Managing reputational risk

“Reputation, reputation, reputation! O, I have lost my reputation!”

William Shakespeare, Othello (Cassio, Act II, Scene iii)

Firms with positive reputations increase customer acquisition and retention, as well as attract better employees. The market will also likely see such companies as more able to deliver sustained earnings and future growth, giving them higher market values and lower costs of capital. Building a good reputation can take years if not decades, but it can be lost overnight.

Reputational risk is anything that can harm the way a firm is perceived by consumers and stakeholders. Should it crystalise it may lead to a diminution in business and financial performance which, in an extreme scenario, may prove catastrophic.

There are a multitude of risks financial service firms face that can impact their reputation. These range from bribery to cybercrime, fraud to poor customer service, and non-financial misconduct to Environmental Social and Governance (ESG) failures, to name but a few.

What’s the worst that could happen?

Thinking about reputational risk the first and most obvious example, at least for a British audience, is a non-financial sector one: Gerald Ratner and his notorious comments on the poor quality of his company’s jewellery products. As a result, the value of the company plunged and it had to rebrand. Even now, more than 30 years later, a corporate gaffe is still sometimes referred to as “doing a Ratner”.

However, there are numerous examples that can be cited in the financial sector as well. These range from revelations in 2013 of the antics of the Co‑operative Bank’s Chairman who was convicted of possession of drugs to TSB Bank’s IT meltdown in 2018 caused by a botched systems migration.

While these are very different examples what they have in common is that they all damaged carefully curated brands.

Mind the gap

Shakespeare’s play Othello hinges on the failure of the protagonist to recognise that Iago’s reputation as “an honest man” masks the reality of his wholly malign nature. Similarly, for firms, it is important that they recognise that unknowingly or not, their reputation is distinct from their actual culture or behaviour and may not align. This is the “reputation-reality gap”.

When the reputation of a firm is significantly more positive than the reality, then to bridge the “gap” a firm must either improve its ability to meet expectations or reduce expectations by promising less. 

This creates the risk that the firm resorts to short-term manipulation or even dishonest behaviour to achieve this goal. For example, reputation-reality gaps concerning financial performance can result in accounting fraud and (ultimately) restatements of results. Enron is perhaps the most egregious example of this, when the firm misrepresented earnings and modified the balance sheet.

Conversely if the reputation of a firm is worse than the actuality then a different set of challenges arises, such as improving brand awareness and better public relations, that generally give rise to far less risk.

Practical reputational risk management

Many firms mistakenly focus on how they might handle threats to their reputations that have already crystallised. This is not risk management, it is crisis management. While having a framework for crisis management is important, proactively managing reputational risks is another matter altogether.

Reputational risk is often, but not always, related to operational risk. Indeed, it is a moot point as to whether reputational risk is a distinct category or really just the outcome of other risks. Whatever the case, during the first stage in managing reputational risk a firm should undertake a realistic organisation wide risk analysis to identify vulnerabilities and tease out the implications for its reputation should they crystallise.

Such a process will help firms do a better job of assessing existing and potential threats to their firms’ reputations and allow them to make an informed decision as to whether to accept a given risk or to take actions to avoid or mitigate it.

Assessing reputational risk

Some of the practical steps firms can take to identify potential threats to a firm’s reputation are:

• Assess the firm’s reputation among its customers and other stakeholders;
• Have an honest conversation about the firm’s culture (i.e. evaluate the firm’s “real” character);
• Scale the reputation-reality gap and, if need be, look to close it in an appropriate manner;
• Monitor changing expectations among customers and stakeholders; and
• Have an accountable senior executive (i.e. a Chief Risk Officer).

When assessing reputational risk remember it can be direct (caused by the actions or internal issues of the firm), indirect (caused by the actions of a firm’s employees) or peripheral (caused by the actions of organisations or individuals with which the firm might be associated).

There is no one quick fix but by factoring reputational risk into the wider business strategy and investing in the right resources, firms can significantly reduce their downside exposure.

Tone from the top

The importance of a firm’s board instilling a robust culture of ethics and compliance cannot be overstated. As part of any mitigation strategy, the Board should ensure that a sound and healthy culture exists throughout the firm, setting expectations of behaviour, communicating clearly with stakeholders, leading by example and, of course, building reputational risk into the business plan.

Key to this will be strong ethical policies which are complied with by everyone at a firm. Such policies will help illustrate the firm’s expectations and enhance trust in the eyes of customers and shareholders.

ESG risk

One set of potential reputational risks that is worth calling out specifically are those arising from the ESG agenda. Consideration and management of ESG-related risks is not a “nice to have” - it is essential (and indeed the FCA has called it out a number of times and provided handbook guidance). The issue will likely evolve in the future as ESG becomes more central to the thinking of customers, investors and regulators globally.

ESG reputational risk examples in the financial sector include, wilful non-compliance with regulations, non-compliance with generally accepted HR standards, investment in environmentally harmful industries, to name but a few.

Conclusion

The biggest problem with reputational risk is that it is unpredictable: it can emerge out of nowhere and without warning.  But it does not exist in a vacuum, and it should be integrated into the general risk management processes of a firm. 

No one is pretending that dealing with something as intangible as reputational risk is easy, but UK financial firms do have a helpful tailwind,  Consumer Duty.

The FCA’s Consumer Duty puts an emphasis on gathering and monitoring customer Management Information. This, if done correctly, can help track customer/stakeholder perceptions – potentially continuously in real-time. This in turn can help a firm gauge not only “emotional” perceptions (do customers trust the firm?) but more tangible ones too (what do customers make of its integrity and leadership).

In short, reputation is hard won but easily lost and a firm is wise to take its preservation seriously.