RR-3.1.9
(a) Policy, definition of roles, codes of conduct, guidelines and procedures which guide staff behaviour and conduct, and set boundaries for staff actions, in particular the boundaries for unacceptable practices;
(b) Consideration of the potential impact of its strategy and business plans and, more generally, of its behaviour on its reputation;
(c) Addressing reputational risk in a precautionary manner, for example by setting limits or requiring approval for allocating capital to specific countries, sectors or persons and/or whether its contingency plans address the need to deal proactively with reputational issues in the event of a crisis;
(d) Risk identification, assessment and control which provides a systematic process for identifying and assessing the risks affecting reputation, including the setting of appropriate response actions to control the risks;
(e) Risk monitoring and reporting which ensures that the progress of carrying out agreed response plans is adequately monitored, any changes to the status of the risks concerned is regularly reviewed, and early warning systems are in place for identifying emerging threats, to ensure that prompt corrective actions are taken to address those threats;
(f) Communications and disclosures which enable meaningful, transparent and timely information to be provided to stakeholders to better their understanding of the bank's performance and future prospects, and to retain their confidence; and
(g) Independent reviews and audits which give assurance that the risks affecting reputation have been adequately understood and properly controlled throughout the bank.
July 2018