Deutsche Bank

Annual Report 2016

Reputational Risk Management

Within our risk management process, we define reputational risk as the risk of possible damage to our brand and reputation, and the associated risk to earnings, capital or liquidity, arising from any association, action or inaction which could be perceived by stakeholders to be inappropriate, unethical or inconsistent with DB’s values and beliefs.

Our reputational risk is governed by the Reputational Risk Framework (the Framework). The Framework was established to provide consistent standards for the identification, assessment and management of reputational risk issues. While every employee has a responsibility to protect our reputation, the primary responsibility for the identification, assessment, management, monitoring and, if necessary, referring or reporting, of reputational risk matters lies with our Business Divisions. Each employee is under an obligation, within the scope of his or her activities, to be alert to any potential causes of reputational risk and to address them according to the Framework.

If a potential reputational risk is identified, it is required to be referred for further consideration within the Business Division through their Unit Reputational Risk Assessment Process. In the event that a matter is deemed to carry a material reputational risk and/or meets one of the mandatory referral criteria, it must be referred through to one of the four Regional Reputational Risk Committees (RRRCs) for further review as the 2nd line of defence. The RRRCs are sub-committees of the Group Reputational Risk Committee (GRRC), which is itself a sub-committee of the Group Risk Committee (GRC), and are responsible for the oversight, governance and coordination of the management of reputational risk in their respective regions of Deutsche Bank on behalf of the Management Board. In exceptional circumstances, matters can also be referred by the RRRCs to the GRRC.

The modeling and quantitative measurement of reputational risk internal capital is implicitly covered in our economic capital framework primarily within operational and strategic risk.