On October 7, 2025, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency (the “agencies”) jointly issued a notice of proposed rulemaking (“NPR”)^[1] that would codify the removal of reputation risk from the agencies’ supervisory programs. The NPR would broadly define “reputation risk” as any risk, regardless of how the risk is labeled, that an institution’s action or activity, or lack of action or activity, “could negatively impact public perception of the institution for reasons not clearly and directly related to the financial condition of the institution.”

Under the NPR, each agency would be prohibited from, among other actions:

• taking any adverse action against a supervised institution (1) on the basis of reputation risk, or (2) “that is designed to punish or discourage an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities that the supervisor disagrees with or disfavors”; and
• requiring, instructing, or encouraging a supervised institution to take any action or refrain from taking any action with respect to a person or entity, (1) on the basis of reputation risk, (2) on the basis of the person’s or entity’s “political, social, cultural, or religious views or beliefs, constitutionally protected speech,” or (3) “solely on the basis of the person’s or entity’s involvement in politically disfavored but lawful business activities perceived to present reputation risk.”

In a public statement accompanying the NPR, the FDIC’s Acting Chairman Travis Hill noted that “[r]eputation risk as a standalone risk adds no value from a safety and soundness perspective and is ripe for abuse.”^[2] He further stated that the FDIC expects to continue working with the other federal banking agencies to remove references to reputation risk from interagency guidance and policy documents.

Comments on the NPR will be due 60 days following its publication in the Federal Register, which will likely be delayed due to the federal government shutdown that commenced on October 1, 2025.

Background

The NPR implements President Trump’s Executive Order No. 14331, “Guaranteeing Fair Banking for All Americans” (the “EO”), which continues the Trump administration’s long-standing focus on ensuring what is deemed “fair access” to financial services.^[3]

The EO directs the Treasury Secretary and the “federal banking regulators,” including the Board of Governors of the Federal Reserve System (the “FRB”), the FDIC, and the OCC, to address “politicized or unlawful debanking.” Among other directives, the EO instructs the federal banking regulators to remove the use of reputation risk or equivalent concepts or considerations from their supervisory materials through formal guidance to their examiners, and to consider rescinding or amending regulations “that could result in politicized or unlawful debanking.”

Earlier this year and prior to the issuance of the EO, the FDIC, the FRB, and the OCC had already announced the removal of reputation risk from their supervision programs.[4] Those actions followed increasing concerns, as reported by news and social media and publicly raised by President Trump, regarding “debanking,” and what has been referred to as “Operation Chokepoint”—where banks were directed or encouraged by their regulators to minimize their involvement with certain industries. By issuing the NPR, the agencies are seeking to codify in the relevant regulations the removal of reputation risk from bank supervision.

Policy Objectives

The NPR is intended to advance the agencies’ objectives and efforts “to refocus bank supervision on material financial risks and to eliminate politicized debanking.”[5] In the agencies’ view, the use of reputation risk as a basis for supervisory criticisms “increases subjectivity in banking supervision without adding material value from a safety and soundness perspective.”[6] This is because activities that might threaten a bank’s reputation in a manner that could impact its safety and soundness do so “through traditional risk channels (e.g., credit risk, market risk, and operational risk, among others) on which supervisors already focus and already have sufficient authority to address.”[7]

The agencies criticize their historical use of reputation risk in bank supervision, citing the following concerns:[8]

