Prohibition on Use of Reputation Risk by Regulators

Prohibition on Use of Reputation Risk by Regulators

SUPPLEMENTARY INFORMATION:

I. Background and Policy Objectives

The agencies believe that banking regulators' use of the concept of reputation risk as a basis for supervisory criticisms increases subjectivity in banking supervision without adding material value from a safety and soundness perspective. Although the agencies recognize the importance of a bank's reputation, most activities that could negatively impact an institution's reputation do so through traditional risk channels ( e.g., credit risk, market risk, and operational risk, among others) on which supervisors already focus and already have sufficient authority to address. At the same time, supervising for reputation risk as a standalone risk adds substantial subjectivity to bank supervision and can be abused. It also diverts bank and agency resources from more salient risks without adding material value from a safety and soundness perspective. To improve the efficiency and effectiveness of their supervisory programs, the agencies have removed reputation risk from their supervisory frameworks and are proposing to codify this change in relevant regulations. This change would also respond to concerns expressed in Executive Order 14331, Guaranteeing Fair Banking for All Americans, ⁽¹⁾ that the use of reputation risk can be a pretext for restricting law-abiding individuals' and businesses' access to financial services on the basis of political or religious beliefs or lawful business activities.

The agencies' supervisory experience has shown that the use of reputation risk in the supervisory process does not increase the safety and soundness of supervised institutions because supervisors have little ability to predict ex ante whether or how certain activities or customer relationships present reputation risks that could threaten the safety and soundness of an institution. ⁽²⁾ In contrast, risks like credit risk and liquidity risk are more concrete and measurable and allow examiners to more objectively assess a banking institution's financial condition. Assessments of these risks may reflect perceptions of a bank's financial condition consistent with objective principles. Conversely, an independent consideration of reputation risk by examiners has not resulted in consistent or predictable assessments of material financial risk. Instead, by focusing on reputation risk, the agencies have instructed examiners to attempt to map events to public opinion and then public opinion to an institution's condition in ways that have proven nearly impossible to assess or quantify with accuracy. The agencies' attempts to identify reputation risks and their potential effects on institutions have not resulted in increased safety for supervised institutions as supervisors have not been able to accurately predict the public's reaction to business decisions made by institutions.

In other words, there is no clear evidence that interference in banks' activities or relationships in the interest of protecting the banks' reputations has protected banks from losses or improved banks' performances.

In addition to not enhancing safety and soundness, focusing on reputation risk can distract institutions and the agencies from devoting resources to managing core financial risks-such as credit risk, liquidity risk, and interest rate risk-that are quantifiable and have been shown to present significant threats to institutions. Monitoring requires dedicated resources. For example, in order to confront such risks, institutions frequently purchase expensive risk-monitoring models that must be maintained, implement detailed loan review programs, hire expensive outside advisers, and provide time-intensive training for staff. Parallel to these actions by institutions, the agencies have limited resources and a responsibility to use these resources in an efficient and productive manner in furtherance of their statutory responsibilities. In the judgment of the agencies, examining for reputation risk diverts resources that could be better spent on other risks that have been shown to present significant, tangible threats to institutions and that are more easily quantified and addressed through regulatory intervention.

Moreover, the agencies' use of reputation risk in reaching supervisory conclusions introduces subjectivity and unpredictability into the agencies' judgments. Regardless of how much the agencies refine their supervisory approaches to reflect differences among institutions, agency supervision more effectively fosters safe and sound banking when supervised institutions have a reasonable expectation of how the agencies would evaluate an activity. The agencies have not clearly explained how banks should measure the reputation risk from different activities, business partners, or clients, nor have the agencies clearly articulated the criteria for which activities, business partners, or clients are deemed to present reputation risk. Without clear standards, the agencies' supervision for reputation risk has been inconsistent and has at times reflected individual perspectives rather than data-driven conclusions. Different stakeholders may have different perspectives on how such activities or relationships impact an institution's reputation, if at all, which creates unpredictability and inconsistency for regulated entities. Additionally, the subjective nature of supervisory decisions about reputation risk introduces the potential for political or other biases into the supervisory process. Thus, supervisory judgments about reputation risk can create subjective regulatory interference in day-to-day business decisions that are better left to the judgment of the regulated institutions. Given the difficulty of measuring reputation risk in an accurate and precise way, it is inappropriate for the agencies' supervisors to examine supervised institutions against this risk.

More importantly, when a supervised institution alters its behavior to comply with supervisory expectations relating to reputation risk management, such as by closing an account or choosing not to enter into or continue a business relationship with a customer that it would otherwise maintain, it is forgoing an opportunity to maintain or build a profitable business relationship that may otherwise be consistent with sound risk management practice. Accordingly, the agencies' past practice of encouraging supervised institutions to alter their behavior due to reputation risk may have adversely impacted institutions' earnings, capital positions, and safety and soundness. In this way, the agencies' prior focus on reputation risk may have caused supervised institutions to be less safe and sound than had they been permitted to engage in lawful business activities without these limitations resulting from supervisory expectations surrounding reputation risk.

In addition, examining for reputation risk can result in agency examiners implicitly or explicitly encouraging institutions to restrict access to banking services on the basis of examiners' personal views of a group's or individual's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or politically disfavored but lawful business activities. This can result in unfair treatment of different groups and impermissible restrictions on a group's or individual's ability to access financial services. This practice can also result in distortions to industries and the U.S. economy, as the agencies' examiners use reputation risk to choose winners and losers among market participants and industries.

Moreover, even if reputation risk could be quantified, the agencies lack evidence that reputation risk, in the absence of identified financial or operational risks, is a factor that can hurt an institution's safety and soundness. While there are examples of risks like credit risk and liquidity risk being the primary driver of an institution's unsafe or unsound condition, the agencies have not seen evidence that reputation risk can be the primary driver of an institution being in unsafe or unsound condition. When reputational issues are identified as a root cause of harm that has impacted a supervised institution's financial condition, there are typically other more significant factors, such as those relating to the institution's capital, asset quality, liquidity, earnings, or interest rate sensitivity, that are the primary drivers of the institution's weakened financial condition. The OCC's supervision is required by law to focus on the safety and soundness of its institutions and compliance with laws and regulations as well as, as applicable, fair access to financial services and fair treatment of customers. ⁽³⁾ The FDIC is responsible for the supervision and examination of state nonmember banks, including for safety and soundness principles. ⁽⁴⁾ In furtherance of these objectives, the agencies' supervision should focus on concrete risks and objective criteria directly related to applicable statutory requirements. In the agencies' experience, using reputation risk in its supervisory process does not further this mission.

