency and effectiveness of their supervisory programs, the agencies have removed reputation risk from their supervisory frameworks and are proposing to codify this change in relevant regulations. This change would also respond to concerns expressed in Executive Order 14331, Guaranteeing Fair Banking for All Americans, [2 ] that the use of reputation risk can be a pretext for restricting law-abiding individuals' and businesses' access to financial services on the basis of political or religious beliefs or lawful business activities.

The agencies' supervisory experience has shown that the use of reputation risk in the supervisory process does not increase the safety and soundness of supervised institutions because supervisors have little ability to predict ex ante whether or how certain activities or customer relationships present reputation risks that could threaten the safety and soundness of an institution. [3 ] In contrast, risks like credit risk and liquidity risk are more concrete and measurable and allow supervisors to more objectively assess a banking institution's financial condition. Assessments of these risks reflect perceptions of a bank's financial condition consistent with objective principles. Conversely, an independent consideration of reputation risk by supervisors has not resulted in consistent or predictable assessments of material financial risk. Instead, by focusing on reputation risk, supervisors attempt to understand and anticipate public opinion regarding issues and events and then to attempt to directly connect this public opinion regarding issues and events to an institution's condition in ways that have proven nearly impossible to assess or quantify with accuracy. The agencies' attempts to identify reputation risks and their potential effects on institutions have not resulted in increased safety for supervised institutions as supervisors have not been able to accurately predict ( printed page 18281) the public's reaction to business decisions made by institutions.

In other words, there is no clear evidence that supervisory interference in banks' activities or relationships in the interest of protecting the banks' reputations has protected banks from losses or improved banks' performance.

In addition to not enhancing safety and soundness, focusing on reputation risk can distract institutions and the agencies from devoting resources to managing core financial risks—such as credit risk, liquidity risk, and interest rate risk—that are quantifiable and have been shown to present significant threats to institutions. Monitoring requires dedicated resources. For example, in order to confront such risks, institutions frequently purchase expensive risk-monitoring models that must be maintained, implement detailed loan review programs, hire expensive outside advisers, and provide time-intensive training for staff. Parallel to these actions by institutions, the agencies have limited resources and a responsibility to use these resources in an efficient and productive manner in furtherance of their statutory responsibilities. In the judgment of the agencies, examining for reputation risk diverts resources that could be better spent on other risks that have been shown to present significant, tangible threats to institutions and that are more easily quantified and addressed through regulatory intervention.

Moreover, the agencies' use of reputation risk in reaching supervisory conclusions introduces subjectivity and unpredictability into the agencies' judgments. Agency supervision more effectively fosters safe and sound banking when supervised institutions have a reasonable expectation of how the agencies would evaluate an activity. The agencies have not been able to clearly explain how banks should measure the reputation risk from different activities, business partners, or clients, nor have the agencies been able to clearly articulate the criteria for which activities, business partners, or clients are deemed to present reputation risk. [4 ] Without clear standards, the agencies' supervision for reputation risk has been inconsistent and has at times reflected individual perspectives of agency staff rather than data-driven conclusions. This can result in agency staff implicitly or explicitly encouraging institutions to restrict access to banking services on the basis of staff's personal views of a group's or individual's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or politically disfavored but lawful business activities. Different stakeholders may have different perspectives on how such activities or relationships impact an institution's reputation, if at all, which creates unpredictability and inconsistency for regulated entities. Additionally, the subjective nature of supervisory decisions about reputation risk introduces the potential for political or other biases to enter into the supervisory process. Thus, supervisory judgments about reputation risk can create subjective regulatory interference in day-to-day business decisions of banks that should be based on neutral market factors. This practice can also result in distortions to industries and the U.S. economy, as the agencies use reputation risk to choose winners and losers among market participants and industries. Given the difficulty of measuring reputation risk in an accurate and precise way, it is inappropriate for the agencies' supervisors to examine supervised institutions against this risk.

More importantly, when a supervised institution alters its behavior to comply with supervisory expectations relating to reputation risk management, such as by closing an account or choosing not to enter into or continue a business relationship with a customer or industry that it would otherwise maintain, it is forgoing an opportunity to maintain or build a profitable business relationship that may otherwise be consistent with sound risk management practices. Accordingly, the agencies' past practice of encouraging supervised institutions to alter their behavior due to reputation risk may have adversely impacted institutions' earnings, capital positions, and safety and soundness. In this way, the agencies' prior focus on reputation risk may have caused supervised institutions to be less safe and sound than had they been permitted to engage in lawful business activities without these limitations resulting from supervisory expectations surrounding reputation risk.

In addition, examining for reputation risk can result in agency personnel or leadership implicitly or explicitly encouraging institutions to restrict access to banking services on the basis of agency personnel's personal views of a group's or individual's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or politically disfavored but lawful business activities. Denying lawful businesses access to financial services can further have negative effects on the economy by hindering the growth of these lawful businesses and consequently interfering with the job creation and the economic activity their operations could generate.

Moreover, even if reputation risk could be quantified, the agencies lack evidence that reputation risk, in the absence of identified financial or operational risks, is a factor that can hurt an institution's safety and soundness. Although there are examples of risks such as credit risk and liquidity risk being the primary driver of an institution's unsafe or unsound condition, the agencies have not seen evidence that reputation risk can be the primary driver of an institution being in unsafe or unsound condition. When reputational issues are identified as a cause of harm that has impacted a supervised institution's financial condition, there are typically other more significant factors, such as those relating to the institution's capital, asset quality, liquidity, earnings, or interest rate sensitivity, that are the primary drivers of the institution's weakened financial condition. The OCC's analysis shows that the agency will not lose information useful to anticipate regulated institutions' failure by ceasing to produce reputation risk ratings in the Risk Assessment System (RAS) ratings system, as the RAS reputation risk ratings do not forecast failure after accounting for the CAMELS composite rating and components. Instead, only RAS ratings that assess fundamental financial risks predict failure risk once CAMELS ratings are accounted for.

In addition, there is no evidence that ceasing to impose Matters Requiring Attention (MRAs) that focus on reputation risk will harm the agencies' ability to anticipate and resolve failure risk. The agencies' analysis shows that MRAs that either mention reputation risk in the MRA description or include reputation risk as either a primary or secondary risk have no ability to predict bank failures.

The OCC's supervision is required by law to focus on the safety and soundness of its institutions and compliance with laws and regulations as well as, as applicable, fair access to financial services and fair treatment of customers. [5 ] The FDIC is responsible for the supervision and examination of State nonmember banks, including for safety and soundness principles. [6 ] In furtherance of these objectives, the agencies' supervision should focus on ( printed page 18282) concrete risks and objective criteria directly related to applicable statutory requirements. In the agencies' experience, using reputation risk in its supervisory process does not further this mission.

III. Overview of the Notices of Proposed Rulemaking and General Summary of Comments

The proposed rule sought to codify the removal of reputation risk from the OCC and FDIC's supervisory programs. The proposed rule would have prohibited the agencies from criticizing, formally or informally, or taking adverse action against an institution on the basis of reputation risk. In addition, under the proposal, the agencies would be prohibited from requiring, instructing, or encouraging an institution or its employees to refrain from contracting with or to terminate or modify a contract with a third party, including an institution-affiliated party, on the basis of reputation risk. The proposed rule also stated that the agencies could not require, instruct, or encourage an institution or its employees to refrain from doing business with or to terminate or modify a business relationship with a third party, including an institution-affiliated party, on the basis of reputation risk. The proposed rule would have also prevented the agencies from requiring, instructing, or encouraging an institution to enter into a contract or business relationship with a third party on the basis of reputation risk. The proposed rule would have further prohibited the agencies from requiring, instructing, or encouraging an institution or an employee of an institution to terminate a contract with, discontinue doing business with, or modify the terms under which it will do business with a person or entity on the basis of the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of the third party's involvement in politically disfavored but lawful business activities perceived to present reputation risk.

The proposed rule was solely focused on the functions and activities of the OCC and the FDIC. The proposed rule did not include prohibitions, restrictions, or requirements on the self-directed activities of supervised institutions or institution-affiliated parties.

The proposed rule provided definitions of several terms used in the rule, including “adverse action,” “doing business with,” “institution,” “institution-affiliated party,” and “reputation risk.”

The prohibitions of the proposed rule would have applied to actions taken on the basis of reputation risk; political, social, cultural, or religious views and beliefs; constitutionally protected speech; or solely based on bias against politically disfavored but lawful business activities perceived to present reputation risk. The proposed rule would not have prohibited criticism, supervisory feedback, or other actions to address traditional risk channels related to safety and soundness and compliance with applicable laws, including credit risk, market risk, and operational risk (including cybersecurity, information security, and illicit finance), provided that such criticism, supervisory feedback or other action addressing these other risks was not a pretext designed to covertly continue supervision for reputation risk.

Under the proposed rule, the OCC planned to make seven conforming amendments to the OCC's regulations to eliminate references to reputation risk. These conforming amendments would be made in (1) the list of risks a national bank shall consider, as appropriate, as set out in 12 CFR part 1 of the OCC regulations; and (2) the safety and soundness standards set forth in 12 CFR part 30 of the OCC regulations, including the OCC guidelines. The OCC regulations at 12 CFR part 30 would include six conforming amendments. [7 ]

Under the proposed rule, the FDIC planned to make one conforming amendment to the FDIC's regulations relating to reputation risk. This amendment would be made in the safety and soundness standards set forth in 12 CFR part 364 of the FDIC's regulations. [8 ] Under the proposed rule, the FDIC would eliminate the reference to reputation risk in the regulation.

The agencies received comments on many areas of the proposed rule. The commenters represented government entities, congresspeople, industry trade groups, nonprofits, financial institutions, other types of businesses, and individuals. The agencies received a mix of comments both supporting and opposing the proposed rule. Many commenters made suggestions for alternatives to the rule or for ways to strengthen or alter the rule.

