In a world of polycrisis, operational risks that were once delimited can quickly become enterprise reputation crises, characterized by costly stakeholder-driven behaviors. Once-loyal customers boycott products and services, disappointed employees leave, investors sell, lenders adjust interest rates, regulators increase enforcement actions, and disgruntled social license holders protest, any of which can amplify the crisis online at any time.
To a firm’s upper management, the definition of risk worthy of its attention is “enterprise risk”—threats to an organization’s strategy and objectives. With the surge in the severity of losses in an enterprise crisis, allocating resources to risk management can reliably become upper management’s preferred strategy on two conditions: if risk professionals can predict when risks of enterprise exposure might surge, and if managing the risk of a surge means mitigating the markedly amplified enterprise costs and long tail of reputation risk. Thankfully, risk managers have the tools and strategies to predict and prevent reputation damage.
Many major crises can be averted if companies commit to managing risks with an eye on the potential for cascading enterprise reputation risk. Integrating this principle into risk strategies for enterprise perils and broad decision-making can also favorably influence capital costs, earnings multiples, and reduce the potential for share-selloffs and stakeholder disengagement. Risk professionals should consider the following strategies to help mitigate the impact of reputational crises on their businesses:
Recognize When the Stakes Are Higher
One of the costs of managing risk in silos is a loss of perspective. In a polycrisis environment, the din of risk is constant and this constancy breeds complacency. The materiality of operational or economic risks may not be fully appreciated by risk management—or senior management—until it becomes painfully obvious to the entire world.
Recognizing those risks early-on requires an understanding that enterprise level value-destruction begins with shifts in stakeholder expectations. Improved and timely visibility into these shifts will enable risk managers to better predict and mitigate impending enterprise threats.
Commercial, nominally priced methods for monitoring enterprise value risk are readily available but are not used as widely as they should be. Risk modeling strategies include monitoring credit default swap prices, equity-based implied credit risk, and most recently, parametric reputation resilience. The latter two methods, for example, anticipated by weeks to months the recent confidence (reputational) crisis in regional banks.
Enhance the Value of Effective Risk Management Through Strategic Communications
Investors, customers, regulators and litigators can only appreciate and value a risk strategy if they know about it. Risk strategy should be harmonized and coherently disclosed in public filings, on corporate websites and shared (as appropriate) in press releases.
In some cases, communications may mean public announcements, but in others it may be as simple as including strategic risk management talking points in direct presentations to key stakeholder groups, like rating agencies or equity analysts, or in contacts with regulators and political figures.
Captive-owning risk managers tend to appreciate the benefits of a good story more than others. A profitable captive provides individual recognition in the risk manager’s chain of command. It also provides strategic negotiation leverage for costing commercial insurance.
The key ingredient to signaling higher quality risk strategy is objective exclusivity. It is one of several reasons why parametric insurances for enterprise exposures such as ESG and reputation are valuable in the eyes of capital markets. For example, to signal its resilience to earthquake threats that might impair its large California real estate portfolio, a major bank first disclosed in its 2019 ESG report that it had purchased “parametric earthquake insurance.” After underperforming its peers by 5% over the trailing three years to that point, its equity outperformed its peers by 15% over the next three years.
Generally, firms that informed their stakeholders about an innovative risk strategy rapidly realized an average 9.3% equity boost, according to a recent Steel City Re study. Firms that were tested by a crisis and had an effective, preemptive risk strategy picked up an average of 5% in equity value, even if they had not disclosed that strategy in advance. In a crisis, those without a publicly visible risk strategy lost 12% relative to the market and 25% relative to peers.
Integrate Reputation Risk Management with ERM
Most firms have existing ERM programs within which a reputation risk management program can be quickly and easily overlaid. These programs are the environments for managing threats to environmental, social and governance (ESG) strategies, corporate social responsibility strategies and non-financial risk strategies.
It may seem simplistic to recommend that companies understand the expectations of their stakeholders, ensure the organization is able to meet or manage those expectations, calculate the likelihood and cost of failure, and deploy tools to mitigate those risks and their costs. However, in case after case, the absence of a process—or inability to adhere to a process—prevents these steps from taking place.
Risk managers need to be part of a strategic process that cuts across corporate silos to identify potential risks, filters relevant information up to the C-suite and the board, and includes early warning tools that alert leadership that reputational issues may be brewing.
To the extent that such processes already exist in some form, risk managers need to bring disparate departments together to validate the effectiveness of whatever reputation risk tracking takes place. They also need to determine if they are considering all the relevant stakeholder groups, whether that list has changed, and if their issues or their priorities have evolved. Not every risk requires an equally robust response, so assessing costs, benefits and materiality is also key. And in today’s overheated, social media-driven environment in which information—both accurate or inaccurate—can be transmitted instantaneously, it is even more important to make sure a reputation resilience monitoring system is in place to quickly flag issues before they emerge as crises.
The use of novel tools and reputation risk management strategies could have made a material difference in many recent high-profile risk management failures by helping to mitigate the net financial cost. Given the extreme pricing in hard re/insurance markets, focusing on enterprise reputation risk management is both timely and cost-effective. In such an environment, risk managers therefore need to closely monitor red flags for major enterprise crises and use insurance strategically to signal to the market the elevated quality of their risk management processes.
The author would like to thank the following individuals for their contributions to this article:
Courtney Davis Curtis, assistant vice president, risk management and resilience planning, University of Chicago; Deyna Feng, director, captives program, Cummins, Inc.; Mary C. Friedl, former insurance manager, Redbox; Kathleen A. Graham, CEO, The HQ Companies; Chris Hammond, director, enterprise risk management, Stepan; Enya He, advisor, Blu Clarity PBC; Carnell R. Jones, risk manager, Trinitas Ventures; Christy Kaufman, vice president, risk management and insurance services, Zillow Group; John C. Kline, director, risk and insurance management; Discover Financial Services; Manuel Padilla, vice president, risk management and insurance, MacAndrews & Forbes Incorporated; Soubhagya Parija, former chief risk officer at FirstEnergy and New York Power Authority; Kristen Peed, director of corporate risk management, CBIZ; Theresa Severson, vice president, insurance and risk manager, Kite Realty Group; Seung Yoo, director of global risk and property management, Regal Rexnord Corporation; and Denise Williamee, vice president, corporate services, Steel City Re.
The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of their respective employers.