II. Description of the Proposed Rule and Changes

Based on the above-described supervisory experience and the ineffectiveness of using reputation risk to improve the safety and soundness of supervised institutions, the agencies have removed reputation risk from their supervisory frameworks and are proposing to codify this change in relevant regulations. This proposed rule would be a regulation as defined in section 5 of Executive Order 14192. The proposed rule would be a significant regulatory action for the purposes of Executive Order 12866. The proposed elimination of reputation risk supervision is deregulatory.

Under 12 U.S.C. 1(a), the OCC is charged with assuring the safety and soundness of, and compliance with laws and regulations, fair access to financial services, and fair treatment of customers by, the institutions and other persons subject to its jurisdiction. Similarly, the FDIC has statutory authority to administer the affairs of the Corporation, which includes a framework for banking supervision. ⁽⁵⁾ Further, the FDIC's Board of Directors has the authority to prescribe rules and regulations as it may deem necessary to carry out the provisions of the Federal Deposit Insurance Act, ⁽⁶⁾ and the OCC is authorized to prescribe rules and regulations to carry out the responsibilities of the office. ⁽⁷⁾

Based on these authorities, the subjectivity of reputation risk, the inefficacy of reputational risk at identifying risks to safety and soundness or other statutory mandates, and the potential for regulatory overreach and abuse, the agencies have removed reputation risk from their supervisory frameworks and are proposing regulations to codify this change in relevant regulations. The proposed rule would not alter or affect the ability of an institution to make business decisions regarding its customers or third-party arrangements and to manage them effectively, consistent with safety and soundness and compliance with applicable laws.

The proposed rule would prohibit the agencies from criticizing, formally or informally, or taking adverse action against an institution on the basis of reputation risk. In addition, under the proposal, the agencies would be prohibited from requiring, instructing, or encouraging an institution or its employees to refrain from contracting with or to terminate or modify a contract with a third party, including an institution-affiliated party, on the basis of reputation risk. The agencies also could not require, instruct, or encourage an institution or its employees to refrain from doing business with or to terminate or modify a business relationship with a third party, including an institution-affiliated party, on the basis of reputation risk. The proposed rule would also prevent the agencies from requiring, instructing, or encouraging an institution to enter into a contract or business relationship with a third party on the basis of reputation risk. The proposed rule would further prohibit the agencies from requiring, instructing, or encouraging an institution or an employee of an institution to terminate a contract with, discontinue doing business with, or modify the terms under which it will do business with a person or entity on the basis of the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of the third party's involvement in politically disfavored but lawful business activities perceived to present reputation risk.

This prohibition would not affect requirements intended to prohibit or reject transactions or accounts associated with Office of Foreign Assets Control-sanctioned persons, entities, or jurisdictions. Such prohibitions and rejections would not be based specifically on "the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or politically disfavored but lawful business activities perceived to present reputation risk." The prohibition also does not affect the agencies' authority to enforce the requirements of the provisions of United States Code title 31, chapter 53, subchapter II regarding reporting on monetary transactions. ⁽⁸⁾ However, due to the broad nature of Bank Secrecy Act (BSA)  ⁽⁹⁾ and anti-money laundering (AML) supervision, there is a risk that BSA/AML focused supervisory actions could indirectly address reputation risk. The proposal would prohibit supervisors from using BSA and anti-money laundering concerns as a pretext for reputation risk. In addition, although the agencies would continue to consider the statutory factors required with respect to certain applications, ⁽¹⁰⁾ the proposal would prohibit supervisors from using these provisions as a pretext for reputation risk, as described in this proposal, in making determinations regarding such applications.

"Adverse action," as defined by the proposed rule, would include the provision of negative feedback, including feedback in a report of examination, a memorandum of understanding, verbal feedback, or an enforcement action. Furthermore, "action" encompasses any action of any agency employee, including any communication characterized as informal, preliminary, or not approved by agency officials or senior staff. A downgrade (or contribution to a downgrade) of any supervisory rating, including a rating assigned under the Uniform Financial Institutions Rating System or comparable rating system, also would constitute an "adverse action" under the proposed rule. In addition, a downgrade (or contribution to a downgrade) of a rating under the Uniform Interagency Consumer Compliance Rating System or the Uniform Rating System for Information Technology, or any other rating system, would also constitute an "adverse action" under the proposed rule. Further, a denial of a filing or licensing application or an imposition of a capital requirement above the minimum ratios would constitute an "adverse action" under the proposed rule, as would any burdensome requirements placed on an approval, the introduction of additional approval requirements, or any other heightened requirements on an activity or change.

The agencies are also including a general "catch-all" for any other actions that could negatively impact the institution outside of traditional supervisory channels. This catch-all is meant to include actions such as supervisory decisions on applications for waivers outside of the normal licensing or filing channels, applications to engage in certain business activities for which supervisory permission is required, or other regulatory decisions affecting institutions. Intent is the defining characteristic for whether an agency-action would fall into this catch-all provision. As an illustration of agency actions that would be subject to this prohibition, the prohibition would prevent the agencies from, for example: disapproving a proposed member of a board of directors on the basis of an unsubstantiated pretense where the true reason is reputation risk, denying a waiver of bank director citizenship and residency requirements for the purpose of inducing a bank to address perceived reputation risk somewhere in the bank's operations, or disapproving a change of control notice because a bank lacks internal reputation risk controls. Agency actions subject to this prohibition would also include negative feedback that is verbal, a condition attached to an approval, the introduction of new approval requirements, and any other heightened requirements that are intended to force the bank to address perceived reputation risk.

The term "doing business with" in the proposed rule is intended to be construed broadly and to include business relationships both with bank clients and with third-party service providers. It is also intended to include the relationship of a bank with organizations or individuals that the bank is providing with charitable services, including as part of a community benefits agreement or as part of a Community Reinvestment Act plan. This term is intended to include both existing business relationships and prospective business relations.