IV. Overview of Final Rule

The agencies have decided to adopt the proposed rule with minor modifications.

A. Comments Regarding the Need for and Adoption of the Rule

Although the agencies received comments both supporting and opposing the proposed rule, the majority of comment letters expressed support. Many commenters urged the agencies to adopt the proposed rule because they perceived reputation risk to be ill-suited as a supervisory tool. These commenters expressed concern that reputation risk is subjective and hard to measure in a predictable or quantitative fashion. These observations mirrored the agencies' experience with the shortcomings of reputation risk as a supervisory tool, as discussed above in the “Background” section. The commenters explained that this subjectivity interfered with both banks and other regulators for FDIC-insured banks, such as State banking agencies, being able to anticipate Federal regulators' perspectives and concerns. These commenters also noted that regulators' focus on reputation risk, and the consequent need for financial institutions to focus on anticipating regulators' concerns regarding reputation risk, distract from more material risks or better use of resources. The agencies agree with these observations by commenters on the harms of including reputation risk in the supervisory program.

In contrast, other commenters opposed the proposed rule and stated that examination for reputation risk is necessary to support bank safety and soundness. In contrast to the commenters who stated that reputation risk cannot be measured quantitatively or objectively, one commenter stated that it could be measured accurately. However, this commenter did not recommend an actionable method that the agencies could adopt for such a measurement, and the regulators are not aware of an objective and reliable method for measuring reputation risk.

Some of these commenters stated that damage to a bank's reputation can cause substantial financial harm to a bank. As support for this assertion, some commenters cited the spring 2023 bank failures, which they claimed happened due to reputational harms to the financial institutions involved. However, those failures were caused by, among other contributing factors, a lack of public confidence in the financial condition of the institutions; the agencies have not identified non-financial reputation risk as among them. The final rule is adopting from the proposed rule a definition of reputation risk that specifically excludes issues that could negatively impact public ( printed page 18283) perception for reasons “clearly and directly related to the financial condition of the institution.” Thus, the concerns that caused the public to cease doing business with the institutions affected by the spring 2023 bank failures were not the types of concerns that would fall under the definition of reputation risk in the final rule and for which the agencies would be prevented from supervising. Indeed, the Spring 2023 failures were examples of the types of material financial risks on which regulators and institutions need to focus and from which they can be distracted by more nebulous and not-financially-related reputation risk concerns.

Some commenters argued that removing supervision for reputation risk downplays the importance of customer loyalty and trust. However, the agencies have not observed that supervision for reputation risk helps support customer loyalty to financial institutions, an area that banks compete on. Indeed, as another commenter explained, policing for reputation risk concerns can actually harm an institution's customer loyalty. This commenter explained how financial institutions could harm their reputations by closing accounts on the basis of religious or political bias and thus how attempts to mitigate reputation risk can actually harm financial institutions. The commenter provided an example of negative publicity that a bank purportedly experienced after closing the commenter's account allegedly for religious reasons.

In the agencies' experience, supervising for reputation risk requires the agencies to determine which sides of potentially contentious political, social, and religious issues will be favored by the customers of the regulated institutions. Attempting to ensure “customer loyalty” for regulated institutions by preventing regulated institutions from providing services for businesses, individuals, or activities that may offend customers requires the agencies to accurately predict public sentiment regarding controversial issues. The agencies have not shown the ability to accurately do this in a consistent and reliable manner, and efforts to predict public opinion have distracted both regulators and the regulated from focusing on risks they can understand and predict.

Commenters were divided on whether supervision for reputation risk harms the integrity of the banking system and banking regulation. One commenter stated that removing supervision for reputation risk would harm the integrity of the banking system, the political institutions, U.S. elections, and ultimately national security. However, as another commenter noted, the agencies' efforts to take sides in ongoing public debates can harm the stability of the banking system because whichever side the regulators decide against and denounce as causing reputational harm to financial institutions will lose faith and trust in the regulators, thus harming the credibility that U.S. financial regulatory structure relies upon. For the reasons explained by this commenter, the agencies believe that the harm to their public legitimacy that will come from entering into contentious public debates outside of their statutory responsibilities is greater than the potential for not supervising for reputation risk to cause harm, risk which the agencies believe to be highly unlikely for the reasons described above.

Another commenter stated that the proposed rule strips away an important means of recognizing discrimination and extremism in financial institutions. This commenter argued that reputation risk has been a regulatory tool that allowed early intervention in developing patterns of discriminatory or predatory banking practices by banks. Another commenter, similarly, was concerned that removing examination for reputation risk would cause financial institutions to lose their ability to detect emerging threats such as certain fraud schemes. Other commenters were likewise concerned that removing supervision for reputation risk would remove deterrence from banks engaging in predatory practices such as fraudulent account scandals or from providing services for people who have committed crimes. Similarly, another commenter argued that the agencies should consider that removing reputation risk could lead to increased incidence of illegal and risky activities that might be flagged by reputation risk monitoring. In the same vein, one commenter opined that removing examination for reputation risk would increase unethical behavior by banks. This same commenter further stated that the agencies must consider that removing reputation risk could lead to worsening service for customers. However, the final rule does not repeal or alter any of the existing laws or regulations prohibiting discriminatory or predatory banking practices, and there is no evidence suggesting it could lead to worsening customer service. Moreover, issues stemming from a lack of customer service fall outside of what is being considered to be a reputation risk, as defined in the final regulation. Illegal discrimination and predatory practices will continue to be forbidden, and the agencies will continue to expect their regulated institutions to comply with all applicable laws addressing these issues. Moreover, the proposed rule does not alter the legal requirements and supervisory expectations around the detection and prevention of fraud. The removal of reputation risk from the agencies' supervisory programs will not impact the agencies' continued examination for compliance with these types of laws, but rather will allow the agencies to better allocate its resources during examinations.

B. Comments Regarding Harms From Regulators Pressuring Banks To Stop Serving Certain Industries Due to Perceived Reputation Risks

Some commenters argued that economic harm to both individuals and to the broader economy resulted from debanking customers due to perceived reputation risk. Some of these comments were from individuals or trade organizations whose members had been debanked despite the benefits that they believed their industry or business offered to the economy. These commenters argued that their members were engaged in lawful business operations, complied with extensive regulations as applicable, and employed many Americans. Other commenters noted that financial institutions benefit from greater engagement with all industries in the U.S. economy and that such financial institutions are financially harmed by being prevented from doing business with certain sectors due to reputational concerns. These observations about the harms from regulators pressuring banks to stop serving certain industries under the guise of protecting against reputation risk are generally consistent with the agencies' understanding of supervision for reputation risk. The agencies agree with these observations about these harms and that the agencies should not be requiring, instructing, or encouraging an institution to close an account, to refrain from providing an account, product, or service, or to modify or terminate any product or service on the basis of a perceived reputation risk.

One commenter expressed concern about the “economic distortion” created by the use of reputation risk and by the regulators picking economic winners and losers. Another commenter similarly noted that debanking due to reputation risk can also open the door to what the commenter described as an “economic heckler's veto” by any economically powerful entity, such as a customer or investor. This commenter ( printed page 18284) argued that allowing an economically powerful entity to pressure an institution to not provide services to certain businesses by claiming that such would create reputation risk could, in practice, give outsized weight to those who already have economic or financial power.

In support of banks' discretion, one commenter stated that businesses such as those involving digital assets or fossil fuels are not members of a protected class and therefore are not entitled to guaranteed access to the banking system. Similarly, another commenter stated that the government should not be favoring certain sectors by preventing financial institutions from debanking them. However, the rule both as proposed and as adopted here only constrains agency action and does not compel or restrict any actions by financial institutions.

As noted, the agencies agree with the concerns about economic distortions caused by regulators favoring or disfavoring certain legal businesses over other legal businesses. It is not the role of financial regulators to pick winners and losers among lawful businesses or to attempt to suppress lawful businesses.

C. Legal and Constitutional-Related Concerns Regarding the Agencies' Use of Reputation Risk

Some commenters contended that the use of reputation risk as a supervisory tool violates multiple parts of the U.S. Constitution. For example, some commenters expressed the concern that reputation risk has been used to chill free speech. One commenter also argued that the use of reputation risk is in violation of the Fifth Amendment of the Constitution because it is unconstitutionally vague. Other commenters argued that the use of reputation risk infringes on Americans' Second Amendment right to bear arms by causing debanking in the firearms industry.

The agencies believe that, regardless of the constitutionality of using reputation risk, removing it will reduce the subjectivity of the supervisory program and thus improve the oversight of financial institutions. Thus, agencies do not need to determine whether there would be further issues regarding constitutionality. Therefore, the agencies see removing reputation risk from the supervisory program as a prudent measure to address the potential for such transgressions.

Commenters also alleged that the use of reputation risk violated the Administrative Procedure Act (APA). Specifically, these commenters argued that the agencies' prior use of reputation risk violated the APA requirement that agency actions not be arbitrary or capricious, that substantive rules be promulgated through notice-and-comment procedures, and that agencies act within their statutory authority. The agencies believe that, regardless of consistency with APA requirements, removing reputation risk will be of benefit by providing less opportunity for subjectivity in the future. Thus, this concern is another reason that the agencies have decided to adopt the final rule.

D. Suggestions for Alternatives To Removing Reputation Risk From the Supervisory Program

Several commenters suggested that the agencies reform the use of reputation risk in its supervisory program rather than remove the concept entirely. These commenters argued that the agencies could establish clearer standards and metrics for measuring reputation risk to make it more objective. However, these commenters did not propose methods for accomplishing this that would be actionable and effective, and, in the agencies' experience, such standards and metrics do not exist in a form that is accurate and consistent. Moreover, even if reputation risk could be monitored through clearer standards or metrics, as explained above, agency experience has not shown a clear and consistent connection between reputation risk and actual financial harm to regulated institutions. Therefore, even if clearer standards or metrics could be established, the resources necessary to formulate such clearer metrics would still not be well spent because it is not clear that the purported risk being measured actually impacts financial institutions' safety and soundness.

