Prohibition on Use of Reputation Risk

Prohibition on Use of Reputation Risk by NCUA

SUPPLEMENTARY INFORMATION:

I. Background and Policy Objectives

Citing reputation risk as a basis for supervisory criticisms can lead to inconsistency and subjectivity in the examination and supervision process, without adding material value from a safety and soundness perspective. To improve the efficiency and effectiveness of the examination and supervision program, the NCUA has removed reputation risk from its supervisory framework and is proposing to codify this change through regulation. These actions align with the requirements in Executive Order 14331, Guaranteeing Fair Banking for All Americans, ⁽¹⁾ that notes the use of reputation risk can be a pretext for restricting law-abiding individuals' and businesses' access to financial services on the basis of political or religious beliefs or disfavored but lawful business activities.

Because assessing reputation risk is subjective, it can lead to confusion and is time-consuming to measure for both examiners and credit unions. Reputation risk is ambiguous and lacks measurable criteria, which leaves it too open to interpretation. Therefore, the agency's supervision for reputation risk could reflect individual perspectives rather than data-driven conclusions. Given the difficulty of measuring reputation risk or quantifying its impact, if any, in an accurate and precise way, it is inappropriate for the agency to examine credit unions for this risk.

While is it important for a credit union to operate in a manner that member-owners view as favorable, credit union management is generally in the best position to identify the business decisions that will positively influence the membership's perception or opinion of the credit union. Examiners are not equipped and should not be expected to gauge public opinion or quantify the impact of member perception on a credit union's financial and operational condition. The highly subjective nature of these determinations creates unpredictability and inconsistency for regulated entities and introduces the potential for political or other biases into the supervisory process. This could result in examiners implicitly or explicitly encouraging or discouraging credit unions to restrict access to credit union services on the basis of examiners' personal views of a group's or individual's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or politically disfavored but lawful business activities. If a credit union alters its behavior to comply with supervisory expectations relating to reputation risk management, such as by closing an account or choosing not to enter into or continue a business relationship with a member or accountholder that it would otherwise maintain, it is forgoing an opportunity to maintain or build a productive relationship within its authorized field of membership that may otherwise be consistent with sound risk management practice.

Even though reputation risk has been assessed as part of NCUA's examination and supervision program for decades, the agency has not seen evidence of reputation risk being a primary driver of unsafe or unsound conditions, or posing a material risk to the National Credit Union Share Insurance Fund (Share Insurance Fund). From a safety and soundness perspective, most activities that could negatively impact a credit union's reputation do so through traditional risk channels (for example, credit risk and liquidity risk, among others). These core financial and operational risk areas are more concrete and measurable and allow examiners to more objectively assess a credit union's safety and soundness.

In addition to not enhancing safety and soundness, focusing on reputation risk can distract credit unions and the agency from devoting resources to managing core financial and operational risks that are quantifiable and have been shown to present significant threats to credit unions. In the judgment of the agency, examining for reputation risk diverts resources that could be better spent on other risks that have been shown to present significant, tangible threats to institutions and that are more easily quantified and addressed through regulatory intervention.

The NCUA is responsible for the supervision and examination of all federally insured credit unions (FICUs), including for safety and soundness principles. ⁽²⁾ In furtherance of these objectives, the agency's supervision should focus on concrete risks and more objective criteria directly related to applicable statutory requirements. In the agency's experience, using reputation risk in its supervisory process does not further this mission.

