- Reputation risk is becoming better understood and more explicitly linked to corporate value but CEOs still lack the requisite tools to manage this risk.
- Lessons learned from compliance in the 1990s / 2000s provide a roadmap for CEOs to build a culture that creates and values reputation.
- Reputation is built from the top down and CEOs need to lead this effort in their organizations.
A recent Law360 article raised a number of important considerations for CEOs when it comes to reputation risk. The article notes that in the 12 years since The Economist called reputation “the risk of risks”, attitudes to reputational risk have changed significantly. Shortly after the Economist’s report, a 2008 study found that only 7.5% of the S&P 500 companies used the word reputation in their annual reports.
By 2018, that number was 90%.
And within that 90%, businesses were talking about reputation risk in a broad context noting that an organization’s finances, strategy and growth are all influenced by its reputation. However, despite the increased importance of reputation risk, many CEOs still lack the tools and resources they need to effectively guide and direct their organizations in this area.
Most risk management and governance activity is guided by some framework or model that has stood the test of time (and usually litigation). But reputation risk is a relatively new discipline so how does a CEO manage this emerging and less tangible risk?
The value of reputation
Before we discuss the ‘how’, we need to start with a what: what is reputation?
There are a number of definitions but Seth Godin provides a clear, succinct example:
Reputation is what people expect us to do next. It’s their expectation of the quality and character of the next thing we produce or say or do.
Building on this, I believe that your reputation is what grants or limits your license to operate. But even with these definitions, reputation can still be an abstract concept. In order to manage reputation risk, we need some metrics to guide us.
Luckily, these metrics are beginning to emerge.
A 2018 study by the insurance company Aon identified the “reputation premium” that could be incorporated into a brand’s value, purely based on its reputation. In some cases, this reputation premium amounted to double the book and brand values combined. The Aon study also found that companies could add 20% or lose up to 30% of value depending upon their response to a reputation-driven crisis.
Based on this research, Aon identified crisis communications, perception of honesty and transparency and active social responsibility as keys to success in a reputation-drive crisis.
The ability to ‘do’ crisis communications is more of a functional tactic managed by the organization. However, the challenges relating to the culture, perceptions of honesty and transparency and social responsibility are strategic activities driven by the CEO. We have written about crisis communications on several occasions so I want to focus on the strategic aspects for the remainder of this piece.
Compliance as a roadmap
To address reputational risk, CEOs need a robust framework to help them understand the risks that could impact them, techniques to manage these risks and processes to apply if the risks become reality. Although this specific area of risk management is relatively new, risk management as a whole is a mature discipline. This provides a framework for managing reputation risk. But how does a CEO persuade their organization that this is a risk to take seriously?
Here, I think the introduction of compliance provides a useful reference point.
Back in the late 1990s / early 2000s, thinking around compliance was in a similar place to reputation thinking today. The need for compliance was understood, as were the potential losses associated with non-compliance, but this was still relatively abstract. The real costs of compliance hadn’t been felt by most organizations so adoption was initially sluggish.
However, although the wheels of regulation and justice can grind slowly, grind they do.
20 years later, regulatory reforms and legal decisions provide a rationale for compliance and force organizations to take this seriously. Previously potential losses are now very real and a history of lawsuits, fines and company failures are there as reminders of the cost of non-compliance, particularly as we just passed the 10-year anniversary of the Great Recession.
I think that reputation is in the same place today with one major exception: there will not be significant regulatory or government involvement to drive the issue. In this case, trials take place in the court of public opinion. So while there won’t be fines levied against companies who breach public trust, a damaged or restricted licence to operate could be just as costly.
However, without pressure of regulation, CEOs and organizations will have to navigate a lot of this by themselves. So what can a CEO do?
Understanding and managing reputation risk
I think there are four key steps a CEO can take.
First, you must ensure that reputational risks are inventoried and included in the normal risk management process. These reputational risks should be assessed, prioritized and addressed like any other risk and guidance issued for how the most serious risks will be tackled.
Secondly, establish a reputation risk committee. Similar to other functional risk committees, this is a group at the highest level of the company with day-to-day responsibility for overseeing the management of reputational risk. Importantly, this group’s work is cross functional as all elements of a business can affect reputation so this has to be a whole-of-organization effort.
Third, set a tone and a culture highlighting the effect of reputation on stakeholder alignment and public perception of a company’s value. Remember, tone and culture are built from the top down. You need to move your teams away from purely focusing on the profits they generate and encourage them to develop an appreciation that how they are perceived can be equally important. Involve the Board in this as they will be in a good position to influence external stakeholders who may resist this shift away from tangible results.
Fourth and lastly, CEOs need to apply pressure to see this through. Similar to how Boards and CEOs drove home the importance of compliance 20 years ago, CEOs today have to show that they take reputation seriously. However, this has to be done without regulatory or legal pressure. Instead, it is society which will drive this but societal pressure is less tangible than litigation or lawsuits making it harder to track and respond to. Without these external pressures, it will be up to CEOs to ensure that their organizations take reputation seriously before it is too late.
Reputation starts with you
Socrates said “The way to gain a good reputation is to endeavor to be what you desire to appear”. A more contemporary version might be “you have to walk the walk, not just talk the talk”. So the key to reputation success is that you actually become how you want to appear.
So manufactured opportunities to make your organization appear caring, ‘astroturfing’ your support or only conducting CSR initiatives after you do something wrong will be unsuccessful.
Instead, you have to actually be transparent. Be caring. Be socially responsible. And all of this will begin at the top with you and your example as CEO.
You won’t always get everything right but this way your intent will be sincere, your reputation will be positive and your license to operate will be granted by that most difficult of courts: the court of public opinion. But remember, this all has to be done without the external pressures of litigation or fines. Only you as the CEO can apply the pressure necessary to make this happen.