The term "institution-affiliated party" has the same meaning as in section 3 of the Federal Deposit Insurance Act. ⁽¹¹⁾

The proposed rule would define "reputation risk" as the risk, regardless of how the risk is labeled by the institution or by the agencies, that an action or activity, or combination of actions or activities, or lack of actions or activities, of an institution could negatively impact public perception of the institution for reasons unrelated to the current or future financial condition of the institution. This definition is intended to include not just risks that the agencies or the institution identify as "reputation risks," but any similar risk based around concerns regarding the public's perception of the institution beyond the scope of other risks in the agencies' supervisory frameworks. This definition is not intended to capture risks posed by public perceptions of the institution's current or future financial condition because such perceptions relate to risks other than reputation risk. For example, public perceptions that a bank has insufficient liquidity and therefore is susceptible to a bank run would not be considered reputation risk.

The prohibitions of the proposed rule would apply to actions taken on the basis of reputation risk; political, social, cultural, or religious views and beliefs; constitutionally protected speech; or solely based on bias against politically disfavored but lawful business activities perceived to present reputation risk. The proposed rule would not prohibit criticism, supervisory feedback, or other actions to address traditional risk channels related to safety and soundness and compliance with applicable laws, including credit risk, market risk, and operational risk (including cybersecurity, information security, and illicit finance), provided that such criticism, supervisory feedback or other actions addressing these other risks is not a pretext by examiners aimed at reputation risk.

Under the proposed rule, the OCC would make seven conforming amendments to the OCC's regulations to eliminate references to reputation risk. These conforming amendments would be made in (1) the list of risks a national bank shall consider, as appropriate, as set out in 12 CFR part 1 of the OCC regulations;  ⁽¹²⁾ and (2) the safety and soundness standards set forth in 12 CFR part 30 of the OCC regulations, including the OCC guidelines. ⁽¹³⁾ The OCC regulations at 12 CFR part 30 would include six conforming amendments. ⁽¹⁴⁾

Regulations codified in 12 CFR part 41 of the OCC regulations and 12 CFR part 334 of the FDIC's regulations refer to reputation risk concerning certain identity theft prevention programs required by the Fair and Accurate Credit Transactions Act of 2003. ⁽¹⁵⁾ However, by statute, guidelines and regulations for these programs must occur jointly across certain federal agencies, ⁽¹⁶⁾ so no conforming amendment is suggested for 12 CFR part 41 or 12 CFR part 334. The OCC and FDIC are considering making changes to 12 CFR parts 41 and 334, respectively, in a separate, joint rulemaking in the future. Until that separate, joint rulemaking occurs, the agencies expect to exercise their discretion in enforcing 12 CFR parts 41 and 334 by using agency resources to assess compliance without regard to reputation risk.

Under the proposed rule, the FDIC would make one conforming amendment to the FDIC's regulations relating to reputation risk. This amendment would be made in the safety and soundness standards set forth in 12 CFR part 364 of the FDIC's regulations. ⁽¹⁷⁾ The proposed rule would eliminate the reference to reputation risk in the regulation.

III. Request for Comments and Use of Plain Language

The agencies seek comment on all aspects of the proposed rule, including the following:

1. Do commenters believe the enumerated prohibitions capture the types of actions that add undue subjectivity to bank supervision? If there are other prohibitions that would be warranted, please identify such prohibitions and explain.

2. Is the definition of "adverse action" in the proposed rule sufficiently clear? Should the definition be broader or narrower? Are there other types of agency actions that should be included in the list of "adverse actions?" Does the catch-all provision at the end of the definition of "adverse action" appropriately capture any agency action that is intended to punish or discourage banks on the basis of perceived reputation risk? Is such catch-all provision sufficiently clear?

3. Are commenters aware of any other uses of reputation risk in supervision or in the agencies' regulations that should be addressed in this rule? If so, please describe such uses and their effects on institutions.

4. Do commenters believe the definition of "reputation risk" should be broadened or narrowed? If so, how should the definition be broadened or narrowed? Please provide the reasoning to support any suggested changes.

5. Do commenters understand what is meant by the phrase "solely on the basis of the third party's involvement in lawful business activities that are perceived to present reputation risk?" Could the agencies word this prohibition more clearly? Should the word "solely" be included? Would it be better to say "solely or partially?"

6. Are there alternatives to the proposed rule that would better achieve the agencies' objective? If so, please describe any such alternatives.

7. Are there changes to the proposed rule that would help restrict the agencies' ability to evade the rule's requirements, including evasion through mislabeling a risk or through using alternative adverse actions? Is there other anti-evasion language that should be included?

8. The proposed definition of "reputation risk" includes risks that could negatively impact public perception of an institution for reasons unrelated to the financial condition of the institution. Should this be broadened to include reasons unrelated to the financial or operational condition of the institution?

9. Should the list of relationships that would constitute "doing business with" include additional types of relationships?

10. Does the removal of reputation risk create any other unintended consequences for the agencies or their supervised institutions?

11. Would the proposed rule have any costs, benefits, or other effects that the agencies have not identified? If so, please describe any such costs, benefits, or other effects.

Additionally, section 722 of the Gramm-Leach-Bliley Act  ⁽¹⁸⁾ requires the federal banking agencies to use plain language in all proposed and final rules published after January 1, 2000. The agencies have sought to present the proposed rule in a simple and straightforward manner, and invite comment on the use of plain language. For example:

12. Have the agencies organized the material to suit your needs? If not, how could the agencies present the proposed rule more clearly?

13. Are the requirements in the proposed rule clearly stated? If not, how could the proposed rule be more clearly stated?

14. Do the regulations contain technical language or jargon that is not clear? If so, which language requires clarification?

15. Would a different format (grouping and order of sections, use of headings, paragraphing) make the regulation easier to understand? If so, what changes would achieve that?

16. Would more, but shorter, sections be better? If so, which sections should be changed?

What other changes can the agencies incorporate to make the regulation easier to understand?

