Deutsche Bank

Annual Report 2017

Reputational Risk Management

Within our risk management process, we define reputational risk as the risk of possible damage to our brand and reputation, and the associated risk to earnings, capital or liquidity, arising from any association, action or inaction which could be perceived by stakeholders to be inappropriate, unethical or inconsistent with Deutsche Bank’s values and beliefs.

The Reputational Risk Framework (the Framework) is in place to manage primary reputational risk. It covers the process through which active decisions are taken on matters which may pose a reputational risk, before such risk materializes, and, in doing so, prevent damage to Deutsche Bank’s reputation wherever possible. Reputational risks which may arise from a failure with another risk type, control or process (secondary reputational risk) are addressed separately via the associated risk type framework. The Framework is established to provide consistent standards for the identification, assessment and management of reputational risk issues. While every employee has a responsibility to protect our reputation, the primary responsibility for the identification, assessment, management, monitoring and, if necessary, referring or reporting, of reputational risk matters lies with our business divisions. Each employee is under an obligation, within the scope of his or her activities, to be alert to any potential causes of reputational risk and to address them according to the Framework. Reputational Risk Management has designed and implemented a comprehensive look back and lessons learned process in order to assess and control the effectiveness of the Framework, including in relation to reputational risk identification and referral.

If a matter is identified that is considered to pose, at a minimum, a moderate reputational risk then it is required to be referred for further consideration within the business division through its Unit Reputational Risk Assessment Process (Unit RRAP). In the event that a matter is deemed to pose a material reputational risk then it must be referred through to one of the four Regional Reputational Risk Committees (RRRCs) for further review. In addition to the materiality assessment, there are also certain criteria, known as mandatory referral criteria, which are considered inherently higher risk from a reputational perspective and therefore require mandatory referral to defined Subject Matter Experts (SMEs), e.g. Industry Reputational Risk or Group Sustainability, and/or referral to a Unit RRAP or RRRC.

The RRRCs are sub-committees of the Group Reputational Risk Committee (GRRC), which is itself a sub-committee of the Group Risk Committee (GRC), and are responsible for the oversight, governance and coordination of the management of reputational risk in their respective regions of Deutsche Bank on behalf of the Management Board. In exceptional circumstances, matters can also be referred by the RRRCs to the GRRC.

The modelling and quantitative measurement of reputational risk internal capital is implicitly covered in our economic capital framework primarily within operational and strategic risk.