E. Comments Regarding Evidence of Debanking

Several commenters argued that the agencies had not presented sufficient evidence that debanking occurred that was caused by regulators' concerns regarding reputation risk. In contrast, other commenters alleged that they or their members had been debanked due to political biases that were labeled as reputation risk. The agencies believe that the potential for reputation risk to be misused in this manner supports removal from the agencies' supervisory program. [9 ]

F. Comments Alleging That the Agencies Failed To Consider Certain Aspects of the Rule

One commenter argued that the agencies had not presented enough evidence that ceasing to examine for reputation risk would lead to better supervisory outcomes. To the contrary, as the agencies explained above in the “Background” section, while there are examples of risks like credit risk and liquidity risk being the primary driver of an institution's unsafe or unsound condition, the agencies have not seen evidence that reputation risk can be the primary driver of an institution being in unsafe or unsound condition. Even in cases when reputational issues are identified as a cause of harm that has impacted a supervised institution's financial condition, there are typically other more significant factors, such as those relating to the institution's capital, asset quality, liquidity, earnings, or interest rate sensitivity, that are the primary drivers of the institution's weakened financial condition.

Commenters also alleged that the rule failed to consider the loss to the Deposit Insurance Fund from not examining for reputation risk. As the agencies have explained, given the lack of evidence linking perceived reputation risks to material financial harm at regulated entities, the agencies do not expect an increase in bank failures due to the removal of reputation risk from the supervisory program. Another commenter argued that the agencies should consider that removing reputation risk could lead to increased incidence of illegal and risky activities that might be flagged by reputation risk monitoring. Removing reputation risk from the supervisory program will make ( printed page 18285) available more resources for supervision of illegal or abusive practices. This same commenter further stated that the agencies must consider that removing reputation risk could lead to worsening service for customers. However, issues stemming from a lack of customer service fall outside of what is considered to be reputation risk as defined in the final regulation. A commenter further alleged that there would be capital flight to lenders in other jurisdictions with adequate supervision of reputation risk. The commenter presented no evidence to support his assertion that this would occur. Since the agencies ceased examining for reputation risk in early 2025, they have seen no such flight of capital.

G. Suggestions for Expanding the Rule

Some commenters suggested expanding the rule in various ways to control the behavior of regulated entities. The comments included suggestions to prohibit banks from choosing, without regulator pressure, to debank customers based on reputational concerns or disagreement with protected political views or speech. However, other commenters opposed this idea, and some commenters requested clarifying language be added that banks still retain discretion regarding whom they do business with. These suggestions are all outside the scope of this rulemaking, which is solely focused on the actions of the agencies and not on controlling or addressing the actions of supervised entities or other private parties.

In a similar vein, one commenter recommended that the rule include a requirement that national banks and Federal savings associations must report to the agencies information regarding all deposit account terminations and that the rule should require the agencies to make this information publicly available annually in a report covering deposit account termination data for each reporting bank and savings association along with aggregate statistics on deposit account terminations. Similarly, other commenters suggested that all debanked customers who had an account closed should be able to access information from their financial institution to understand the reason for the closure and to have a means for redress if there was an error. Another commenter recommended that banks should be required to provide written notice when terminating or materially modifying customer relationships, including a statement of the reasons for such actions, unless otherwise prohibited by law enforcement. Another suggestion raised by commenters was that the agencies should encourage institutions to identify customers whose accounts were closed or services denied solely on reputation grounds and to offer those customers a path to reinstatement, subject to standard, risk-based underwriting. However, this rulemaking is solely focused on the actions of the agencies, not on the actions of institutions regulated by the agencies, so these comments and all other suggestions for expanding the rule to monitor, control, or prohibit private entity action are all outside the scope of this rulemaking. Other comments that provided suggestions for improving or clarifying agency supervisory practices or altering methods for supervisory communication beyond the removal of reputation risk are likewise outside the scope of this rulemaking.

One commenter requested clarification that institutions would still be expected to guard against issues that could affect their reputations, such as fraud. Supervised institutions have legal and supervisory requirements to be vigilant against fraud, and these requirements are not affected by this rule. [10 ] The expectation that banks continue to follow all legal requirements for their operations and their treatment of customers is not altered. Moreover, concerns regarding fraud directly impact the operational and financial condition of the institution and can directly cause consumer harm. Thus, the rule excludes public concerns regarding these issues from the definition of reputation risk.

Another suggestion raised by commenters was that the agencies should establish or publicize complaint channels enabling individuals and businesses to report suspected reputation risk-based denials or closures at supervised institutions. The OCC maintains a website, https://helpwithmybank.gov/, through which members of the public can file a report if they believe they have been unfairly debanked or discriminated against by their bank due to their political or religious beliefs or lawful business activities. The FDIC maintains a similar website at https://ask.fdic.gov/​fdicinformationandsupportcenter/​s/​?language=​en_​US, where members of the public can file complaints about financial institutions.

One commenter requested that the agencies clarify that the proposed rule would not prevent examiners from engaging in constructive conversations about business strategy, market conditions, competitive pressures, or customer relationship management, provided such discussions do not cross the line into criticism or adverse action based on reputation risk or prohibited considerations. The agencies confirm that it is not the intention of the rule to hinder this type of communication.

H. Discussion of Specific Sections of the Final Rule and Comments Thereon

1. Definitions

i. Definition of Adverse Action

“Adverse action,” as defined by the rule, includes the provision of negative feedback, including feedback in a report of examination, a memorandum of understanding, verbal feedback, or an enforcement action. Furthermore, “action” encompasses any action of any agency employee, including any communication characterized as informal, preliminary, or not approved by agency officials or senior staff. A downgrade (or contribution to a downgrade) of any supervisory rating, including a rating assigned under the Uniform Financial Institutions Rating System or comparable rating system, also constitutes an “adverse action.” In addition, a downgrade (or contribution to a downgrade) of a rating under the Uniform Interagency Consumer Compliance Rating System or the Uniform Rating System for Information Technology, or any other rating system, also constitutes an “adverse action.” Further, a denial of a filing or licensing application or an imposition of a capital requirement above the minimum ratios constitutes an “adverse action” under the rule, as does any burdensome requirements placed on an approval, the introduction of additional approval requirements, or any other heightened requirements on an activity or change.

The agencies are also including in the rule a general “catch-all” for any other actions that could negatively impact an institution outside of traditional supervisory channels. This catch-all is meant to include actions such as supervisory decisions on applications for waivers outside of the normal licensing or filing channels, applications to engage in certain business activities for which supervisory permission is required, or other regulatory decisions affecting institutions. Intent is the defining characteristic for whether an agency action would fall into this catch-all provision. As illustrations of agency actions that are subject to this prohibition, the prohibition prevents the agencies from, for example: disapproving a proposed member of a board of directors on the basis of an ( printed page 18286) unsubstantiated pretense where the true reason is reputation risk, denying a waiver of bank director citizenship and residency requirements for the purpose of inducing an institution to address perceived reputation risk somewhere in the institution's operations, or disapproving a change of control notice because an institution lacks internal reputation risk controls. Agency actions subject to this prohibition also include negative feedback that is verbal, a condition attached to an approval, the introduction of new approval requirements, and any other heightened requirements that are intended to force the bank to address perceived reputation risk.

The agencies received comments both supporting and opposing the proposed definition of “adverse action.” Although some commenters supported the proposed definition, one commenter stated that agencies should be less focused on the “intent” of the action in the catch-all provision because “intent” might be hard to prove. However, the agencies believe that including “intent” is helpful to avoid capturing agency actions that might unintentionally negatively impact a certain industry but is not intended to have that affect. For instance, an institution may be criticized for having a large concentration of loans in a specific business sector without proper risk management of the concentration risk presented. Such criticism might unintentionally dissuade the institution from making further loans to that business sector, but such is not the intent of the criticism, and such criticism can be important to the safety and soundness of the institution. As evidence of “intent” the agencies will look to both the effect of the action as well as the justification for the action. For instance, unsubstantiated or poorly substantiated claims or justification for actions are evidence of possible ulterior motivations for actions that have a negative effect on a religious group or lawful business. Inconsistent application of standards or adverse actions between similarly situated parties, especially without an explanation for the discrepancy, can also be evidence of an intent to impermissibly punish or discourage an individual or group from engaging in lawful political, social, cultural, or religious activities, constitutionally protected speech, or lawful business activity. Moreover, an agency action that completely or effectively prevents the affected group, individual, or business from accessing financial services or severely hinders the group, individual, or businesses' ability to operate can be evidence of impermissible agency intent as financial and compliance risks are not likely to be so uniformly high as to require such a result.

Thus, the agencies are adopting the definition of “adverse action” as proposed.

ii. Definition of Doing Business With

The term “doing business with” in the proposed rule is intended to be construed broadly and to include business relationships both with clients of the institution and with third-party service providers. It is also intended to include the relationship of a bank with organizations or individuals that the bank is providing with charitable services, including as part of a community benefits agreement or as part of a Community Reinvestment Act plan. This term is intended to include both existing business relationships and prospective business relations. No comments were received on this definition.

iii. Definition of Institution-Affiliated Party

The term “institution-affiliated party” has the same meaning as in section 3 of the Federal Deposit Insurance Act. [11 ] No comments were received on this definition.

iv. Definition of Reputation Risk

Several commenters recommended that the proposed definition of reputation risk be altered to remove the phrase “for reasons not clearly and directly related to the financial condition of the institution.” However, the agencies believe this phrase is necessary to maintain the ability of the agencies to address public concerns that directly relate to an institution's financial condition and solvency because those concerns can lead to runs. Unlike public concerns about an institution doing business with politically controversial people or entities, concerns about an institution's financial condition have been shown repeatedly to lead to a direct negative impact on the institution that can cause failure.