II. Legal Authority

Under the Federal Credit Union Act (FCU Act), the NCUA examines all FICUs and is required to ensure that all FICUs operate safely and soundly. ⁽³⁾ In particular, 12 U.S.C. 1786(b) compels the agency to act to correct unsafe or unsound conditions or practices in FICUs. Further, under the FCU Act, the NCUA is the chartering and supervisory authority for federal credit unions (FCUs) and the federal supervisory authority for FICUs. ⁽⁴⁾ The FCU Act grants the NCUA a broad mandate to issue regulations governing both FCUs and FICUs. Section 120 of the FCU Act is a general grant of regulatory authority, and it authorizes the Board to prescribe rules and regulations for the administration of the FCU Act. ⁽⁵⁾ Section 207 of the FCU Act is a specific grant of authority over share insurance coverage, conservatorships, and liquidations. ⁽⁶⁾ Section 209 of the FCU Act is a plenary grant of regulatory authority to the NCUA to issue rules and regulations necessary or appropriate to carry out its role as share insurer for all FICUs. ⁽⁷⁾ Accordingly, the FCU Act grants the Board broad rulemaking authority to ensure the credit union industry and the Share Insurance Fund remain safe and sound. Also, the NCUA has statutory authority to determine whether FICUs are operated in an unsafe or unsound manner and terminate a FICU's insurance if a FICU is not operated in a safe or sound manner. ⁽⁸⁾ Finally, the Board has the authority to adopt such rules as it sees fit for the transaction of its business, which includes oversight of the NCUA's supervisory and examination programs. ⁽⁹⁾

III. Description of the Proposed Rule and Changes

Based on the legal authorities set forth previously, the subjectivity of reputation risk, the limited value of reputational risk at identifying risks to safety and soundness or other statutory mandates, and the potential for distracting examiners and institutions from examining or managing core financial and operational risks, the agency has removed reputation risk from its supervisory framework and is proposing to codify this change in NCUA's regulations. ⁽¹⁰⁾ This proposed rule would be a regulation as defined in section 5 of Executive Order 14192. The proposed rule would be a significant regulatory action for the purposes of Executive Order 12866. The proposed elimination of reputation risk supervision is deregulatory.

The proposed rule would not alter or affect the ability of an institution to make business decisions regarding its members, accountholders, or third-party arrangements and to manage them effectively, consistent with safety and soundness and compliance with applicable laws.

The proposed rule would prohibit the agency from criticizing, formally or informally, rewarding, using in its decision-making process, or taking any adverse action against institutions on the basis of reputation risk. The agency would be prohibited from requiring, instructing, or encouraging an institution or its employees, to refrain from contracting with or to terminate or modify a contract with a third party, including an institution-affiliated party, on the basis of reputation risk. The agency also could not require, instruct, or encourage an institution or its employees to refrain from doing business with or to terminate or modify a business relationship with a third party, including an institution-affiliated party, on the basis of reputation risk. The proposed rule would also prevent the agency from requiring, instructing, or encouraging an institution or its employees to enter into a contract or business relationship with a third party on the basis of reputation risk. The proposed rule would further prohibit the agency from requiring, instructing, or encouraging an institution or its employees to terminate a contract with, discontinue doing business with, or modify the terms under which it will do business with a person or entity on the basis of the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or on the basis of the third party's involvement in politically disfavored but lawful business activities perceived to present reputation risk.

The proposed rule would also prevent the agency from requiring, instructing, or encouraging an institution or its employees to engage in or refrain from acquiring or terminating a relationship with any person or entity within the credit union's authorized field of membership, or person or entity the credit union or institution is otherwise lawfully permitted to serve, on the basis of reputation risk. This prohibition would not affect member service requirements and limitations related to a credit union's field of membership. Similarly, this prohibition would not affect requirements intended to prohibit or reject transactions or accounts associated with Office of Foreign Assets Control-sanctioned persons, entities, or jurisdictions. Such prohibitions and rejections would not be based on the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or politically disfavored but lawful business activities perceived to present reputation risk. The prohibition also does not affect the agency's authority to enforce the requirements of the provisions of United States Code title 31, chapter 53, subchapter II regarding reporting on monetary transactions, field of membership requirements under the FCU Act, administration of Community Development Revolving Loan Fund activities, or any other application decision where federal law mandates the NCUA to consider criteria such as character and fitness or integrity. ⁽¹¹⁾

"Adverse action," as defined by the proposed rule, would include the provision of negative feedback, including written feedback in a report of examination, a document of resolution, oral feedback, or an enforcement action. This definition would only apply to NCUA-initiated adverse actions. NCUA will often jointly examine federally insured, state-chartered credit unions along with the state regulator. In these instances, the state regulator generally will take the lead in issuing the report of examination and any corrective action. If the state regulator elects to examine for reputation risk, NCUA examiners will not participate in these discussions or enforce any resulting supervisory actions taken by the state regulator.

