FDIC/OCC Final Rule Codifies Prohibition of Reputation Risk from Bank Supervision

Content

ACTION:

Final rule.

SUMMARY:

The Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation are adopting a final rule to codify
the elimination of reputation risk from their supervisory programs. Among other things, the rule prohibits the agencies from
criticizing or taking adverse action against an institution on the basis of reputation risk. The rule also prohibits the agencies
from requiring, instructing, or encouraging an institution to close an account, to refrain from providing an account, product,
or service, or to modify or terminate any product or service on the basis of a person or entity's political, social, cultural,
or religious views or beliefs, constitutionally protected speech, or solely on the basis of politically disfavored but lawful
business activities perceived to present reputation risk. The rule further forbids the agencies from taking any supervisory
action or other adverse action against an institution, a group of institutions, or the institution-affiliated parties of any
institution that is designed to punish or discourage an individual or group from engaging in any lawful political, social,
cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities
that the agencies or its personnel disagree with or disfavor.

DATES:

The final rule is effective June 9, 2026.

FOR FURTHER INFORMATION CONTACT:

OCC: Jonathan Fink, Director, Bank Advisory, Joanne Phillips, Counsel, or Collin Berger, Attorney, Chief Counsel's Office, (202)
649-5490, Office of the Comptroller of the Currency, 400 7th Street SW, Washington, DC 20219. If

     you are deaf, hard of hearing, or have a speech disability, please dial 7-1-1 to access telecommunications relay services.

FDIC: Legal Division: Sheikha Kapoor, Assistant General Counsel, (202) 898-3960; James Watts, Counsel, (202) 898-6678.

SUPPLEMENTARY INFORMATION:

I. Introduction

On October 30, 2025, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC)
(collectively, the agencies) published in the
Federal Register
a notice of proposed rulemaking (1) to remove the use of reputation risk from their supervisory programs. Among other things, the proposed rule would also have
prohibited the agencies from requiring, instructing, or encouraging an institution to close an account, to refrain from providing
an account, product, or service, or to modify or terminate any product or service on the basis of a person or entity's political,
social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of politically
disfavored but lawful business activities perceived to present reputation risk. The proposed rule further would have forbidden
the agencies from taking any supervisory action or other adverse action against an institution, a group of institutions, or
the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from
engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political
reasons, lawful business activities that the agencies or its personnel disagree with or disfavor. Following review of the
comments received on the proposal, the agencies are finalizing the proposed rule, with minor modifications. The agencies have
updated the final rule's definition of “reputation risk” to include an express reference to the operational condition of the
institution. The agencies have also modified the prohibition on taking supervisory action or other adverse action designed
to punish or discourage lawful business activities that the “supervisor” disagrees with or disfavors. The agencies have updated
this provision to use language broader than “supervisor” to clarify that bias from any individual at the agency is not a permissible
basis for agency action.

Under 12 U.S.C. 1(a), the OCC is charged with assuring the safety and soundness of and compliance with laws and regulations,
fair access to financial services, and fair treatment of customers by the institutions and other persons subject to its jurisdiction.
Similarly, the FDIC has statutory authority to administer the affairs of the Corporation, which includes a framework for banking
supervision. Further, the FDIC's Board of Directors has the authority to prescribe rules and regulations as it may deem necessary
to carry out the provisions of the Federal Deposit Insurance Act, and the OCC is authorized to prescribe rules and regulations
to carry out the responsibilities of the office.

Based on these authorities, the subjectivity of reputation risk, the inefficacy of reputation risk at identifying risks to
safety and soundness or other statutory mandates, and the potential for regulatory overreach and abuse, the agencies have
removed reputation risk from their supervisory frameworks and are codifying this change in relevant regulations.

II. Background

The agencies believe that banking regulators' use of the concept of reputation risk as a basis for supervisory criticisms
increases subjectivity in banking supervision without adding material value from a safety and soundness perspective. The agencies
believe that most activities that could negatively impact an institution's reputation do so through traditional risk channels
(e.g., credit risk, market risk, and operational risk, among others) on which supervisors already focus and already have sufficient
authority to address. At the same time, supervising for reputation risk as a standalone risk adds substantial subjectivity
to bank supervision and can be abused. It also diverts bank and agency resources from more salient risks without adding material
value from a safety and soundness perspective or ensuring greater compliance with the law. To improve the efficiency and effectiveness
of their supervisory programs, the agencies have removed reputation risk from their supervisory frameworks and are proposing
to codify this change in relevant regulations. This change would also respond to concerns expressed in Executive Order 14331,
Guaranteeing Fair Banking for All Americans, (2) that the use of reputation risk can be a pretext for restricting law-abiding individuals' and businesses' access to financial
services on the basis of political or religious beliefs or lawful business activities.

The agencies' supervisory experience has shown that the use of reputation risk in the supervisory process does not increase
the safety and soundness of supervised institutions because supervisors have little ability to predict ex ante whether or how certain activities or customer relationships present reputation risks that could threaten the safety and soundness
of an institution. (3) In contrast, risks like credit risk and liquidity risk are more concrete and measurable and allow supervisors to more objectively
assess a banking institution's financial condition. Assessments of these risks reflect perceptions of a bank's financial condition
consistent with objective principles. Conversely, an independent consideration of reputation risk by supervisors has not resulted
in consistent or predictable assessments of material financial risk. Instead, by focusing on reputation risk, supervisors
attempt to understand and anticipate public opinion regarding issues and events and then to attempt to directly connect this
public opinion regarding issues and events to an institution's condition in ways that have proven nearly impossible to assess
or quantify with accuracy. The agencies' attempts to identify reputation risks and their potential effects on institutions
have not resulted in increased safety for supervised institutions as supervisors have not been able to accurately predict

  the public's reaction to business decisions made by institutions.

In other words, there is no clear evidence that supervisory interference in banks' activities or relationships in the interest
of protecting the banks' reputations has protected banks from losses or improved banks' performance.

In addition to not enhancing safety and soundness, focusing on reputation risk can distract institutions and the agencies
from devoting resources to managing core financial risks—such as credit risk, liquidity risk, and interest rate risk—that
are quantifiable and have been shown to present significant threats to institutions. Monitoring requires dedicated resources.
For example, in order to confront such risks, institutions frequently purchase expensive risk-monitoring models that must
be maintained, implement detailed loan review programs, hire expensive outside advisers, and provide time-intensive training
for staff. Parallel to these actions by institutions, the agencies have limited resources and a responsibility to use these
resources in an efficient and productive manner in furtherance of their statutory responsibilities. In the judgment of the
agencies, examining for reputation risk diverts resources that could be better spent on other risks that have been shown to
present significant, tangible threats to institutions and that are more easily quantified and addressed through regulatory
intervention.

Moreover, the agencies' use of reputation risk in reaching supervisory conclusions introduces subjectivity and unpredictability
into the agencies' judgments. Agency supervision more effectively fosters safe and sound banking when supervised institutions
have a reasonable expectation of how the agencies would evaluate an activity. The agencies have not been able to clearly explain
how banks should measure the reputation risk from different activities, business partners, or clients, nor have the agencies
been able to clearly articulate the criteria for which activities, business partners, or clients are deemed to present reputation
risk. (4) Without clear standards, the agencies' supervision for reputation risk has been inconsistent and has at times reflected individual
perspectives of agency staff rather than data-driven conclusions. This can result in agency staff implicitly or explicitly
encouraging institutions to restrict access to banking services on the basis of staff's personal views of a group's or individual's
political, social, cultural, or religious views or beliefs, constitutionally protected speech, or politically disfavored but
lawful business activities. Different stakeholders may have different perspectives on how such activities or relationships
impact an institution's reputation, if at all, which creates unpredictability and inconsistency for regulated entities. Additionally,
the subjective nature of supervisory decisions about reputation risk introduces the potential for political or other biases
to enter into the supervisory process. Thus, supervisory judgments about reputation risk can create subjective regulatory
interference in day-to-day business decisions of banks that should be based on neutral market factors. This practice can also
result in distortions to industries and the U.S. economy, as the agencies use reputation risk to choose winners and losers
among market participants and industries. Given the difficulty of measuring reputation risk in an accurate and precise way,
it is inappropriate for the agencies' supervisors to examine supervised institutions against this risk.

More importantly, when a supervised institution alters its behavior to comply with supervisory expectations relating to reputation
risk management, such as by closing an account or choosing not to enter into or continue a business relationship with a customer
or industry that it would otherwise maintain, it is forgoing an opportunity to maintain or build a profitable business relationship
that may otherwise be consistent with sound risk management practices. Accordingly, the agencies' past practice of encouraging
supervised institutions to alter their behavior due to reputation risk may have adversely impacted institutions' earnings,
capital positions, and safety and soundness. In this way, the agencies' prior focus on reputation risk may have caused supervised
institutions to be less safe and sound than had they been permitted to engage in lawful business activities without these
limitations resulting from supervisory expectations surrounding reputation risk.

In addition, examining for reputation risk can result in agency personnel or leadership implicitly or explicitly encouraging
institutions to restrict access to banking services on the basis of agency personnel's personal views of a group's or individual's
political, social, cultural, or religious views or beliefs, constitutionally protected speech, or politically disfavored but
lawful business activities. Denying lawful businesses access to financial services can further have negative effects on the
economy by hindering the growth of these lawful businesses and consequently interfering with the job creation and the economic
activity their operations could generate.

Moreover, even if reputation risk could be quantified, the agencies lack evidence that reputation risk, in the absence of
identified financial or operational risks, is a factor that can hurt an institution's safety and soundness. Although there
are examples of risks such as credit risk and liquidity risk being the primary driver of an institution's unsafe or unsound
condition, the agencies have not seen evidence that reputation risk can be the primary driver of an institution being in unsafe
or unsound condition. When reputational issues are identified as a cause of harm that has impacted a supervised institution's
financial condition, there are typically other more significant factors, such as those relating to the institution's capital,
asset quality, liquidity, earnings, or interest rate sensitivity, that are the primary drivers of the institution's weakened
financial condition. The OCC's analysis shows that the agency will not lose information useful to anticipate regulated institutions'
failure by ceasing to produce reputation risk ratings in the Risk Assessment System (RAS) ratings system, as the RAS reputation
risk ratings do not forecast failure after accounting for the CAMELS composite rating and components. Instead, only RAS ratings
that assess fundamental financial risks predict failure risk once CAMELS ratings are accounted for.

