In 2019, 181 CEOs signed a Business Roundtable pledge committing to serving the interests of “all stakeholders,” especially local communities, the environment and investors. This pledge and countless individual company statements that have followed have raised expectations that companies and corporate board members would put greater emphasis on environment, sustainability and governance (ESG) efforts.
Now, regulators, investors and customers are beginning to examine whether companies are living up to those expectations or falling short on executing ESG goals. In many instances, these expectations have proven beyond firms’ capabilities, and a growing number of board members may be personally exposed to risk as a result. A recent Willis Towers Watson survey of corporate leaders found growing concern that “reputational risks could result in potentially crippling business outcomes,” such as loss of income, a reduced customer base, and an inability to retain or attract talented employees.
Meeting these ESG commitments brings several short-term benefits, from inclusion in ESG-focused investment funds to positive media coverage to the approval of customers. But ESG pledges can also present enormous reputation risk if firms do not have a strong reputation risk management program in place. As more companies develop ESG goals, risk professionals have a key role to play to help prevent over-promising and mitigate the disappointment that could accompany failure to meet such highly publicized objectives.
Capital Markets Focus on Reputation Risk
Reputation risk is a threat to an intangible value caused by reductions in net cash flow resulting from the actions of emotionally charged stakeholders. Reputation risk is significantly greater now than in the past because, in the wake of the pandemic, emotions are running high and institutional trust is running low. For example, of the 33,000 people from 28 countries polled in the 2021 Edelman Trust Barometer, a majority believed that leaders in government, business and media are purposely trying to mislead people by saying things they know to be false.
Recognizing the potential reputation risk, investors and analysts are now scrutinizing ESG efforts more closely. For example, Blackrock issued new proxy voting guidelines asking for details on how companies have considered ESG risk factors and the interests of diverse stakeholder groups in their decision-making. The investment firm is also directly examining whether companies have appropriate due diligence and board oversight processes in place.
According to PwC, “Everything from carbon emissions to racial and gender balance to the sustainability of sourcing strategies is under the microscope.” McKinsey has also noted the increasingly prevalent sentiment that, while companies have traditionally thought of ESG as more of a marketing and communications issue, they are now “witnessing firsthand how non-financial risks can significantly affect corporate valuations.”
Bond raters have taken notice as well. Moody’s Investors Service cited ESG risks as a material credit consideration in 85% of its over 8,700 rating actions for private-sector debt issuers in 2020, up from 32% in 2019.
Reputation Risk Perils
The risk of litigation has also multiplied. Courts are upholding claims of reputational damage in shareholder derivative lawsuits and boards are being held accountable for failing to protect this mission-critical asset. While firms once may have felt safe hiding behind the defense that their statements were mere marketing “puffery,” they now have investors scrutinizing their ESG and corporate citizenship statements and considering them material to any investment decisions. In other words, there are now concrete price tags for that puffery.
The perils are not limited to securities and derivative litigation or compliance penalties. Failures to fulfill ESG commitments can result in a range of consequences and losses at the hands of different stakeholders, including reduced sales, vendor credit adjustments, astronomical jury verdicts, regulatory action and the loss of social licenses to operate.
As a result, reputation risk is taking up a larger share of a firm’s enterprise risk management efforts, particularly around governance, leadership, controls and insurance. Just as they build financial controls to give confidence to investors and insure against risks to give board members confidence, companies need to build reputational resilience on an enterprise-wide level.
Reputation risk concentrates at the board level, hence the current level of discomfort. A Delaware court’s decision in In re Caremark International Inc. Derivative Litigation (and later reinforced in Marchand v. Barnhill) established a standard that board directors have a duty of care to oversee that which is mission-critical to the business, including the firm’s reputation.
Board members should be aware of what stakeholders consider to be mission-critical, and must ask probing questions to evaluate how effectively the company’s controls are helping it meet those expectations. Internal audit can help with this process, but the primary communication channel between operations and the board for reputation risk should run through the chief legal officer.
Risk professionals should be working side by side with chief legal officers to facilitate robust enterprise-wide reputation risk management. For example, an integrated enterprise-wide process would enable departments like human resources and external relations to comment on a practice that holds up under regulatory and compliance scrutiny but is going to cause problems among employees and in the community. Investor relations departments could advise on the risks associated with any failure to meet goals set to improve diversity. Government relations could review ESG goals with an eye toward the political fallout if they are not achieved. Each member of this reputational leadership team should consult with their colleagues to determine the costs of meeting and managing stakeholder expectations. Preliminary strategic recommendations would emerge from this enterprise-wide triage process.
Internal controls are usually just associated with financial reporting, but this may be a narrow way of thinking. The SEC defines controls as “a specific set of policies, procedures and activities designed to meet an objective” and further states that a control’s impact “may be entity-wide.” Controls should be at the heart of the operations of the reputation leadership team as well.
In the realm of reputation risk management, controls comprise detailed processes that affect ethics, safety, security, sustainability, innovation and quality. Reputation risk hazards include the absence of controls, inconsistent application of the controls, and willful violation of controls. Reputation risk causes financial loss when the failure of reputation risk management controls and processes leaves stakeholders feeling disappointed and angry.
To develop strong controls, companies must assess the expectations of each stakeholder group, corporate capabilities, the costs of adaptation and the costs of disappointment. It can also be helpful to frame these in the context of external events and historical trends. Other controls include communications strategies that can enable stakeholders to understand, appreciate and value an effective enterprise reputation risk management program.
Once a robust reputation risk management process is in place, risk managers can retain third parties, such as reputation insurance underwriters or consultants, to conduct an additional, objective process analysis, perform quantitative risk modeling, and offer guidance on options for risk financing and risk transfer.
ESG insurance is also available to protect corporate directors and address the fundamental challenge implied by the ESG movement, which is to consider both the interests of stakeholders in environmental stewardship, social justice, and dutiful governance, and the interest of shareholders in maximum sustainable returns. It offers payments for the wide range of costs a firm may incur on behalf of the board or individual directors as it looks to restore reputation and improve reputation resilience around ESG issues.
The analysis of reputation leadership, governance and controls that is required for this insurance coverage could also be the basis for authenticated disclosures such as those being requested by institutional investors like Blackrock, State Street and Vanguard, and by skeptical regulators such as the SEC when its requirements are finally established. Further, the outside validation it provides highlights those companies that deserve a “reputational premium” of an equity boost and lower cost of capital.
Reputation Risk Management Traps and Pitfalls
A common trap for risk professionals is losing control of risk management to marketing executives, compliance counsel or numbers-focused managers who lack the broad understanding of the possible risks and liabilities facing the enterprise. The reputation risk management team should include these different internal stakeholders, but risk professionals should “chair” the integration process. The typical friction in cross-silo teamwork can be eased by stressing that the purpose of the reputation risk assessment and mitigation process is to anticipate and forestall a potentially costly crisis. Complacency can lead to negative outcomes for the team, the organization, and the greater good—after all, ESG goals are meant to benefit all of the above.
Finally, while marketing cannot drive this process, it does play an important role that may sometimes be overlooked. Promoting effective risk management, risk financing and risk transfer to external audiences is key to building a favorable reputation and realizing the sought-after reputation premium.
The Business Roundtable pledge and the overall rise of the ESG movement have set expectations very high and created real reputation risk. Firms will benefit from being able to demonstrate to bond raters and institutional investors alike that they have reputation risk management under control. However, if executives and board members cannot deliver on their promises by ensuring follow-through and measurable progress on ESG initiatives, their stakeholders will make sure they pay the price.