Examiners' Growing Misuse of 'Reputation Risk'
It's been five years since the financial crisis began, and banking still has a weaker reputation than the airline industry, big pharma and the energy sector. At least there's someone out there who more likely than not has a decent impression of you: your customer.
The FTC's move to hold payment processors responsible for the deeds of unscrupulous merchants could result in higher prices or less choices for small businesses and consumers.
After the recent downturn, examiners have been placing more emphasis on reputation risk. This emphasis, however, is being applied paternalistically, in a way that is limiting legitimate transactions.
I have heard of examiners advising bankers to terminate relationships with payday lenders because of reputation risk. The examiners are implicitly saying the risk of such association will so damage an institution's reputation as to jeopardize safety and soundness. FDIC training labeled payday lenders as "high risk clients."
Examiners have raised issues of reputation risk in other contexts as well. For instance, a community bank in Minnesota was required to enter into a consent order as a result of allegations concerning that bank's relationship with an online payment processor.
The Federal Deposit Insurance Corp. has promulgated financial institution letters concerning these entities, which process payments for third-party clients. The letters require banks to engage in enhanced due diligence and other steps. The Minnesota bank seemed to take every action required by the letters, yet the FDIC still insisted on a consent order demanding that the bank immediately cease providing such services to that party (and that it comply with the terms of the order before providing services to other processors). Examiners are applying the combination of concerns regarding reputation risk and the FILs well beyond third-party processors to bank customers that provide financial services.
The Office of the Comptroller of the Currency has also imposed an enforcement action on at least one community bank for failing to police a customer that was reputedly a third-party processor. In that case, the national bank had to pay a civil money penalty and provide a multimillion-dollar restitution for its relationship with a merchant processor.
So, what is happening here? Is it that the banking regulators are protecting the public from bankers that are colluding with others by providing access to the banking system to enable such third parties to take advantage of consumers? Or, are some of the bank regulators seeking to preclude certain businesses because regulators believe such enterprises provide services that are inherently harmful to consumers? In short, are the regulators seeking to ban certain products?
We can certainly argue whether that is a proper role for bankers to police customers rather than for those government officials with whom bankers file suspicious activity reports. The current application of reputation risk, as a basis independent of law or regulation, for pressuring bankers to preclude some from the banking system, raises concerns as to where the limits might be of regulatory intrusion.
So, what is a banker to do? Bankers can accept the new environment. If so, they will need to scour their client base to proactively dismiss customers engaged in businesses disfavored by the regulators. Alternatively, banks could seek to comply with regulatory pronouncements while maintaining relationships. Even then, however, bankers should extend the guidance to all financial services business customers.
Still, bankers must confront the increasing use of "reputation risk" as a catch-all to challenge any banking businesses that are disfavored. A February speech by Federal Reserve Gov. Raskin may be instructive. Raskin asked whether regulators should analyze harm to reputation. In other words, can the impact on reputation weigh on safety and soundness? She notes that enterprise value is substantially dependent on intangible assets such as brand and customer loyalty. Accordingly, she notes that regulators have a duty to determine that all risks are fully understood, even those that are not subject to quantifiable measurement or which are not yet realized. She suggests that supervisors should bring to the surface potential loss exposures that may build within a bank or within the industry from increasing reputational risk.
Bankers should consider Raskin's views in evaluating their customer base. To the extent a bank is doing business with an enterprise in a disfavored industry such as online gambling, home-based charities, dating services and drug paraphernalia, the bank should engage in its own analysis of the potential reputational risk. The bank should then document its analysis. In this way, banks can develop defenses to allegations that they are taking reputational risks that endanger their safety and soundness. Otherwise, bankers risk that the examiners will do it for them. Raskin defined reputation as "our perception of the person that is externally derived and not necessarily intrinsic to that individual." She noted that people may not have control over others' perceptions. In other words, parties outside the bank (examiners?) can define reputation risk by their perceptions.
In the context of oversight of risk management, examiners are challenging banking relationships with disfavored businesses. Bankers need to engage in analysis of reputation risk. Otherwise, bankers risk criticism that seemingly knows no bounds and is based on a concept that is endlessly adaptable. It is in bankers' interest to put business activity into an appropriate context from which it can be argued that any reputation risk is manageable.
Peter G. Weinstock leads the Financial Institutions Corporate and Regulatory practice at Hunton & Williams LLP.