In addition, there is no evidence that ceasing to impose Matters Requiring Attention (MRAs) that focus on reputation risk
will harm the agencies' ability to anticipate and resolve failure risk. The agencies' analysis shows that MRAs that either
mention reputation risk in the MRA description or include reputation risk as either a primary or secondary risk have no ability
to predict bank failures.

The OCC's supervision is required by law to focus on the safety and soundness of its institutions and compliance with laws
and regulations as well as, as applicable, fair access to financial services and fair treatment of customers. (5) The FDIC is responsible for the supervision and examination of State nonmember banks, including for safety and soundness principles. (6) In furtherance of these objectives, the agencies' supervision should focus on

  concrete risks and objective criteria directly related to applicable statutory requirements. In the agencies' experience,
  using reputation risk in its supervisory process does not further this mission.

III. Overview of the Notices of Proposed Rulemaking and General Summary of Comments

The proposed rule sought to codify the removal of reputation risk from the OCC and FDIC's supervisory programs. The proposed
rule would have prohibited the agencies from criticizing, formally or informally, or taking adverse action against an institution
on the basis of reputation risk. In addition, under the proposal, the agencies would be prohibited from requiring, instructing,
or encouraging an institution or its employees to refrain from contracting with or to terminate or modify a contract with
a third party, including an institution-affiliated party, on the basis of reputation risk. The proposed rule also stated that
the agencies could not require, instruct, or encourage an institution or its employees to refrain from doing business with
or to terminate or modify a business relationship with a third party, including an institution-affiliated party, on the basis
of reputation risk. The proposed rule would have also prevented the agencies from requiring, instructing, or encouraging an
institution to enter into a contract or business relationship with a third party on the basis of reputation risk. The proposed
rule would have further prohibited the agencies from requiring, instructing, or encouraging an institution or an employee
of an institution to terminate a contract with, discontinue doing business with, or modify the terms under which it will do
business with a person or entity on the basis of the person's or entity's political, social, cultural, or religious views
or beliefs, constitutionally protected speech, or solely on the basis of the third party's involvement in politically disfavored
but lawful business activities perceived to present reputation risk.

The proposed rule was solely focused on the functions and activities of the OCC and the FDIC. The proposed rule did not include
prohibitions, restrictions, or requirements on the self-directed activities of supervised institutions or institution-affiliated
parties.

The proposed rule provided definitions of several terms used in the rule, including “adverse action,” “doing business with,”
“institution,” “institution-affiliated party,” and “reputation risk.”

The prohibitions of the proposed rule would have applied to actions taken on the basis of reputation risk; political, social,
cultural, or religious views and beliefs; constitutionally protected speech; or solely based on bias against politically disfavored
but lawful business activities perceived to present reputation risk. The proposed rule would not have prohibited criticism,
supervisory feedback, or other actions to address traditional risk channels related to safety and soundness and compliance
with applicable laws, including credit risk, market risk, and operational risk (including cybersecurity, information security,
and illicit finance), provided that such criticism, supervisory feedback or other action addressing these other risks was
not a pretext designed to covertly continue supervision for reputation risk.

Under the proposed rule, the OCC planned to make seven conforming amendments to the OCC's regulations to eliminate references
to reputation risk. These conforming amendments would be made in (1) the list of risks a national bank shall consider, as
appropriate, as set out in 12 CFR part 1 of the OCC regulations; and (2) the safety and soundness standards set forth in 12
CFR part 30 of the OCC regulations, including the OCC guidelines. The OCC regulations at 12 CFR part 30 would include six
conforming amendments. (7)

Under the proposed rule, the FDIC planned to make one conforming amendment to the FDIC's regulations relating to reputation
risk. This amendment would be made in the safety and soundness standards set forth in 12 CFR part 364 of the FDIC's regulations. (8) Under the proposed rule, the FDIC would eliminate the reference to reputation risk in the regulation.

The agencies received comments on many areas of the proposed rule. The commenters represented government entities, congresspeople,
industry trade groups, nonprofits, financial institutions, other types of businesses, and individuals. The agencies received
a mix of comments both supporting and opposing the proposed rule. Many commenters made suggestions for alternatives to the
rule or for ways to strengthen or alter the rule.

IV. Overview of Final Rule

The agencies have decided to adopt the proposed rule with minor modifications.

A. Comments Regarding the Need for and Adoption of the Rule

Although the agencies received comments both supporting and opposing the proposed rule, the majority of comment letters expressed
support. Many commenters urged the agencies to adopt the proposed rule because they perceived reputation risk to be ill-suited
as a supervisory tool. These commenters expressed concern that reputation risk is subjective and hard to measure in a predictable
or quantitative fashion. These observations mirrored the agencies' experience with the shortcomings of reputation risk as
a supervisory tool, as discussed above in the “Background” section. The commenters explained that this subjectivity interfered
with both banks and other regulators for FDIC-insured banks, such as State banking agencies, being able to anticipate Federal
regulators' perspectives and concerns. These commenters also noted that regulators' focus on reputation risk, and the consequent
need for financial institutions to focus on anticipating regulators' concerns regarding reputation risk, distract from more
material risks or better use of resources. The agencies agree with these observations by commenters on the harms of including
reputation risk in the supervisory program.

In contrast, other commenters opposed the proposed rule and stated that examination for reputation risk is necessary to support
bank safety and soundness. In contrast to the commenters who stated that reputation risk cannot be measured quantitatively
or objectively, one commenter stated that it could be measured accurately. However, this commenter did not recommend an actionable
method that the agencies could adopt for such a measurement, and the regulators are not aware of an objective and reliable
method for measuring reputation risk.

Some of these commenters stated that damage to a bank's reputation can cause substantial financial harm to a bank. As support
for this assertion, some commenters cited the spring 2023 bank failures, which they claimed happened due to reputational harms
to the financial institutions involved. However, those failures were caused by, among other contributing factors, a lack of
public confidence in the financial condition of the institutions; the agencies have not identified non-financial reputation
risk as among them. The final rule is adopting from the proposed rule a definition of reputation risk that specifically excludes
issues that could negatively impact public

  perception for reasons “clearly and directly related to the financial condition of the institution.” Thus, the concerns that
  caused the public to cease doing business with the institutions affected by the spring 2023 bank failures were not the types
  of concerns that would fall under the definition of reputation risk in the final rule and for which the agencies would be
  prevented from supervising. Indeed, the Spring 2023 failures were examples of the types of material financial risks on which
  regulators and institutions need to focus and from which they can be distracted by more nebulous and not-financially-related
  reputation risk concerns.

Some commenters argued that removing supervision for reputation risk downplays the importance of customer loyalty and trust.
However, the agencies have not observed that supervision for reputation risk helps support customer loyalty to financial institutions,
an area that banks compete on. Indeed, as another commenter explained, policing for reputation risk concerns can actually
harm an institution's customer loyalty. This commenter explained how financial institutions could harm their reputations by
closing accounts on the basis of religious or political bias and thus how attempts to mitigate reputation risk can actually
harm financial institutions. The commenter provided an example of negative publicity that a bank purportedly experienced after
closing the commenter's account allegedly for religious reasons.

In the agencies' experience, supervising for reputation risk requires the agencies to determine which sides of potentially
contentious political, social, and religious issues will be favored by the customers of the regulated institutions. Attempting
to ensure “customer loyalty” for regulated institutions by preventing regulated institutions from providing services for businesses,
individuals, or activities that may offend customers requires the agencies to accurately predict public sentiment regarding
controversial issues. The agencies have not shown the ability to accurately do this in a consistent and reliable manner, and
efforts to predict public opinion have distracted both regulators and the regulated from focusing on risks they can understand
and predict.

Commenters were divided on whether supervision for reputation risk harms the integrity of the banking system and banking regulation.
One commenter stated that removing supervision for reputation risk would harm the integrity of the banking system, the political
institutions, U.S. elections, and ultimately national security. However, as another commenter noted, the agencies' efforts
to take sides in ongoing public debates can harm the stability of the banking system because whichever side the regulators
decide against and denounce as causing reputational harm to financial institutions will lose faith and trust in the regulators,
thus harming the credibility that U.S. financial regulatory structure relies upon. For the reasons explained by this commenter,
the agencies believe that the harm to their public legitimacy that will come from entering into contentious public debates
outside of their statutory responsibilities is greater than the potential for not supervising for reputation risk to cause
harm, risk which the agencies believe to be highly unlikely for the reasons described above.

Another commenter stated that the proposed rule strips away an important means of recognizing discrimination and extremism
in financial institutions. This commenter argued that reputation risk has been a regulatory tool that allowed early intervention
in developing patterns of discriminatory or predatory banking practices by banks. Another commenter, similarly, was concerned
that removing examination for reputation risk would cause financial institutions to lose their ability to detect emerging
threats such as certain fraud schemes. Other commenters were likewise concerned that removing supervision for reputation risk
would remove deterrence from banks engaging in predatory practices such as fraudulent account scandals or from providing services
for people who have committed crimes. Similarly, another commenter argued that the agencies should consider that removing
reputation risk could lead to increased incidence of illegal and risky activities that might be flagged by reputation risk
monitoring. In the same vein, one commenter opined that removing examination for reputation risk would increase unethical
behavior by banks. This same commenter further stated that the agencies must consider that removing reputation risk could
lead to worsening service for customers. However, the final rule does not repeal or alter any of the existing laws or regulations
prohibiting discriminatory or predatory banking practices, and there is no evidence suggesting it could lead to worsening
customer service. Moreover, issues stemming from a lack of customer service fall outside of what is being considered to be
a reputation risk, as defined in the final regulation. Illegal discrimination and predatory practices will continue to be
forbidden, and the agencies will continue to expect their regulated institutions to comply with all applicable laws addressing
these issues. Moreover, the proposed rule does not alter the legal requirements and supervisory expectations around the detection
and prevention of fraud. The removal of reputation risk from the agencies' supervisory programs will not impact the agencies'
continued examination for compliance with these types of laws, but rather will allow the agencies to better allocate its resources
during examinations.