One commenter stated that reputation risk is always directly financially material and thus the phrase in the definition of reputation risk that it is “not intended to capture risks posed by public perceptions of the institution's current or future financial condition because such perceptions relate to risks other than reputation risk” is self-contradictory. However, as explained by the agencies above in the “Background” section, the agencies' supervisory experience has found that reputation risk, as defined in the rule, is not financially material to institutions.

The agencies received comments that were divided on whether the definition of “reputation risk” should include the term “operational” in the phrase “for reasons not clearly and directly related to the financial condition of the institution.” One commenter believed that the term “operational” could be used to evade the intention of the rule to allow some consideration of reputation risk. However, another commenter noted that including this term would be consistent with other provisions of the rule that explicitly preserve the agencies' authority to supervise for operational risk.

The agencies have decided to add “operational” into the final rule such that the definition of “reputation risk” will be “any risk, regardless of how the risk is labeled by the institution or regulators, that an action or activity, or combination of actions or activities, or lack of actions or activities, of an institution could negatively impact public perception of the institution for reasons not clearly and directly related to the financial or operational condition of the institution.” The agencies agree that operational risk is a significant concern for institutions. Public perception that an institution could be susceptible to a breakdown in the provision of services due to operational issues such as a cyberattack or a natural disaster could have a direct impact on customer's willingness to do business with an institution and thus on the institution's financial solvency.

2. Prohibitions on the Use of Reputation Risk in the Supervisory Process

Section (a) of the rule prohibits the agencies from criticizing, formally or informally, or taking adverse action against an institution on the basis of reputation risk. Section (b) prohibits the agencies from requiring, instructing, or encouraging an institution or its employees to refrain from contracting with or to terminate or modify a contract with a third party, including an institution-affiliated party, on the basis of reputation risk. The agencies also cannot require, instruct, or encourage an institution or its employees to refrain from doing business with or to terminate or modify a business relationship with a third party, including an institution-affiliated party, on the basis of reputation risk. Section (c) of the rule further prevents the agencies from requiring, instructing, or ( printed page 18287) encouraging an institution or an employee of an institution to enter into a contract or business relationship with a third party on the basis of reputation risk or to terminate a contract with, discontinue doing business with, or modify the terms under which it will do business with a person or entity on the basis of the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of the third party's involvement in politically disfavored but lawful business activities perceived to present reputation risk. Finally, section (f) of the rule provides that the agencies will not take any supervisory action or other adverse action against an institution, a group of institutions, or the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities that the supervisor disagrees with or disfavors.

These prohibitions do not affect requirements intended to prohibit or reject transactions or accounts associated with Office of Foreign Assets Control-sanctioned persons, entities, or jurisdictions. Such prohibitions and rejections are not based specifically on “the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or politically disfavored but lawful business activities perceived to present reputation risk.” The prohibition also does not affect the agencies' authority to enforce the requirements of the provisions of United States Code title 31, chapter 53, subchapter II regarding reporting on monetary transactions. [12 ] However, due to the broad nature of Bank Secrecy Act (BSA) [13 ] and anti-money laundering (AML) supervision, there is a risk that BSA/AML focused supervisory actions could indirectly address reputation risk. The rule prohibits supervisors from using BSA and anti-money laundering concerns as a pretext for reputation risk. In addition, although the agencies may continue to consider the statutory factors required with respect to certain applications, [14 ] the rule prohibits supervisors from using these provisions as a pretext for reputation risk when making determinations regarding such applications.

The agencies received multiple comments on these sections. First, on section (c), commenters were divided on whether the “solely” should be removed from the prohibition that the agencies will not require, instruct, or encourage an institution or its employees to terminate a contract with, discontinue doing business with, sign a contract with, initiate doing business with, modify the terms under which it will do business with a person or entity, “solely on the basis of the person's or entity's involvement in politically disfavored but lawful business activities perceived to present reputation risk.”

Some commenters felt the word “solely” should be maintained because otherwise banks could face regulatory uncertainty even when legitimate risk factors are the primary basis for the decision. Other commenters were concerned that “solely” should not be included because it could be read to imply that reputation risk could be considered, just not as a stand-alone risk.

The agencies included the word “solely” in this phrase to provide the ability for regulators to discourage activities that may implicate safety and soundness through traditional risk channels but also involve a legitimate business activity that might be politically disfavored. Given that the agencies still believe it is important to maintain this flexibility, the final rule is adopting the language in this provision as proposed and maintaining the word “solely.” The agencies will consider whether an agency action that appears to have some impermissible reputation risk considerations underlying it but proports to be based largely on permissible concerns violates the anti-evasion provisions in the rule.

Multiple commenters had concerns regarding the language at the end of section (f), which states that the agencies will not “take any supervisory action or other adverse action against an institution, a group of institutions, or the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities that the supervisor disagrees with or disfavors.” Some commenters requested that this prohibition be expanded to cover all agency personnel, not just supervisors. Similarly, another commenter suggested that the prohibition should be extended to prohibit any attempt to discourage lawful political or religious activity regardless of what the supervisor thinks about the activity.

The agencies did not intend this provision to be read so narrowly as to only cover the views of supervisory staff as compared to the views of other members of the agencies. Thus, the agencies are changing the wording in the final rule to cover lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities that are disfavored by the agency or any of its personnel. This wording is to clarify that it does not matter whether the bias comes from the head of the agency or from an individual examiner, the bias is not a permissible basis for agency action.

Commenters also stated that it was unclear whether references to views and beliefs would extend to actions based on those views or beliefs. Some commenters recommended extending the prohibition to cover actions as well as the views or beliefs themselves. The agencies intend for the prohibition to extend to lawful activities based on political, social, religious, and cultural views or beliefs that do not affect creditworthiness or other permissible risk factors such as market risk. Although agency actions designed solely to discourage or punish a given view or belief are impermissible, the agencies are not prevented from considering actions that relate to permissible risk factors solely because those actions stem, in whole or in part, from a political, social, cultural, or religious view or belief.

Another commenter recommended that the prohibition in section (f) against adverse action should not only cover adverse actions that are designed to punish or discourage individuals from engaging in certain beliefs or businesses, but also adverse actions that actually have that effect regardless of the intent of the action. However, the agencies are concerned that adopting such language would prevent the agencies' ability to address important risks that are directly related to the financial condition of the institution if the remediation measures necessary for addressing such risks would unintentionally impact certain businesses or individuals with certain beliefs. Thus, the agencies are not adopting this suggestion. ( printed page 18288)

I. Other Modifications in the Rule

Regulations codified in 12 CFR part 41 of the OCC regulations and 12 CFR part 334 of the FDIC's regulations refer to reputation risk concerning certain identity theft prevention programs required by the Fair and Accurate Credit Transactions Act of 2003. However, by statute, guidelines and regulations for these programs must occur jointly across certain Federal agencies, so no conforming amendment is suggested for 12 CFR parts 41 or 334. The OCC and FDIC are considering making changes to 12 CFR parts 41 and 334, respectively, in a separate, joint rulemaking in the future. Until that separate, joint rulemaking occurs, the agencies expect to exercise their discretion in enforcing 12 CFR parts 41 and 334 by using agency resources to assess compliance without regard to reputation risk.

V. Impact Analysis

A. OCC Expected Effects

1. Introduction

The OCC and the FDIC are issuing a final rule to eliminate reputation risk from their supervisory programs. The rule would prohibit the agencies from using reputation risk in their risk assessments of institutions that they supervise and from influencing the relationship between the regulated institutions and their customers based on a customer's political, social, cultural, or religious views or beliefs or solely lawful business activities perceived to present a reputational risk.

2. Regulatory Baselines and Conclusions

The OCC assumes that the removal of reputation risk resulted from the final rule analyzed here rather than OCC Bulletin 2025-4. In the OCC's assessment, the OCC accounted for the full effect of the removal of reputation risk from supervision, rather than attributing the removal of reputation risk to OCC Bulletin 2025-4. The analysis does so because the statements in OCC Bulletin 2025-4 are not legally binding and therefore only the final rule legally removes reputation risk from bank supervision.

3. Background

As previously discussed, to improve the efficiency and effectiveness of their supervisory programs, the agencies are proposing revising their supervisory frameworks to remove reputation risk. The rule would prohibit the OCC from criticizing or taking adverse actions (broadly defined) against an institution on the basis of reputation risk.

4. Parties Affected by the Proposal

The OCC currently supervises 997 national banks, Federal savings associations, trust companies and Federal branches and agencies of foreign banks (collectively, “banks”). [15 ] Because all OCC-regulated banks and institutions were subject to reputation risk assessments, the rule would affect all 997 institutions supervised. Because the rule aims to remove the influence of the agencies' reputation risk assessments on institutions' customer relationships, the OCC concludes that the rule could potentially affect all OCC regulated institutions' current and future customers.

5. Costs and Benefits: Cost Savings to Regulated Institutions

i. Cost Savings From Decreased Regulatory Compliance Burden

The OCC expects that the rule will result in cost savings to regulated institutions from a reduced compliance burden. The rule reduces regulatory burden because the OCC will no longer engage in examinations that assess, in part, issues explicitly related to reputation risk, nor will the OCC take adverse supervisory actions against supervised institutions related to reputation risk.

To assess institutions' cost savings from the final rule, the OCC looked to its supervisory experience regarding expected cost savings from the removal of reputation risk from supervision. Based on this feedback, the OCC assessed that cost savings will depend on how much regulated institutions' costs decrease from no longer being required to explicitly respond to reputation risk concerns from regulators.