IV. Expected Effects

OCC:

A. Background

As previously discussed, to improve the efficiency and effectiveness of their supervisory programs, the agencies are proposing revising their supervisory frameworks to remove reputation risk. The proposed rule would prohibit the OCC from criticizing or taking adverse actions (broadly defined) against an institution on the basis of reputation risk. The proposed rule would define "reputation risk" as the risk, regardless of how the risk is labeled by the institution or by the agencies, that an action or activity, or combination of actions or activities, or lack of actions or activities, of an institution could negatively impact public perception of the institution for reasons unrelated to the financial condition of the institution. The proposed rule would also prohibit the agencies from requiring, instructing, or encouraging an institution or any employee of an institution to terminate a contract with, discontinue doing business with, sign a contract with, initiate doing business with, modify the terms under which it will do business with a person or entity, or take any action or refrain from taking any action on the basis of the person's or entity's political, social, cultural, or religious views or beliefs or solely on the basis of the person's or entity's involvement in lawful business activities perceived to present reputational risk. The proposed rule would not prohibit criticism, supervisory feedback, or other actions to address traditional risk channels related to safety and soundness and compliance with applicable laws, including credit risk, market risk, and operational risk (including cybersecurity, information security, and illicit finance), provided that such criticism, supervisory feedback or other actions addressing these other risks is not a pretext by examiners aimed at reputational risk.

Under the proposed rule, the OCC would make seven conforming amendments to the OCC's regulations relating to reputation risk. These conforming amendments would be made in (1) the list of risks a national bank shall consider, as appropriate, as set out in 12 CFR part 1 of the OCC regulations; and (2) the safety and soundness standards set forth in 12 CFR part 30 of the OCC regulations.

B. Current Legal and Regulatory Baselines

There are two regulatory baselines that may be assessed. Under the first baseline, on March 20, 2025, the OCC issued OCC Bulletin 2025-4 wherein the OCC issued guidance that removed references to banks' reputation risk from its "Comptroller's Handbook" booklets and guidance issuances. In addition, the OCC instructed its examiners that they should no longer examine for reputation risk.

Therefore, under this first legal and regulatory baseline, the OCC already discontinued reputation risk-based supervision since March 2025, and the proposed rule would create a formal legal mandate to remove reputation risk from OCC supervision. Effectively, there would be no additional burden, and therefore no compliance costs since reputation risk would not be examined effective with OCC Bulletin 2025-4. Any cost savings would be de minimis since references to bank's reputation risk were already removed, per OCC Bulletin 2025-4.

Under the second baseline, which considers the scenario absent OCC Bulletin 2025-4, however, the OCC would have continued to supervise institutions for reputation risk.

C. Parties Affected by the Proposal

1. OCC-Regulated Entities Affected by the Rule

The OCC currently supervises 1,017 national banks, Federal savings associations, trust companies and Federal branches and agencies of foreign banks (collectively, banks). ⁽¹⁹⁾ Because all OCC-regulated banks and institutions were subject to reputation risk assessments, the proposed rule would affect all 1,017 institutions supervised.

2. Other Parties

Because the proposed rule aims to remove the influence of the agencies' reputation risk assessments on institutions' customer relationships, we conclude that the proposed rule could potentially affect all OCC-regulated institutions' current and future customers.

D. Costs and Benefits

1. Cost Savings From Decreased Regulatory Compliance Burden

While the proposed rule does not address regulated institutions' internal practices of how to address reputation risk, the OCC expects that the proposed rule would, nonetheless, result in a decrease in regulated institutions' costs primarily through reduced regulatory compliance burden, relative to the second baseline. The OCC would no longer examine for reputation risk nor issue any related adverse supervisory actions. In turn, institutions would no longer have to engage in reputation risk examinations and respond to any related adverse supervisory actions. The OCC estimates that the cost savings could be significant depending on the level of effort an institution put forth to prepare for reputation risk examinations. Although the OCC is unable to thoroughly quantify cost savings due to decreased regulatory compliance burden, the OCC notes that there is a non-trivial percentage of Matters Requiring Attention (MRAs) that mentioned "reputation risk." The table below calculates the percentage of MRA-related text summaries that mentioned the word "reputation" from all available summaries. The table  ⁽²⁰⁾ shows that 12.42 percent of MRAs mentioned "reputation risk" in 2024. While many of these MRAs were not solely due to reputation risk, given the persistence and increased occurrence of reputation risk in MRAs, one could expect that removing reputation risk would result in significant cost savings for institutions that had to respond to reputation risk-related MRAs.

2. Benefits From Increased Business Opportunities

The impact of the proposed rule on OCC-regulated institutions depends significantly on the extent to which the OCC may have changed regulated institutions' behavior in response to the OCC's expectation in managing reputation risk, relative to the second baseline. On the one hand, the OCC's expectations in managing reputation risk may not have been binding; regulated institutions may internally perceive reputation risk as an important aspect in maintaining or growing their customer base.

On the other hand, the OCC's expectations in managing reputation risk may have caused changes in institutions' behavior in response to reputation risk concerns by encouraging institutions to refrain from and/or terminate existing customer relationships. A consequence of the OCC's actions could have been preventing banks from entering into or continuing profitable business relationships with law-abiding customers that banks would have maintained in the absence of OCC expectations. Indeed, in 2016 the House passed the Financial Institution Customer Protection Act, ⁽²¹⁾ which was meant to address alleged abuses by Federal banking regulators that pressured financial institutions to terminate services for legal businesses based solely on "reputational risk."

While Sachdeva et al. ⁽²²⁾ show that targeted banks decreased lending to and terminated relationships with affected firms that were deemed controversial, results suggest that the firms substituted credit through nontargeted banks under similar terms. As such, targeted credit rationing did not substantially change the performance of the affected firms. However, even though it did not substantially affect the performance of the affected firms, the affected firms nonetheless had to incur search costs and burden in finding alternatives.

We conclude that the proposed rule should benefit customers by formally eliminating reputation risk related regulatory restrictions and constraints on their business relationships because the proposed rule would decrease the search costs and burden associated with finding alternatives. Additionally, we conclude that the proposed rule should benefit regulated institutions by eliminating constraints on relationships related to reputation risk that would otherwise be profitable.

3. Benefits From Less Subjective Supervision

One additional benefit from the removal of reputation risk is greater consistency and objectivity of supervisory decisions, relative to the second baseline. This in turn, would increase the predictability for regulated institutions to understand and manage regulators' supervisory expectations.

In our analysis, we attempted to quantitatively compare the subjectivity of OCC supervisory text that mentions or does not mention the word "reputation." In our analysis, we use standard natural language processing algorithms  ⁽²³⁾ to calculate a subjectivity score for individual OCC supervisory texts. The supervisory text includes descriptions of significant supervisory events and MRA text descriptions that we also utilized in section D.1 of this document. We calculate the subjectivity score for each individual text document, and the scores range from 0 to 1 and scores closer to 1 are indicative of more subjective text.

