The (abbreviated) version of a talk to MBA students, internal auditors, risk managers, HR and communications executives in Malaysia on the challenges of managing reputational risk, and how they can best be overcome
6. Reputational risk – definition
6
‘The potential loss to financial capital, social capital
and/or market share resulting from damages to an
organisation’s reputation.’
‘Often measured in lost revenue, increased operating,
capital or regulatory costs, or destruction of
shareholder value.’
Source: Wikipedia, 2019
7. Meta or standalone risk?
7
Indirect
• Strategic
• Financial
• Societal
• Environmental
• Operational
• Technological
• Legal/regulatory
• etc
Direct
• Negative rumours
• Mis/dis-information
• Deepfakes, impersonations, etc
• Hate speech and other
inappropriate content
• Competitor smears
• Political attacks
• Short-seller attacks
• etc
8. Reputational risk challenges
8
1. Changing stakeholder expectations and behaviours
2. Unpredictable nature of many reputational risks
3. Unwillingness to recognise or tackle root causes
4. Poor leadership understanding
5. Lack of solid performance metrics
6. Ill-defined ownership and decision-making
7. Insufficient strategic thinking and doing
8. Inadequate classical risk management
9. Need for high quality response to negative events
10. Pressure on transparency and openness
9. #1 Changing expectations and behaviours
9
• Transparency, openness
• Honesty, integrity
• Values, ethics
• Discrimination
• Environment
• etc
• Regularly track stakeholder
needs, expectations and
behaviours
• Understand gaps between
expectation and behaviour
• Understand shifts in belief
and behaviour
• Develop ‘outside-in’
perspective
10. #2 Unpredictable nature of reputational risks
10
• Organisational and
ecosystem complexity
• Internet/digital –
anonymity, mobile chat,
dark web, etc
• Behaviour - ethos,
culture, incentives,
communications,
trustworthiness, skill,
experience, relationships,
integrity, motivation
• Lead from the top
• Ensure strong values and a
consistent culture across
the board
• Engage thoroughly and in
good faith
11. #3 Unwillingness to recognise & tackle root causes
11
• Desire to protect vested
interests
• Tendency to frame
problems too narrowly
• Emotion, bias and
groupthink cloud proper
analysis
• Always be as objective as
possible
• Use external investigators
and advisers
• Learn from your own and
others’ failures
12. #4 Poor leadership understanding
12
• Board focus on financial
and operational risks
• Fluid, irrational,
unquantifiable nature
of reputational risk
• Brand vs reputation
• Educate leaders with
evidence-based business
case
• Regular board and
management training
• Recruit Board directors
with general business and
behavioural skills
13. #5 Lack of solid performance metrics
13
• Share price is a poor
guide to reputation
• Sentiment can shift
quickly and seemingly
arbitrarily
• Set clear, realisable
objectives
• Focus on impact rather
than sentiment, reach etc
• Focus on major markets
and issues
14. #6 Ill-defined ownership and decision-making
14
• At Board and
management level
• Tendency for reactive,
ad hoc decision-making
• Audit and/or risk
committee ownership
• Dedicated reputation
committee
• HR, legal, corp/public
affairs
• Chairman or CEO
15. #7 Insufficient strategic thinking and doing
15
• Inability to join the dots
between business
actions, stakeholder
perceptions and
corporate reputation
• Siloed nature of many
organisations
• Conduct as part of regular
risk planning
• Consider in all major
business decisions
• Link reputational risk
management to strategic
planning, communications,
issues management, crisis
management, etc
16. #8 Inadequate classical risk management
16
• Highly centralised and
formulaic
• Three/four line of
defence model is reactive
and fails easily
• Focus on financial and
operational rather than
behavioural risks
• Board of directors as
reputational risk
• Focus on proactive control
strategies eg.
empower/reward rank and
file employees
• Deploy real-time risk
tracking and flagging
• Devolve risk management
to key business units
• Evaluate Board
reputational risks
17. #9 Need for high quality response to a crisis
17
• Too many crisis/incident
responses are seen as too
slow, defensive or
inadequate
• Classic legal defences are
proving less effective
• Comprehensive, clear crisis
plan and protocols
• Crisis and incident
response team training,
incl. spokesperson/people
18. #10 Pressure on transparency and openness
18
• Widespread lack of trust
in institutions
• Transparency and
openness increasingly
seen as conditions of
entry
• Checkbox ticking
perceived as inadequate
• Cover-ups are easier to
spot and are punished
• Strategic transparency
• Operational openness
20. Summary
20
• Understand your stakeholders
• Beware behavioural, cultural and ethical risks
• Educate leadership
• Lead from the top
• Manage risks strategically
• Prepare thoroughly
• Learn from failures
• Be transparent and open