Reputation Risk Isn't Gone, It's Yours: A Board's Guide Post-NCUA Shift

Governance
Written By Tom Glatt

The NCUA recently announced a significant shift in its supervisory framework: it will cease using "reputation risk" as a formal category in examinations. Citing the subjective nature of the assessment, the agency aims to ground its oversight in more data-driven conclusions. While this change streamlines the examination process, it does not eliminate reputation risk itself. In fact, it arguably elevates the board's responsibility.

The NCUA isn't saying reputation doesn't matter; it's saying that managing it is a core strategic function of the credit union, not primarily a regulatory compliance item. This shift requires boards to adopt their own clear definition and proactive approach to overseeing this critical, intangible asset.

Defining Reputation Risk: Beyond the Buzzword

For practical governance, we need a working definition. Reputation risk is the potential for negative perception—by members, employees, regulators, or the community—to damage the credit union's brand, erode trust, and negatively impact its financial performance or strategic objectives. It's the risk that what people think about you hurts your business.

Where Reputation Risk Hides: A Board's Field Guide

Reputation risk isn't a standalone category; it's often the consequence of failures in other areas. Here’s where boards should be vigilant:

Governance Failures

Weak internal controls, conflicts of interest, inadequate board oversight, or unethical conduct at the leadership level can lead to significant reputational damage if exposed. Think insider abuse or failure to address member complaints systematically.

Strategic Missteps

Poorly executed mergers, controversial product launches (e.g., predatory fees), inadequate data security leading to breaches, or insensitive marketing campaigns can all alienate members and tarnish the credit union's brand.

Leadership Blind Spots

A board or CEO whose risk personality (per the Risk Type Compass) leads to overly aggressive or overly passive decision-making can expose the credit union to reputational harm. Similarly, a lack of emotional intelligence (EQ) in leadership can result in poor communication during a crisis, further damaging trust. Taking a controversial public stance (or remaining silent) on polarizing social issues also falls into this category.

Governing the Intangible: Integrating Reputation Oversight

Just because the NCUA isn't formally rating reputation risk doesn't mean the board can ignore it. Effective oversight requires integrating it into your existing governance rhythm.

  • Strategic Planning: Explicitly include reputation considerations in your Scenario Planning exercises. Ask: "What external events or internal failures could significantly damage our brand?"

  • Risk Management Framework: Ensure your enterprise risk management (ERM) framework includes specific metrics or qualitative assessments related to brand health, member satisfaction (NPS), and public sentiment.

  • Proactive Governance Calendar: Schedule regular discussions about potential reputational threats. Add agenda items like "Review Social Media Sentiment Report" or "Assess Reputational Impact of New Product Launch" to relevant committee meetings.

The NCUA's decision underscores a fundamental truth: managing your credit union's reputation is not a compliance task to be delegated, but a strategic imperative that belongs in the boardroom. By defining it clearly, identifying potential sources, and integrating its oversight into your governance process, you can protect your most valuable asset: the trust of your members.

Our governance frameworks are designed to help boards proactively manage all forms of strategic risk. To discuss how to integrate reputation oversight into your process, schedule a private consultation.

Tom Glatt
Next

Open Banking: Reshaping Your Credit Union's Business Model