For the significant supervisory event text data, we calculated an average subjectivity score of 0.41 for text that mentions reputation and an average score of 0.28 for supervisory event text that does not mention reputation. For the MRA text data, we calculated average subjectivity scores of 0.43 and 0.33 from text that mentions and does not mention reputation, respectively.

FDIC:

This analysis utilizes all regulations and guidance applicable to FDIC-supervised insured depository institutions (IDIs), as well as information on the financial condition of IDIs as of the quarter ending March 31, 2025, as the baseline to which the effects of the proposed rule are estimated.

If adopted, the proposed regulations would indirectly benefit FDIC-supervised IDIs or associated persons to the extent they would have been the subject of an adverse action or prohibition against certain business relationships by the agencies on the basis of reputation risk; political, social, cultural, or religious views and beliefs; constitutionally protected speech; or politically disfavored but lawful business activities perceived to present reputation risk. This benefit would occur as the IDI or associated person would avoid any costs associated with such adverse actions or prohibitions. Additionally, the improved efficiency and effectiveness of the FDIC's supervisory programs may also indirectly benefit covered IDIs. Further, IDIs may incur some voluntary costs associated with making changes to their compliance policies and procedures. As of the quarter ending March 31, 2025, the FDIC supervised 2,835 IDIs. ⁽²⁴⁾ The FDIC does not have the information necessary to quantify number of instances, or the associated costs, where an IDI or person was subject to a covered adverse action or prohibition against certain business relationships. Nor does the FDIC have the information necessary to quantify the number of IDIs that might make changes to their compliance policies and procedures. However, the FDIC believes that such instances are very infrequent, based on their supervisory experience. The FDIC believes that the aggregate economic effect of any such indirect benefits or costs is unlikely to be substantive.

The FDIC invites comments on all aspects of this analysis. In particular, would the proposed rule have any costs or benefits that the agencies have not identified?

V. Regulatory Analysis

Paperwork Reduction Act

The Paperwork Reduction Act of 1995  ⁽²⁵⁾ (PRA) states that no agency may conduct or sponsor, nor is the respondent required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. The agencies have reviewed this proposed rule and determined that it does not create any information collection or revise any existing collection of information. Accordingly, no PRA submissions to OMB will be made with respect to this proposed rule.

Regulatory Flexibility Act

OCC:

In general, the Regulatory Flexibility Act (RFA)  ⁽²⁶⁾ requires an agency, in connection with a proposed rule, to prepare an initial regulatory flexibility analysis describing the impact of the rule on small entities (defined by the U.S. Small Business Administration (SBA) for purposes of the RFA to include commercial banks and savings institutions with total assets of $850 million or less and trust companies with total assets of $47 million or less). However, under section 605(b) of the RFA, this analysis is not required if an agency certifies that the proposed rule would not have a significant economic impact on a substantial number of small entities and publishes its certification and a short explanatory statement in the Federal Register along with its proposed rule.

The OCC currently supervises approximately 609 small entities, all of which may be impacted by the proposed rule. ⁽²⁷⁾ In general, the OCC classifies the economic impact on an individual small entity as significant if the total estimated impact in one year is greater than 5 percent of the small entity's total annual salaries and benefits or greater than 2.5 percent of the small entity's total non-interest expense. Furthermore, the OCC considers 5 percent or more of OCC-supervised small entities to be a substantial number. Thus, at present, 30 OCC-supervised small entities would constitute a substantial number.

Under the baseline with OCC Bulletin 2025-4, the proposed rule would have a de minimis effect on small entities. Under the baseline absent OCC Bulletin 2025-4, the proposed rule would affect all small OCC-regulated entities and would therefore affect a significant number of small entities. However, because the proposed rule would result in significant cost savings for all OCC-regulated institutions, the OCC expects the proposed rule would not have a significant adverse impact on small entities. Thus, the OCC finds that the proposed rule would not have a significant economic impact on a substantial number of OCC-supervised small entities under either baseline.

FDIC:

The RFA generally requires an agency, in connection with a proposed rule, to prepare and make available for public comment an initial regulatory flexibility analysis that describes the impact of the proposed rule on small entities. ⁽²⁸⁾ However, an initial regulatory flexibility analysis is not required if the agency certifies that the proposed rule will not, if promulgated, have a significant economic impact on a substantial number of small entities. The SBA has defined "small entities" to include banking organizations with total assets of less than or equal to $850 million. ⁽²⁹⁾ Generally, the FDIC considers a significant economic impact to be a quantified effect in excess of 5 percent of total annual salaries and benefits or 2.5 percent of total noninterest expenses. The FDIC believes that effects in excess of one or more of these thresholds typically represent significant economic impacts for FDIC-supervised institutions. As discussed further below, the FDIC certifies that the proposed rule, if adopted, would not have a significant economic impact on a substantial number of FDIC-supervised small entities.

The proposed rule would, if adopted, apply only to the activities of the FDIC. As such, this rule would not impose any obligations on FDIC-supervised entities, and FDIC-supervised entities would not need to take any action in response to this rule. Therefore, the FDIC certifies that the proposed rule, if adopted, would not have a significant economic impact on a substantial number of FDIC-supervised small entities because proposed rule would not have any direct effect on the public or FDIC-supervised institutions.

The FDIC invites comments on all aspects of the supporting information provided in this RFA section. The FDIC is particularly interested in comments on any significant effects on small entities that the agency has not identified.

Unfunded Mandates Reform Act

The OCC has analyzed the proposed rule under the factors in the Unfunded Mandates Reform Act of 1995 (UMRA). ⁽³⁰⁾ Under this analysis, the OCC considered whether the proposed rule includes a Federal mandate that may result in the expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year ($187 million as adjusted annually for inflation). Pursuant to section 202 of the UMRA, ⁽³¹⁾ if a proposed rule meets this UMRA threshold, the OCC would need to prepare a written statement that includes, among other things, a cost-benefit analysis of the proposal.

The OCC estimates that the proposal would not require additional expenditure from OCC-regulated entities. As noted earlier, there would likely be a decrease in expenditures due to the removal of compliance mandates, resulting in cost savings. The OCC's estimated UMRA cost is $0. Therefore, the OCC finds that the proposed rule does not trigger the UMRA cost threshold. Accordingly, the OCC has not prepared the written statement described in section 202 of the UMRA.

