Most risk managers don't understand reputation risk

Reputation risk is not well understood by corporates and their risk managers, and more education is needed if companies want to successfully manage this risk.

This was one of the key takeaways from a panel discussion on reputation risk at Strategic Risk Forum 2016, held in Singapore on 17 May.

Delegates were asked how well they understand their company’s reputation risk and the majority (53%) admitted they don’t really understand it at all.

But even across Europe, which has been one of the more developed markets on this topic, the level of reputation risk management maturity is still developing, Leesa Soulodre, managing partner at RL Expert said.

“In Asia, it really is an emerging competency among risk managers and while communication departments have been doing a lot of reactive reputation risk management work, looking after those stakeholder relationships, it’s only now that we’re seeing chief risk officers starting to take that on as part of their organisational responsibilities,” she said.

John Ludlow, senior advisor at Marshal and Alvarez, added that people are starting to worry much more about stakeholders perspectives in the external environment, although the risk is typically still “stuck” in corporate communications.

“They are worried about sentiment and they listen to what the media are saying rather than maybe doing the hard work of going round all the stakeholders and listening to them themselves,” he said.

In order to manage reputation risk properly, education is vital, the panel agreed.

The chief risk officer and communication department need to speak each other’s language, Soulodre explained.

“Additionally, the board needs to understand their fiduciary duty around what they are legally liable for as an individual, not just as a company, and they need to understand what their risk exposures are and how they can play a more active role.

“After the financial crisis, we saw organisations like HSBC set up a multi-disciplinary cross-functional team which consisted of board members and senior management to really drive connectivity between their risk register, risk appetite and risk tolerance, and drive an ongoing conversation.”

Ludlow said that when considering the external stakeholders risk managers should engage through the chairman and the non-execs, more so than the executives, because “ultimately it’s the board that is balancing the risk and reward”.

He gave the analogy of having to balance two horses on a chariot: one that’s strong and wanting to go fast, and one who’s going carefully.

“It’s the board who have that decision: how far and fast they drive the executives to achieve their results versus how they achieve them, so the non-execs and the chairmen have a real role here to be the careful horse. The CEO is going to be driving for all he’s worth towards his objectives, which are typically financial,” he explained.

“The dynamics in the board are also really interesting. You have the non-execs who aren’t allowed to make operationaldecisions, they’re there to guide and to think, whereas the execs are making the decisions. There’s a real tension there and the non-execs typically have a big reputation themselves to protect whereas the execs are there trying to make their reputation.”

Brian West, global managing director, crisis and issues management at FleishmanHillard, said reputation risk increases as a business becomes more established.

“Companies that have been in business for a long time have built up a higher reputation and therefore audiences have higher expectations of them and how they would act and how their people would represent the company.

“For newer companies, the expectations are not so high, so in effect they are not assessing what the vulnerabilities are and they continue to have problems. Uber is a good example of this, and they’re getting away with it because the expectation is lower.”