B. Comments Regarding Harms From Regulators Pressuring Banks To Stop Serving Certain Industries Due to Perceived Reputation

Risks

Some commenters argued that economic harm to both individuals and to the broader economy resulted from debanking customers
due to perceived reputation risk. Some of these comments were from individuals or trade organizations whose members had been
debanked despite the benefits that they believed their industry or business offered to the economy. These commenters argued
that their members were engaged in lawful business operations, complied with extensive regulations as applicable, and employed
many Americans. Other commenters noted that financial institutions benefit from greater engagement with all industries in
the U.S. economy and that such financial institutions are financially harmed by being prevented from doing business with certain
sectors due to reputational concerns. These observations about the harms from regulators pressuring banks to stop serving
certain industries under the guise of protecting against reputation risk are generally consistent with the agencies' understanding
of supervision for reputation risk. The agencies agree with these observations about these harms and that the agencies should
not be requiring, instructing, or encouraging an institution to close an account, to refrain from providing an account, product,
or service, or to modify or terminate any product or service on the basis of a perceived reputation risk.

One commenter expressed concern about the “economic distortion” created by the use of reputation risk and by the regulators
picking economic winners and losers. Another commenter similarly noted that debanking due to reputation risk can also open
the door to what the commenter described as an “economic heckler's veto” by any economically powerful entity, such as a customer
or investor. This commenter

  argued that allowing an economically powerful entity to pressure an institution to not provide services to certain businesses
  by claiming that such would create reputation risk could, in practice, give outsized weight to those who already have economic
  or financial power.

In support of banks' discretion, one commenter stated that businesses such as those involving digital assets or fossil fuels
are not members of a protected class and therefore are not entitled to guaranteed access to the banking system. Similarly,
another commenter stated that the government should not be favoring certain sectors by preventing financial institutions from
debanking them. However, the rule both as proposed and as adopted here only constrains agency action and does not compel or
restrict any actions by financial institutions.

As noted, the agencies agree with the concerns about economic distortions caused by regulators favoring or disfavoring certain
legal businesses over other legal businesses. It is not the role of financial regulators to pick winners and losers among
lawful businesses or to attempt to suppress lawful businesses.

C. Legal and Constitutional-Related Concerns Regarding the Agencies' Use of Reputation Risk

Some commenters contended that the use of reputation risk as a supervisory tool violates multiple parts of the U.S. Constitution.
For example, some commenters expressed the concern that reputation risk has been used to chill free speech. One commenter
also argued that the use of reputation risk is in violation of the Fifth Amendment of the Constitution because it is unconstitutionally
vague. Other commenters argued that the use of reputation risk infringes on Americans' Second Amendment right to bear arms
by causing debanking in the firearms industry.

The agencies believe that, regardless of the constitutionality of using reputation risk, removing it will reduce the subjectivity
of the supervisory program and thus improve the oversight of financial institutions. Thus, agencies do not need to determine
whether there would be further issues regarding constitutionality. Therefore, the agencies see removing reputation risk from
the supervisory program as a prudent measure to address the potential for such transgressions.

Commenters also alleged that the use of reputation risk violated the Administrative Procedure Act (APA). Specifically, these
commenters argued that the agencies' prior use of reputation risk violated the APA requirement that agency actions not be
arbitrary or capricious, that substantive rules be promulgated through notice-and-comment procedures, and that agencies act
within their statutory authority. The agencies believe that, regardless of consistency with APA requirements, removing reputation
risk will be of benefit by providing less opportunity for subjectivity in the future. Thus, this concern is another reason
that the agencies have decided to adopt the final rule.

D. Suggestions for Alternatives To Removing Reputation Risk From the Supervisory Program

Several commenters suggested that the agencies reform the use of reputation risk in its supervisory program rather than remove
the concept entirely. These commenters argued that the agencies could establish clearer standards and metrics for measuring
reputation risk to make it more objective. However, these commenters did not propose methods for accomplishing this that would
be actionable and effective, and, in the agencies' experience, such standards and metrics do not exist in a form that is accurate
and consistent. Moreover, even if reputation risk could be monitored through clearer standards or metrics, as explained above,
agency experience has not shown a clear and consistent connection between reputation risk and actual financial harm to regulated
institutions. Therefore, even if clearer standards or metrics could be established, the resources necessary to formulate such
clearer metrics would still not be well spent because it is not clear that the purported risk being measured actually impacts
financial institutions' safety and soundness.

E. Comments Regarding Evidence of Debanking

Several commenters argued that the agencies had not presented sufficient evidence that debanking occurred that was caused
by regulators' concerns regarding reputation risk. In contrast, other commenters alleged that they or their members had been
debanked due to political biases that were labeled as reputation risk. The agencies believe that the potential for reputation
risk to be misused in this manner supports removal from the agencies' supervisory program. (9)

F. Comments Alleging That the Agencies Failed To Consider Certain Aspects of the Rule

One commenter argued that the agencies had not presented enough evidence that ceasing to examine for reputation risk would
lead to better supervisory outcomes. To the contrary, as the agencies explained above in the “Background” section, while there
are examples of risks like credit risk and liquidity risk being the primary driver of an institution's unsafe or unsound condition,
the agencies have not seen evidence that reputation risk can be the primary driver of an institution being in unsafe or unsound
condition. Even in cases when reputational issues are identified as a cause of harm that has impacted a supervised institution's
financial condition, there are typically other more significant factors, such as those relating to the institution's capital,
asset quality, liquidity, earnings, or interest rate sensitivity, that are the primary drivers of the institution's weakened
financial condition.

Commenters also alleged that the rule failed to consider the loss to the Deposit Insurance Fund from not examining for reputation
risk. As the agencies have explained, given the lack of evidence linking perceived reputation risks to material financial
harm at regulated entities, the agencies do not expect an increase in bank failures due to the removal of reputation risk
from the supervisory program. Another commenter argued that the agencies should consider that removing reputation risk could
lead to increased incidence of illegal and risky activities that might be flagged by reputation risk monitoring. Removing
reputation risk from the supervisory program will make

  available more resources for supervision of illegal or abusive practices. This same commenter further stated that the agencies
  must consider that removing reputation risk could lead to worsening service for customers. However, issues stemming from a
  lack of customer service fall outside of what is considered to be reputation risk as defined in the final regulation. A commenter
  further alleged that there would be capital flight to lenders in other jurisdictions with adequate supervision of reputation
  risk. The commenter presented no evidence to support his assertion that this would occur. Since the agencies ceased examining
  for reputation risk in early 2025, they have seen no such flight of capital.

G. Suggestions for Expanding the Rule

Some commenters suggested expanding the rule in various ways to control the behavior of regulated entities. The comments included
suggestions to prohibit banks from choosing, without regulator pressure, to debank customers based on reputational concerns
or disagreement with protected political views or speech. However, other commenters opposed this idea, and some commenters
requested clarifying language be added that banks still retain discretion regarding whom they do business with. These suggestions
are all outside the scope of this rulemaking, which is solely focused on the actions of the agencies and not on controlling
or addressing the actions of supervised entities or other private parties.

In a similar vein, one commenter recommended that the rule include a requirement that national banks and Federal savings associations
must report to the agencies information regarding all deposit account terminations and that the rule should require the agencies
to make this information publicly available annually in a report covering deposit account termination data for each reporting
bank and savings association along with aggregate statistics on deposit account terminations. Similarly, other commenters
suggested that all debanked customers who had an account closed should be able to access information from their financial
institution to understand the reason for the closure and to have a means for redress if there was an error. Another commenter
recommended that banks should be required to provide written notice when terminating or materially modifying customer relationships,
including a statement of the reasons for such actions, unless otherwise prohibited by law enforcement. Another suggestion
raised by commenters was that the agencies should encourage institutions to identify customers whose accounts were closed
or services denied solely on reputation grounds and to offer those customers a path to reinstatement, subject to standard,
risk-based underwriting. However, this rulemaking is solely focused on the actions of the agencies, not on the actions of
institutions regulated by the agencies, so these comments and all other suggestions for expanding the rule to monitor, control,
or prohibit private entity action are all outside the scope of this rulemaking. Other comments that provided suggestions for
improving or clarifying agency supervisory practices or altering methods for supervisory communication beyond the removal
of reputation risk are likewise outside the scope of this rulemaking.

One commenter requested clarification that institutions would still be expected to guard against issues that could affect
their reputations, such as fraud. Supervised institutions have legal and supervisory requirements to be vigilant against fraud,
and these requirements are not affected by this rule. (10) The expectation that banks continue to follow all legal requirements for their operations and their treatment of customers
is not altered. Moreover, concerns regarding fraud directly impact the operational and financial condition of the institution
and can directly cause consumer harm. Thus, the rule excludes public concerns regarding these issues from the definition of
reputation risk.

Another suggestion raised by commenters was that the agencies should establish or publicize complaint channels enabling individuals
and businesses to report suspected reputation risk-based denials or closures at supervised institutions. The OCC maintains
a website, https://helpwithmybank.gov/, through which members of the public can file a report if they believe they have been unfairly debanked or discriminated against
by their bank due to their political or religious beliefs or lawful business activities. The FDIC maintains a similar website
at https://ask.fdic.gov/fdicinformationandsupportcenter/s/?language=en_US, where members of the public can file complaints about financial institutions.

One commenter requested that the agencies clarify that the proposed rule would not prevent examiners from engaging in constructive
conversations about business strategy, market conditions, competitive pressures, or customer relationship management, provided
such discussions do not cross the line into criticism or adverse action based on reputation risk or prohibited considerations.
The agencies confirm that it is not the intention of the rule to hinder this type of communication.

