When regulators remove a term from their guidance, institutions may interpret it as permission to change their practices. That interpretation creates risk.
Recent revisions to U.S. supervisory materials, including updates to the BSA/AML examination framework, have de-emphasized or removed references to reputational risk in supervisory language. This raises an immediate practical question: if internal decision frameworks were built around that language, what replaces it?
The answer is not simple.
Three Pressure Points Emerging
- Justification gaps in adverse media attention and PEP decisions
When supervisory language provided a shared vocabulary, internal decisions were easier to document and support. Without it, compliance teams may reach the same conclusions with less regulatory support for the underlying reasoning.
A decision can be sound. The supporting regulatory record does not always allow examiners to reconstruct the reasoning, evidence the analysis, or assess consistency with the institution’s risk framework.
- Cross-border inconsistency
A U.S.-supervised institution with European or Latin American counterparties or correspondent relationships operates under multiple regulatory frameworks defined by different regulators. When those regulators are not making the same terminological shift.
Decisions that align with one framework must hold up under others. This requires documentation built for the most demanding standard, not the most permissive one.
In practice, institutions often underestimate this gap, particularly where adverse media rationales are documented for domestic examination but were not designed to withstand scrutiny from examiners operating under different regulatory expectations.
- The gap between decisions and what can be demonstrated under examination
Examiners do not focus only on the outcome of a decision. They assess how institutions apply rules set by regulators in practice. This includes the ability to reconstruct the reasoning, evidence the analysis, and demonstrate alignment with its stated risk appetite.
Where supervisory vocabulary no longer supports that reasoning, it must be rebuild deliberately.
The Multi-Framework Reality
Most institutions do not operate within a single regulatory environment, but across multiple frameworks defined by different regulators. U.S. supervisory signals now sit alongside FATF standards, OFAC sanctions regimes, and European regulatory expectations. Those regulators have not made the same shift in terminology.
These frameworks continue to require institutions to assess risk, including through adverse media exposure, politically exposed persons, and other indicators of elevated risk. The obligation to identify, document, and justify those assessments remains embedded in the rules set by those regulators.
One supervisory framework has removed a commonly used label, without eliminating the underlying exposure.
Terminology may evolve. Exposure remains.
This distinction matters in practice. The underlying exposure that reputational risk language was intended to capture remains embedded in the frameworks institutions continue to answer to. What has changed is the vocabulary available to describe it.
What Sophisticated Compliance Functions Are Doing
Institutions navigating this effectively are not waiting for regulators to introduce new supervisory language. They are reviewing existing decision frameworks, particularly in customer onboarding, adverse media screening, and enhanced due diligence, to identify where reputational risk language performed substantive work versus cosmetic work.
Where reputational risk language was performing substantive work, financial institutions are replacing it with clearer articulation of the underlying risk indicators and how those indicators connect to obligations set by the relevant regulators.
The focus is on making practical decisions that reduce regulatory risk and can be clearly explained under examination.
What Comes Next
The next phase of analysis focuses on two areas: how institutions structure justifications for adverse media and PEP decisions when supervisory terminology shifts, and how those decisions are assessed by examiners across different regulatory frameworks.
The starting point is documentation. Not as a compliance formality, but as the foundation of a clear and consistent decision record that holds up across frameworks.
