Managing reputation risk, a low-tech, high-touch, cross-functional process
April 2016 | SPECIAL REPORT: MANAGING RISK
Financier Worldwide Magazine
Reputation risk is the largest, scariest and least manageable of all operational risks, by far. The fall of 2016 will mark the fifteenth anniversary of Enron, 15 years where negative reputation events have become commonplace in almost every industry.
It has even reached the point where the Wall Street Journal has developed a ‘Crisis of the Week’ section focusing on the latest firestorm. Meanwhile, board members of large companies find their seats getting uncomfortably warm with less and less confidence that their executives are even aware of what major reputation flare-up is around the corner (let alone hidden deep in social media).
Where are the risk models, insurance products and off-the-shelf mitigation plans? Maybe none of the traditional risk-smoothing tools work. That might explain Volkswagen – if a German manufacturer doesn’t have systems and processes for something, then it’s a safe bet that they don’t exist.
Why don’t they? First, keep in mind that companies usually become interested in doing something about reputation risk only in the wake of a major crisis. This results in additional resources for crisis management and maybe an attempt to better anticipate and manage future reputation risks through the existing (CFO/CRO-driven) corporate risk management process. The former, otherwise known as better firefighting prep, is not very satisfying, and the latter (integration with the CFO’s process) simply doesn’t work.
Why can’t the CFO or chief risk officer just deal with this like they do all other risks? There are two primary barriers: (i) the subjective nature of reputation can be reduced through perception analytics, but it cannot be boiled down into a neat financial model; and (ii) reputation risk lives everywhere in a large organisation and cannot be fully understood by a single functional expert. In fact, its ubiquity means the entire organisation – every function and every market – needs to understand and have the ability to identify, evaluate and mitigate it. Traditional approaches to managing risk are not built to deal with something this broad or interconnected.
So let us turn to where progress has been made first, the ‘we-know-it’s-going-to-happen-so-let’s-minimise-the-damage-when-it-does’ approach, or crisis management. On the talent front, large public companies focus on employing (and occasionally listening to) seasoned chief communications officers. These executives come with larger pay packages, bigger teams, and more agencies behind them than they did 15 years ago. They are very, very good – so much so that if a large enterprise bungles communications in a crisis, it is because the CEO chose not to listen to their CCO (like BP in the early days of the Gulf crisis).
And the value of rapid, professional crisis-handling is quite tangible – in fact, for medium-sized companies who cannot afford to put top-tier crisis agencies on retainer, insurance companies have created products. Examples include AIG’s ‘Reputation Guard’ or Allianz’s ‘Reputation Protect’, all of which are best understood as ‘crisis agency gift certificate’ programmes. The Allianz product description describes that it: “ensures your company is equipped with the necessary resources to mitigate the effects of a reputational risk crisis, should one occur”. Based on a protocol which rapidly determines if such a crisis has occurred, money shows up along with a top-tier agency to spend it. The actuaries base the value of this largely on 15 years of evidence that financial damage, both short and long-term, is minimised when the initial handling of the crisis is done quickly and professionally.
Wouldn’t it be nice if companies had a way to get in front of reputation risk too? It would need to address the subjective element and operate horizontally across the organisation. This approach would also need to be anchored to the existing risk reporting and crisis management infrastructure. Imagine if there were a way for companies to systematically broaden the conversation about reputation risk and integrate it into board-level reporting and ongoing mitigation plans.
How would it work? It is not a solution-in-a-box. It would need to be low-tech, high-touch, process change – a cross-functional effort facilitated by the executive who understands reputation risk best: the chief communications officer. Imagine the CCO as the chair of a cross-functional team of leaders who meet regularly, charged with reputation risk: identification, evaluation, reporting and mitigation planning. When specific risks are discussed in these meetings, potential sources and multiple aspects (e.g., new initiatives, new products, HR issues, regulatory changes, customer shifts, etc.) would be brought to the table. The CFO’s representative would bring financial perspective, but that would only be a small part of the discussion.
Their efforts and the risk process they oversee would be critical for identification and evaluation, but they would need the added dimensions brought by the other functional experts. The CCO brings the broadest knowledge about any given risk and has the skill set to describe the anticipated scenarios in a way that the board can understand, but none of the depth that would be necessary to actually suggest (or execute) a mitigation strategy. The other functional experts participating in this process will not only bring their unique perspective to the conversation, but they will have eyes and ears into parts of the organisation that are not visible to the CFO or CCO.
Initially, the participants might find these meetings outside of their comfort zone, but over time, the tangible reports and plans produced by them will create a discipline that cuts across the company. Perhaps more importantly, functional experts will return to their day job with a level of knowledge and awareness that will ultimately affect the day-to-day decision-making at the root of all reputation risk.
Much has been written about both the need for, and challenges of, cross-functional efforts inside large organisations. These silos are hard to break out of, but put senior leaders from all of them in a room with the charge to produce something the board will see and watch what happens. With the CCO bringing their outside-in expertise to the facilitator role, they will be better able to play the strategic role every organisation (and every board) needs them to.
Leading companies have already given up waiting for a magic financial formula (or crisis vaccine) and are turning to this type of systematic approach to reputation risk – when will yours?
Anthony Johndrow is CEO of Reputation Economy Advisors LLC. He can be contacted on +1 (212) 920 7656 or by email: anthony@repecon.co.
© Financier Worldwide
BY
Anthony Johndrow
Reputation Economy Advisors LLC
FORUM: Use of Big Data and data analytics as part of a risk management strategy
Effective board governance: the healthy tension between management and the board
Avoiding the patchwork problem: effective corporate social responsibility compliance integration
Control the controllable: lessons from farmers for corporate leaders
Managing reputation risk, a low-tech, high-touch, cross-functional process
Integrating security into broader risk management
Legal data domain: legal vs. the rest of the bank
Solvency II – pushing existing systems and processes harder is not enough for compliance
Top supply chain accountability risk trends for 2016
Identifying and managing hidden enterprise contract risk