Riegle Community Development and Regulatory Improvement Act of 1994

Pursuant to section 302(a) of the Riegle Community Development and Regulatory Improvement Act (RCDRIA) of 1994, ⁽³²⁾ in determining the effective date and administrative compliance requirements for new regulations that impose additional reporting, disclosure, or other requirements on insured depository institutions, the OCC and FDIC must consider, consistent with principles of safety and soundness and the public interest (1) any administrative burdens that the final rule would place on depository institutions, including small depository institutions and customers of depository institutions and (2) the benefits of the final rule. This rulemaking would not impose any reporting, disclosure, or other requirements on insured depository institutions. Therefore, section 302(a) does not apply to this final rule.

Providing Accountability Through Transparency Act of 2023

The Providing Accountability Through Transparency Act of 2023  ⁽³³⁾ requires that a notice of proposed rulemaking include the internet address of a summary of not more than 100 words in length of a proposed rule, in plain language, that shall be posted on the internet website www.regulations.gov.

The OCC and FDIC propose codifying the elimination of the use of reputation risk from their risk-based supervisory frameworks. The proposal would prohibit the agencies from forcing an institution to refrain from contracting or doing business with an individual or entity or to terminate, modify, or initiate a contract or business relationship on the basis of reputation risk. The agencies also could not force an institution to terminate a contract or discontinue or modify a business relationship on the basis of an individual's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or lawful business activities.

The proposal and required summary can be found for the OCC at https://www.regulations.gov by searching for Docket ID OCC-2025-0142 and https://occ.gov/topics/laws-and-regulations/occ-regulations/proposed-issuances/index-proposed-issuances.html, and for the FDIC at https://www.fdic.gov/resources/regulations/federal-register-publications/index.html#.

Executive Order 12866 (as Amended)

Executive Order 12866, titled "Regulatory Planning and Review," as amended, requires the Office of Information and Regulatory Affairs (OIRA), OMB, to determine whether a proposed rule is a "significant regulatory action" prior to the disclosure of the proposed rule to the public. If OIRA finds the proposed rule to be a "significant regulatory action," Executive Order 12866 requires the OCC to conduct a cost-benefit analysis of the proposed rule and for OIRA to conduct a review of the proposed rule prior to publication in the Federal Register . Executive Order 12866 defines a "significant regulatory action" to mean a regulatory action that is likely to (1) have an annual effect on the economy of $100 million or more or adversely affect in a material way the economy, a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or State, local, or tribal governments or communities; (2) create a serious inconsistency or otherwise interfere with an action taken or planned by another agency; (3) materially alter the budgetary impact of entitlements, grants, user fees, or loan programs or the rights and obligations of recipients thereof; or (4) raise novel legal or policy issues arising out of legal mandates, the President's priorities, or the principles set forth in Executive Order 12866.

OIRA has determined that this proposed rule is a significant regulatory action under section 3(f)(1) of Executive Order 12866 and, therefore, is subject to review under Executive Order 12866. The OCC's analysis conducted in connection with Executive Order 12866 is included above under the "Expected Impacts" section of this document. The FDIC's analysis conducted in connection with Executive Order 12866 is also included above under the "Expected Effects" section of this document.

Executive Order 14192

Executive Order 14192, titled "Unleashing Prosperity Through Deregulation," requires that an agency, unless prohibited by law, identify at least 10 existing regulations to be repealed when the agency publicly proposes for notice and comment or otherwise promulgates a new regulation with total costs greater than zero. Executive Order 14192 further requires that new incremental costs associated with new regulations shall, to the extent permitted by law, be offset by the elimination of existing costs associated with at least 10 prior regulations. Under either baselines with OCC Bulletin 2025-4 or absent the OCC Bulletin 2025-4, this proposed rule is a deregulatory action under Executive Order 14192 because it results in potential cost savings for OCC-supervised institutions.

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Chapter I

Authority and Issuance

For the reasons set forth in the preamble, the OCC proposes to amend parts 1, 4, and 30 of chapter I of title 12 of the Code of Federal Regulations as follows:

PART 1-INVESTMENT SECURITIES

PART 4-ORGANIZATION AND FUNCTIONS, AVAILABILITY AND RELEASE OF INFORMATION, CONTRACTING OUTREACH PROGRAM, POST-EMPLOYMENT RESTRICTIONS FOR SENIOR EXAMINERS

Subpart G-Enforcement and Supervision Standards

Sec.

Subpart G-Enforcement and Supervision Standards

(a) The OCC will not criticize, formally or informally, or take adverse action against an institution on the basis of reputation risk.

(b) The OCC will not require, instruct, or encourage an institution, or any employee of an institution, to:

(1) Refrain from contracting or doing business with a third party, including an institution-affiliated party, on the basis of reputation risk;

(2) Terminate a contract or discontinue doing business with a third party, including an institution-affiliated party, on the basis of reputation risk;

(3) Sign a contract or initiate doing business with a third-party, including an institution-affiliated party, on the basis of reputation risk; or

(4) Modify the terms or conditions under which it contracts or does business with a third party, including an institution-affiliated party, on the basis of reputation risk.

(c) The OCC will not require, instruct, or encourage an institution, or any employee of an institution, to terminate a contract with, discontinue doing business with, sign a contract with, initiate doing business with, modify the terms under which it will do business with a person or entity, or take any action or refrain from taking any action on the basis of the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of the person's or entity's involvement in politically disfavored but lawful business activities perceived to present reputation risk.

(d) The prohibitions in paragraphs (a) through (c) of this section only apply to actions taken on the bases described in paragraphs (a) through (c) of this section, and the prohibition in paragraph (c) of this section shall not apply with respect to persons, entities, or jurisdictions sanctioned by the Office of Foreign Assets Control.

(e) Nothing in this section shall restrict the OCC's authority to implement, administer, and enforce the provisions of subchapter II of chapter 53 of title 31, United States Code.

(f) The OCC will not take any supervisory action or other adverse action against an institution, a group of institutions, or the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities that the supervisor disagrees with or disfavors.

