Reputational Risk Review Process
Credit Suisse uses a wide range of risk management practices to address the diverse risks that could arise from our business activities. Reputational risk is among the key categories of risk considered in that process. Potential reputational risks may arise from various sources, including, but not limited to, the nature or purpose of a proposed transaction or service, the identity or activities of a potential client, the regulatory or political context in which the business will be transacted, and any potentially controversial environmental or social impacts of a transaction.
Reputational risk potentially arising from proposed business transactions and client activity is assessed in the bank-wide Reputational Risk Review Process (RRRP). The Group’s global policy on reputational risk requires employees to be conservative when assessing potential reputational impact and, where certain indicators give rise to potential reputational risk, the relevant business proposal or service must undergo the RRRP.
As part of the RRRP, submissions are subject to review by senior managers who are independent from the business, and may be approved, approved with conditions, or rejected. Conditions are imposed for a number of reasons, including restrictions on the use of proceeds or requirements for enhanced monitoring of a particular issue relating to the client. Any conditions that are imposed as a condition of approval are assigned to a business owner and are systematically tracked to completion, including a four-eye review. Adherence with conditions is monitored to ensure timely completion, with any breaches potentially subject to disciplinary action.
During the course of 2021, the Executive Board Risk Management Committee assumed responsibility for overseeing the reputational risk process and delegates authority to the Global and Divisional Client Risk Committees for transaction level decision-making. A transaction, activity, relationship or submission to the RRRP may be escalated to the Divisional Client Risk Committee (DCRC), or in specific cases, to the Global Client Risk Committee (GCRC), with escalation criteria established to define the necessary governance:
- The DCRCs are jointly chaired by the Divisional Chief Risk Officer and Divisional Chief Compliance Officer and serve as a discussion and decision-making senior management forum for reputational risk, sustainability risk and compliance (including Financial Crime Compliance). They serve as an escalation point for high-risk and complex clients or transactions. The escalation criteria assess both qualitative and quantitative factors of individual client cases.
- The GCRC assesses complex or cross-divisional client and transaction risks arising from reputational risk.