H. Discussion of Specific Sections of the Final Rule and Comments Thereon

1. Definitions

i. Definition of Adverse Action

“Adverse action,” as defined by the rule, includes the provision of negative feedback, including feedback in a report of examination,
a memorandum of understanding, verbal feedback, or an enforcement action. Furthermore, “action” encompasses any action of
any agency employee, including any communication characterized as informal, preliminary, or not approved by agency officials
or senior staff. A downgrade (or contribution to a downgrade) of any supervisory rating, including a rating assigned under
the Uniform Financial Institutions Rating System or comparable rating system, also constitutes an “adverse action.” In addition,
a downgrade (or contribution to a downgrade) of a rating under the Uniform Interagency Consumer Compliance Rating System or
the Uniform Rating System for Information Technology, or any other rating system, also constitutes an “adverse action.” Further,
a denial of a filing or licensing application or an imposition of a capital requirement above the minimum ratios constitutes
an “adverse action” under the rule, as does any burdensome requirements placed on an approval, the introduction of additional
approval requirements, or any other heightened requirements on an activity or change.

The agencies are also including in the rule a general “catch-all” for any other actions that could negatively impact an institution
outside of traditional supervisory channels. This catch-all is meant to include actions such as supervisory decisions on applications
for waivers outside of the normal licensing or filing channels, applications to engage in certain business activities for
which supervisory permission is required, or other regulatory decisions affecting institutions. Intent is the defining characteristic
for whether an agency action would fall into this catch-all provision. As illustrations of agency actions that are subject
to this prohibition, the prohibition prevents the agencies from, for example: disapproving a proposed member of a board of
directors on the basis of an

  unsubstantiated pretense where the true reason is reputation risk, denying a waiver of bank director citizenship and residency
  requirements for the purpose of inducing an institution to address perceived reputation risk somewhere in the institution's
  operations, or disapproving a change of control notice because an institution lacks internal reputation risk controls. Agency
  actions subject to this prohibition also include negative feedback that is verbal, a condition attached to an approval, the
  introduction of new approval requirements, and any other heightened requirements that are intended to force the bank to address
  perceived reputation risk.

The agencies received comments both supporting and opposing the proposed definition of “adverse action.” Although some commenters
supported the proposed definition, one commenter stated that agencies should be less focused on the “intent” of the action
in the catch-all provision because “intent” might be hard to prove. However, the agencies believe that including “intent”
is helpful to avoid capturing agency actions that might unintentionally negatively impact a certain industry but is not intended
to have that affect. For instance, an institution may be criticized for having a large concentration of loans in a specific
business sector without proper risk management of the concentration risk presented. Such criticism might unintentionally dissuade
the institution from making further loans to that business sector, but such is not the intent of the criticism, and such criticism
can be important to the safety and soundness of the institution. As evidence of “intent” the agencies will look to both the
effect of the action as well as the justification for the action. For instance, unsubstantiated or poorly substantiated claims
or justification for actions are evidence of possible ulterior motivations for actions that have a negative effect on a religious
group or lawful business. Inconsistent application of standards or adverse actions between similarly situated parties, especially
without an explanation for the discrepancy, can also be evidence of an intent to impermissibly punish or discourage an individual
or group from engaging in lawful political, social, cultural, or religious activities, constitutionally protected speech,
or lawful business activity. Moreover, an agency action that completely or effectively prevents the affected group, individual,
or business from accessing financial services or severely hinders the group, individual, or businesses' ability to operate
can be evidence of impermissible agency intent as financial and compliance risks are not likely to be so uniformly high as
to require such a result.

Thus, the agencies are adopting the definition of “adverse action” as proposed.

ii. Definition of Doing Business With

The term “doing business with” in the proposed rule is intended to be construed broadly and to include business relationships
both with clients of the institution and with third-party service providers. It is also intended to include the relationship
of a bank with organizations or individuals that the bank is providing with charitable services, including as part of a community
benefits agreement or as part of a Community Reinvestment Act plan. This term is intended to include both existing business
relationships and prospective business relations. No comments were received on this definition.

iii. Definition of Institution-Affiliated Party

The term “institution-affiliated party” has the same meaning as in section 3 of the Federal Deposit Insurance Act. (11) No comments were received on this definition.

iv. Definition of Reputation Risk

Several commenters recommended that the proposed definition of reputation risk be altered to remove the phrase “for reasons
not clearly and directly related to the financial condition of the institution.” However, the agencies believe this phrase
is necessary to maintain the ability of the agencies to address public concerns that directly relate to an institution's financial
condition and solvency because those concerns can lead to runs. Unlike public concerns about an institution doing business
with politically controversial people or entities, concerns about an institution's financial condition have been shown repeatedly
to lead to a direct negative impact on the institution that can cause failure.

One commenter stated that reputation risk is always directly financially material and thus the phrase in the definition of
reputation risk that it is “not intended to capture risks posed by public perceptions of the institution's current or future
financial condition because such perceptions relate to risks other than reputation risk” is self-contradictory. However, as
explained by the agencies above in the “Background” section, the agencies' supervisory experience has found that reputation
risk, as defined in the rule, is not financially material to institutions.

The agencies received comments that were divided on whether the definition of “reputation risk” should include the term “operational”
in the phrase “for reasons not clearly and directly related to the financial condition of the institution.” One commenter
believed that the term “operational” could be used to evade the intention of the rule to allow some consideration of reputation
risk. However, another commenter noted that including this term would be consistent with other provisions of the rule that
explicitly preserve the agencies' authority to supervise for operational risk.

The agencies have decided to add “operational” into the final rule such that the definition of “reputation risk” will be “any
risk, regardless of how the risk is labeled by the institution or regulators, that an action or activity, or combination of
actions or activities, or lack of actions or activities, of an institution could negatively impact public perception of the
institution for reasons not clearly and directly related to the financial or operational condition of the institution.” The
agencies agree that operational risk is a significant concern for institutions. Public perception that an institution could
be susceptible to a breakdown in the provision of services due to operational issues such as a cyberattack or a natural disaster
could have a direct impact on customer's willingness to do business with an institution and thus on the institution's financial
solvency.

2. Prohibitions on the Use of Reputation Risk in the Supervisory Process

Section (a) of the rule prohibits the agencies from criticizing, formally or informally, or taking adverse action against
an institution on the basis of reputation risk. Section (b) prohibits the agencies from requiring, instructing, or encouraging
an institution or its employees to refrain from contracting with or to terminate or modify a contract with a third party,
including an institution-affiliated party, on the basis of reputation risk. The agencies also cannot require, instruct, or
encourage an institution or its employees to refrain from doing business with or to terminate or modify a business relationship
with a third party, including an institution-affiliated party, on the basis of reputation risk. Section (c) of the rule further
prevents the agencies from requiring, instructing, or

  encouraging an institution or an employee of an institution to enter into a contract or business relationship with a third
  party on the basis of reputation risk or to terminate a contract with, discontinue doing business with, or modify the terms
  under which it will do business with a person or entity on the basis of the person's or entity's political, social, cultural,
  or religious views or beliefs, constitutionally protected speech, or solely on the basis of the third party's involvement
  in politically disfavored but lawful business activities perceived to present reputation risk. Finally, section (f) of the
  rule provides that the agencies will not take any supervisory action or other adverse action against an institution, a group
  of institutions, or the institution-affiliated parties of any institution that is designed to punish or discourage an individual
  or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech,
  or, for political reasons, lawful business activities that the supervisor disagrees with or disfavors.

These prohibitions do not affect requirements intended to prohibit or reject transactions or accounts associated with Office
of Foreign Assets Control-sanctioned persons, entities, or jurisdictions. Such prohibitions and rejections are not based specifically
on “the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech,
or politically disfavored but lawful business activities perceived to present reputation risk.” The prohibition also does
not affect the agencies' authority to enforce the requirements of the provisions of United States Code title 31, chapter 53,
subchapter II regarding reporting on monetary transactions. (12) However, due to the broad nature of Bank Secrecy Act (BSA) (13) and anti-money laundering (AML) supervision, there is a risk that BSA/AML focused supervisory actions could indirectly address
reputation risk. The rule prohibits supervisors from using BSA and anti-money laundering concerns as a pretext for reputation
risk. In addition, although the agencies may continue to consider the statutory factors required with respect to certain applications, (14) the rule prohibits supervisors from using these provisions as a pretext for reputation risk when making determinations regarding
such applications.

The agencies received multiple comments on these sections. First, on section (c), commenters were divided on whether the “solely”
should be removed from the prohibition that the agencies will not require, instruct, or encourage an institution or its employees
to terminate a contract with, discontinue doing business with, sign a contract with, initiate doing business with, modify
the terms under which it will do business with a person or entity, “solely on the basis of the person's or entity's involvement
in politically disfavored but lawful business activities perceived to present reputation risk.”

Some commenters felt the word “solely” should be maintained because otherwise banks could face regulatory uncertainty even
when legitimate risk factors are the primary basis for the decision. Other commenters were concerned that “solely” should
not be included because it could be read to imply that reputation risk could be considered, just not as a stand-alone risk.

The agencies included the word “solely” in this phrase to provide the ability for regulators to discourage activities that
may implicate safety and soundness through traditional risk channels but also involve a legitimate business activity that
might be politically disfavored. Given that the agencies still believe it is important to maintain this flexibility, the final
rule is adopting the language in this provision as proposed and maintaining the word “solely.” The agencies will consider
whether an agency action that appears to have some impermissible reputation risk considerations underlying it but proports
to be based largely on permissible concerns violates the anti-evasion provisions in the rule.

Multiple commenters had concerns regarding the language at the end of section (f), which states that the agencies will not
“take any supervisory action or other adverse action against an institution, a group of institutions, or the institution-affiliated
parties of any institution that is designed to punish or discourage an individual or group from engaging in any lawful political,
social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities
that the supervisor disagrees with or disfavors.” Some commenters requested that this prohibition be expanded to cover all
agency personnel, not just supervisors. Similarly, another commenter suggested that the prohibition should be extended to
prohibit any attempt to discourage lawful political or religious activity regardless of what the supervisor thinks about the
activity.