(g) The following definitions apply in this section:

Adverse action includes:

(i) Any negative feedback delivered by or on behalf of the OCC to the supervised institution, including in a report of examination or a formal or informal enforcement action;

(ii) A downgrade, or contribution to a downgrade, of any supervisory rating, including, but not limited to:

(A) Any rating under the Uniform Financial Institutions Rating System (or any comparable rating system);

(B) Any rating under the Uniform Interagency Consumer Compliance Rating System;

(C) Any rating under the Uniform Rating System for Information Technology; and

(D) Any rating under any other rating system;

(iii) A denial of a licensing application;

(iv) Inclusion of a condition on any licensing application or other approval;

(v) Imposition of additional approval requirements;

(vi) Any other heightened requirements on an activity or change;

(vii) Any adjustment of the institution's capital requirement; and

(viii) Any action that negatively impacts the institution, or an institution-affiliated party, or treats the institution differently than similarly situated peers.

Doing business with means:

(i) The bank providing any product or service, including account services;

(ii) The bank contracting with a third party for the third party to provide a product or service;

(iii) The bank providing discounted or free products or services to customers or third parties, including charitable activities;

(iv) The bank entering into, maintaining, modifying, or terminating an employment relationship; or

(v) Any other similar business activity that involves a bank client or a third party.

Institution means an entity for which the OCC makes or will make supervisory or licensing determinations either solely or jointly.

Institution-affiliated party means the same as in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813(u)).

Reputation risk means any risk, regardless of how the risk is labeled by the institution or regulators, that an action or activity, or combination of actions or activities, or lack of actions or activities, of an institution could negatively impact public perception of the institution for reasons not clearly and directly related to the financial condition of the institution.

PART 30-SAFETY AND SOUNDNESS STANDARDS

Appendix B, Supplement A [Amended]

Appendix C to Part 30 [Amended]

Appendix D to Part 30 [Amended]

Appendix E to Part 30 [Amended]

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Chapter III

Authority and Issuance

For the reasons set forth in the preamble, the FDIC proposes to amend parts 302 and 364 of chapter III of title 12 of the Code of Federal Regulations as follows:

PART 302-REGULATIONS GOVERNING BANK SUPERVISION

Subpart A-Use of Supervisory Guidance

Subpart B-Prohibition on Use of Reputation Risk by Regulators

Sec.

Subpart B-Prohibition on Use of Reputation Risk by Regulators

(a) The FDIC will not criticize, formally or informally, or take adverse action against an institution on the basis of reputation risk.

(b) The FDIC will not require, instruct, or encourage an institution, or any employee of an institution, to:

(1) Refrain from contracting or doing business with a third party, including an institution-affiliated party, on the basis of reputation risk;

(2) Terminate a contract or discontinue doing business with a third party, including an institution-affiliated party, on the basis of reputation risk;

(3) Sign a contract or initiate doing business with a third-party, including an institution-affiliated party, on the basis of reputation risk; or

(4) Modify the terms or conditions under which it contracts or does business with a third party, including an institution-affiliated party, on the basis of reputation risk.

(c) The FDIC will not require, instruct, or encourage an institution, or any employee of an institution, to terminate a contract with, discontinue doing business with, sign a contract with, initiate doing business with, modify the terms under which it will do business with a person or entity, or take any action or refrain from taking any action on the basis of the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or solely on the basis of the person's or entity's involvement in politically disfavored but lawful business activities perceived to present reputation risk.

(d) The prohibitions in paragraphs (a) through (c) of this section only apply to actions taken on the bases described in paragraphs (a) through (c) of this section, and the prohibition in paragraph (c) of this section shall not apply with respect to persons, entities, or jurisdictions sanctioned by the Office of Foreign Assets Control.

(e) Nothing in this section shall restrict the FDIC's authority to implement, administer, and enforce the provisions of subchapter II of chapter 53 of title 31, United States Code.

(f) The FDIC will not take any supervisory action or other adverse action against an institution, a group of institutions, or the institution-affiliated parties of any institution that is designed to punish or discourage an individual or group from engaging in any lawful political, social, cultural, or religious activities, constitutionally protected speech, or, for political reasons, lawful business activities that the supervisor disagrees with or disfavors.

(g) The following definitions apply in this section:

Adverse action includes:

(i) Any negative feedback delivered by or on behalf of the FDIC to the supervised institution, including in a report of examination or a formal or informal enforcement action;

(ii) A downgrade, or contribution to a downgrade, of any supervisory rating, including, but not limited to:

(A) Any rating under the Uniform Financial Institutions Rating System (or any comparable rating system);

(B) Any rating under the Uniform Interagency Consumer Compliance Rating System;

(C) Any rating under the Uniform Rating System for Information Technology;

(D) Any rating under any other rating system;

(iii) A denial of a filing pursuant to 12 CFR part 303 of the FDIC's regulations;

(iv) Inclusion of a condition on a deposit insurance application or other approval;

(v) Imposition of additional approval requirements;

(vi) Any other heightened requirements on an activity or change;

(vii) Any adjustment of the institution's capital requirement; and

(viii) Any action that negatively impacts the institution, or an institution-affiliated party, or treats the institution differently than similarly situated peers.

Doing business with means:

(i) The bank providing any product or service, including account services;

(ii) The bank contracting with a third party for the third party to provide a product or service;

(iii) The bank providing discounted or free products or services to customers or third parties, including charitable activities;

(iv) The bank entering into, maintaining, modifying, or terminating an employment relationship; or

(v) Any other similar business activity that involves a bank client or a third party.

Institution means an entity for which the FDIC makes or will make supervisory determinations or other decisions, either solely or jointly.

Institution-affiliated party means the same as in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813(u)).

Reputation risk means any risk, regardless of how the risk is labeled by the institution or regulators, that an action or activity, or combination of actions or activities, or lack of actions or activities, of an institution could negatively impact public perception of the institution for reasons not clearly and directly related to the financial condition of the institution.

PART 364-STANDARDS FOR SAFETY AND SOUNDNESS

Appendix B to Part 364 [Amended]

[FR Doc. 2025-19715 Filed 10-29-25; 8:45 am]

BILLING CODE 4810-33-6714-01-P

⁽¹⁾  90 FR 38925 (Aug. 7, 2025).

