Well, it’s official – or soon to be. Following a years-worth of earlier activity in the same vein, the Board of Governors of the Federal Reserve System has issued a notice of proposed rulemaking that would actually codify the removal of “reputation risk” from its supervisory framework. The proposal would amend 12 CFR Part 262 by adding § 262.9 and would prohibit the Board from using reputation risk in examination programs or supervisory materials. It would also prohibit the Board from encouraging or compelling supervised banking organizations to deny or condition financial services based on constitutionally protected political or religious beliefs, speech, associations, or “lawful but politically disfavored [activities] perceived to present reputation risk.” Comments are due by April 27, 2026.
By way of background (that by now we’re all intimately familiar with), reputation risk has been part of FRB supervision since the mid-1990s and was defined as the potential that negative publicity could result in customer loss, litigation, or revenue declines. In June 2025, the Board announced it would eliminate reputation risk from examination programs and began removing references from supervisory materials and retraining examiners. In proposing to formalize that change, the Board states that reputation risk “is difficult to quantify and communicate,” and that related safety and soundness concerns can be addressed through other established risk categories such as credit, market, liquidity, operational, and legal risk. The proposal also references concerns regarding alleged “debanking” tied to political or religious beliefs or lawful but controversial and disfavored (or, perhaps, risky) business activities.
So, again, in effect, the rule would prohibit the Board from using reputation risk in examinations or supervisory materials and would codify the historical definition while removing it from supervisory consideration. It would further prohibit the Board from pressuring institutions to deny or condition services based on protected beliefs or lawful but politically disfavored conduct. In a bit of inescapable irony (which we’ll expound on in just a bit), the proposal emphasizes that customer decisions remain with the banking organization, acting in accordance with “risk management” and “applicable laws and regulations.”
The rule would apply to bank holding companies, savings and loan holding companies, state member banks, combined U.S. operations of foreign banking organizations, and their subsidiaries. As a further sign of the times, the NPRM signals potential future inclusion of permitted payment stablecoin issuers.
The proposal is primarily seeking comment on its definition of reputation risk, the scope of covered entities, the current “clarity” of the prohibition, potential unintended consequences, and alternative approaches.
Naturally, there’s an underlying tension – one that has been written about in the past, but that cannot be ignored, particularly given the nature of a formalized rule. Because on the one hand, the Board argues that reputation risk is too vague, too difficult to quantify, and unnecessary as a supervisory category because any legitimate safety and soundness concern can be captured under more concrete risk types – credit, liquidity, operational, legal, and the like.
But on the other hand, the NPRM goes out of its way to codify a prohibition preventing the Board from encouraging or compelling banks to deny services to customers engaged in lawful but politically disfavored, controversial, or just flat-out otherwise high-risk activities perceived to present reputation risk. So, if reputation risk is truly redundant, and merely a shorthand for other, measurable risks, then eliminating it arguably would only be a technical housekeeping exercise. But the fact that the Board believes it necessary to embed binding language effectively addressing the concept of “debanking” suggests that reputational dynamics remain powerful enough to shape banking relationships in ways not-so-easily reduced to a spreadsheet column.
Perhaps more fundamentally, regardless of the formality, the proposal does not – and cannot – repeal public opinion. A bank’s reputation is formed in the public eye, not in the Federal Register. Perfectly lawful businesses can still present an elevated risk, depositor sensitivity, litigation exposure, regulatory compliance burden, and a broader governance strain, even if they don’t necessarily yet trigger a discrete credit or liquidity deficiency. Historically, “reputation risk” functioned as a supervisory label for that cluster of forward-looking pressures, often early warning signals of risks that later manifest in more traditional categories. Removing the term from supervisory vocabulary doesn’t in and of itself remove the underlying exposure; and there’s an argument that it simply narrows the language examiners may use to discuss it.
Arguably, that is the central irony embedded in the proposal. While the Board emphasizes that customer decisions remain with the banking organization, acting in accordance with risk management and applicable law, the codification of politically charged constraints around supervisory influence may indirectly (or not-so-indirectly) chill banks’ willingness to exercise that discretion where reputational fallout is a real (even if “difficult to quantify”) component of their risk analysis. In supposedly attempting to eliminate subjectivity from supervision, the rule very well could risk introducing a different kind of rigidity – one that assumes reputational consequences are either irrelevant or fully captured elsewhere, even as banks continue to bear the economic and social consequences of the company they keep.
Written by:
Brett Goodnack, JD, CAMS
Compliance Advisor