How Risk Managers Can Take Charge of Reputation Risk

 
 

reputation risk management

Reputational crises and the losses they cause occur with such regularity that nine out of 10 S&P 500 companies now disclose that reputational risks, in addition to all their underlying operational risks, are material perils. They affect companies at all stages, as evidenced by Uber, which informed potential investors no less than 60 times through its S1 filing that reputation is an asset with risk, that its reputation was already damaged, or that “failure to rehabilitate [Uber’s] brand and reputation will cause [the] business to suffer.”

Reputational risk carries legal jeopardy as well, with Financial Times specialist service Agenda reporting that 25 complaints were filed or amended in federal court in the past 12 months that alleged (at least in part) board-level responsibility in connection with corporate reputational damage. Only six such cases were filed in the preceding year.

But what are companies doing to mitigate this risk? With all the attention to and disclosure of reputation risk, why is it primarily still considered a marketing function, to be addressed through corporate social responsibility (CSR) campaigns and other marketing and PR tactics? And are these tactics working?

CSR Investment Effectiveness

Companies are spending huge sums on CSR programs designed to build their brands and distinguish themselves from competitors. Many specifically seek to create an overall halo effect that enhances their reputation and insures against any future event’s damaging effects. Of the 25 cases where litigants cited reputational damage, several have highlighted the importance of CSR, environmental sensitivity or community engagement in various public filings. At least two disclose CSR investments in excess of $1.5 billion over the past 10 years.

JP Morgan Chase reported that $23 trillion dollars is currently invested in funds that invest in socially responsible companies. As that sum represents 30% of all U.S.-based investments, and 50% of all European investments, the idea must appeal to many investors on some level, although most likely recognize that the performance of these funds is undistinguished.

More relevant is whether CSR initiatives are actually effective at insuring reputations, as currently handled by marketing departments. It did not help BP after the Gulf spill that its marketing continued to brand the company as “Beyond Petroleum.” It did not help Wells Fargo to air television commercials harkening back to its roots and committing to “making things right” and “earning back your trust” just as additional scandals about the company’s financial activities were breaking. And marketing statements did not help during environmental litigation against Carnival Cruise Lines, as the judge noted, “Obviously, they talk the talk, but they aren’t walking the walk.”

The SEC has extracted a $5 million settlement from SeaWorld and its CEO because the company “described its reputation as one of its ‘most important assets,’ but it failed to disclose the adverse impact [of a documentary that portrayed the company negatively].” Meanwhile, shareholders in a derivative suit expect to extract $320 million from Wells Fargo’s board and executives for breaching their fiduciary duties and failing at multiple levels in “overseeing reputation risk” and “the company’s reputation risk management framework.”

Companies may devote resources to feel-good marketing and CSR campaigns that, in reality, are tangential to what is needed for actual reputational protection and resilience. At worst, they create unrealistic expectations that inevitably cause stakeholder disappointment when a company’s actual performance fails to measure up.

This disappointment can lead to enterprise-wide losses from shrinking revenue and rising costs as customers depart and employees, suppliers, creditors and investors lose faith in the company, and litigators and regulators take notice. And stakeholder expectations cannot be restored by actions that may be good for the world, but do not impact business performance.

Reputation as a Risk Management Responsibility

So how should companies proceed?  Risk managers are already empowered to analyze operations and bring together resources from disparate silos to anticipate and mitigate enterprise-wide risks. They need to exercise this power to extract from each silo a reputation risk schedule comprising three key pieces of information: 1) Who are the stakeholders who would be disappointed if the silo failed in its execution; 2) What behaviors would arise from their disappointment; and 3) What would the expected economic impact be?

For example, an enterprise risk management (ERM) approach would recognize the reputational implications of claiming a “zero tolerance” policy on sexual harassment and facing a case of sexual harassment against the company. An ERM-based approach would include examining systems through the company to ensure that operations and governance were aligned with expectations, and recognizing the potential reputational costs caused by any such allegations. It would put in place warranties by outside third-parties designed to mitigate damage, and insurance products to cushion any financial blows.

Corporate directors are most likely to be blamed when companies fail to meet the expectations they themselves have set, and new Department of Justice (DOJ) policy emphasizes that “pursuing individuals responsible for wrongdoing will be a top priority in every corporate investigation,” meaning that individual executives and board members are more likely to become targets. The moment a negative spotlight shines on individual directors, they become less attractive to the board in question and to other boards on which they serve, leading to a loss of future income and opportunity to continue serving companies in good faith. And Directors and Officers (D&O) coverage will not help them. It holds no sway in the court of public opinion and cannot indemnify against lost future income.

To avoid these outcomes, boards can empower risk managers to mitigate, finance and transfer reputation risk, just like they do with other corporate perils. To mitigate risk, risk managers should guide management away from marketing claims and CSR projects that only raise expectations and ring hollow when compared to reality, but do not materially affect performance or outcomes. They need to develop the reputation risk schedule described above to determine which would be the most reputationally costly failures.

To mitigate the most-costly scenarios, they need both a traditional operational risk management strategy and a non-traditional expressive strategy. In other words, they need to deploy strategic third-party warranties that show their stakeholders their governance and back up that validation with insurance products. This is precisely the sort of integrated risk management, risk financing, and insurance and warranty-based risk transfer activities that risk professionals are trained and experienced in.

Board members also need a clear, simple and credible narrative describing the actions their company is taking to confront reputation risk. Third party validation and warranties—financial products that tell marketing-like stories that are simple, easy to understand, and completely credible—deter and protect against attacks on individual board members simply because it is more difficult to attack someone whose actions have already been vetted and deemed dutiful by third-party insurers. Large blocks of contingent capital available through captive insurance vehicles also tell a compelling story to creditors and suppliers; primary insurance and reinsurance for the captives tell compelling stories to regulators, employees, and customers.

Facing an environment in which economic bad news often seems to require a corporate villain, in which politicians can harness public anger and direct it toward corporate leaders, and in which social media allows individuals to air their concerns against virtually any target, corporate leadership needs to reorient themselves when it comes to defining reputation, reputational value and reputational peril, lest they risk marketing themselves toward disaster.

 
Nir Kossovsky

More articles by »

About the Author

Nir Kossovsky, M.D., is CEO and director of Steel City Re.

 
 
 

Leave a reply

required

required

optional