Furthermore, adverse action encompasses any NCUA-led action of any agency employee, including any communication characterized as informal or preliminary. A downgrade (or contribution to a downgrade) of any supervisory rating, including a rating assigned under NCUA's CAMELS ratings system  ⁽¹²⁾ also would constitute an "adverse action" under the proposed rule. Further, an approval or denial of a filing, or an imposition of a discretionary supervisory action under prompt corrective action, on the basis of "reputation risk" would constitute an "adverse action" under the proposed rule, except where federal law requires consideration of reputation-related criteria. This includes any burdensome requirements placed on an approval, the introduction of additional approval requirements, or any other heightened requirements or emphasis on an activity or change.

The agency is also including a general "catch-all" for any other actions, including approval or denial of applications, waivers, and other agency actions or decisions for any party, that could impact the party. This catch-all is meant to include actions such as decisions on applications for waivers, applications to engage in certain business activities for which supervisory permission is required, or other regulatory decisions affecting institutions. The agency believes that most actions would be covered under the other definitions outlined in the regulation but has included this additional "catch-all" to account for any circumstances that may not be apparent or may become applicable as regulatory and supervisory standards change. Additionally, actions subject to this prohibition would include feedback that is oral, a condition attached to an approval, the introduction of new approval requirements, and any other heightened requirements that are intended to force the institution to address perceived reputation risk.

The term "doing business with" in the proposed rule is intended to be construed broadly and to include both business relationships with credit union members, accountholders, and with third-party service providers. It is also intended to include the relationship of an institution with organizations or individuals that the institution is providing with charitable donations or services. This term is intended to include both existing business relationships and prospective business relations.

The term "institution-affiliated party" has the same meaning as in 12 U.S.C. 1786(r).

The proposed rule would define "reputation risk" as the risk, regardless of how the risk is labeled by the institution or by the agency, that an action or activity, or combination of actions or activities, or lack of actions or activities, of an institution could negatively impact public perception of the institution for reasons unrelated to the current or future financial and operational condition of the institution. This definition is intended to include not just risks that the agency or the institution identify as "reputation risks," but any similar risk based around concerns regarding the public's perception of the institution beyond the scope of other risks in the agency's supervisory frameworks. This definition is not intended to capture risks posed by public perceptions of the institution's current or future financial or operational condition because such perceptions relate to risks other than reputation risk. For example, public perceptions that an institution has insufficient liquidity and therefore is susceptible to a run on shares would not be considered reputation risk.

The prohibitions of the proposed rule would apply to actions taken on the basis of reputation risk; political, social, cultural, or religious views and beliefs; constitutionally protected speech; or based on bias against politically disfavored but lawful business activities perceived to present reputation risk. The proposed rule would not prohibit criticism, supervisory feedback, or other actions to address traditional risk channels related to safety and soundness and compliance with applicable laws, including credit risk, interest rate risk, and transaction risk (including cybersecurity, information security, and illicit finance), provided that such criticism, supervisory feedback, or other actions addressing these other risks is not a pretext by examiners aimed at reputation risk.

Under the proposed rule, the NCUA would make one conforming amendment to the NCUA's regulations to eliminate references to reputation risk. The conforming amendment would be made in the stress testing requirements for complex credit unions. ⁽¹³⁾ One other NCUA regulation codified in 12 CFR part 717 refers to reputation risk concerning certain identity theft prevention programs required by the Fair and Accurate Credit Transactions Act of 2003. ⁽¹⁴⁾ However, by statute, guidelines and regulations for these programs must occur jointly across certain federal agencies, ⁽¹⁵⁾ so no conforming amendment is suggested for 12 CFR part 717 at this time. The NCUA will consider making changes to 12 CFR part 717 in a separate, joint rulemaking in the future. Until that separate, joint rulemaking occurs, the NCUA expects to exercise its discretion in enforcing 12 CFR part 717 by using agency resources to assess compliance without regard to reputation risk.

III. Request for Comments

The agency seeks comment on all aspects of the proposed rule, including the following:

1. Do commenters believe the prohibitions capture the types of actions that add undue subjectivity to supervision based on reputation risk? If there are other prohibitions that would be warranted, please identify such prohibitions and explain.

