Sign and seal of The Federal Deposit Insurance Corporation (FDIC)

Federal Banking Regulators Reissue 15 Guidance Documents to Remove References to Reputation Risk

The Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), and Federal Reserve Board announced June 2 that they have jointly reissued 15 interagency guidance documents to remove references to “reputation risk,” continuing a broader effort to eliminate the concept from federal bank supervision.

The updated guidance spans a wide range of banking activities, including asset securitization, subprime lending, customer identification programs, home equity lending, cybersecurity, operational resilience, remote deposit capture, and elder financial exploitation. Regulators emphasized that the revisions are limited to removing references to reputation risk and do not otherwise alter the underlying guidance.

According to the agencies, the move is intended to ensure supervisory decisions are based on material financial risks rather than subjective assessments that could be used to influence banks’ relationships with customers engaged in lawful activities. The regulators stated that reputation risk could potentially be misused to pressure financial institutions into restricting services based on customers’ constitutionally protected political or religious beliefs, speech, or lawful business conduct.

Part of Broader Supervisory Changes

The latest revisions build on actions already taken by federal banking regulators over the past year.

In March 2025, the OCC announced it would no longer examine banks for reputation risk and began removing references to the concept from its supervisory materials. In April 2026, the OCC and FDIC finalized a rule formally eliminating reputation risk from their supervisory programs.

The Federal Reserve separately proposed a similar rule in February 2026, though that proposal has not yet been finalized.

The agencies indicated that the review of supervisory guidance remains ongoing and that additional documents could be updated in the future.

Among the documents revised are long-standing guidance covering asset securitization activities, subprime lending programs, counterparty credit risk management, cyberattack response, cyber insurance, operational resilience, and customer identification program requirements.

What It Means for Financial Institutions

For banks and other regulated financial institutions, the changes further reinforce the agencies’ position that supervisory examinations should focus on measurable financial, operational, compliance, and safety-and-soundness risks rather than potential reputational concerns.

While the revisions do not create new compliance obligations or eliminate existing risk management requirements, the agencies emphasized that the changes are designed to improve precision and consistency in supervisory decision-making while ensuring that lawful businesses and individuals maintain access to financial services based on objective risk considerations rather than perceived reputational concerns.

As regulators continue reviewing supervisory materials, financial institutions should expect additional updates as references to reputation risk are systematically removed from remaining guidance documents.

Guidance Documents Updated and What Changed

The agencies emphasized that the revisions are limited to removing references to reputation risk and do not otherwise alter the underlying supervisory expectations. The following guidance documents were reissued:

Interagency Statement on Sales of 100% Loan Participations (1997)
Addresses risk management expectations when banks sell loan participations. References to reputation risk were removed, while credit, operational, and safety-and-soundness expectations remain unchanged.

Interagency Guidance on Asset Securitization Activities (1999)
Provides supervisory expectations for securitization programs. The update removes reputation risk considerations while maintaining oversight of financial and operational risks associated with securitization transactions.

Subprime Lending: Expanded Guidance for Subprime Lending Programs (2001)
Outlines risk management standards for subprime lending activities. Examiners will continue to focus on credit quality, underwriting, and compliance risks rather than potential reputational impacts.

Interagency Policy on Banks/Thrifts Providing Financial Support to Funds Advised by the Banking Organization or Its Affiliates (2004)
Addresses situations where institutions provide support to affiliated investment funds. The revised guidance removes references to reputation risk while preserving supervisory expectations regarding financial exposure and capital considerations.

Interagency Statement on the Purchase and Risk Management of Life Insurance (2004)
Continues to provide standards for managing bank-owned life insurance programs. The changes eliminate reputation risk references but leave risk management requirements intact.

Interagency Guidance on Customer Identification Programs: Frequently Asked Questions (2005)
Provides clarification on the Bank Secrecy Act and customer identification requirements. The guidance continues to focus on compliance and anti-money laundering obligations.

Interagency Credit Risk Management Guidance for Home Equity Lending (2005)
Maintains expectations related to underwriting, portfolio management, and credit risk controls for home equity products while removing reputation risk language.

Interagency Guidance on Risk Management of Remote Deposit Capture (2009)
Addresses controls surrounding remote deposit capture services. Supervisory focus remains on fraud prevention, operational risk, and compliance requirements.

Interagency Supervisory Guidance on Counterparty Credit Risk Management (2011)
Provides expectations for managing exposure to counterparties. The revised document continues to emphasize measurement, monitoring, and mitigation of financial risks.

Cyber Attacks on Financial Institutions’ Automated Teller Machine and Card Authorization Systems (2014)
Continues to provide guidance on responding to ATM and payment card system attacks. The revisions do not change cybersecurity expectations.

Distributed Denial-of-Service (DDoS) Cyber-Attacks, Risk Mitigation, and Additional Resources (2014)
Maintains existing recommendations for preventing and responding to DDoS attacks while removing references to reputation risk.

Joint Statement on Cyber Attacks Involving Extortion (2015)
Continues to provide guidance for institutions responding to cyber extortion events, including ransomware-related incidents.

Joint Statement on Cyber Insurance and Its Potential Role in Risk Management Programs (2018)
Retains guidance regarding the use of cyber insurance as part of broader risk management strategies.

Sound Practices to Strengthen Operational Resilience (2020)
Continues to provide operational resilience and business continuity recommendations for financial institutions.

Interagency Statement on Elder Financial Exploitation (2024)
Maintains supervisory guidance encouraging institutions to identify and report suspected elder financial exploitation while removing references to reputation risk.

Published On: June 5th, 2026|By |Categories: Industry News & Announcements|Tags: |

Related Posts

Long view of the Illinois State Capitol Building in Springfield, IL, USA
Illinois Launches New Consumer Complaint Portal as State Financial Complaints Rise

Illinois Launches New Consumer Complaint Portal as State Financial Complaints Rise

June 5th, 2026
NYC Consumer Protection Holds Hearing on Debt Collection Penalties Ahead of Sept. 1 Rule Deadline

NYC Consumer Protection Holds Hearing on Debt Collection Penalties Ahead of Sept. 1 Rule Deadline

June 4th, 2026
Court Denies Class Certification in TCPA Do-Not-Call Lawsuit Over Unique Plaintiff Defenses

Court Denies Class Certification in TCPA Do-Not-Call Lawsuit Over Unique Plaintiff Defenses

June 4th, 2026

News

Latest News

Regulatory News