Why We Shouldn’t Regulate Reputation Risk at Banks

What do payday lenders, firearms retailers, porn stars, churches, coal mines, and condom companies have in common? All have complained that regulators pressured financial institutions to close their accounts over reputation-risk concerns.  In a my article (available here), forthcoming in the Georgia Law Review, I explain that broad regulation of reputation risk does not reduce bank risk and unnecessarily politicizes bank regulators.

Financial regulators say reputation risk is the risk of negative public opinion or negative publicity. Wells Fargo, for example, hurt its reputation by opening millions of unauthorized customer accounts. Reputation is important to all businesses, but it is especially important to banks. Negative publicity can cause depositors to rapidly withdraw their money. It can lead to a bank run or panic, events that hurt the entire economy.  At the same time, banks have a hard time signaling they are trustworthy. Even a bank’s promise to return customer money might be worthless. If customers rely on banks’ reputations alone, they might never deposit money.

Instead, banks rely partly on government regulation to bolster their reputations and attract stable deposits. The government provides deposit insurance, reassuring each depositor that even if a bank fails, the depositor will get at least $250,000.  Regulation also works by outlawing harmful practices and then supervising banks to make sure they comply with the law. As long as regulators effectively monitor banks for compliance with the law and punish violations, the reputation of the regulator acts as a partial substitute for trust in the bank. In a sense then, all banking regulation is aimed at reputation risk. Capital rules, liquidity rules, anti-fraud rules, asset concentration rules, insider lending rules, and many more are all designed to give people confidence in financial institutions.

Bank regulators, however, began to focus more directly on reputation risk in the mid-1990s. For the first time, they defined “reputation risk.” Their definitions are expansive. Negative publicity can be harmful “whether true or not.” Reputation risk “arises from virtually all bank products and services.” Regulators believe that activities posing reputation risk might warrant corrective action even when there is no threat of significant financial harm to the bank.

Once regulators defined reputation risk, it began turning up in all types of agency guidance. Regulators warn that mortgage lending, credit cards, derivative, securitization, overdraft fees, bank-owned life insurance, and many other bank activities pose reputation risk. The Federal Reserve’s bank examination manual uses the word “reputation” or “reputational” 190 times.

It is not just bank activities that concern regulators. As the FDIC explains, “any negative publicity involving [a] third party, whether or not the publicity is related to the institution’s use of the third party,” could damage the reputation of a bank. For example, the Office of the Comptroller of the Currency warns that “[l]ending to [oil and gas] companies found or perceived by the public to be negligent in preventing environmental damage, hazardous accidents, or weak fiduciary management can damage a bank’s reputation.” New York’s financial regulator warns banks that “reputational risks . . . may arise from . . . dealing with the NRA or similar gun promotion organizations.”

While regulators might be right that reputation risk is everywhere, it isn’t clear what regulators hope to achieve with their numerous warnings. Perhaps they hope that by noting the issue, banks will more carefully consider reputation risk in their decision-making processes. Or perhaps their guidance is intended to signal to banks that they should cease offering otherwise legal products or services. Public regulatory enforcement actions suggest that it is some of each.

Of the regulatory enforcement actions addressing reputation risk, most focus on conduct that is already illegal or otherwise risky. An enforcement action directed at a credit union’s violation of insider lending rules notes that violating the rules led to reputation risk. A bank with inadequate underwriting and liquidity practices is told that this also raises reputation-risk concerns. Regulators sometimes require that a penalized bank develop new risk management policies, including policies for managing reputation risk. In these enforcement actions, reputation risk does little work. The regulator could take action and require the same remediation without any mention of reputation risk. Regulators do not need reputation risk to punish Wells Fargo for opening unauthorized customer accounts. That conduct was already illegal.

However, in some cases, reputation-risk enforcement targets otherwise legal conduct. Investigations in the wake of Operation Choke Point reveal that FDIC officials pressured banks to end relationships with payday lenders. Regulators did not think the banking relationships were illegal or financially harmful to the banks. Instead, FDIC officials were motivated by their belief that legal payday lending is “abusive,” “fundamentally wrong,” “unsavory,” and “ugly.” Operation Choke Point is not the only example of regulatory enforcement efforts aimed at legal but reputationally risky activity. Before Operation Choke Point, the FDIC required the Bank of Agriculture and Commerce in Stockton, California, to end its partnership with a third-party payment processor based on reputational-risk concerns. In money-laundering enforcement actions, the OCC has ordered banks to close all accounts that pose reputation risk (not just those that are likely used to launder money). And the NRA has sued the New York Department of Financial Services, alleging that it engaged in “backroom exhortations” to convince banks to cut off all services to gun rights groups.

This expansive use of reputation risk is troubling. Recall that regulation acts as a partial substitute for bank reputation. Regulation, however, only works when regulators have a strong reputation. Regulators cultivate reputations as apolitical technocrats, specializing in bank safety. Expansive regulation of reputation risk in the absence of other violations of law or significant financial harm threatens to damage regulators’ reputations.

First, regulators are not good at predicting when negative publicity will lead to a loss. Obviously, they can identify some industries that have frequently received public criticism (payday lenders, gun rights groups, oil companies, etc.), but it is not clear that criticism of these industries regularly leads to bank losses. In some cases, stakeholders may not attribute the action of the third party to the bank. In other cases, the negative impact to the bank may be offset by interest, fees, or even positive publicity. If regulators claim to regulate reputation risk but are ineffective, their reputations will suffer.

Second, regulation of reputation risk in the absence of other violations of law is viewed as political. Payday loans, guns, and fossil fuels are all hot-button political topics. In the wake of Operation Choke Point, both sides of the political aisle became concerned that reputation risk could be used to cut off banking services to controversial causes. Porn stars, churches, coal mines, and condom companies all thought they were being targeted for reasons unrelated to their financial risk. If the public thinks bank regulators spend their time sorting out political controversies and punishing political foes, even when those controversies have little financial impact on banks, the public will not trust bank regulators. This loss of trust could be far more financially devastating to banks than the reputational harm regulators warn about.

This post comes to us from Julie Andersen Hill, the Alton C. and Cecile Cunningham Craig Professor of Law at the University of Alabama. It is based on her recent article, “Regulating Bank Reputation Risk,” available here.