2. Is the definition of "adverse action" in the proposed rule sufficiently clear? Should the definition be broader or narrower? Are there other types of agency actions that should be included in the list of "adverse actions?" Does the catch-all provision at the end of the definition of "adverse action" appropriately capture any agency action that is intended to punish or discourage credit unions on the basis of perceived reputation risk? Is such catch-all provision sufficiently clear?

3. Are commenters aware of any other uses of reputation risk in supervision that should be addressed in this proposed rule? If so, please describe such uses and their effects on credit unions.

4. Do commenters believe the definition of "reputation risk" should be broadened or narrowed? If so, how should the definition be broadened or narrowed? Please provide support for any suggested changes.

5. The proposed definition of "reputation risk" includes risks that could negatively impact public perception of a credit union for reasons unrelated to the credit union's financial condition. Should this be broadened to include reasons unrelated to the credit union's operational condition?

6. Should the list of relationships that would constitute "doing business with" include additional types of relationships?

7. Does the removal of reputation risk create any other unintended consequences for the agency or institutions?

8. Would the proposed rule have any costs, benefits, or other effects that the agency has not identified? If so, please describe any such costs, benefits, or other effects.

9. Should the definition of institution be broadened or are there any other categories of activities that should be excluded from the scope of the rule?

IV. Expected Effects

A. Background

As previously discussed, to improve the efficiency and effectiveness of the supervisory framework, the NCUA is proposing to establish a regulation codifying the removal of reputation risk from its examination and supervision programs.

B. Parties Affected by the Proposal

1. NCUA Regulated Entities Affected by the Rule

The NCUA currently supervises 2,740 FCUs and 1,630 federally insured, state-chartered credit unions (collectively referred to as FICUs). ⁽¹⁶⁾ Because all FICUs were subject to reputation risk assessments, the proposed rule would affect all 4,370 institutions.

2. Other Parties

Because the proposed rule aims to remove the influence of the agency's reputation risk assessments on institutions' member and business relationships, NCUA concludes that the proposed rule could potentially affect all FICUs' current and future members and business partners. It would also affect any other institutions over which the NCUA has or may be granted supervisory authority.

C. Current Legal and Regulatory Baselines

On September 25, 2025, the NCUA issued Letter to Credit Unions 25-CU-05 wherein the agency notified supervised institutions that it was ceasing to use reputation risk in the examination and supervisory process. The NCUA also sent a memo to staff on that same day, instructing staff that they may no longer base supervisory concerns on reputation risk. NCUA employees were notified that they may not refer to or engage in discussions about reputation risk or similar concepts as part of examinations and supervision contacts or other regulatory or supervisory actions (such as waivers, application decisions, or enforcement actions) for a credit union or credit union service organization. The agency is in the process of removing reputation risk from its regulations, policies, manuals, and training materials.

Therefore, the NCUA has already discontinued reputation risk-based supervision as of September 25, 2025. The proposed rule would create a formal, legal mandate to remove reputation risk from NCUA's supervision framework. Effectively, there would be no additional burden, and therefore no compliance costs since reputation risk will not be examined for effective September 25, 2025.

D. Costs and Benefits

Implementing a regulation to prohibit the use of reputation risk in the examination and supervision program will remove uncertainty and the potential for misuse, which inherently will provide benefits to FICUs. The removal of reputation risk will ensure greater consistency and objectivity of supervisory decisions, increasing the predictability for regulated institutions to understand and manage regulators' supervisory expectations. The proposed rule should benefit credit unions and their members by formally eliminating actual or perceived reputation risk-related regulatory restrictions and constraints on member services that would otherwise be permissible.

Other than the inherent benefits described above, the NCUA cannot quantify the number of institutions, or the associated costs, where an institution was criticized for activities because of reputation risk. Nor does the NCUA have the information necessary to quantify the number of institutions that might make changes to their operations based on this change.

V. Regulatory Procedures

A. Providing Accountability Through Transparency Act of 2023

The Providing Accountability Through Transparency Act of 2023 (5 U.S.C. 553(b)(4)) (Act) requires that a notice of proposed rulemaking include the internet address of a summary of not more than 100 words in length of a proposed rule, in plain language, that shall be posted on the internet website under section 206(d) of the E-Government Act of 2002 (44 U.S.C. 3501 note) (commonly known as regulations.gov ).