OCC supervisory experience also indicated that because supervisory actions that the OCC typically took that mentioned reputation risk, such as MRAs, almost always involved other risk issues as well, the overall number of MRAs may not decrease. The OCC's analysis found that most MRAs that listed reputation risk as the primary or secondary concern also listed other risk categories as concerns as well. [16 ] Nonetheless, the OCC expected that there should be some cost savings for institutions as they no longer need to address the reputation risk concern components of an MRA.

Based on an analysis of the number of MRAs that mentioned reputation risk as a primary or secondary concern over the past 10 years, the OCC finds that roughly 17 percent of MRAs per year mention reputation risk as primary or secondary concern (Table 1). Based on the frequency of past MRAs that mentioned reputation risk as a concern, the OCC expects that, if MRAs would have continued to mention reputation risk as a concern at a similar rate in the absence of the final rule, that OCC institutions will experience substantial cost savings from no longer having to address reputation risk as part of an MRA may be substantial.

| Year | Percentage of MRAs listing reputation risk as a primary concern | Percentage of MRAs listing reputation risk as a secondary
concern | Percentage of MRAs not listing reputation as a concern |
| --- | --- | --- | --- |
| 2016 | 0.65 | 2.14 | 97.21 |
| 2017 | 1.50 | 23.96 | 74.54 |
| 2018 | 1.68 | 20.44 | 77.87 |
| 2019 | 2.02 | 18.71 | 79.27 |
| 2020 | 1.88 | 19.91 | 78.21 |
| 2021 | 1.43 | 19.07 | 79.50 |
| 2022 | 1.10 | 19.60 | 79.30 |
| 2023 | 1.21 | 17.73 | 81.06 |
| 2024 | 0.65 | 14.68 | 84.67 |
| 2025 | 0.00 | 2.19 | 97.81 |
| ( printed page 18289) | | | |
| 2026 | 0.00 | 0.00 | 100.00 |
| Total | 1.25 | 15.97 | 82.77 |

ii. Benefits From Increased Business Opportunities

The impact of the rule on regulated institutions will depend on the extent to which reputation risk concerns from regulators may have impacted regulated institutions' behavior in response to regulatory expectations of institutions in managing reputation risk. Based on supervisory experience, the OCC expected that regulated institutions may have internally perceived supervisory expectations regarding reputation risk as a factor in their business decisions. That is, institutions may have let perceptions regarding regulatory assessments of reputation risks influence their decisions as to whether they would engage in or continue customer relationships. As a consequence, institutions may have refrained from entering into or continuing profitable business relationships with law-abiding customers that they may have maintained in the absence of implicit supervisory expectations.

For example, the final rule cites several congressional reports that suggest that there were isolated episodes where Federal regulators allegedly pressured institutions to cease providing services to legal businesses, based on “reputational risk” concerns that these businesses presumably posed to these institutions.

In addition, a study by Sachdeva et al., [17 ] shows that reputation risk concerns emphasized by regulators at a small number of targeted institutions over a short period of time may have decreased lending to and/or terminated relationships with affected firms that were deemed controversial by regulators and law enforcement. The study's results, however, also suggest that the firms were not irreparably harmed as these firms were able to obtain substitute credit through other non-targeted banks under similar terms. However, the OCC interprets the study's results as implying that borrowers incurred costs that resulted from having to find alternative financing. The OCC also interprets the study's results as implying that it is possible that harm to customers would have been greater if a larger fraction of banks had been pressured to decrease lending or terminate relationships with affected firms as this would have reduced the supply of alternative financing that would have been available to the affected firms.

The OCC concludes the rule may benefit institutions and their customers by eliminating perceived constraints on institutions' decisions that could have arisen from institutions' perception of regulators' expectations regarding reputation risks in the absence of the rule.

iii. Benefits From Less Subjective Supervision

One additional benefit from the removal of reputation risk is greater consistency and objectivity of supervisory decisions. This, in turn, would increase the predictability for regulated institutions to understand and manage regulators' supervisory expectations.

In its analysis, the OCC quantitatively compared the subjectivity of OCC supervisory text that mentions the word reputation to supervisory texts that do not mention the word reputation. The OCC used standard natural language processing algorithms [18 ] to calculate a subjectivity score for individual OCC supervisory texts. The analysis calculated the subjectivity score for each individual text document, and the scores range from 0 to 1 with scores closer to 1 being indicative of more subjective text. For supervisory event text, the analysis calculated an average subjectivity score of 0.41 for text that mentions reputation and an average score of 0.28 for supervisory event text that does not mention reputation. For the MRA text data, the analysis calculated average subjectivity scores of 0.43 and 0.33 from text that mentions and does not mention reputation, respectively.

Taken together, the average subjectivity scores and the score histograms are consistent with the hypothesis that reputation risk related supervision could have been more subjective. Therefore, to the extent that past supervisory text reflects what supervision would have been in the absence of the rule, the analysis suggests that the rule could benefit regulated institutions by making supervision less subjective and more objectively and consistently applied.

iv. Perceptions That Eliminating the Use of Reputation Risk Information for Risk Monitoring Could Threaten the Safety and Soundness of the National Banking System

To address concerns that the removal of reputation risk from supervision threatens the safety and soundness of the banking system or that the OCC may lose information on reputation risks that is needed to identify risks to the safety and soundness of the banking system, the OCC used historical data observed prior to the regulatory baseline to create estimated forecast models that predict bank failures based on the OCC Risk Assessment System (RAS) reputation risk rating while controlling for both other regulatory risk ratings and for observed risk factors from institutions' FFIEC 031 Call Report data filings.

The analysis shows that reputation risk ratings do not forecast bank failures when one controls for data on OCC's CAMELS regulatory ratings. Because reputation risk RAS ratings do not appear to have any significant predictive power for bank failures in this analysis, the OCC believes that this analysis at least somewhat alleviates concerns that an end to reputation risk assessments will cause an increase in bank failure risk or that the OCC will lose information useful to anticipate failure risks. However, the OCC acknowledges that no empirical analysis could completely assuage such concerns.

In addition, the OCC notes that in its analysis, there was not any evidence that MRAs that focus on or mention reputation risk forecast institutions' failures. ( printed page 18290)

B. FDIC Expected Effects

This analysis utilizes all regulations and guidance applicable to FDIC-supervised insured depository institutions (IDIs), as well as information on the financial condition of IDIs as of the quarter ending September 30, 2025, as the baseline to which the effects of the final rule are estimated.

As discussed previously, the final rule will prohibit the FDIC from criticizing, formally or informally, or taking adverse action against an institution on the basis of reputation risk. The final rule will also prohibit the FDIC from requiring, instructing, or encouraging an institution to discontinue doing business with, initiate doing business with, modify the terms under which it will do business with a person or entity, or take any action or refrain from taking any action on the basis of the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of the person's or entity's involvement in politically disfavored but lawful business activities perceived to present reputation risk.

Finally, the final rule will forbid the FDIC from taking any supervisory action or other adverse action against an institution, a group of institutions, or the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities that the FDIC or its personnel disagree with or disfavor.

As of the quarter ending September 30, 2025, the FDIC supervised 2,778 IDIs. [19 ] The final rule will indirectly benefit FDIC-supervised IDIs or associated persons to the extent they would have been the subject of an adverse action or prohibition against certain business relationships by the agencies on the basis of reputation risk; political, social, cultural, or religious views and beliefs; constitutionally protected speech; or politically disfavored but lawful business activities perceived to present reputation risk. This benefit will result from the FDIC-supervised IDI or associated person avoiding costs associated with such adverse actions or prohibitions. The final rule may also improve the efficiency and effectiveness of the FDIC's supervisory programs, which may indirectly benefit covered FDIC-supervised IDIs. Finally, FDIC-supervised IDIs may incur some voluntary costs associated with making changes to their compliance policies and procedures.

The FDIC does not have the information necessary to quantify the number of instances, or the associated costs, where an FDIC-supervised IDI or associated person was subject to a covered adverse action or prohibition against certain business relationships. Nor does the FDIC have the information necessary to quantify the number of FDIC-supervised IDIs that might make changes to their compliance policies and procedures. The FDIC believes that the aggregate economic effect of any such indirect benefits or costs is unlikely to be substantive.

As mentioned previously, the FDIC is making two changes from the proposed rule. First, the FDIC is making a minor clarifying change in response to comments regarding the meaning of the word “supervisor” in 12 CFR 302.100(f). Second, the FDIC is revising the definition of “reputation risk” in 12 CFR 302.100(g) to include a specific reference to operational risk. The FDIC does not expect that these changes will have material economic effects. Both revisions would clarify the text of the regulation and reduce possible confusion.

One commenter suggested that IDIs would need to undertake substantial revisions to internal policies, training, and procedures, among other things, as a result of the final rule. However, the final rule applies only to the activities of the FDIC and does not require IDIs to undertake any action.

C. Alternatives Considered

The agencies considered adopting the proposed rule without changes. However, the agencies made two minor changes. As discussed above, these changes clarify the text of the regulation to express the FDIC's original intent when drafting the proposed rule and thus would have greater net benefits relative to the proposed rule.

The agencies also considered the suggestions made by commenters that included alternatives to the final rule. For a complete discussion of such comments, see section IV. Overview of Final Rule. For the reasons articulated in the aforementioned section (and above), the agencies believe the final rule is preferred over the alternatives.

VI. Administrative Law Matters

A. Paperwork Reduction Act

The Paperwork Reduction Act of 1995 20 states that no agency may conduct or sponsor, nor is the respondent required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. The agencies have reviewed this rule and determined that it does not create any information collection or revise any existing collection of information. Accordingly, no PRA submissions to OMB will be made with respect to this rule.