⁽²⁾  In carrying out its responsibility, the OCC has refined its examination program based on more than 160 years of experience supervising financial institutions and monitoring developments in the financial industry. In the late 1980s and the 1990s, the OCC and other financial regulators shifted toward supervision frameworks that were organized by particular risks. In 1995, the OCC launched an examination program it called "supervision by risk" that led to the current risk-based supervision approach to examinations. In the supervision by risk program, the OCC focused on nine categories of risk: credit risk, interest rate risk, liquidity risk, price risk, foreign exchange risk, transaction risk, compliance risk, strategic risk, and reputation risk. The program later morphed into the OCC's current risk-based framework, which focuses on eight risk categories, with transaction risk renamed as operational risk and foreign exchange risk eliminated as a stand-alone risk. This risk-based supervision program focuses on evaluating risk, identifying existing and emerging problems, and ensuring that bank management takes corrective action to address problems before a bank's safety and soundness is compromised. Similarly, as regulators shifted toward risk-based supervision in the 1990s, the FDIC added references to reputation risk to manuals and guidance, and supervisors cited reputation risk in formal and informal enforcement actions in subsequent years. Generally, the FDIC's supervision framework has evaluated a variety of risks, such as liquidity risk, interest rate risk, operational risk, and reputational risk.

⁽³⁾  12 U.S.C. 1.

⁽⁴⁾ See 12 U.S.C. 1811 et seq. The FDIC also insures the deposits of insured depository institutions and manages receiverships of failed depository institutions.

⁽⁵⁾ See 12 U.S.C. 1819(a), 1820(a).

⁽⁶⁾  12 U.S.C. 1819(a)(Tenth), 1820(g).

⁽⁷⁾  12 U.S.C. 93a.

⁽⁸⁾  15 U.S.C. 5311 et seq.

⁽⁹⁾ Id.

⁽¹⁰⁾ See, e.g., 12 U.S.C. 1816 (requiring the FDIC to consider, among other things, the "general character and fitness of the management of the depository institution" in an application for deposit insurance); 12 U.S.C. 1817(j)(2)(B) (requiring the agencies to "conduct an investigation of the competence, experience, integrity, and financial ability of each person named" as a proposed acquirer of an institution following a notice of a proposed change in control of a depository institution).

⁽¹¹⁾  Public Law 81-797, 64 Stat. 873 (codified at 12 U.S.C. 1813(u)).

⁽¹²⁾  12 CFR 1.5(a). The OCC added reputation risk between the proposal and finalization of the regulation. See 60 FR 66157, 66161 (Dec. 21, 1995); 61 FR 63980, 63985 (Dec. 2, 1996).

⁽¹³⁾  12 CFR part 30, appendices B, C, D, and E. The OCC and other agencies jointly issued supplement A to appendix B pursuant to 15 U.S.C. 6801 and then-existing guidance. 70 FR 15737 (Mar. 29, 2005). Fifteen U.S.C. 6801(b) requires each relevant agency to establish appropriate standards, but it does not require joint issuances or references to reputation risk. The OCC issued appendix C pursuant to 12 U.S.C. 1831p-1, which allows the prescription of several types of standards but does not refer to reputation risk. See 70 FR 6329 (Feb. 7, 2005); 12 U.S.C. 1831p-1. Appendix C includes three references to reputation risk. The OCC issued appendices D and E pursuant to 12 U.S.C. 1831p-1 in furtherance of the goals of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, Public Law 111-203, 124 Stat. 1376. 79 FR 54518 (Sept. 11, 2014); 81 FR 66792 (Sept. 29, 2016).

⁽¹⁴⁾  The proposal would not change 12 CFR 3.101(b) where a definition excludes reputation risk.

⁽¹⁵⁾  Public Law 108-159, 117 Stat. 1952 (codified at 15 U.S.C. 1681-1681x); see 12 CFR 41.90(b)(3)(ii); see also 12 CFR 334.90(b)(3)(ii).

⁽¹⁶⁾ See 15 U.S.C. 1681m(e); 72 FR 63720 (Nov. 9, 2007) (discussing the definition that refers to reputation risk and linking it to 15 U.S.C. 1681m(e)).

⁽¹⁷⁾  12 CFR part 364.

⁽¹⁸⁾  Public Law 106-102, sec. 722, 113 Stat. 1338, 1471 (1999); 12 U.S.C. 4809.

⁽¹⁹⁾  Based on OCC internal Financial Institution Data Retrieval System (FINDRS) with data as of August 1, 2025.

⁽²⁰⁾  We measure the compliance burden by calculating the percentage of recent MRAs that mentioned reputation risk prior to the release of OCC Bulletin 2025-4.

⁽²¹⁾  The bill never became law because it was not passed in the Senate.

⁽²²⁾ See Kunal Sachdeva et al., Defunding Controversial Industries: Can Targeted Credit Rationing Choke Firms?, 172 J. Fin. Econ. 104133 (2025).

⁽²³⁾  Specifically, we used the Python TextBlob package, which calculates a subjectivity score based on the text provided.

⁽²⁴⁾  Call Report data, March 31, 2025.

⁽²⁵⁾  44 U.S.C. 3501-3521.

⁽²⁶⁾  5 U.S.C. 601 et seq.

⁽²⁷⁾  We base our estimate of the number of small entities on the SBA's size thresholds for commercial banks and savings institutions, and trust companies, which are $850 million and $47 million, respectively. Consistent with the General Principles of Affiliation, 13 CFR 121.103(a), we count the assets of affiliated financial institutions when determining if we should classify an OCC- supervised institution as a small entity. We use December 31, 2024, to determine size because a "financial institution's assets are determined by averaging the assets reported on its four quarterly financial statements for the preceding year." See footnote 8 of the SBA's Table of Size Standards.

⁽²⁸⁾  5 U.S.C. 601 et seq.

⁽²⁹⁾  The SBA defines a small banking organization as having $850 million or less in assets, where an organization's "assets are determined by averaging the assets reported on its four quarterly financial statements for the preceding year." See 13 CFR 121.201 (as amended by 87 FR 69118, effective December 19, 2022). In its determination, the "SBA counts the receipts, employees, or other measure of size of the concern whose size is at issue and all of its domestic and foreign affiliates." See 13 CFR 121.103. Following these regulations, the FDIC uses an IDI's affiliated and acquired assets, averaged over the preceding four quarters, to determine whether the insured depository institution is "small" for the purposes of the RFA.

⁽³⁰⁾  2 U.S.C. 1531 et seq.

⁽³¹⁾  2 U.S.C. 1532.

⁽³²⁾  12 U.S.C. 4802(a).

⁽³³⁾  5 U.S.C. 553(b)(4).