The agencies did not intend this provision to be read so narrowly as to only cover the views of supervisory staff as compared
to the views of other members of the agencies. Thus, the agencies are changing the wording in the final rule to cover lawful
political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful
business activities that are disfavored by the agency or any of its personnel. This wording is to clarify that it does not
matter whether the bias comes from the head of the agency or from an individual examiner, the bias is not a permissible basis
for agency action.

Commenters also stated that it was unclear whether references to views and beliefs would extend to actions based on those
views or beliefs. Some commenters recommended extending the prohibition to cover actions as well as the views or beliefs themselves.
The agencies intend for the prohibition to extend to lawful activities based on political, social, religious, and cultural
views or beliefs that do not affect creditworthiness or other permissible risk factors such as market risk. Although agency
actions designed solely to discourage or punish a given view or belief are impermissible, the agencies are not prevented from
considering actions that relate to permissible risk factors solely because those actions stem, in whole or in part, from a
political, social, cultural, or religious view or belief.

Another commenter recommended that the prohibition in section (f) against adverse action should not only cover adverse actions
that are designed to punish or discourage individuals from engaging in certain beliefs or businesses, but also adverse actions
that actually have that effect regardless of the intent of the action. However, the agencies are concerned that adopting such
language would prevent the agencies' ability to address important risks that are directly related to the financial condition
of the institution if the remediation measures necessary for addressing such risks would unintentionally impact certain businesses
or individuals with certain beliefs. Thus, the agencies are not adopting this suggestion.

I. Other Modifications in the Rule

Regulations codified in 12 CFR part 41 of the OCC regulations and 12 CFR part 334 of the FDIC's regulations refer to reputation
risk concerning certain identity theft prevention programs required by the Fair and Accurate Credit Transactions Act of 2003.
However, by statute, guidelines and regulations for these programs must occur jointly across certain Federal agencies, so
no conforming amendment is suggested for 12 CFR parts 41 or 334. The OCC and FDIC are considering making changes to 12 CFR
parts 41 and 334, respectively, in a separate, joint rulemaking in the future. Until that separate, joint rulemaking occurs,
the agencies expect to exercise their discretion in enforcing 12 CFR parts 41 and 334 by using agency resources to assess
compliance without regard to reputation risk.

V. Impact Analysis

A. OCC Expected Effects

1. Introduction

The OCC and the FDIC are issuing a final rule to eliminate reputation risk from their supervisory programs. The rule would
prohibit the agencies from using reputation risk in their risk assessments of institutions that they supervise and from influencing
the relationship between the regulated institutions and their customers based on a customer's political, social, cultural,
or religious views or beliefs or solely lawful business activities perceived to present a reputational risk.

2. Regulatory Baselines and Conclusions

The OCC assumes that the removal of reputation risk resulted from the final rule analyzed here rather than OCC Bulletin 2025-4.
In the OCC's assessment, the OCC accounted for the full effect of the removal of reputation risk from supervision, rather
than attributing the removal of reputation risk to OCC Bulletin 2025-4. The analysis does so because the statements in OCC
Bulletin 2025-4 are not legally binding and therefore only the final rule legally removes reputation risk from bank supervision.

3. Background

As previously discussed, to improve the efficiency and effectiveness of their supervisory programs, the agencies are proposing
revising their supervisory frameworks to remove reputation risk. The rule would prohibit the OCC from criticizing or taking
adverse actions (broadly defined) against an institution on the basis of reputation risk.

4. Parties Affected by the Proposal

The OCC currently supervises 997 national banks, Federal savings associations, trust companies and Federal branches and agencies
of foreign banks (collectively, “banks”). (15) Because all OCC-regulated banks and institutions were subject to reputation risk assessments, the rule would affect all 997
institutions supervised. Because the rule aims to remove the influence of the agencies' reputation risk assessments on institutions'
customer relationships, the OCC concludes that the rule could potentially affect all OCC regulated institutions' current and
future customers.

5. Costs and Benefits: Cost Savings to Regulated Institutions

i. Cost Savings From Decreased Regulatory Compliance Burden

The OCC expects that the rule will result in cost savings to regulated institutions from a reduced compliance burden. The
rule reduces regulatory burden because the OCC will no longer engage in examinations that assess, in part, issues explicitly
related to reputation risk, nor will the OCC take adverse supervisory actions against supervised institutions related to reputation
risk.

To assess institutions' cost savings from the final rule, the OCC looked to its supervisory experience regarding expected
cost savings from the removal of reputation risk from supervision. Based on this feedback, the OCC assessed that cost savings
will depend on how much regulated institutions' costs decrease from no longer being required to explicitly respond to reputation
risk concerns from regulators.

OCC supervisory experience also indicated that because supervisory actions that the OCC typically took that mentioned reputation
risk, such as MRAs, almost always involved other risk issues as well, the overall number of MRAs may not decrease. The OCC's
analysis found that most MRAs that listed reputation risk as the primary or secondary concern also listed other risk categories
as concerns as well. (16) Nonetheless, the OCC expected that there should be some cost savings for institutions as they no longer need to address the
reputation risk concern components of an MRA.

Based on an analysis of the number of MRAs that mentioned reputation risk as a primary or secondary concern over the past
10 years, the OCC finds that roughly 17 percent of MRAs per year mention reputation risk as primary or secondary concern (Table
1). Based on the frequency of past MRAs that mentioned reputation risk as a concern, the OCC expects that, if MRAs would have
continued to mention reputation risk as a concern at a similar rate in the absence of the final rule, that OCC institutions
will experience substantial cost savings from no longer having to address reputation risk as part of an MRA may be substantial.

| Year | Percentage of MRAs listing reputation risk as a primary concern | Percentage of MRAs listing reputation risk as a secondary
concern | Percentage of MRAs not listing reputation as a concern |
| --- | --- | --- | --- |
| 2016 | 0.65 | 2.14 | 97.21 |
| 2017 | 1.50 | 23.96 | 74.54 |
| 2018 | 1.68 | 20.44 | 77.87 |
| 2019 | 2.02 | 18.71 | 79.27 |
| 2020 | 1.88 | 19.91 | 78.21 |
| 2021 | 1.43 | 19.07 | 79.50 |
| 2022 | 1.10 | 19.60 | 79.30 |
| 2023 | 1.21 | 17.73 | 81.06 |
| 2024 | 0.65 | 14.68 | 84.67 |
| 2025 | 0.00 | 2.19 | 97.81 |
| 2026 | 0.00 | 0.00 | 100.00 |
| Total | 1.25 | 15.97 | 82.77 |

ii. Benefits From Increased Business Opportunities

The impact of the rule on regulated institutions will depend on the extent to which reputation risk concerns from regulators
may have impacted regulated institutions' behavior in response to regulatory expectations of institutions in managing reputation
risk. Based on supervisory experience, the OCC expected that regulated institutions may have internally perceived supervisory
expectations regarding reputation risk as a factor in their business decisions. That is, institutions may have let perceptions
regarding regulatory assessments of reputation risks influence their decisions as to whether they would engage in or continue
customer relationships. As a consequence, institutions may have refrained from entering into or continuing profitable business
relationships with law-abiding customers that they may have maintained in the absence of implicit supervisory expectations.

For example, the final rule cites several congressional reports that suggest that there were isolated episodes where Federal
regulators allegedly pressured institutions to cease providing services to legal businesses, based on “reputational risk”
concerns that these businesses presumably posed to these institutions.

In addition, a study by Sachdeva et al., (17) shows that reputation risk concerns emphasized by regulators at a small number of targeted institutions over a short period
of time may have decreased lending to and/or terminated relationships with affected firms that were deemed controversial by
regulators and law enforcement. The study's results, however, also suggest that the firms were not irreparably harmed as these
firms were able to obtain substitute credit through other non-targeted banks under similar terms. However, the OCC interprets
the study's results as implying that borrowers incurred costs that resulted from having to find alternative financing. The
OCC also interprets the study's results as implying that it is possible that harm to customers would have been greater if
a larger fraction of banks had been pressured to decrease lending or terminate relationships with affected firms as this would
have reduced the supply of alternative financing that would have been available to the affected firms.

The OCC concludes the rule may benefit institutions and their customers by eliminating perceived constraints on institutions'
decisions that could have arisen from institutions' perception of regulators' expectations regarding reputation risks in the
absence of the rule.

iii. Benefits From Less Subjective Supervision

One additional benefit from the removal of reputation risk is greater consistency and objectivity of supervisory decisions.
This, in turn, would increase the predictability for regulated institutions to understand and manage regulators' supervisory
expectations.

In its analysis, the OCC quantitatively compared the subjectivity of OCC supervisory text that mentions the word reputation
to supervisory texts that do not mention the word reputation. The OCC used standard natural language processing algorithms (18) to calculate a subjectivity score for individual OCC supervisory texts. The analysis calculated the subjectivity score for
each individual text document, and the scores range from 0 to 1 with scores closer to 1 being indicative of more subjective
text. For supervisory event text, the analysis calculated an average subjectivity score of 0.41 for text that mentions reputation
and an average score of 0.28 for supervisory event text that does not mention reputation. For the MRA text data, the analysis
calculated average subjectivity scores of 0.43 and 0.33 from text that mentions and does not mention reputation, respectively.

Taken together, the average subjectivity scores and the score histograms are consistent with the hypothesis that reputation
risk related supervision could have been more subjective. Therefore, to the extent that past supervisory text reflects what
supervision would have been in the absence of the rule, the analysis suggests that the rule could benefit regulated institutions
by making supervision less subjective and more objectively and consistently applied.

iv. Perceptions That Eliminating the Use of Reputation Risk Information for Risk Monitoring Could Threaten the Safety and

Soundness of the National Banking System

To address concerns that the removal of reputation risk from supervision threatens the safety and soundness of the banking
system or that the OCC may lose information on reputation risks that is needed to identify risks to the safety and soundness
of the banking system, the OCC used historical data observed prior to the regulatory baseline to create estimated forecast
models that predict bank failures based on the OCC Risk Assessment System (RAS) reputation risk rating while controlling for
both other regulatory risk ratings and for observed risk factors from institutions' FFIEC 031 Call Report data filings.

