However, recent events have shown that the rise of ESG investing has further increased the impact of reputation on firms’ value by increasing the importance of corporate sustainability and working in ways that meet stakeholder expectations.
The importance of such intangible factors has intensified throughout the pandemic, and the Black Lives Matter movement highlighted the need for firms to have an authentic stance on social (‘S’) matters such as employee wellbeing and ethnic diversity. This trend has further accelerated with the COP summits highlighting the importance placed on authentic carbon reduction targets, events at DWS highlighting the risks of ‘greenwashing’ (or sustainability mis-selling), and developments at Yorkshire CCC showing how Social factors (racism) and (poor) Governance can quickly damage brands and finances. The rise of social media and stakeholder activism will only intensify the impact of not meeting stakeholders’ expectations.
Consequently, ESG and reputation are now material risks for firms in the modern world. Failure to implement an appropriate sustainability strategy will not only prevent a firm from optimising long-term value but can also destroy value, by damaging reputation, supplier and investor relations, staff motivation and retention and customer trust. Reputational risk management should therefore be high on the agenda of any risk function seeking to support Boards in delivering strategy and long-term value (especially as the UK Companies Act now requires Directors to consider all stakeholders).
However, many risk teams pay insufficient attention to reputational risk management – often because they – outdatedly – see reputational risk solely as a consequence of other activities that are already managed through existing risk management practices. Whilst reputational risks are often a secondary impact of a process failure, this is not always the case. Reputation is shaped by stakeholders’ expectations and the firm’s ability to meet such expectations, and is therefore driven not just by the efficacy of a firm’s processes and activities, but also by the firm’s behaviours in delivering such activities and their communications with stakeholders. Failure to see reputational risk in this way will prevent risk functions providing the activities and skillsets to identify and mitigate all drivers of reputational damage.
- There are several events that can have major reputational impact but will not be adequately covered by traditional risk management frameworks – as the primary operational risk is not material and / or because risk activities are solely process focussed and do not cover the human factors (culture, behaviour, communications) that drive trust and perceptions. Examples include United’s passenger removal approach and inappropriate senior management behaviour or communications;
- Traditional risk teams do not have the expertise to assess the unique nature of reputational risk which means that unlike operational risk (a) the impact of reputational events can vary enormously, be cumulative and can vary over time; (b) local issues can have a major impact on global brand or reputation; and (c) the expectations of all stakeholders need to be considered;
- Many reputational risks simply cannot be fully mitigated by existing risk management activities which focus on internal processes. This is because firms do not own their reputation, which instead depends on the perceptions and reactions of other stakeholders. Fake news is an extreme example, but smear campaigns and fake websites are genuine everyday risks which are unable to be fully prevented by traditional risk management activities.
These factors mean that traditional approaches will be inadequate to identify and mitigate all sources of reputational risk that a modern company faces. This gap will only get larger as the importance of sustainability and authenticity increases. Consequently, risk functions need new approaches that recognise reputational risk as a primary risk and develop the coverage and skills to understand the unique nature of reputational risk – and have frameworks which:
- Proactively identify reputational risk arising not just from process failures, but also from employee behaviours, communications and other human factors that impact stakeholder perception and trust;
- Place sufficient weight on monitoring the impact of key suppliers’ activity and behaviours on the firm’s reputation;
- Recognise that firms cannot fully control their reputation (as it is the sum of other stakeholders’ perceptions) and instead seeks to mitigate reputational risk by incorporating its possible effects into key business decisions, risk approval processes and key (internal and external) communications;
- Strengthen the firm’s resilience to reputational crises as the way in which a business responds in a crisis is a key driver of overall impact of a crystallised event;
- Support the definition, roll out and monitoring of appropriate behaviours across the business – with clearly defined behavioural standards linked to renumeration and supported by training;
- Establish ways of monitoring and managing the new reputational risks created by the digital world including social media policies for employees, listening to social media for stakeholder views and monitoring the web for fake websites.
Our next article will go into these factors in greater depth and also focus on the activities required for risk functions to understand, monitor and manage ESG risk and associated reputational risks.