Reputational Risk Isn’t Going Away Just Because Regulators Changed the Label

As published in CUInsight on December 8, 2025.

When the NCUA announced in September 2025 that it was eliminating “reputation risk” as a formal part of the examination and supervisory process, a lot of credit union leaders exhaled. Maybe this meant fewer subjective criticisms. Maybe this meant less second-guessing of tough business decisions.

But here’s the uncomfortable truth: Your credit union’s reputation is just as fragile, just as exposed, and now the responsibility is even more squarely on the shoulders of the credit union’s board and executives.

This story isn’t about a risk that disappeared. It’s about a label that changed.

What exactly did NCUA change?

On September 25, 2025, NCUA announced that it has “ceased using reputation risk and equivalent concepts in the examination and supervisory process.” The move was explicitly tied to White House Executive Order 14331, which directs federal banking regulators to remove the use of reputational risk or similar ideas when they could lead to politicized or unlawful “debanking.”

In its follow-up Letter to Credit Unions (25-CU-05), NCUA clarified several key points:

Effective September 25, 2025, examiners will no longer base supervisory concerns on reputational risk, nor refer to reputational risk in exams or supervision contacts.
However, “key review areas” historically classified under reputational risk, like financial liabilities tied to active litigation or insider abuse, will still be reviewed as part of exams.
The agency is updating regulations, manuals, and training materials to remove references to reputational risk, and this letter supersedes earlier guidance on the topic.

In the press release, NCUA also noted that it has stopped assigning ratings to all seven risk categories (credit, interest rate, liquidity, transaction, compliance, reputation, strategic) and will instead “focus on addressing material concerns and explaining the credit union’s CAMELS ratings.”

In other words:

The reputational risk “box” on your exam is gone.
The underlying issues that harmed your reputation before are still very much in play.

Members still see you as a trusted alternative

Credit unions continue to enjoy a real trust advantage over banks:

The 2025 J.D. Power U.S. Credit Union Satisfaction Study found that overall credit union satisfaction is 74 points higher than banks, and that CUs outperform banks on every dimension measured—including trust, people, and problem resolution.
The American Customer Satisfaction Index (ACSI) reported that credit unions rebounded 5% in 2024 to a score of 79, after several years of decline, nearly matching banks.

That’s your reputation dividend. But dividends can be spent.

Consumers are less forgiving than ever

Recent research on financial services customers paints a stark picture:

A 2024 identity-security study found 8 in 10 consumers say they would likely switch financial institutions if their data were compromised. Younger customers are even less tolerant; only 7% under age 35 said they’d probably stay after a compromise.
A 2024 global survey found 75% of consumers are ready to switch banks if fraud-protection measures are not strong enough, and a large majority believe their institution bears ultimate responsibility for protecting them from cybercrime.

These studies aren’t about “reputation risk” as a regulatory concept. They’re about real-world member behavior. Whether or not NCUA uses the term, members punish reputational failures with their feet.

The exam label changed, but the exposure didn’t

NCUA is clear that categories of concern formerly housed under reputational risk remain within the scope of safety and soundness and compliance (i.e., litigation, insider abuse, significant control weaknesses, etc.).

A proposed rule published in October 2025 would go further and codify limits on NCUA’s use of reputational risk, while explicitly stating that examiners may still take action on more traditional risk channels, including credit, interest rate, transaction (including cybersecurity and illicit finance), and others, as long as those actions are not a pretext for reputation-based judgments.

Therefore…

You may see fewer explicit references to reputation in exam reports.
You will not see fewer questions about the issues that drive reputational crises: data security, consumer-protection compliance, BSA/AML practices, fair treatment, and governance.

Interpreting the change: Less subjectivity, more leadership responsibility

For many in the movement, the elimination of reputational risk language was a victory against perceived subjectivity in examinations. Advocacy groups praised the move as a way to reduce the chance that examiners could use “reputational risk” to pressure institutions on lawful, but controversial, activities.

That may be true. But it also means:

Your regulator will talk less about your reputation.
Your members, employees, community, and the media will not.

Without a neat reputational-risk section in the exam, the onus shifts even more clearly to:

Boards: to define reputation as a strategic asset and risk.
Risk committees: to embed reputational implications into every major risk discussion.
Executive teams: to own the narrative in good times and bad.

Think of this as NCUA taking down a sign on your dashboard, not removing the engine.

The real drivers of reputational risk haven’t gone away

Here are four realities that make reputational risk as urgent as ever:

1. Cyber incidents and vendor failures

Cyberattacks and data leaks are now a top-tier supervisory concern. NCUA’s own materials characterize cybersecurity as a “top supervisory priority” and a top-tier risk in its enterprise risk management framework, supported by dedicated information-security exam programs and tools.

A single incident can erode years of trust and, as the data above shows, trigger immediate switching.

No matter what your exam report calls it, a breach is a reputational event first, an IT event second.

2. Member expectations about fairness and accountability

Members increasingly expect clarity, transparency, and recourse:

The latest J.D. Power U.S. Credit Union Satisfaction Survey show that credit unions significantly outperform banks in problem resolution, one of the strongest drivers of member loyalty and advocacy.
At the same time, switching intent in U.S. banking is elevated; one recent study by RFI Global found 1 in 4 households are considering changing their main provider, putting trillions in assets “in motion.”

If members perceive your credit union as slow, defensive, or opaque when something goes wrong, even when your legal position is strong, they are more likely than ever to consider leaving.

3. Social media and the court of public opinion

Even if examiners aren’t writing up “reputation risk,” your brand is being examined daily on social platforms, review sites, and community forums.

A service-charge dispute, a denied loan, a controversial account closure; if any of these become a public issue, they will draw scrutiny from local media, advocacy groups, and elected officials.