The analysis shows that reputation risk ratings do not forecast bank failures when one controls for data on OCC's CAMELS regulatory
ratings. Because reputation risk RAS ratings do not appear to have any significant predictive power for bank failures in this
analysis, the OCC believes that this analysis at least somewhat alleviates concerns that an end to reputation risk assessments
will cause an increase in bank failure risk or that the OCC will lose information useful to anticipate failure risks. However,
the OCC acknowledges that no empirical analysis could completely assuage such concerns.

In addition, the OCC notes that in its analysis, there was not any evidence that MRAs that focus on or mention reputation
risk forecast institutions' failures.

B. FDIC Expected Effects

This analysis utilizes all regulations and guidance applicable to FDIC-supervised insured depository institutions (IDIs),
as well as information on the financial condition of IDIs as of the quarter ending September 30, 2025, as the baseline to
which the effects of the final rule are estimated.

As discussed previously, the final rule will prohibit the FDIC from criticizing, formally or informally, or taking adverse
action against an institution on the basis of reputation risk. The final rule will also prohibit the FDIC from requiring,
instructing, or encouraging an institution to discontinue doing business with, initiate doing business with, modify the terms
under which it will do business with a person or entity, or take any action or refrain from taking any action on the basis
of the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech,
or solely on the basis of the person's or entity's involvement in politically disfavored but lawful business activities perceived
to present reputation risk.

Finally, the final rule will forbid the FDIC from taking any supervisory action or other adverse action against an institution,
a group of institutions, or the institution-affiliated parties of any institution that is designed to punish or discourage
an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally
protected speech, or, for political reasons, lawful business activities that the FDIC or its personnel disagree with or disfavor.

As of the quarter ending September 30, 2025, the FDIC supervised 2,778 IDIs. (19) The final rule will indirectly benefit FDIC-supervised IDIs or associated persons to the extent they would have been the subject
of an adverse action or prohibition against certain business relationships by the agencies on the basis of reputation risk;
political, social, cultural, or religious views and beliefs; constitutionally protected speech; or politically disfavored
but lawful business activities perceived to present reputation risk. This benefit will result from the FDIC-supervised IDI
or associated person avoiding costs associated with such adverse actions or prohibitions. The final rule may also improve
the efficiency and effectiveness of the FDIC's supervisory programs, which may indirectly benefit covered FDIC-supervised
IDIs. Finally, FDIC-supervised IDIs may incur some voluntary costs associated with making changes to their compliance policies
and procedures.

The FDIC does not have the information necessary to quantify the number of instances, or the associated costs, where an FDIC-supervised
IDI or associated person was subject to a covered adverse action or prohibition against certain business relationships. Nor
does the FDIC have the information necessary to quantify the number of FDIC-supervised IDIs that might make changes to their
compliance policies and procedures. The FDIC believes that the aggregate economic effect of any such indirect benefits or
costs is unlikely to be substantive.

As mentioned previously, the FDIC is making two changes from the proposed rule. First, the FDIC is making a minor clarifying
change in response to comments regarding the meaning of the word “supervisor” in 12 CFR 302.100(f). Second, the FDIC is revising
the definition of “reputation risk” in 12 CFR 302.100(g) to include a specific reference to operational risk. The FDIC does
not expect that these changes will have material economic effects. Both revisions would clarify the text of the regulation
and reduce possible confusion.

One commenter suggested that IDIs would need to undertake substantial revisions to internal policies, training, and procedures,
among other things, as a result of the final rule. However, the final rule applies only to the activities of the FDIC and
does not require IDIs to undertake any action.

C. Alternatives Considered

The agencies considered adopting the proposed rule without changes. However, the agencies made two minor changes. As discussed
above, these changes clarify the text of the regulation to express the FDIC's original intent when drafting the proposed rule
and thus would have greater net benefits relative to the proposed rule.

The agencies also considered the suggestions made by commenters that included alternatives to the final rule. For a complete
discussion of such comments, see section IV. Overview of Final Rule. For the reasons articulated in the aforementioned section (and above), the agencies believe the final rule is preferred over
the alternatives.

VI. Administrative Law Matters

A. Paperwork Reduction Act

The Paperwork Reduction Act of 1995 (20) (PRA) states that no agency may conduct or sponsor, nor is the respondent required to respond to, an information collection
unless it displays a currently valid Office of Management and Budget (OMB) control number. The agencies have reviewed this
rule and determined that it does not create any information collection or revise any existing collection of information. Accordingly,
no PRA submissions to OMB will be made with respect to this rule.

B. Regulatory Flexibility Act Analysis

OCC:

In general, the Regulatory Flexibility Act (RFA) (21) requires an agency, in connection with a rule, to prepare a regulatory flexibility analysis describing the impact of the rule
on small entities (defined by the U.S. Small Business Administration (SBA) for purposes of the RFA to include commercial banks
and savings institutions with total assets of $850 million or less and trust companies with total assets of $47 million or
less). However, under section 605(b) of the RFA, this analysis is not required if an agency certifies that the rule would
not have a significant economic impact on a substantial number of small entities and publishes its certification and a short
explanatory statement in the
Federal Register
along with its rule.

The OCC currently supervises approximately 609 small entities, all of which may be indirectly impacted by the rule. (22) In general, the OCC classifies the economic impact on an individual small entity as significant if the total estimated impact
in one year is greater than 5 percent of the small entity's total annual salaries and benefits or greater than 2.5 percent
of the small entity's total non-interest expense. Furthermore, the OCC considers 5 percent or more of OCC-supervised small
entities to be a substantial number. Thus, at present, 30 OCC-supervised small entities would constitute a substantial number.

While the OCC expects that the rule could result in substantial cost savings for all OCC-regulated institutions in the aggregate,
the OCC does not expect that

  the rule will have a significant impact on more than 30 OCC-supervised small entities. To evaluate the impact of the rule
  on small entities, the OCC assessed whether the cost savings would be greater than 5 percent of the small entity's total annual
  salaries and benefits or greater than 2.5 percent of the small entity's total non-interest expense for 30 or more small entities.

Analysis of internal OCC MRA data indicates that there were fewer than 30 MRAs that had indicated reputation risk was a primary
risk. Because fewer than 30 MRAs per year list reputation risk as a primary concern, we conclude that the removal of reputation
risk from supervision would not be likely to result in significant MRA-related cost savings for more than 30 small entities
per year. Furthermore, any cost savings for the MRAs listed as a secondary concern would be likely de minimis for 30 or more
small entities.

Finally, because we do not expect that there will be scope for significant cost savings from the removal of reputation risk
for reasons unrelated to MRAs, we conclude that the rule would not have a significant impact on a substantial number of small
entities for the purposes of the RFA.

FDIC:

The Regulatory Flexibility Act (RFA) generally requires an agency, in connection with a final rule, to prepare and make available
for public comment a final regulatory flexibility analysis that describes the impact of the final rule on small entities. (23) However, a final regulatory flexibility analysis is not required if the agency certifies that the final rule will not have
a significant economic impact on a substantial number of small entities. The Small Business Administration (SBA) has defined
“small entities” to include banking organizations with total assets of less than or equal to $850 million. (24) Generally, the FDIC considers a significant economic impact to be a quantified effect in excess of 5 percent of total annual
salaries and benefits or 2.5 percent of total noninterest expenses. The FDIC believes that effects in excess of one or more
of these thresholds typically represent significant economic impacts for FDIC-supervised institutions.

A commenter asserted of the proposed rule that, if adopted, it would likely cause small institutions to make substantial revisions
to their policies, documentation, training, and vendor management.

However, for the avoidance of doubt, the FDIC reiterates that the final rule applies only to the activities of the FDIC. The
final rule does not impose any obligations on FDIC-supervised institutions, and institutions would not need to take any action
in response to this rule. Institutions' internal policies and controls, training, and other elements that may refer to reputation
risk are not directly affected by the final rule. As such, the final rule does not have any direct economic impact on FDIC-supervised
small entities.

Based on the foregoing, the FDIC certifies that the final rule will not have a significant economic impact on a substantial
number of FDIC-supervised small entities.

C. Plain Language

Section 722 of the Gramm-Leach Bliley Act (25) requires the Federal banking agencies to use plain language in all proposed and final rules published after January 1, 2000.
The agencies invited comment on the use of plain language and have sought to present the final rule in a simple and straightforward
manner.

D. Unfunded Mandates Reform Act of 1995

Consistent with the Unfunded Mandates Reform Act (UMRA), the review considers whether the mandates imposed by the rule may
result in an expenditure of $100 million or more by State, local, and tribal governments, or by the private sector, in any
one year, adjusted annually for inflation (currently $187 million).

The OCC estimates that the proposal would not require additional expenditure from OCC-regulated entities nor will it require
expenditures of $100 million or more by State, local, and tribal governments, or by other segments of the private sector.
Thus, the OCC believes the rule is not a significant rule for the purposes of the UMRA. Accordingly, the OCC has not prepared
the written statement described in section 202 of the UMRA.

E. Riegle Community Development and Regulatory Improvement Act of 1994

Pursuant to section 302(a) of the Riegle Community Development and Regulatory Improvement Act (RCDRIA) of 1994, (26) in determining the effective date and administrative compliance requirements for new regulations that impose additional reporting,
disclosure, or other requirements on insured depository institutions, the OCC and FDIC must consider, consistent with principles
of safety and soundness and the public interest (1) any administrative burdens that the final rule would place on depository
institutions, including small depository institutions and customers of depository institutions and (2) the benefits of the
final rule. This rulemaking would not impose any reporting, disclosure, or other requirements on insured depository institutions.
Therefore, section 302(a) does not apply to this final rule.

F. Congressional Review Act

Subtitle E of the Small Business Regulatory Enforcement Fairness Act of 1996 (also known as the Congressional Review Act)
defines a “major rule” as a rule that the Administrator of the OMB's Office of Information and Regulatory Affairs (OIRA) finds
has resulted in or is likely to result in:

1. An annual effect on the economy of $100 million or more;

2. A major increase in costs or prices for consumers, individual industries, Federal, State, or local government agencies,
   or geographic regions; or

3. Significant adverse effects on competition, employment, investment, productivity, innovation or on the ability of U.S.-based
   enterprises to compete with foreign-based enterprises in domestic and export markets. (27)

The OMB has determined that the final rule is not a major rule for purposes of the Congressional Review Act.