In summary, the proposed rule would prohibit the agency from criticizing or taking adverse action against an institution on the basis of reputation risk. The proposed rule would also prohibit the agency from requiring, instructing, or encouraging an institution to close an account, to refrain from providing an account, product, or service, or to modify or terminate any product or service on the basis of a person or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or on the basis of politically disfavored but lawful business activities perceived to present reputation risk.

The proposal and the required summary can be found at https://www.regulations.gov.

B. Executive Orders 12866, 13563, and 14192

Pursuant to Executive Order 12866 ("Regulatory Planning and Review"), a determination must be made whether a regulatory action is significant and therefore subject to review by the Office of Management and Budget (OMB) in accordance with the requirements of the Executive Order. ⁽¹⁷⁾ Executive Order 13563 ("Improving Regulation and Regulatory Review") supplements and reaffirms the principles, structures, and definitions governing contemporary regulatory review established in Executive Order 12866. ⁽¹⁸⁾ This proposed rule was drafted and reviewed in accordance with Executive Order 12866 and Executive Order 13563. OMB has determined that this proposed rule is a "significant regulatory action" as defined in section 3(f)(1) of Executive Order 12866 Executive Order 14192 ("Unleashing Prosperity Through Deregulation") requires that any new incremental costs associated with new regulations shall, to the extent permitted by law, be offset by the elimination of existing costs associated with at least 10 prior regulations. ⁽¹⁹⁾ This proposed rule, if finalized as proposed, is not expected to be an Executive Order 14192 regulatory action.

C. Regulatory Flexibility Act

The Regulatory Flexibility Act  ⁽²⁰⁾ generally requires an agency to conduct a regulatory flexibility analysis of any rule subject to notice and comment rulemaking requirements, unless the agency certifies that the rule will not have a significant economic impact on a substantial number of small entities. If the agency makes such a certification, it shall publish the certification at the time of publication of either the proposed rule or the final rule, along with a statement providing the factual basis for such certification. ⁽²¹⁾ For purposes of this analysis, the NCUA considers small credit unions to be those having under $100 million in assets. ⁽²²⁾ The Board fully considered the potential economic impacts of the regulatory amendments on small credit unions.

The NCUA ceased using reputation risk in its supervisory framework effective September 25, 2025, and a review of examination data shows that reputation risk was not frequently used to support corrective actions in reports of examination. As such, this rule will not have a significant economic impact on FICUs in general.

Accordingly, the NCUA certifies the proposed rule would not have a significant economic impact on a substantial number of small credit unions.

D. Paperwork Reduction Act

The Paperwork Reduction Act of 1995 (PRA) applies to rulemaking in which an agency creates a new or amends existing information collection requirements. ⁽²³⁾ For purposes of the PRA, an information collection requirement may take the form of a reporting, recordkeeping, or a third-party disclosure requirement. The NCUA may not conduct or sponsor, and the respondent is not required to respond to, an information collection unless it displays a valid OMB control number. The NCUA has reviewed this proposed rule and determined that it does not create any information collection or revise any existing collection of information. Accordingly, no PRA submissions to OMB will be made with respect to this proposed rule. The NCUA nevertheless invites comments on any PRA implications.

E. Executive Order 13132 on Federalism

Executive Order 13132 encourages regulatory agencies to consider the impact of their actions on state and local interests. The NCUA, a regulatory agency as defined in 44 U.S.C. 3502(5), voluntarily complies with the executive order to adhere to fundamental federalism principles. The proposed rule would affect how NCUA examiners cite or use certain risks in the supervisory process, including for federally insured, state-chartered credit unions. But the proposed rule would not constrain how state regulators apply these same concepts or otherwise change the relationship between NCUA and the state regulators. The rulemaking would therefore not have direct effect on the states, the relationship between the national government and the states, or on the distribution of power and responsibilities among the various levels of government.

F. Assessment of Federal Regulations and Policies on Families

The NCUA has determined that this proposed rule would not affect family well-being within the meaning of Section 654 of the Treasury and General Government Appropriations Act, 1999. ⁽²⁴⁾ While the proposed changes in NCUA's supervision of institutions could expand access to services, the effect would be indirect and not easily quantifiable.