B. Regulatory Flexibility Act Analysis

OCC:

In general, the Regulatory Flexibility Act (RFA) [21 ] requires an agency, in connection with a rule, to prepare a regulatory flexibility analysis describing the impact of the rule on small entities (defined by the U.S. Small Business Administration (SBA) for purposes of the RFA to include commercial banks and savings institutions with total assets of $850 million or less and trust companies with total assets of $47 million or less). However, under section 605(b) of the RFA, this analysis is not required if an agency certifies that the rule would not have a significant economic impact on a substantial number of small entities and publishes its certification and a short explanatory statement in the Federal Register along with its rule.

The OCC currently supervises approximately 609 small entities, all of which may be indirectly impacted by the rule. [22 ] In general, the OCC classifies the economic impact on an individual small entity as significant if the total estimated impact in one year is greater than 5 percent of the small entity's total annual salaries and benefits or greater than 2.5 percent of the small entity's total non-interest expense. Furthermore, the OCC considers 5 percent or more of OCC-supervised small entities to be a substantial number. Thus, at present, 30 OCC-supervised small entities would constitute a substantial number.

While the OCC expects that the rule could result in substantial cost savings for all OCC-regulated institutions in the aggregate, the OCC does not expect that ( printed page 18291) the rule will have a significant impact on more than 30 OCC-supervised small entities. To evaluate the impact of the rule on small entities, the OCC assessed whether the cost savings would be greater than 5 percent of the small entity's total annual salaries and benefits or greater than 2.5 percent of the small entity's total non-interest expense for 30 or more small entities.

Analysis of internal OCC MRA data indicates that there were fewer than 30 MRAs that had indicated reputation risk was a primary risk. Because fewer than 30 MRAs per year list reputation risk as a primary concern, we conclude that the removal of reputation risk from supervision would not be likely to result in significant MRA-related cost savings for more than 30 small entities per year. Furthermore, any cost savings for the MRAs listed as a secondary concern would be likely de minimis for 30 or more small entities.

Finally, because we do not expect that there will be scope for significant cost savings from the removal of reputation risk for reasons unrelated to MRAs, we conclude that the rule would not have a significant impact on a substantial number of small entities for the purposes of the RFA.

FDIC:

The Regulatory Flexibility Act (RFA) generally requires an agency, in connection with a final rule, to prepare and make available for public comment a final regulatory flexibility analysis that describes the impact of the final rule on small entities. [23 ] However, a final regulatory flexibility analysis is not required if the agency certifies that the final rule will not have a significant economic impact on a substantial number of small entities. The Small Business Administration (SBA) has defined “small entities” to include banking organizations with total assets of less than or equal to $850 million. [24 ] Generally, the FDIC considers a significant economic impact to be a quantified effect in excess of 5 percent of total annual salaries and benefits or 2.5 percent of total noninterest expenses. The FDIC believes that effects in excess of one or more of these thresholds typically represent significant economic impacts for FDIC-supervised institutions.

A commenter asserted of the proposed rule that, if adopted, it would likely cause small institutions to make substantial revisions to their policies, documentation, training, and vendor management.

However, for the avoidance of doubt, the FDIC reiterates that the final rule applies only to the activities of the FDIC. The final rule does not impose any obligations on FDIC-supervised institutions, and institutions would not need to take any action in response to this rule. Institutions' internal policies and controls, training, and other elements that may refer to reputation risk are not directly affected by the final rule. As such, the final rule does not have any direct economic impact on FDIC-supervised small entities.

Based on the foregoing, the FDIC certifies that the final rule will not have a significant economic impact on a substantial number of FDIC-supervised small entities.

C. Plain Language

Section 722 of the Gramm-Leach Bliley Act [25 ] requires the Federal banking agencies to use plain language in all proposed and final rules published after January 1, 2000. The agencies invited comment on the use of plain language and have sought to present the final rule in a simple and straightforward manner.

D. Unfunded Mandates Reform Act of 1995

Consistent with the Unfunded Mandates Reform Act (UMRA), the review considers whether the mandates imposed by the rule may result in an expenditure of $100 million or more by State, local, and tribal governments, or by the private sector, in any one year, adjusted annually for inflation (currently $187 million).

The OCC estimates that the proposal would not require additional expenditure from OCC-regulated entities nor will it require expenditures of $100 million or more by State, local, and tribal governments, or by other segments of the private sector. Thus, the OCC believes the rule is not a significant rule for the purposes of the UMRA. Accordingly, the OCC has not prepared the written statement described in section 202 of the UMRA.

E. Riegle Community Development and Regulatory Improvement Act of 1994

Pursuant to section 302(a) of the Riegle Community Development and Regulatory Improvement Act (RCDRIA) of 1994, [26 ] in determining the effective date and administrative compliance requirements for new regulations that impose additional reporting, disclosure, or other requirements on insured depository institutions, the OCC and FDIC must consider, consistent with principles of safety and soundness and the public interest (1) any administrative burdens that the final rule would place on depository institutions, including small depository institutions and customers of depository institutions and (2) the benefits of the final rule. This rulemaking would not impose any reporting, disclosure, or other requirements on insured depository institutions. Therefore, section 302(a) does not apply to this final rule.

F. Congressional Review Act

Subtitle E of the Small Business Regulatory Enforcement Fairness Act of 1996 (also known as the Congressional Review Act) defines a “major rule” as a rule that the Administrator of the OMB's Office of Information and Regulatory Affairs (OIRA) finds has resulted in or is likely to result in:

  1. An annual effect on the economy of $100 million or more;

  2. A major increase in costs or prices for consumers, individual industries, Federal, State, or local government agencies, or geographic regions; or

  3. Significant adverse effects on competition, employment, investment, productivity, innovation or on the ability of U.S.-based enterprises to compete with foreign-based enterprises in domestic and export markets. [27 ]

The OMB has determined that the final rule is not a major rule for purposes of the Congressional Review Act.

G. Executive Orders 12866 and 14192

1. Executive Order 12866

Section 3(f) of Executive Order 12866 defines a “significant regulatory action” as a regulatory action that is likely to result in a rule that may:

(1) Have an annual effect on the economy of $100 million or more or adversely affects in a material way the economy, a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or ( printed page 18292) State, local, or tribal governments or communities;

(2) Create a serious inconsistency or otherwise interfere with an action taken or planned by another agency;

(3) Materially alter the budgetary impact of entitlements, grants, user fees, or loan programs or the rights and obligations of recipients thereof; or

(4) Raise novel legal or policy issues arising out of legal mandates, the President's priorities, or the principles set forth in Executive Order 12866.

OIRA has determined that this final rule is a significant action under Executive Order 12866.

2. Executive Order 14192

Executive Order 14192, titled “Unleashing Prosperity Through Deregulation,” was issued on January 31, 2025. Section 3(a) of Executive Order 14192 requires an agency, unless prohibited by law, to identify at least ten existing regulations to be repealed when the agency publicly proposes for notice and comment or otherwise promulgates a new regulation. In furtherance of this standard, section 3(c) of Executive Order 14192 requires that the new incremental costs associated with new regulations shall, to the extent permitted by law, be offset by the elimination of existing costs associated with at least ten prior regulations. This rule is considered a deregulatory action under Executive Order 14192.

List of Subjects

12 CFR Part 1

  • Banks, banking
  • National banks
  • Reporting and recordkeeping requirements
  • Securities

12 CFR Part 4

  • Administrative practice and procedure
  • Freedom of information
  • Individuals with disabilities
  • Minority businesses
  • Organization and functions (Government agencies)
  • Reporting and recordkeeping requirements
  • Women

12 CFR Part 30

  • Administrative practice and procedure
  • National banks
  • Reporting and recordkeeping requirements

12 CFR Part 302

  • Administrative practice and procedure
  • Banks
  • Banking

12 CFR Part 364

  • Banks
  • Banking
  • Information

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Chapter I

Authority and Issuance

For the reasons set forth in the preamble, and under the authority of 12 U.S.C. 93a, chapter I of title 12 of the Code of Federal Regulations is amended as follows:

PART 1—INVESTMENT SECURITIES

  1. The authority citation for part 1 continues to read as follows:

Authority: 12 U.S.C. 1 et seq., 24 (Seventh), and 93a.

§ 1.5 [Amended] 2. In § 1.5, amend paragraph (a) by removing the phrase “compliance, strategic, and reputation risks” and adding in its place the phrase “compliance, and strategic risks”.

PART 4—ORGANIZATION AND FUNCTIONS, AVAILABILITY AND RELEASE OF INFORMATION, CONTRACTING OUTREACH PROGRAM, POST-EMPLOYMENT RESTRICTIONS FOR SENIOR EXAMINERS

  1. The authority citation for part 4 continues to read as follows:

Authority: 5 U.S.C. 301, 552; 12 U.S.C. 1, 93a, 161, 481, 482, 484(a), 1442, 1462a, 1463, 1464 1817(a), 1818, 1820, 1821, 1831m, 1831p-1, 1831o, 1833e, 1867, 1951 et seq., 2601 et seq., 2801 et seq., 2901 et seq., 3101 et seq., 3401 et seq., 5321, 5412, 5414; 15 U.S.C. 77uu(b), 78q(c)(3); 18 U.S.C. 641, 1905, 1906; 29 U.S.C. 1204; 31 U.S.C. 5318(g)(2), 9701; 42 U.S.C. 3601; 44 U.S.C. 3506, 3510; E.O. 12600 (3 CFR, 1987 Comp., p. 235).

  1. Add subpart G, consisting of § 4.91, to read as follows:

Subpart G—Enforcement and Supervision Standards Sec. 91 Prohibition on use of reputation risk.

Subpart G—Enforcement and Supervision Standards

§ 4.91 Prohibition on use of reputation risk. (a) The OCC will not criticize, formally or informally, or take adverse action against an institution on the basis of reputation risk.