G. Executive Orders 12866 and 14192

1. Executive Order 12866

Section 3(f) of Executive Order 12866 defines a “significant regulatory action” as a regulatory action that is likely to result
in a rule that may:

(1) Have an annual effect on the economy of $100 million or more or adversely affects in a material way the economy, a sector
of the economy, productivity, competition, jobs, the environment, public health or safety, or

  State, local, or tribal governments or communities;

(2) Create a serious inconsistency or otherwise interfere with an action taken or planned by another agency;

(3) Materially alter the budgetary impact of entitlements, grants, user fees, or loan programs or the rights and obligations
of recipients thereof; or

(4) Raise novel legal or policy issues arising out of legal mandates, the President's priorities, or the principles set forth
in Executive Order 12866.

OIRA has determined that this final rule is a significant action under Executive Order 12866.

2. Executive Order 14192

Executive Order 14192, titled “Unleashing Prosperity Through Deregulation,” was issued on January 31, 2025. Section 3(a) of
Executive Order 14192 requires an agency, unless prohibited by law, to identify at least ten existing regulations to be repealed
when the agency publicly proposes for notice and comment or otherwise promulgates a new regulation. In furtherance of this
standard, section 3(c) of Executive Order 14192 requires that the new incremental costs associated with new regulations shall,
to the extent permitted by law, be offset by the elimination of existing costs associated with at least ten prior regulations.
This rule is considered a deregulatory action under Executive Order 14192.

List of Subjects

Banks, banking, National banks, Reporting and recordkeeping requirements, Securities.

Administrative practice and procedure, Freedom of information, Individuals with disabilities, Minority businesses, Organization
and functions (Government agencies), Reporting and recordkeeping requirements, Women.

Administrative practice and procedure, National banks, Reporting and recordkeeping requirements.

Administrative practice and procedure, Banks, Banking.

Banks, Banking, Information.

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Chapter I

Authority and Issuance

For the reasons set forth in the preamble, and under the authority of 12 U.S.C. 93a, chapter I of title 12 of the Code of
Federal Regulations is amended as follows:

PART 1—INVESTMENT SECURITIES

Regulatory Text 1. The authority citation for part 1 continues to read as follows:

Authority:

12 U.S.C. 1 et seq., 24 (Seventh), and 93a.

§ 1.5 [Amended] Regulatory Text 2. In § 1.5, amend paragraph (a) by removing the phrase “compliance, strategic, and reputation risks” and adding in its place
the phrase “compliance, and strategic risks”.

PART 4—ORGANIZATION AND FUNCTIONS, AVAILABILITY AND RELEASE OF INFORMATION, CONTRACTING OUTREACH PROGRAM, POST-EMPLOYMENT

RESTRICTIONS FOR SENIOR EXAMINERS

Regulatory Text 3. The authority citation for part 4 continues to read as follows:

Authority:

5 U.S.C. 301, 552; 12 U.S.C. 1, 93a, 161, 481, 482, 484(a), 1442, 1462a, 1463, 1464 1817(a), 1818, 1820, 1821, 1831m, 1831p-1,
1831o, 1833e, 1867, 1951 et seq., 2601 et seq., 2801 et seq., 2901 et seq., 3101 et seq., 3401 et seq., 5321, 5412, 5414; 15 U.S.C. 77uu(b), 78q(c)(3); 18 U.S.C. 641, 1905, 1906; 29 U.S.C. 1204; 31 U.S.C. 5318(g)(2), 9701; 42
U.S.C. 3601; 44 U.S.C. 3506, 3510; E.O. 12600 (3 CFR, 1987 Comp., p. 235).

1. Add subpart G, consisting of § 4.91, to read as follows:

Subpart G—Enforcement and Supervision Standards Sec. 91 Prohibition on use of reputation risk.

Subpart G—Enforcement and Supervision Standards

§ 4.91 Prohibition on use of reputation risk. (a) The OCC will not criticize, formally or informally, or take adverse action against an institution on the basis of reputation
risk.

(b) The OCC will not require, instruct, or encourage an institution, or any employee of an institution, to:

(1) Refrain from contracting or doing business with a third party, including an institution-affiliated party, on the basis
of reputation risk;

(2) Terminate a contract or discontinue doing business with a third party, including an institution-affiliated party, on the
basis of reputation risk;

(3) Sign a contract or initiate doing business with a third-party, including an institution-affiliated party, on the basis
of reputation risk; or

(4) Modify the terms or conditions under which it contracts or does business with a third party, including an institution-affiliated
party, on the basis of reputation risk.

(c) The OCC will not require, instruct, or encourage an institution, or any employee of an institution, to terminate a contract
with, discontinue doing business with, sign a contract with, initiate doing business with, modify the terms under which it
will do business with a person or entity, or take any action or refrain from taking any action on the basis of the person's
or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the
basis of the person's or entity's involvement in politically disfavored but lawful business activities perceived to present
reputation risk.

(d) The prohibitions in paragraphs (a) through (c) of this section only apply to actions taken on the bases described in paragraphs
(a) through (c) of this section, and the prohibition in paragraph (c) of this section shall not apply with respect to persons,
entities, or jurisdictions sanctioned by the Office of Foreign Assets Control.

(e) Nothing in this section shall restrict the OCC's authority to implement, administer, and enforce the provisions of subchapter
II of chapter 53 of title 31, United States Code.

(f) The OCC will not take any supervisory action or other adverse action against an institution, a group of institutions,
or the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from
engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political
reasons, lawful business activities that the OCC or any of its personnel disagree with or disfavor.

(g) The following definitions apply in this section:

Adverse action includes:

(i) Any negative feedback delivered by or on behalf of the OCC to the supervised institution, including in a report of examination
or a formal or informal enforcement action;

(ii) A downgrade, or contribution to a downgrade, of any supervisory rating, including, but not limited to:

(A) Any rating under the Uniform Financial Institutions Rating System (or any comparable rating system);

(B) Any rating under the Uniform Interagency Consumer Compliance Rating System;

(C) Any rating under the Uniform Rating System for Information Technology; and

(D) Any rating under any other rating system;

(iii) A denial of a licensing application;

(iv) Inclusion of a condition on any licensing application or other approval;

(v) Imposition of additional approval requirements;

(vi) Any other heightened requirements on an activity or change;

(vii) Any adjustment of the institution's capital requirement; and

(viii) Any action that negatively impacts the institution, or an institution-affiliated party, or treats the institution differently
than similarly situated peers.

Doing business with means:

(i) The bank providing any product or service, including account services;

(ii) The bank contracting with a third party for the third party to provide a product or service;

(iii) The bank providing discounted or free products or services to customers or third parties, including charitable activities;

(iv) The bank entering into, maintaining, modifying, or terminating an employment relationship; or

(v) Any other similar business activity that involves a bank client or a third party.

Institution means an entity for which the OCC makes or will make supervisory or licensing determinations either solely or jointly.

Institution-affiliated party means the same as in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813(u)).

Reputation risk means any risk, regardless of how the risk is labeled by the institution or regulators, that an action or activity, or combination
of actions or activities, or lack of actions or activities, of an institution could negatively impact public perception of
the institution for reasons not clearly and directly related to the financial or operational condition of the institution.

PART 30—SAFETY AND SOUNDNESS STANDARDS

Regulatory Text 5. The authority citation for part 30 continues to read as follows:

Authority:

12 U.S.C. 1, 93a, 371, 1462a, 1463, 1464, 1467a, 1818, 1828, 1831p-1, 1881-1884, 3102(b) and 5412(b)(2)(B); 15 U.S.C. 1681s,
1681w, 6801, and 6805(b)(1).

Appendix B to Part 30 [Amended]

Regulatory Text 6. Amend appendix B to part 30 in supplement A, section III, by:

a. Removing the third sentence; and

b. Removing the word “Effective” and adding in its place “Timely and effective”.

Appendix C to Part 30 [Amended]

Regulatory Text 7. Amend appendix C to part 30 by:

a. In section I:

i. In paragraph (i), removing “reputation,”; and

ii. In paragraph (vi), removing the last sentence; and

b. In section II, paragraph (B)(1), removing “reputation,”.

Appendix D to Part 30 [Amended]

Regulatory Text 8. Amend appendix D to part 30, section II, paragraph (B), by removing the phrase “compliance risk, strategic risk, and reputation
risk” and adding in its place the phrase “compliance risk, and strategic risk”.

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Chapter III

Authority and Issuance

For the reasons set forth in the preamble, the FDIC proposes to amend parts 302 and 364 of chapter III of title 12 of the Code of Federal Regulations as follows:

PART 302—REGULATIONS GOVERNING BANK SUPERVISION

Regulatory Text 9. The authority citation for part 302 continues to read as follows:

Authority:

5 U.S.C. 552; 12 U.S.C. 1818, 1819(a) (Seventh and Tenth), 1831p-1.

1. Revise the heading for part 302 as set forth above.

2. Add a heading for subpart A, consisting of §§ 302.1, 302.2, and 302.3, to read as follows:

Subpart A—Use of Supervisory Guidance

1. Add subpart B, consisting of § 302.100, to read as follows:

Subpart B—Prohibition on Use of Reputation Risk by Regulators

§ 302.100 Prohibitions. (a) The FDIC will not criticize, formally or informally, or take adverse action against an institution on the basis of reputation
risk.

(b) The FDIC will not require, instruct, or encourage an institution, or any employee of an institution, to:

(1) Refrain from contracting or doing business with a third party, including an institution-affiliated party, on the basis
of reputation risk;

(2) Terminate a contract or discontinue doing business with a third party, including an institution-affiliated party, on the
basis of reputation risk;

(3) Sign a contract or initiate doing business with a third-party, including an institution-affiliated party, on the basis
of reputation risk; or

(4) Modify the terms or conditions under which it contracts or does business with a third party, including an institution-affiliated
party, on the basis of reputation risk.