The absence of a reputational-risk box in your exam does not shield you from:

Viral posts alleging unfair treatment.
Comment-thread investigations from local reporters.
Coordinated campaigns around controversial lending or membership policies.

4. Strategic decisions with reputational consequences

Whether you are:

Entering a new field of membership,
Changing fee structures,
Deepening relationships with higher-risk members or industries, or
Outsourcing major functions to third-party fintech partners,

Each decision carries strategic upside and reputational downside.

Historically, examiners might have pointed to “reputation risk” in these discussions. Going forward, the conversation may be framed more concretely around credit quality, liquidity, operational resilience, and compliance, but the public optics of the decision remain your problem to manage.

Reframe reputation as a cross-cutting risk, not a silo

Instead of treating reputation as a standalone category, embed it in the way your credit union thinks about every major risk:

Credit risk: How will the credit union’s underwriting in new segments be perceived by members and community stakeholders?
Operational/transaction risk: What’s the communications plan if the credit union’s core technology goes down on a payday Friday?
Compliance risk: How will you explain your credit union’s decisions on account closures, fraud refunds, or fee refunds in plain-language terms members accept as fair?
Strategic risk: How will the credit union’s growth strategies (e.g., new products, new partners, digital-only offerings) affect its identity as a member-owned cooperative?

If your enterprise risk management (ERM) framework doesn’t visibly incorporate reputational considerations into these categories, now is the time to update it.

Treat communications as part of safety and soundness

NCUA has recently stated it does not expect the elimination of reputational risk labels to “materially change a credit union’s examination or examination report,” noting that exam reports will be “more streamlined” and focused on material concerns and CAMELS ratings.

But member confidence is still a pillar of safety and soundness. That means:

Crisis communication plans should sit alongside your credit union’s business-continuity and disaster-recovery plans.
Create pre-approved holding statements for likely crisis events (e.g., data breach, prolonged outage, internal fraud, service interruption).
Determine spokespersons and who speaks, through which channels, and in what order (executive leaders, board, staff, members first, then media, social).
Test these plans with tabletop exercises and simulated crises, just as your credit union would test its business continuity plan.

In a world where 8 in 10 consumers say they’d consider switching institutions after a data compromise, your credit union’s ability to communicate quickly and credibly is a form of capital and reputation preservation.

Strengthen governance around reputational implications

The elimination of the reputational-risk label is a strong reminder that the credit union’s board members and executives cannot outsource reputation to regulators.

A credit union should consider:

Board-level discussions: Make “reputation and stakeholder impact” a standing lens for major strategic and risk decisions.
Policies and escalation paths: Ensure your credit union’s policies on account closures, high-profile relationships, and complaint handling include reputational considerations, not just legal checklists.
Metrics and reporting: Track leading indicators of your credit union’s reputation health score (i.e., complaint volumes and themes, social-media sentiment, employee-engagement trends, local media coverage, etc.).

If your board packet rarely includes information on what members, employees, and the community are saying about you, you’re flying partially blind.

Use your trust advantage proactively

The same research that shows your vulnerability also confirms your unique opportunity:

Credit unions score higher than banks on trust, people, digital experience, and problem resolution, and enjoy significantly higher overall satisfaction, underscores the J.D. Power survey.

Your credit union can use that trust advantage to:

Communicate openly about risks and changes. Members will often give your credit union grace if they feel you’re being honest and on their side.
Invest in financial education and transparency, turning complex issues (fraud disputes, data-security practices, lending decisions) into clear, member-friendly explanations.
Tell your credit union’s unique story about cooperative governance, community impact, and member-focused decision-making before a crisis forces you into reactive mode.

Trust is your credit union’s crisis communication “shock absorber” (i.e., crisis communications plan) when something goes wrong. But only if you’re actively maintaining it.

Final thought: A practical checklist for credit union leaders and boards

As your credit union processes NCUA’s change, here are questions to bring to your next board or executive meeting:

Governance & strategy

Where does responsibility for your credit union’s reputation formally sit: board, specific committee, management?
Do your strategic-planning documents explicitly treat reputation as an asset and a risk?

Risk & compliance

Does your ERM framework show how reputation is affected by credit, operational, compliance, and strategic risks under the new exam approach?
Have you revisited your risk-appetite statements and limits considering the removal of reputational-risk scoring?

Crisis readiness

Do you have an up-to-date crisis communications plan that integrates with its business-continuity and incident-response plans?
Have you run a recent crisis tabletop exercise simulating a data breach, major fraud event, or high-profile account controversy?

Member & community lens

Are you regularly reviewing trends in complaints, social media, and local media to understand how you’re being perceived? And vs. competition?
Do you have clear guidelines on how staff communicate with members when something goes wrong?

NCUA’s elimination of “reputation risk” from the risk exam lexicon responds to legitimate concerns about subjectivity and politicization. It will likely lead to cleaner exam reports, clearer CAMELS-focused feedback, and fewer debates about the meaning of a reputational-risk rating.

But NOTHING in the change reduces:

The expectations of your members
The scrutiny of your community and media
The very real business consequences of a damaged reputation

Casey Boggs

ReputationUs

Casey Boggs is a 25-year public relations veteran and founder of two national communications firms, ReputationUs and LT Public Relations. In addition to overseeing business operations, Boggs and the RepUs partner with businesses and nonprofits to enhance, protect and defend their valuable reputations with analytical assessments, strategic planning and any necessary ad hoc support. Boggs is also an international expert on crisis management and cyber security support.

Before founding ReputationUs, Boggs was the public relations director at AIG, one of the world’s largest insurance companies. Prior to AIG, Boggs managed clients for two of the largest public relations agencies, Waggener Edstrom and Weber Shandwick. Before his career in public relations, Boggs was a broadcast buyer for the international advertising agency, Hal Riney & Partners.