• the use of reputation risk does not increase safety and soundness, because “supervisors have little ability to predict ex antewhether or how certain activities or customer relationships present reputation risks that could threaten the safety and soundness” of a bank;
• an independent consideration of reputation risk by examiners “has not resulted in consistent or predictable assessments of material financial risk,” as examiners are instructed “to attempt to map events to public opinion and then public opinion to an institution’s condition in ways that have proven nearly impossible to assess or quantify with accuracy”;
• focusing on reputation risk “can distract institutions and the agencies from devoting resources to managing core financial risks”;
• the agencies’ past focus on reputation risk may have “adversely impacted institutions’ earnings, capital position, and safety and soundness”;
• the use of reputation risk “introduces subjectivity and unpredictability into the agencies’ judgments”;
• the agencies “have not clearly explained how banks should measure the reputation risk from different activities, business partners, or clients, nor have the agencies clearly articulated the criteria for which activities, business partners, or clients are deemed to present reputation risk” and, “[w]]ithout clear standards,” the agencies’ supervision for reputation risk “has been inconsistent and has at times reflected individual perspectives rather than data-driven conclusions”;
• the subjective nature of reputation risk “introduces the potential for political or other biases into the supervisory process,” including “examiners’ personal views”; and
• the use of reputation risk can be “a pretext for restricting law-abiding individuals’ and businesses’ access to financial services on the basis of political or religious beliefs or lawful business activities,” “can result in unfair treatment of different groups and impermissible restrictions on a group’s or individual’s ability to access financial services,” and can also “result in distortions to industries and the U.S. economy,” as the examiners “use reputation risk to choose winners and losers among market participants and industries.”

Proposed Rules

General Prohibition

The agencies propose to add to their respective rules new provisions setting forth the prohibition on the use of reputation risk by the agencies. Specifically, each agency would be prohibited from:

• criticizing or taking “adverse action”[9] against an “institution”[10] on the basis of reputation risk;[11]
• requiring, instructing, or encouraging an institution, or any employee of an institution, to (1) refrain from contracting or doing business with, (2) terminate a contract or discontinue doing business with, (3) sign a contract or initiate doing business with, or (4) modify the terms or conditions under which it contracts or does business with, a third party, including an institution-affiliated party, in each case, on the basis of reputation risk;[12]
• requiring, instructing, or encouraging an institution, or any employee of an institution, to “terminate a contract with, discontinue doing business with, sign a contract with, initiate doing business with, modify the terms under which it will do business with a person or entity, or take any action or refrain from taking any action,” “on the basis of the person’s or entity’s political, social, cultural, or religious views or beliefs, constitutionally protected speech,” or “solely on the basis of the person’s or entity’s involvement in politically disfavored but lawful business activities perceived to present reputation risk”;[13] and
• taking supervisory or other adverse action against an institution, a group of supervised institutions, or the institution-affiliated parties of any supervised institution “that is designed to punish or discourage an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech” or “for political reasons, lawful business activities that the supervisor disagrees with or disfavors.”[14]

The agencies propose to define “doing business with” to mean (1) the bank providing any product or service; (2) the bank contracting with a third party for the third party to provide a product or service; (3) the bank providing discounted or free products or services to customers or third parties, including charitable activities; (4) the bank entering into, maintaining, modifying, or terminating an employment relationship; or (5) any other similar business activity that involves a bank client or a third party.[15] The agencies note that the term “doing business with” is intended “to be construed broadly” and to include “both existing business relationships and prospective business relations.”[16]

Although the agencies propose to define reputation risk broadly, the agencies note that the definition “is not intended to capture risks posed by public perceptions of the institution’s current or future financial condition.”[17] As an example, the agencies note that public perceptions that a bank is susceptible to a bank run would not be considered reputation risk.[18]

OFAC and BSA/AML Exceptions

The proposed prohibition would not apply with respect to persons, entities, or jurisdictions sanctioned by the Office of Foreign Assets Control (“OFAC”) or restrict the agencies’ authority to implement, administer, and enforce the Bank Secrecy Act (“BSA”).[19]

Prohibition on Pretext for Reputation Risk

The agencies recognize that due to the broad nature of BSA and anti-money laundering (“AML”) supervision, “there is a risk that BSA/AML-focused supervisory actions could indirectly address reputation risk.”[20] The agencies note that the proposal would “prohibit supervisors from using BSA/AML concerns as a pretext for reputation risk.”[21]

Similarly, the agencies note that, although they would continue to consider the statutory factors required in connection with certain applications, such as those requiring the agencies to consider the character and fitness of management and the competence, experience, and integrity of a proposed acquirer, the proposal would “prohibit supervisors from using these provisions as a pretext for reputation risk [. . .] in making determinations regarding such applications.”[22]

Conforming Rule Changes

In addition to the new provisions prohibiting the agencies’ use of reputation risk, the agencies propose to make conforming amendments to several of their existing rules to eliminate references to reputation risk in those rules.