(b) The OCC will not require, instruct, or encourage an institution, or any employee of an institution, to:

(1) Refrain from contracting or doing business with a third party, including an institution-affiliated party, on the basis of reputation risk;

(2) Terminate a contract or discontinue doing business with a third party, including an institution-affiliated party, on the basis of reputation risk;

(3) Sign a contract or initiate doing business with a third-party, including an institution-affiliated party, on the basis of reputation risk; or

(4) Modify the terms or conditions under which it contracts or does business with a third party, including an institution-affiliated party, on the basis of reputation risk.

(c) The OCC will not require, instruct, or encourage an institution, or any employee of an institution, to terminate a contract with, discontinue doing business with, sign a contract with, initiate doing business with, modify the terms under which it will do business with a person or entity, or take any action or refrain from taking any action on the basis of the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of the person's or entity's involvement in politically disfavored but lawful business activities perceived to present reputation risk.

(d) The prohibitions in paragraphs (a) through (c) of this section only apply to actions taken on the bases described in paragraphs (a) through (c) of this section, and the prohibition in paragraph (c) of this section shall not apply with respect to persons, entities, or jurisdictions sanctioned by the Office of Foreign Assets Control.

(e) Nothing in this section shall restrict the OCC's authority to implement, administer, and enforce the provisions of subchapter II of chapter 53 of title 31, United States Code.

(f) The OCC will not take any supervisory action or other adverse action against an institution, a group of institutions, or the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities that the OCC or any of its personnel disagree with or disfavor.

(g) The following definitions apply in this section:

Adverse action includes:

(i) Any negative feedback delivered by or on behalf of the OCC to the supervised institution, including in a report of examination or a formal or informal enforcement action;

(ii) A downgrade, or contribution to a downgrade, of any supervisory rating, including, but not limited to: ( printed page 18293)

(A) Any rating under the Uniform Financial Institutions Rating System (or any comparable rating system);

(B) Any rating under the Uniform Interagency Consumer Compliance Rating System;

(C) Any rating under the Uniform Rating System for Information Technology; and

(D) Any rating under any other rating system;

(iii) A denial of a licensing application;

(iv) Inclusion of a condition on any licensing application or other approval;

(v) Imposition of additional approval requirements;

(vi) Any other heightened requirements on an activity or change;

(vii) Any adjustment of the institution's capital requirement; and

(viii) Any action that negatively impacts the institution, or an institution-affiliated party, or treats the institution differently than similarly situated peers.

Doing business with means:

(i) The bank providing any product or service, including account services;

(ii) The bank contracting with a third party for the third party to provide a product or service;

(iii) The bank providing discounted or free products or services to customers or third parties, including charitable activities;

(iv) The bank entering into, maintaining, modifying, or terminating an employment relationship; or

(v) Any other similar business activity that involves a bank client or a third party.

Institution means an entity for which the OCC makes or will make supervisory or licensing determinations either solely or jointly.

Institution-affiliated party means the same as in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813(u)).

Reputation risk means any risk, regardless of how the risk is labeled by the institution or regulators, that an action or activity, or combination of actions or activities, or lack of actions or activities, of an institution could negatively impact public perception of the institution for reasons not clearly and directly related to the financial or operational condition of the institution.

PART 30—SAFETY AND SOUNDNESS STANDARDS

  1. The authority citation for part 30 continues to read as follows:

Authority: 12 U.S.C. 1, 93a, 371, 1462a, 1463, 1464, 1467a, 1818, 1828, 1831p-1, 1881-1884, 3102(b) and 5412(b)(2)(B); 15 U.S.C. 1681s, 1681w, 6801, and 6805(b)(1).

Appendix B to Part 30 [Amended]

  1. Amend appendix B to part 30 in supplement A, section III, by:

a. Removing the third sentence; and

b. Removing the word “Effective” and adding in its place “Timely and effective”.

Appendix C to Part 30 [Amended]

  1. Amend appendix C to part 30 by:

a. In section I:

i. In paragraph (i), removing “reputation,”; and

ii. In paragraph (vi), removing the last sentence; and

b. In section II, paragraph (B)(1), removing “reputation,”.

Appendix D to Part 30 [Amended]

  1. Amend appendix D to part 30, section II, paragraph (B), by removing the phrase “compliance risk, strategic risk, and reputation risk” and adding in its place the phrase “compliance risk, and strategic risk”.

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Chapter III

Authority and Issuance

For the reasons set forth in the preamble, the FDIC proposes to amend parts 302 and 364 of chapter III of title 12 of the Code of Federal Regulations as follows:

PART 302—REGULATIONS GOVERNING BANK SUPERVISION

  1. The authority citation for part 302 continues to read as follows:

Authority: 5 U.S.C. 552; 12 U.S.C. 1818, 1819(a) (Seventh and Tenth), 1831p-1.

  1. Revise the heading for part 302 as set forth above.

  2. Add a heading for subpart A, consisting of §§ 302.1, 302.2, and 302.3, to read as follows:

Subpart A—Use of Supervisory Guidance

  1. Add subpart B, consisting of § 302.100, to read as follows:

Subpart B—Prohibition on Use of Reputation Risk by Regulators

§ 302.100 Prohibitions. (a) The FDIC will not criticize, formally or informally, or take adverse action against an institution on the basis of reputation risk.

(b) The FDIC will not require, instruct, or encourage an institution, or any employee of an institution, to:

(1) Refrain from contracting or doing business with a third party, including an institution-affiliated party, on the basis of reputation risk;

(2) Terminate a contract or discontinue doing business with a third party, including an institution-affiliated party, on the basis of reputation risk;

(3) Sign a contract or initiate doing business with a third-party, including an institution-affiliated party, on the basis of reputation risk; or

(4) Modify the terms or conditions under which it contracts or does business with a third party, including an institution-affiliated party, on the basis of reputation risk.

(c) The FDIC will not require, instruct, or encourage an institution, or any employee of an institution, to terminate a contract with, discontinue doing business with, sign a contract with, initiate doing business with, modify the terms under which it will do business with a person or entity, or take any action or refrain from taking any action on the basis of the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of the person's or entity's involvement in politically disfavored but lawful business activities perceived to present reputation risk.

(d) The prohibitions in paragraphs (a) through (c) of this section only apply to actions taken on the bases described in paragraphs (a) through (c) of this section, and the prohibition in paragraph (c) of this section shall not apply with respect to persons, entities, or jurisdictions sanctioned by the Office of Foreign Assets Control.

(e) Nothing in this section shall restrict the FDIC's authority to implement, administer, and enforce the provisions of subchapter II of chapter 53 of title 31, United States Code.

(f) The FDIC will not take any supervisory action or other adverse action against an institution, a group of institutions, or the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities that the FDIC or any of its personnel disagrees with or disfavors.

(g) Definitions.

Adverse action includes:

(i) Any negative feedback delivered by or on behalf of the FDIC to the supervised institution, including in a report of examination or a formal or informal enforcement action;

(ii) A downgrade, or contribution to a downgrade, of any supervisory rating, including, but not limited to: ( printed page 18294)

(A) Any rating under the Uniform Financial Institutions Rating System (or any comparable rating system);

(B) Any rating under the Uniform Interagency Consumer Compliance Rating System;

(C) Any rating under the Uniform Rating System for Information Technology;

(D) Any rating under any other rating system;

(iii) A denial of a filing pursuant to Part 303 of the FDIC's regulations;

(iv) Inclusion of a condition on a deposit insurance application or other approval;

(v) Imposition of additional approval requirements;

(vi) Any other heightened requirements on an activity or change;

(vii) Any adjustment of the institution's capital requirement; and

(viii) Any action that negatively impacts the institution, or an institution-affiliated party, or treats the institution differently than similarly situated peers.

Doing business with means:

(i) The bank providing any product or service, including account services;

(ii) The bank contracting with a third party for the third party to provide a product or service;

(iii) The bank providing discounted or free products or services to customers or third parties, including charitable activities;

(iv) The bank entering into, maintaining, modifying, or terminating an employment relationship; or

(v) Any other similar business activity that involves a bank client or a third party.

Institution means an entity for which the FDIC makes or will make supervisory determinations or other decisions, either solely or jointly.

Institution-affiliated party means the same as in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813(u)).

Reputation risk means any risk, regardless of how the risk is labeled by the institution or regulators, that an action or activity, or combination of actions or activities, or lack of actions or activities, of an institution could negatively impact public perception of the institution for reasons not clearly and directly related to the financial or operational condition of the institution.

PART 364—STANDARDS FOR SAFETY AND SOUNDNESS

  1. The authority citation for part 364 continues to read as follows:

Authority: 12 U.S.C. 1818 and 1819 (Tenth), 1831p-1; 15 U.S.C. 1681b, 1681s, 1681w, 6801(b), 6805(b)(1).

Appendix B to Part 364 [Amended]

  1. Amend appendix B to part 364 in supplement A, section III, by:

a. Removing the third sentence; and

b. Removing the word “Effective” and adding in its place “Timely and effective”.

Jonathan V. Gould,

Comptroller of the Currency.

Federal Deposit Insurance Corporation.

By order of the Board of Directors.

Dated at Washington, DC, on April 7, 2026.

Jennifer M. Jones,

Deputy Executive Secretary.

Footnotes

1.

                     
                    See 
                     “Prohibition on Use of Reputation Risk by Regulators,” [90 FR 48825](https://www.federalregister.gov/citation/90-FR-48825) (October 30, 2025).

Back to Citation 2. 90 FR 38925 (Aug. 12, 2025).

Back to Citation 3.