For the reasons stated in the preamble, the NCUA Board proposes to amend 12 CFR parts 702 and 791 as follows:

PART 702-CAPITAL ADEQUACY

PART 791-RULES OF NCUA BOARD PROCEDURE; PROMULGATION OF NCUA RULES AND REGULATIONS; PUBLIC OBSERVATION OF NCUA BOARD MEETINGS; USE OF SUPERVISORY GUIDANCE; PROHIBITON ON USE OF REPUTATION RISK

Subpart A-Rules of NCUA Board Procedure

Subpart B-Promulgation of NCUA Rules and Regulations

Subpart C-Public Observation of NCUA Board Meetings Under the Sunshine Act

Subpart D-Use of Supervisory Guidance

Appendix A to Subpart D

Statement Clarifying the Role of Supervisory Guidance

Subpart E-Prohibition on Use of Reputation Risk by NCUA

Subpart E-Prohibition on Use of Reputation Risk by NCUA

(a) The NCUA will not criticize, formally or informally, or take adverse action against an institution on the basis of reputation risk.

(b) The NCUA will not require, instruct, or encourage an institution, or any employee of an institution, to:

(1) refrain from contracting or doing business with a third party, including an institution-affiliated party, on the basis of reputation risk;

(2) terminate a contract or discontinue doing business with a third party, including an institution-affiliated party, on the basis of reputation risk;

(3) sign a contract or initiate doing business with a third party, including an institution-affiliated party, on the basis of reputation risk; or

(4) modify the terms or conditions under which it contracts or does business with a third party, including an institution-affiliated party, on the basis of reputation risk.

(c) The NCUA will not require, instruct, or encourage an institution, or any employee of an institution, to terminate a contract with, discontinue doing business with, sign a contract with, initiate doing business with, modify the terms under which it will do business with a person or entity, or take any action or refrain from taking any action on the basis of the person's or entity's political, social, cultural, or religious views or beliefs, constitutionally protected speech, or on the basis of the person or entity's involvement in politically disfavored but lawful business activities based on reputation risk.

(d) The prohibitions in paragraphs (a) through (c) apply only to actions taken on the bases described in paragraphs (a) through (c), and the prohibition in paragraph (c) shall not apply with respect to persons, entities, or jurisdictions sanctioned by the Office of Foreign Assets Control.

(e) The prohibitions in paragraphs (a) through (c) apply only to actions taken on the bases described in paragraphs (a) through (c), and the prohibition in paragraph (c) shall not apply with respect to actions taken to comply with statutory or regulatory field of membership requirements, administration of Community Development Revolving Loan Fund activities, or any other application or decision where federal law mandates the NCUA to consider criteria such as character and fitness or integrity.

(f) Nothing in this section shall restrict the NCUA's authority to implement, administer, and enforce the provisions of subchapter II of chapter 53 of title 31, United States Code.

(g) The NCUA will not take any supervisory action or other adverse action against an institution, a group of institutions, or the institution-affiliated parties of any institution that is designed to punish, discourage, or encourage an individual or group from engaging in any lawful political, social, cultural, or religious activities or lawful business activities, constitutionally protected speech, or, for political reasons, lawful business activities that the supervisor disagrees with or disfavors.

(h) Definitions.

(1) "Adverse action" includes:

(A) any negative feedback delivered by or on behalf of the NCUA to an institution, including in an NCUA-issued report of examination or a formal or informal enforcement action;

(B) a downgrade, or contribution to a downgrade, of any supervisory rating, including, but not limited to:

(i) any NCUA rating under the CAMELS ratings system;

(ii) any NCUA rating under any other rating system;

(C) a denial of a filing under any of the NCUA's regulations;

(D) inclusion of a condition on a share insurance application or other approval;

(E) imposition of additional approval requirements;

(F) any other heightened requirements on an activity or change;

(G) any reclassification of a well-capitalized federally insured credit union or imposition of a discretionary supervisory action under NCUA's prompt corrective action rules (12 CFR 702); and

(H) any action that negatively impacts the institution, or an institution-affiliated party, or treats the institution differently than similarly situated peers.

