BSP to require ‘reputational risk’ reports from banks
MANILA, Philippines—Philippine banks will soon be required to guard against risks to their reputation and immediately report adverse events—like operational disruptions, liquidity problems, cyber hackings or even problems that explode on social media—that could lead to wider systemic problems in the local financial system.
The new rules were mandated recently by the Bangko Sentral ng Pilipinas (BSP) after its policy making Monetary Board approved guidelines on the expectations for supervised financial institutions.
The guidelines cover the identification, assessment, and management of reputational risks commensurate to their size, nature, operational complexity, overall risk profile and systemic importance.
“As the financial sector continues to evolve and face challenges arising from digital disruption and stiffer competition, financial institutions must be increasingly sensitive to, and vigilant in addressing potentially more damaging reputation events,” BSP Governor Benjamin Diokno said in a statement.
This requirement is part of the BSP’s corporate governance reform agenda to foster good governance and encourage prudent management of risks toward building the resilience of the financial system.
“With the right tools and perspective, financial institutions will be more equipped in preventing and managing reputational threats,” the central bank chief said.
“If not properly managed, these reputational concerns may lead to financial losses, negative publicity, and loss of stakeholder confidence, any of which could have lasting debilitating impact on the institution,” Diokno said.
Reputational risk is closely linked with other risk exposures like credit, market, liquidity, and operational risks, including those arising from cybersecurity threats and negative information on social media. Such may trigger reputational risk or vice versa.
In this respect, the guidelines expect banks to adopt a framework to holistically and actively manage reputational risk across the organization and within the conglomerate or group to which they belong.
The roles and responsibilities of personnel across the organization in relation to the implementation of such framework shall be clearly communicated and disseminated.
The rules give banks the flexibility to design and implement their reputational risk management function, which may be a stand-alone function or integrated with other risk management functions depending on how reputational risk exposures are being managed.
These banks may continue to use their existing measures or consider adopting the tools suggested in the guidance to identify and assess reputational risks relevant to their business and industry.
Banks must report to the BSP within five calendar days from its determination of any reputation event, including issues arising within the different social media platforms, that may have an adverse effect on their stakeholders and lead to a full-blown crisis if not responded to in a timely and effective manner.
In cases of operational risk events, major cyber-related incidents or disruption of financial services and operations, or liquidity shortfall, banks shall comply with the notification and reporting requirements prescribed by existing regulations.
The BSP is giving its supervised financial institutions one year to fully comply with the guidelines on reputational risk management.
TSB