                     In carrying out its responsibility, the OCC has refined its examination program based on more than 160 years of experience supervising financial institutions and monitoring developments in the financial industry. In the late 1980s and the 1990s, the OCC and other financial regulators shifted toward supervision frameworks that were organized by particular risks. In 1995, the OCC launched an examination program it called “supervision by risk” that led to the current risk-based supervision approach to examinations. In the supervision by risk program, the OCC focused on nine categories of risk: credit risk, interest rate risk, liquidity risk, price risk, foreign exchange risk, transaction risk, compliance risk, strategic risk, and reputation risk. The program later morphed into the OCC's current risk-based framework, which focuses on eight risk categories, with transaction risk renamed as operational risk and foreign exchange risk eliminated as a stand-alone risk. This risk-based supervision program focuses on evaluating risk, identifying existing and emerging problems, and ensuring that bank management takes corrective action to address problems before a bank's safety and soundness is compromised. Similarly, as regulators shifted toward risk-based supervision in the 1990s, the FDIC added references to reputation risk to manuals and guidance, and supervisors cited reputation risk in formal and informal enforcement actions in subsequent years. Generally, the FDIC's supervision framework has evaluated a variety of risks, such as liquidity risk, interest rate risk, operational risk, and reputational risk.

Back to Citation 4.

                     Supervised institutions have similarly been unable to explain this in their own risk management programs.

Back to Citation 5. 12 U.S.C. 1.

Back to Citation 6.

                     
                    See [12 U.S.C. 1811](https://www.govinfo.gov/link/uscode/12/1811) *et seq.* The FDIC also insures the deposits of insured depository institutions and manages receiverships of failed depository institutions.

Back to Citation 7.

                     
                    See [91 FR 16156](https://www.federalregister.gov/citation/91-FR-16156) (Apr. 1, 2026) (rescission of appendix E of [12 CFR part 30](https://www.ecfr.gov/current/title-12/part-30) effective May 1, 2026).

Back to Citation 8. 12 CFR part 364.

Back to Citation 9. See, e.g., Staff of H. Comm. on Oversight & Gov't Reform, 113th Cong., “The Department of Justice's Operation Choke Point': Illegally Choking Off Legitimate Businesses?” (Comm. Print 2014), *[https://oversight.house.gov/​wp-content/​uploads/​2014/​05/​Staff-Report-Operation-Choke-Point1.pdf](https://oversight.house.gov/wp-content/uploads/2014/05/Staff-Report-Operation-Choke-Point1.pdf);* Staff of H. Comm. on Fin. Servs., 119th Cong., “Operation Choke Point 2.0: Biden's Debanking of Digital Assets” (Comm. Print 2025), *[https://financialservices.house.gov/​uploadfiles/​2025-11-30--_​fsc_​debanking_​report_​final_​1.pdf](https://financialservices.house.gov/uploadfiles/2025-11-30--_fsc_debanking_report_final_1.pdf);* Staff of Minority of S. Comm. on Banking, Hous., & Urb. Affs., 119th Cong., “Supplemental Memorandum: Analysis of CFPB Consumer Complaints Related to Debanking,” (Comm. Print 2025) (analysis to supplement February 5, 2025, committee hearing on “Investigating the Real Impacts of Debanking in America”), *[https://www.banking.senate.gov/​imo/​media/​doc/​debanking_​complaints_​analysis.pdf](https://www.banking.senate.gov/imo/media/doc/debanking_complaints_analysis.pdf);* Exec. Order No. 14331, [90 FR 38925](https://www.federalregister.gov/citation/90-FR-38925) (Aug. 7, 2025) (“Bank regulators have used supervisory scrutiny and other influence over regulated banks to direct or otherwise encourage politicized or unlawful debanking activities.Operation Chokepoint,' for example, was a well-documented and systemic means by which Federal regulators pushed banks to minimize their involvement with individuals and companies engaged in lawful activities and industries disfavored by regulators based on factors other than individualized, objective, risk-based standards.”).

Back to Citation 10.

                     
                    See [12 CFR 21.11](https://www.ecfr.gov/current/title-12/section-21.11), [12 CFR 353.1](https://www.ecfr.gov/current/title-12/section-353.1), and [31 CFR 1020.320](https://www.ecfr.gov/current/title-31/section-1020.320).

Back to Citation 11.

                     Public Law 81-797, 64 Stat. 873 (codified at [12 U.S.C. 1813(u)](https://www.govinfo.gov/link/uscode/12/1813)).

Back to Citation 12. 15 U.S.C. 5311 et seq.

Back to Citation 13. Id.

Back to Citation 14. See, e.g., 12 U.S.C. 1816 (requiring the FDIC to consider, among other things, the “general character and fitness of the management of the depository institution” in an application for deposit insurance); 12 U.S.C. 1817(j)(2)(B) (requiring the agencies to “conduct an investigation of the competence, experience, integrity, and financial ability of each person named” as a proposed acquirer of an institution following a notice of a proposed change in control of a depository institution).

Back to Citation 15.

                     Based on data accessed using FINDRS on March 11, 2025.

Back to Citation 16.

                     The OCC notes that there has recently been a decrease in the overall number of MRAs that institutions currently face and are expected to face in the future. The OCC assesses that this decrease in current and future MRAs is due to reductions in MRAs due to other factors than this final rule.

Back to Citation 17.

                     Kunal Sachdeva, André F. Silva, Pablo Slutzky, Billy Y. Xu, “Defunding controversial industries: Can targeted credit rationing choke firms?” *Journal of Financial Economics,* Volume 172 (2025).

Back to Citation 18.

                     Specifically, the OCC used the Python TextBlob package which calculates a subjectivity score based on the text provided.

Back to Citation 19.

                     Call Report data, September 30, 2025.

Back to Citation 20. 44 U.S.C. 3501-3521.

Back to Citation 21. 5 U.S.C. 601 et seq.

Back to Citation 22.

                     The OCC bases its estimate of the number of small entities on the SBA's size thresholds for commercial banks and savings institutions, and trust companies, which are $850 million and $47 million, respectively. Consistent with the General Principles of Affiliation, [13 CFR 121.103(a)](https://www.ecfr.gov/current/title-13/section-121.103#p-121.103(a)), The OCC counts the assets of affiliated financial institutions when determining if it should classify an OCC-supervised institution as a small entity. The OCC uses December 31, 2024, to determine size because a “financial institution's assets are determined by averaging the assets reported on its four quarterly financial statements for the preceding year.” See footnote 8 of the SBA's *Table of Size Standards.*

Back to Citation 23. 5 U.S.C. 601 et seq.

Back to Citation 24.

                     The SBA defines a small banking organization as having $850 million or less in assets, where an organization's “assets are determined by averaging the assets reported on its four quarterly financial statements for the preceding year.” 
                    See [13 CFR 121.201](https://www.ecfr.gov/current/title-13/section-121.201) (as amended by [87 FR 69118](https://www.federalregister.gov/citation/87-FR-69118), effective December 19, 2022). In its determination, the “SBA counts the receipts, employees, or other measure of size of the concern whose size is at issue and all of its domestic and foreign affiliates.” 
                    See [13 CFR 121.103](https://www.ecfr.gov/current/title-13/section-121.103). Following these regulations, the FDIC uses an insured depository institution's affiliated and acquired assets, averaged over the preceding four quarters, to determine whether the insured depository institution is “small” for the purposes of RFA.

Back to Citation 25. Public Law 106-102, section 722, 113 Stat. 1338, 1471 (1999); 12 U.S.C. 4809.

Back to Citation 26. 12 U.S.C. 4802(a).

Back to Citation 27. 5 U.S.C. 804(2).

Back to Citation [FR Doc. 2026-06947 Filed 4-9-26; 8:45 am]

BILLING CODE 4810-33-P; 6714-01-P

Published Document: 2026-06947 (91 FR 18279)

CFR references

12 CFR 1 12 CFR 4 12 CFR 30 12 CFR 302 12 CFR 364

Named provisions

Reputation Risk Prohibition

Related changes

Favicon for www.regulations.gov OCC and FDIC Final Rule Codifying Elimination of Reputation Risk from Bank Supervision
Priority review Apr 11, 2026 Regs.gov: Comptroller of the Currency Banking & Finance
Favicon for www.regulations.gov FDIC/OCC Final Rule Codifies Prohibition of Reputation Risk from Bank Supervision
Priority review Apr 10, 2026 Regs.gov: Federal Deposit Insurance Corporation Banking & Finance
Favicon for www.occ.treas.gov Comptroller Statement on Final Rule Eliminating Reputation Risk from Bank Supervision
Priority review Apr 08, 2026 OCC News Issuances Banking & Finance

Get daily alerts for FR: Federal Deposit Insurance Corporation

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.federalregister.gov
FR: Federal Deposit Insurance Corporation federalregister.gov/documents/search?conditions%5Bagencies%5D%5B%5D=federal-deposit-insurance-corporation&order=newest
Banking & Finance

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from Treasury Department.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
Treasury Department
Published
April 10th, 2026
Instrument
Rule
Legal weight
Binding
Stage
Final
Change scope
Substantive
Document ID
91 FR 18279 / Docket ID OCC-2025-0142
Docket
Docket ID OCC-2025-0142

Who this affects

Applies to
Banks
Industry sector
5221 Commercial Banking
Activity scope
Bank examination Regulatory supervision Risk management
Geographic scope
United States US

Taxonomy

Primary area
Banking
Operational domain
Compliance
Compliance frameworks
Basel III
Topics
Consumer Finance Corporate Governance Administrative practice and procedure Banks, banking Freedom of information

Browse Categories

Agriculture & Food Safety 64 AI Regulation 3 Banking & Finance 292 Consumer Protection 44 Courts & Legal 362 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 19 Energy 101 Environment 86 Environmental Regulation 8 Financial Regulation 2 Government & Legislation 280 Healthcare 136 Housing 16 Immigration 8 Insurance 58 Labor & Employment 113 Pharma & Drug Safety 104 Public Health 3 Securities & Markets 104 Securities Regulation 9 Tax 66 Telecom & Technology 47 Trade & Sanctions 136 Transportation 57

Get alerts for this source

We'll email you when FR: Federal Deposit Insurance Corporation publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!