(2) "Doing business with" means an institution:

(A) providing any product or service, including account services;

(B) contracting with a third party for the third party to provide a product or service;

(C) providing discounted or free products or services to customers or third parties, including charitable activities;

(D) entering into, maintaining, modifying, or terminating an employment relationship; or

(E) any other similar business activity that involves an institution's member or accountholder or a third party.

(3) "Institution-affiliated party" means the same as in section 206 of the Federal Credit Union Act (12 U.S.C. 1786(r)).

(4) "Institution" means an entity for which the NCUA makes or will make supervisory determinations or other decisions, either solely or jointly.

(4) "Reputation risk" means any risk, regardless of how the risk is labeled by the institution or the NCUA, that an action or activity, or combination of actions or activities, or lack of actions or activities, of an institution could negatively impact public perception of the Institution for reasons unrelated to the current or future financial condition of the institution.

[FR Doc. 2025-19623 Filed 10-20-25; 8:45 am]

BILLING CODE 7535-01-P

⁽¹⁾  90 FR 38925 (Aug. 12, 2025).

⁽²⁾ See, e.g., 12 U.S.C. 1756, 1781, 1784, 1786, 1789. The NCUA also insures member accounts at all FICUs and manages liquidations of insolvent FICUs.

⁽³⁾  There are several references to safety and soundness principles in the Federal Credit Union Act. See 12 U.S.C. 1757(5)(A)(vi)(I), 1759(d) & (f), 1781(c)(2), 1782(a)(6)(B), 1786(b), 1786(e), 1786(f), 1786(g), 1786(k)(2), 1786(r), 1786(s), and 1790d(h). Similarly, the NCUA requires FICUs to comply with relevant consumer protection statutes and regulations. See, e.g. 12 CFR part 717-Fair Credit Reporting.

⁽⁴⁾  12 U.S.C. 1751 et seq.

⁽⁵⁾  12 U.S.C. 1766(a).

⁽⁶⁾  12 U.S.C. 1787.

⁽⁷⁾  12 U.S.C. 1789(a)(11).

⁽⁸⁾  12 U.S.C. 1786.

⁽⁹⁾  12 U.S.C. 1752a(d). Under 12 U.S.C. 1784, the Board appoints examiners who shall have power, on the Board's behalf, to examine any insured credit union.

⁽¹⁰⁾  This rule would not prohibit actions taken to ensure compliance with statutory and regulatory field of membership requirements.

⁽¹¹⁾  15 U.S.C. 5311 et seq.

⁽¹²⁾  For additional information on NCUA's CAMELS rating system, please see Letter to Credit Unions 22-CU-05.

⁽¹³⁾  12 CFR 702.304(b)(2) requires a complex credit union to consider how it will maintain stress test capital commensurate with its risks, including reputational risk.

⁽¹⁴⁾  Public Law 108-159, 117 Stat. 1952 (codified at 15 U.S.C. 1681-1681x); 12 CFR 717.90(b)(3)(ii) defines a covered account as any other account that the federal credit union offers or maintains for which there is a reasonably foreseeable risk to members or to the safety and soundness of the federal credit union from identity theft, including financial, operational, compliance, reputation, or litigation risks.

⁽¹⁵⁾  See 15 U.S.C. 1681m(e); 72 FR 63720 (Nov. 9, 2007) (discussing the definition that refers to reputation risk and linking it to 15 U.S.C. 1681m(e)).

⁽¹⁶⁾  Based on data accessed using FINDRS on August 1, 2025.

⁽¹⁷⁾  58 FR 51735 (Oct. 4, 1993).

⁽¹⁸⁾  76 FR 3821 (Jan. 21, 2011).

⁽¹⁹⁾  90 FR 9065 (Feb. 6, 2025).

⁽²⁰⁾  5 U.S.C. 601 et seq.

⁽²¹⁾  5 U.S.C. 605(b).

⁽²²⁾  80 FR 57512 (Sept. 24, 2015).

⁽²³⁾  44 U.S.C. 3501-3520; 5 CFR part 1320.

⁽²⁴⁾  Public Law 105-277, 112 Stat. 2681 (1998).