BSP TO REQUIRE IMMEDIATE REPORTING OF ‘REPUTATIONAL RISKS’ FACED BY BANKS
Philippine banks will soon be required to guard against risks to their reputation and immediately report to regulators adverse events—like operational disruptions, liquidity problems, cyber hacking or even problems that explode on social media—that could lead to wider systemic problems in the local financial system.
These new rules were mandated recently by the Bangko Sentral ng Pilipinas (BSP) after its policy making Monetary Board approved guidelines, which set out the supervisory expectations for supervised financial institutions.
The guidelines cover the identification, assessment and management of reputational risks commensurate to their size, nature, operational complexity, overall risk profile and systemic importance.
“As the financial sector continues to evolve and face challenges arising from digital disruption and stiffer competition, financial institutions must be increasingly sensitive to, and vigilant in addressing potentially more damaging reputation events,” BSP Governor Benjamin Diokno said in a statement.
This prudential requirement is part of the BSP’s corporate governance reform agenda to foster good governance and encourage prudent management of risks toward building the resilience of the financial system.
“With the right tools and perspective, financial institutions will be more equipped in preventing and managing reputational threats,” the central bank chief said. “If not properly managed, these reputational concerns may lead to financial losses, negative publicity, and loss of stakeholder
confidence, any of which could have lasting debilitating impact on the institution.”
Reputational risk is closely interlinked with other risk exposures such as credit, market, liquidity, and operational risks, including those arising from cybersecurity threats and negative information in the social media. Such risks may trigger reputational risk or vice versa.
In this respect, the guidelines expect banks to adopt a framework to holistically and actively manage reputational risk across the organization and within the conglomerate or group to which they belong. The roles and responsibilities of personnel across the organization in relation to the implementation of such framework shall be clearly communicated and disseminated.
The rules give banks the flexibility to design and implement their reputational risk management function, which may be a stand-alone function or integrated with other risk management functions depending on how reputational risk exposures being managed.
Banks may continue to use their existing measures or consider adopting the tools suggested in the guidance to identify and assess reputational risks relevant to their business and industry.
Banks must report to the BSP within five calendar days from its determination of any reputation event, including issues arising within the different social media platforms, that may have an adverse effect on their relevant stakeholders and lead to a full-blown crisis if not responded to in a timely and effective manner.
Meanwhile, in cases of operational risk events, major cyber-related incidents or disruption of financial services and operations, or liquidity shortfall, banks shall comply with the notification/reporting requirements prescribed under existing regulations.
The regulator is giving its supervised financial institutions one year to fully comply with the guidelines on reputational risk management. are