It has never been more difficult to manage reputational risk - is authenticated risk management the answer? asks Peter Gerken

We are living through a time when the velocity with which new reputational risks appear is enough to leave corporate leaders and risk managers feeling under siege.

In just the past five years, we’ve seen expectations for corporate behavior change dramatically and repeatedly, with issues like #metoo, Black Lives Matter, gun violence, voting rights, the environment, diversity, equity and inclusion, COVID and all its political implications, and now the war in Ukraine.

What started as a move toward Corporate Social Responsibility morphed into a Business Roundtable Pledge redefining corporate priorities to include all stakeholders, which in turn became translated into ESG – environment, social justice, governance – which has become a catch-all for the many activities and actions society (stakeholders) expect of corporations today.

Walking a tightrope

Reputation relates to the degree to which stakeholder expectations align with a company’s actual performance. Value depends on how confidently stakeholders expect that firms’ reputations predict future behavior. Reputation is therefore the value of present expectations for the future.

When there is a gap between expectations and performance, that’s reputation risk. The emotional intensity associated with a failure to meet expectations, and stakeholders’ willingness to turn their disappointment into action, defines the magnitude of the peril.

A “heat of the moment” event can change stakeholders’ behaviors and ignite a crisis. Changed behaviors can reduce future revenue and increase future costs.

Losses accrue as companies lose the ability to sell more, faster, and at premium prices; to obtain labor, vendor services, as well as capital on preferred terms; to outperform competitors, deter activists, and assuage regulators. Public manifestations include litigation, regulatory opprobrium, and adverse media attention.

This week, being “Russian,” like New York’s 100-year-old “Tea Room,” is a reputation risk. Companies that do business in Russia – not only banks that finance Russian companies, but everything from fast foods to cosmetics – face reputational risk and are responding by pulling out of those operations.

In a particularly ironic twist, ESG advocates, looking at rising oil and gas prices that disadvantage those who are already struggling financially, need to weigh their environment and social priorities against each other.

Some restaurants in Canada, concerned that stakeholders might confuse the name of their traditional dish of Poutine with the name of Russian President Putin, have pulled that item from their menus.

Firms need better processes for defining their stakeholders, understanding their expectations, keeping tabs on the dynamic nature of these reputational risks, and adapting their risk strategies to the intelligence they gather.

They need to execute operational and communications strategies informed by the risk models and publicise this process for the benefit of stakeholder and shareholders alike, so that all can appreciate and value it.

Identify your reputation leaders

First, they need enhanced Enterprise Risk Management organisations and processes that are both functional and structural, centralising stakeholder knowledge from corporate silos including human resources, sales and marketing, risk management, investor relations, legal and compliance, CSR, DE&I, operations and treasury. This central intelligence apparatus would be the ‘reputation leadership team’. 

The team needs tools to integrate the expectations of stakeholders, the capabilities of the firm, the promises of management, and the constraints of resources and regulation. It needs feedback on how stakeholders are responding to strategies.

A steady stream of Reputational Value Metrics on a regular basis is essential. And the team needs to be able to value the benefits and costs in financial terms of strategic alternatives.

Communications emerging from the team, after vetting by the chief legal officer, would be presented to the board for dutiful oversight (the “G” of ESG).

Through this process, a firm will find itself both governing and managing that which is mission-critical to the firm because it is concurrently vitally important to its stakeholders.

The respective silos of the firm will execute the risk strategies recommended by the team and approved by the board. There is no real threat to the benefits of corporate silos as long as that risk information flows back freely to the team.

Sharing the burden

Second, companies need to share the reputation risk management processes with stakeholders. To a behavioral economist, the natural communications instrument would be ESG insurance or Reputation insurance.

Nothing tells a story of authenticated risk management better than a third party agreeing to accept risk – just as it has with FDIC Insurance in the US and in the very early days of D&O Insurance.

Telling a story of authenticated reputation risk management—including the use of captives—creates enterprise value. A study my company recently completed showed that warding off ESG and reputation crises creates a value surge. 

It found that stock prices of firms that managed, validated and publicised ESG and reputation risk management strategies on average gained 9.3% over the subsequent seven months after a precipitating event.

Firms in which such processes were assumed by shareholders to be in place, gained 4.3%.

Companies that failed to institute, validate, and communicate risk management strategies lost 13.2% of their stock value over those seven-month periods, and they underperformed their peers by an average of 23.3%.

Strategic communications of authenticated risk management make a difference. Investors reward firms that actively manage reputational risks as operational strategies and not just potential PR problems.

Companies need to take a more structured, substantive and comprehensive approach to risk governance and management. This framework will help them accomplish that.

Peter Gerken is Senior Vice President, Risk Transfer Agency and Insurance, Steel City Re