Request for Comments

The agencies are seeking comments on all aspects of the proposed rules and include numerous specific questions for commenters to address, including in relation to: (1) the scope and clarity of specific proposed definitions (e.g., “reputation risk,” “adverse action,” “doing business with”) and phrases, (2) whether other prohibitions are warranted to capture other types of actions that add undue subjectivity to bank supervision, (3) whether there are alternatives that would better achieve the agencies’ objectives, (4) whether there are changes to the proposed rules that would help restrict the agencies’ ability to evade the rules, and (5) whether the removal of reputation risk would create any other unintended consequences for the agencies or their supervised institutions.[23]

Implications

The NPR is a further step by the agencies to make their previously announced removal of reputation risk from bank supervision more durable. If adopted, the prohibition on the agencies’ use of reputation risk would be incorporated into the agencies’ respective rules, which would require additional regulatory action to modify or eliminate. Although each of the FDIC, FRB and OCC had already announced the removal of reputation risk from bank supervision before the issuance of the EO, the FRB did not join the FDIC and OCC in issuing the NPR. It remains to be seen whether the FRB will propose rules to codify the removal of reputation risk from its supervision program, and whether any rules proposed by the FRB would differ in any material way from the agencies’ proposal in the NPR.

Banks will need to consider how the adoption of the prohibition on the agencies’ consideration of reputation risk proposed by the NPR will in turn affect banks’ use of reputation risk in their own risk management. Acting Chairman Hill stated that the NPR “would not impose new requirements or obligations on supervised institutions.”[24] Consistent with that statement, the agencies underscore in the NPR that the proposed changes to the agencies’ rules “would not alter or affect the ability of an institution to make business decisions regarding its customers or third-party arrangements and to manage them effectively, consistent with safety and soundness and compliance with applicable laws.”[25] However, certain criticisms and concerns the agencies raised regarding the use of reputation risk in bank supervision would also appear to be relevant in the context of banks’ use of reputation risk in their own risk management. In light of those factors, banks should consider whether they should continue to use reputation risk in their own risk management or should reorient such focus toward risk types that are more directly related to financial soundness (e.g., credit risk, market risk, interest rate risk, among others) instead. As part of this consideration, a bank should assess, among other factors, what additional benefits, if any, it would derive from the use of reputation risk that cannot be derived from the use of other risks in its risk management practices. If reputation risk is retained, it should be explicitly divorced from the political, religious and other social factors addressed in the EO.

In addition, the NPR states that the proposal would prohibit supervisors from using BSA/AML concerns as pretext for reputation risk. It remains to be seen how the proposed rules, if adopted, would affect the agencies’ BSA/AML supervision and whether the agencies will take any actions to revise their approaches to BSA/AML supervision to further advance the policy objectives of the NPR. In connection with its announcement of several actions to “eliminate politicized or unlawful debanking in the federal banking system,” the OCC has already stated that it is reviewing its approaches to BSA/AML supervision to “ensure that they are not contributing to unlawful debanking and will make changes if needed.”[26] The OCC stressed that it “welcomes the opportunity” to work with other federal agencies “to address any shortcomings in the BSA/AML framework more generally.”[27]

ENDNOTES

[1] OCC and FDIC, NPR, Prohibition on Use of Reputation Risk by Regulators (Oct. 7, 2025), available athttps://www.fdic.gov/board/npr-prohibition-use-reputation-risk-regulators.pdf; see also Press Release, Agencies Issue Proposal to Prohibit Use of Reputation Risk by Regulators (Oct. 7, 2025), available at https://www.fdic.gov/news/press-releases/2025/agencies-issue-proposal-prohibit-use-reputation-risk-regulators.

