Reputational Risk: Definition
We live in a world where information is omnipresent, where people are quick to judge and express negative sentiments on social media. Sentiment quickly spreads and translates to buying decisions. In such a world, reputational risk is a major risk for businesses.
The above is acknowledged explicitly in how companies define “reputational risk”. Take for example Deutsche Bank’s definition of reputational risk. It is defined as “the risk of possible damage to Deutsche Bank’s brand and reputation, and the associated risk to earnings, capital or liquidity arising from any association, action or inaction which could be perceived by stakeholders to be inappropriate, unethical or inconsistent with the Bank’s values and beliefs”.
If Reputational Risk Is A Known Issue, Are Risk Mitigations In Place?
In their Harvard Business Review (HBR) article, published in 2017 and still just as relevant, authors Robert G. Eccles, Scott C. Newquist and Roland Schatz posit that “70% to 80% of market value comes from hard-to-assess intangible assets such as brand equity, intellectual capital, and goodwill”. Consequently, commercial businesses are very vulnerable to reputational damage. If the problem is acknowledged and the severe consequences of this risk are known too, one would expect that businesses are making great efforts to successfully mitigate reputational damage. One would expect so. But is this the case? The answer is negative. “Most companies, however, do an inadequate job of managing their reputations in general and the risks to their reputations in particular”. The authors explain that companies spend efforts on reputational risks that have already surfaced. However, they add, “this is not risk management; it is crisis management—a reactive approach whose purpose is to limit the damage”.
Sources Of Reputational Risks
Going back to the definition of reputational risk, let us consider what may cause reputational risk. Main examples include:
Trigger For Reputational Risks: Malpractice
A well-known example is Arthur Andersen, formerly one of the “Big Five” accounting firms (along with PwC, Deloitte, Ernst & Young and KPMG). The company was found guilty of criminal charges relating to the firm’s auditing of Enron. Consequently, it filed for bankruptcy in 2001. When a few years later the Supreme Court reversed this conviction, it was too late for Arthur Andersen. By that time the company had lost all of its clients, and ceased to exist.
Trigger For Reputational Risks: Response to Crisis Events
The BP oil spill in the Gulf of Mexico in 2010 (a.k.a. the Deepwater Horizon oil spill) is considered the largest marine oil spill in the history of the petroleum industry. It has caused lasting environmental damage. And while it has been said that the oil spill is due to malpractice (“It was years of cutting corners, not one careless mistake, that caused the explosion”), the company’s reputation might have suffered more from its response to the crisis, namely its lack of empathy and compassion. BP’s former CEO Tony Haywood statement in an interview “I’d like my life back” earned him a position in the Hall of Shame of “CEO Grillings”, or “Company Grillings”, which extended to the U.S. Congress.
Trigger For Reputational Risks: Unethical Behavior of Suppliers
While this holds for all industries, a dominant example is the fashion industry. Companies such as H&M have suffered reputational damage when it has been revealed that they their suppliers in low-wages countries practice child labor (see for example report in The Guardian and in The Huffington Post). In this case H&M suffered reputational damage due to an unethical action of its suppliers, from which H&M ultimately benefited, and which H&M did not prevent.
Mitigating Reputational Risks
Mitigating reputational risks starts with understanding the nature of the risks and the triggers that may cause risk exposure. The examples discussed above all require different mitigation plans. For example, one can prevent malpractice through governance schemes, including internal and external controls. One can mitigate damage due to behavior of suppliers through a Supplier Due Diligence Program. It includes assessing supplier risks before doing business with them (upon onboarding), and monitoring their risks over time. Yet all cases, and especially the BP example, require more than procedures. They require a management-driven policy to do things right, and a management-driven organization culture that emphasizes the importance of doing things right. Such policy accepts the cost of doing things right. For example higher salary costs (e.g. paying higher salaries) or longer processes (e.g. performing a supplier Due Diligence check).
For more information about how you can fight the 3rd type of reputational risks (associated with parties that you do business with, whether customers, suppliers or other partners), contact me here.