(c) The FDIC will not require, instruct, or encourage an institution, or any employee of an institution, to terminate a contract
with, discontinue doing business with, sign a contract with, initiate doing business with, modify the terms under which it
will do business with a person or entity, or take any action or refrain from taking any action on the basis of the person's
or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the
basis of the person's or entity's involvement in politically disfavored but lawful business activities perceived to present
reputation risk.

(d) The prohibitions in paragraphs (a) through (c) of this section only apply to actions taken on the bases described in paragraphs
(a) through (c) of this section, and the prohibition in paragraph (c) of this section shall not apply with respect to persons,
entities, or jurisdictions sanctioned by the Office of Foreign Assets Control.

(e) Nothing in this section shall restrict the FDIC's authority to implement, administer, and enforce the provisions of subchapter
II of chapter 53 of title 31, United States Code.

(f) The FDIC will not take any supervisory action or other adverse action against an institution, a group of institutions,
or the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from
engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political
reasons, lawful business activities that the FDIC or any of its personnel disagrees with or disfavors.

(g) Definitions.

Adverse action includes:

(i) Any negative feedback delivered by or on behalf of the FDIC to the supervised institution, including in a report of examination
or a formal or informal enforcement action;

(ii) A downgrade, or contribution to a downgrade, of any supervisory rating, including, but not limited to:

(A) Any rating under the Uniform Financial Institutions Rating System (or any comparable rating system);

(B) Any rating under the Uniform Interagency Consumer Compliance Rating System;

(C) Any rating under the Uniform Rating System for Information Technology;

(D) Any rating under any other rating system;

(iii) A denial of a filing pursuant to Part 303 of the FDIC's regulations;

(iv) Inclusion of a condition on a deposit insurance application or other approval;

(v) Imposition of additional approval requirements;

(vi) Any other heightened requirements on an activity or change;

(vii) Any adjustment of the institution's capital requirement; and

(viii) Any action that negatively impacts the institution, or an institution-affiliated party, or treats the institution differently
than similarly situated peers.

Doing business with means:

(i) The bank providing any product or service, including account services;

(ii) The bank contracting with a third party for the third party to provide a product or service;

(iii) The bank providing discounted or free products or services to customers or third parties, including charitable activities;

(iv) The bank entering into, maintaining, modifying, or terminating an employment relationship; or

(v) Any other similar business activity that involves a bank client or a third party.

Institution means an entity for which the FDIC makes or will make supervisory determinations or other decisions, either solely or jointly.

Institution-affiliated party means the same as in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813(u)).

Reputation risk means any risk, regardless of how the risk is labeled by the institution or regulators, that an action or activity, or combination
of actions or activities, or lack of actions or activities, of an institution could negatively impact public perception of
the institution for reasons not clearly and directly related to the financial or operational condition of the institution.

PART 364—STANDARDS FOR SAFETY AND SOUNDNESS

Regulatory Text 13. The authority citation for part 364 continues to read as follows:

Authority:

12 U.S.C. 1818 and 1819 (Tenth), 1831p-1; 15 U.S.C. 1681b, 1681s, 1681w, 6801(b), 6805(b)(1).

Appendix B to Part 364 [Amended]

Regulatory Text 14. Amend appendix B to part 364 in supplement A, section III, by:

a. Removing the third sentence; and

b. Removing the word “Effective” and adding in its place “Timely and effective”.

Jonathan V. Gould, Comptroller of the Currency. Federal Deposit Insurance Corporation.

By order of the Board of Directors.

Dated at Washington, DC, on April 7, 2026. Jennifer M. Jones, Deputy Executive Secretary. [FR Doc. 2026-06947 Filed 4-9-26; 8:45 am] BILLING CODE 4810-33-P; 6714-01-P

Footnotes

(1) See “Prohibition on Use of Reputation Risk by Regulators,” 90 FR 48825 (October 30, 2025).

(2) 90 FR 38925 (Aug. 12, 2025).

(3) In carrying out its responsibility, the OCC has refined its examination program based on more than 160 years of experience
supervising financial institutions and monitoring developments in the financial industry. In the late 1980s and the 1990s,
the OCC and other financial regulators shifted toward supervision frameworks that were organized by particular risks. In 1995,
the OCC launched an examination program it called “supervision by risk” that led to the current risk-based supervision approach
to examinations. In the supervision by risk program, the OCC focused on nine categories of risk: credit risk, interest rate
risk, liquidity risk, price risk, foreign exchange risk, transaction risk, compliance risk, strategic risk, and reputation
risk. The program later morphed into the OCC's current risk-based framework, which focuses on eight risk categories, with
transaction risk renamed as operational risk and foreign exchange risk eliminated as a stand-alone risk. This risk-based supervision
program focuses on evaluating risk, identifying existing and emerging problems, and ensuring that bank management takes corrective
action to address problems before a bank's safety and soundness is compromised. Similarly, as regulators shifted toward risk-based
supervision in the 1990s, the FDIC added references to reputation risk to manuals and guidance, and supervisors cited reputation
risk in formal and informal enforcement actions in subsequent years. Generally, the FDIC's supervision framework has evaluated
a variety of risks, such as liquidity risk, interest rate risk, operational risk, and reputational risk.

(4) Supervised institutions have similarly been unable to explain this in their own risk management programs.

(5) 12 U.S.C. 1.

(6) See 12 U.S.C. 1811 et seq. The FDIC also insures the deposits of insured depository institutions and manages receiverships of failed depository institutions.

(7) See 91 FR 16156 (Apr. 1, 2026) (rescission of appendix E of 12 CFR part 30 effective May 1, 2026).

(8) 12 CFR part 364.

(9) See, e.g., Staff of H. Comm. on Oversight & Gov't Reform, 113th Cong., “The Department of Justice's Operation Choke Point': Illegally
Choking Off Legitimate Businesses?” (Comm. Print 2014), *https://oversight.house.gov/wp-content/uploads/2014/05/Staff-Report-Operation-Choke-Point1.pdf;* Staff of H. Comm. on Fin. Servs., 119th Cong., “Operation Choke Point 2.0: Biden's Debanking of Digital Assets” (Comm. Print
2025), *https://financialservices.house.gov/uploadfiles/2025-11-30--_fsc_debanking_report_final_1.pdf;* Staff of Minority of S. Comm. on Banking, Hous., & Urb. Affs., 119th Cong., “Supplemental Memorandum: Analysis of CFPB Consumer
Complaints Related to Debanking,” (Comm. Print 2025) (analysis to supplement February 5, 2025, committee hearing on “Investigating
the Real Impacts of Debanking in America”), *https://www.banking.senate.gov/imo/media/doc/debanking_complaints_analysis.pdf;* Exec. Order No. 14331, 90 FR 38925 (Aug. 7, 2025) (“Bank regulators have used supervisory scrutiny and other influence over
regulated banks to direct or otherwise encourage politicized or unlawful debanking activities.Operation Chokepoint,' for
example, was a well-documented and systemic means by which Federal regulators pushed banks to minimize their involvement with
individuals and companies engaged in lawful activities and industries disfavored by regulators based on factors other than
individualized, objective, risk-based standards.”).

(10) See 12 CFR 21.11, 12 CFR 353.1, and 31 CFR 1020.320.

(11) Public Law 81-797, 64 Stat. 873 (codified at 12 U.S.C. 1813(u)).

(12) 15 U.S.C. 5311 et seq.

(13) Id.

(14) See, e.g., 12 U.S.C. 1816 (requiring the FDIC to consider, among other things, the “general character and fitness of the management of
the depository institution” in an application for deposit insurance); 12 U.S.C. 1817(j)(2)(B) (requiring the agencies to “conduct
an investigation of the competence, experience, integrity, and financial ability of each person named” as a proposed acquirer
of an institution following a notice of a proposed change in control of a depository institution).

(15) Based on data accessed using FINDRS on March 11, 2025.

(16) The OCC notes that there has recently been a decrease in the overall number of MRAs that institutions currently face and
are expected to face in the future. The OCC assesses that this decrease in current and future MRAs is due to reductions in
MRAs due to other factors than this final rule.

(17) Kunal Sachdeva, André F. Silva, Pablo Slutzky, Billy Y. Xu, “Defunding controversial industries: Can targeted credit rationing
choke firms?” Journal of Financial Economics, Volume 172 (2025).

(18) Specifically, the OCC used the Python TextBlob package which calculates a subjectivity score based on the text provided.

(19) Call Report data, September 30, 2025.

(20) 44 U.S.C. 3501-3521.

(21) 5 U.S.C. 601 et seq.

(22) The OCC bases its estimate of the number of small entities on the SBA's size thresholds for commercial banks and savings
institutions, and trust companies, which are $850 million and $47 million, respectively. Consistent with the General Principles
of Affiliation, 13 CFR 121.103(a), The OCC counts the assets of affiliated financial institutions when determining if it should
classify an OCC-supervised institution as a small entity. The OCC uses December 31, 2024, to determine size because a “financial
institution's assets are determined by averaging the assets reported on its four quarterly financial statements for the preceding
year.” See footnote 8 of the SBA's Table of Size Standards.

(23) 5 U.S.C. 601 et seq.

(24) The SBA defines a small banking organization as having $850 million or less in assets, where an organization's “assets are
determined by averaging the assets reported on its four quarterly financial statements for the preceding year.” See 13 CFR 121.201 (as amended by 87 FR 69118, effective December 19, 2022). In its determination, the “SBA counts the receipts,
employees, or other measure of size of the concern whose size is at issue and all of its domestic and foreign affiliates.” See 13 CFR 121.103. Following these regulations, the FDIC uses an insured depository institution's affiliated and acquired assets,
averaged over the preceding four quarters, to determine whether the insured depository institution is “small” for the purposes
of RFA.

(25) Public Law 106-102, section 722, 113 Stat. 1338, 1471 (1999); 12 U.S.C. 4809.

(26) 12 U.S.C. 4802(a).

(27) 5 U.S.C. 804(2).

Download File

Download