[2] Statement by Acting Chairman Travis Hill on the joint FDIC-OCC Proposal Regarding Prohibition on Use of Reputation Risk by Regulators (Oct. 7, 2025) (“FDIC Acting Chairman Statement”), available at https://www.fdic.gov/news/speeches/2025/statement-acting-chairman-travis-hill-proposal-regarding-prohibition-use.

[3] Exec. Order No. 14331, Guaranteeing Fair Banking for All Americans, 90 Fed. Reg. 38,925 (Aug. 12, 2025).  For more information on the EO, please refer to our Memorandum to Clients of Aug. 7, 2025.

[4] Press Release, Federal Reserve Board announces that reputational risk will no longer be a component of examination programs in its supervision of banks (June 23, 2025), available athttps://www.federalreserve.gov/newsevents/pressreleases/bcreg20250623a.htm; Letter from Acting FDIC Chairman Travis Hill to Representative Dan Meuser (Mar. 24, 2025), available at https://mailing.sullivanandcromwell.com/32/4324/uploads/fdic-lttr-on-reputational-risk.pdf; Press Release, OCC Ceases Examinations for Reputation Risk (Mar. 20, 2025), available athttps://www.occ.gov/news-issuances/news-releases/2025/nr-occ-2025-21.html.

[5] See FDIC Acting Chairman Statement.

[6] NPR, at 5; see also FDIC Acting Chairman Statement.

[7] Id.

[8] NPR, at 5-10.

[9] The agencies propose to define an “adverse action” to include: (1) “Any negative feedback delivered by or on behalf of the [agency] to the supervised institution, including in a report of examination or a formal or informal enforcement action”; (2) “A downgrade, or contribution to a downgrade, of any supervisory rating”; (3) “A denial of a [licensing] application[]”; (4) “Inclusion of a condition on any licensing application or other approval”; (5) “Imposition of additional approval requirements”; (6) “Any other heightened requirements on an activity or change”; (7) “Any adjustment of the institution’s capital requirement”; and (8) “Any action that negatively impacts the institution, or an institution-affiliated party, or treats the institution differently than similarly situated peers.” NPR, at 35-36 and 40 (to be codified in 12 C.F.R. § 4.91(g) and 12 C.F.R. § 302.100(g)).

[10] The agencies propose to define an “institution” to mean an entity for which the agency (i.e., the FDIC in the FDIC’s regulations and the OCC in the OCC’s regulations) “makes or will make supervisory determinations or other decisions, either solely or jointly.” NPR, at 36 and 41 (to be codified in 12 C.F.R. § 4.91(g) and 12 C.F.R. § 302.100(g)).

[11] NPR, at 34 and 38 (to be codified in 12 C.F.R. § 4.91(a) and 12 C.F.R. § 302.100(a)).

[12] NPR, at 34 and 38-39 (to be codified in 12 C.F.R. § 4.91(b) and 12 C.F.R. § 302.100(b)).

[13] NPR, at 34 and 39 (to be codified in 12 C.F.R. § 4.91(c) and 12 C.F.R. § 302.100(c)).

[14] NPR, at 35 and 39 (to be codified in 12 C.F.R. § 4.91(f) and 12 C.F.R. § 302.100(f)).

[15] NPR, at 36 and 40-41 (to be codified in 12 C.F.R. § 4.91(g) and 12 C.F.R. § 302.100(g)).

[16] NPR, at 14.

[17] Id.

[18] Id.

[19] NPR, at 34-35 and 38-39 (to be codified in 12 C.F.R. § 4.91(d)-(e) and 12 C.F.R. § 302.100(d)-(e)).

[20] NPR, at 12.

[21] Id.

[22] Id.

[23] NPR, at 16-18.

[24] FDIC Acting Chairman Statement.

[25] NPR, at 11.

[26] Press Release, OCC Announces Actions to Depoliticize the Federal Banking System (Sept. 8, 2025), available at https://occ.gov/news-issuances/news-releases/2025/nr-occ-2025-84.html.

[27] Id.

This post comes to us from Sullivan & Cromwell LLP. It is based on the firm’s memorandum, “FDIC and OCC Propose Rules to Prohibit Regulators’ Use of Reputation Risk,” available here.