For three years, a firearms retailer in Fort Worth kept getting the same letter from different banks: account closed, no further explanation. He was not behind on payments. He was not under investigation. He sold a legal product, but compliance departments at three separate institutions decided his business posed a risk they did not want on their books. Starting June 9, 2026, the federal agencies that supervise those banks will formally prohibit the category of risk that made closures like his possible.
The FDIC, the Office of the Comptroller of the Currency (OCC), and the Federal Reserve have finalized a joint regulation that eliminates “reputation risk” from the supervisory framework federal examiners use when evaluating banks. Published in the Federal Register on April 10, 2026, the rule carries a 60-day implementation window. Once it takes effect, examiners can no longer pressure banks to drop customers over reputational concerns, and banks can no longer invoke that rationale to justify shutting accounts held by lawful businesses or individuals.
What the rule actually does
The FDIC laid out the practical requirements in Financial Institution Letter FIL-13-2026, directing every supervised bank to strip reputation risk language from internal examination manuals and stop using it as grounds for restricting customer access. The companion Federal Register document (FR Doc. 2026-06947) locks in the final regulatory text.
The OCC went further, explicitly tying the rule to Executive Order 14331, titled “Protecting Americans From Political Discrimination in the Financial System,” which directed federal agencies to address what the administration described as politically motivated account closures. In its public announcement, the OCC stated that reputation risk “can be a pretext for restricting access based on political or religious beliefs” or lawful business activities. That language matters: it converts years of informal complaints from affected businesses and advocacy groups into an official finding by a federal banking regulator.
The evidentiary groundwork was laid months earlier. The OCC conducted a targeted review of debanking practices at the nine largest national banks, covering the period from 2020 through 2023. Examiners examined internal policies, risk frameworks, and individual case files involving customers in sensitive sectors, including firearms dealers, cryptocurrency firms, and politically active organizations that reported losing access to basic banking. The findings from that review became the foundation for the regulation now weeks from taking effect.
On top of the rule itself, according to the OCC’s public guidance, Bulletin 2025-22 instructs examiners to weigh politicized or unlawful debanking when evaluating charter applications, licensing decisions, and Community Reinvestment Act (CRA) performance ratings. In practical terms, a bank that systematically shuts out lawful but disfavored customers could face consequences when it tries to merge with another institution, open new branches, or earn favorable CRA scores. Together, these measures create a layered enforcement structure that goes well beyond deleting a phrase from a manual.
Why this fight predates the current administration
The tension between banks and lawful-but-controversial industries did not start in 2025. During the Obama administration, the Department of Justice ran Operation Choke Point, a program that pressured banks to sever relationships with payday lenders, firearms dealers, and other businesses the government classified as high-risk. The program drew criticism from both parties and was formally wound down, but many of the same dynamics persisted in bank compliance culture long after the policy ended.
Cryptocurrency firms experienced a sharp version of this during the early 2020s. Venture capitalist Nic Carter popularized the term “Operation Choke Point 2.0” in a widely cited 2023 analysis describing what he and others in the digital-asset industry saw as a coordinated federal effort to deny banking services to crypto companies. Several firms, including Custodia Bank, publicly documented their struggles to obtain or maintain banking relationships during that period.
Religious organizations and conservative advocacy groups have reported similar experiences: accounts frozen or closed, sometimes with little notice and no detailed explanation. Individual cases are difficult to verify without access to internal bank records, but the volume of complaints grew large enough to prompt congressional hearings and, ultimately, the executive order and rulemaking now reaching the finish line.
What the rule does not do
For all its significance, the regulation leaves several gaps that will determine whether it changes daily reality for affected customers.
Neither the FDIC nor the OCC has released aggregate data on how many accounts were closed for reputation-related reasons during the 2020 to 2023 review window. Without those numbers, gauging the true scale of the problem or identifying whether closures were concentrated in particular regions, industries, or demographic groups remains difficult.
Enforcement mechanics are also partly undefined. The rule bars examiners from using reputation risk as a supervisory tool, but it does not spell out specific penalties for banks that close accounts for what amounts to the same reason under a different label. Banks retain broad authority under their account agreements to end relationships for business reasons, and the line between a legitimate credit or fraud-prevention decision and a politically motivated closure can be razor-thin.
The rule does not create a new private right of action. Customers who believe they were debanked for political or religious reasons will still need to file complaints through existing channels: agency ombudsman offices, consumer protection hotlines, and the Consumer Financial Protection Bureau. Regulators could use patterns in those complaints to trigger targeted reviews, but no formal process for doing so has been detailed in the published documents.
Credit unions, fintechs, and nonbank payment processors fall outside the rule’s direct reach. The regulation governs banks supervised by the FDIC, OCC, and Federal Reserve and shapes the behavior of federal examiners rather than state regulators. Banks operating under dual state and federal supervision may face conflicting expectations that take months to reconcile.
Industry reaction has been cautious
Major banking trade groups, including the American Bankers Association, have not publicly opposed the rule but have signaled concern about how examiners will distinguish between legitimate risk management and prohibited reputation-based decisions. Compliance officers at large institutions face a practical puzzle: many of the internal frameworks they built over the past decade wove reputational considerations into broader risk assessments. Untangling those threads by June 9 will require more than a find-and-replace exercise in policy manuals.
On the other side, advocacy organizations representing firearms retailers, cryptocurrency businesses, and religious nonprofits have welcomed the rule as overdue. The Blockchain Association called it “a necessary correction” in a statement following the Federal Register publication. Whether that optimism holds will depend on what enforcement looks like in practice.
How enforcement will shape what this rule actually means
The real test begins after June 9. Banks may simply relabel their internal risk categories, swapping “reputation risk” for “operational risk” or “strategic risk” when exiting relationships they would rather not maintain. Examiners will have to decide how aggressively they look behind those labels.
The first post-rule supervisory cycle will be the clearest indicator. If CRA evaluations and charter decisions start reflecting debanking concerns in a meaningful way, banks will have a financial incentive to change behavior. If enforcement stays light, the rule risks becoming a symbolic gesture: a formal disavowal of a practice that quietly continues under new terminology.
As of late May 2026, the federal government has told its own examiners that reputational discomfort is not a valid reason to push a lawful customer out of the banking system. For the firearms dealer who cycled through three banks, the crypto startup that cannot get a checking account, or the religious charity that has been turned away without explanation, that directive carries real weight. Whether it holds up once it collides with the daily reality of bank compliance departments, and the political pressures that created the problem, is the question that June 9 begins to answer.
Warren Cohen is a finance writer based in Phoenix, Arizona, covering personal finance topics including credit, banking, and beginner investing. He earned his degree in business administration from Arizona State University and began his career working in consumer finance, where he gained direct experience with lending and credit systems. He now writes for personal finance websites and fintech platforms, focusing on clear, practical content that helps readers make informed financial decisions.
