I consider myself extremely fortunate to have been working in the Canadian banking industry for almost a decade now. Working in fraud operations, insurance (claims), and various risk management areas that include operational risk, market risk, credit risk, model risk, and technology risk, I have learned things that are both interesting and, to be frank, fun! However, it was not until I started teaching Risk Management courses at a local college that I truly understood the importance of my field.
Through comprehensive discussion in my classroom, my students always came to the realization that it was great to manage all risk types, but nothing was more important than managing the public’s perception of your organization—your reputation. The Risk & Insurance Management Society defines reputational risk as “an intangible asset, a key determinant of future business prospects, resulting from a collection of perceptions and opinions, past and present, about an organization that resides in the consciousness of its stakeholders.” What customers (stakeholders) think about the organization they’re purchasing from is everything to a business. If customers are not buying products as a result of a bad reputation, companies are not making any money.
The industry often references three common tips for managing reputational risk:
1. Communication
Any organization is going to be subjected to incidents or events that will put its reputation on the line. When these incidents occur, it is extremely important to manage communications with both internal and external stakeholders. Mitigating reputational risk issues through effective crisis communication actions, including:
- Understanding your audience ensures you are communicating to a broad group of individuals rather than a select few. This will ensure that you are speaking to everyone and anyone that could be affected by a risk event.
- Maintaining clear and consistent communications with all external stakeholders. Media outlets are fully prepared to bulldoze through inconsistent messaging, using articles to outline your company’s mismanagement of issues. This is why public statements are often vague: “Our company is currently aware of the issue and we are investigating the source of this problem. Until we find the source of this problem, we will not make any additional commentary.”
2. Training and Preparation
A communication plan is not something that is thought up on a whim when an incident occurs. In fact, it takes an incredible amount of preparation for incidents to be managed appropriately through proper communication, which encompasses aspects of business continuity. Operational or enterprise risk management departments need to liaise with internal public affairs groups to implement programs and predetermined responses for when incidents occur. Having these preparations in place ensures the following:
- Stakeholder communications are managed.
- Discovering the sources of the risk event (i.e. root cause analysis)
- Treating risk events as a consolidated center of excellence, allowing for more efficient management of incidents through consolidated public statements
With these pieces in place, it is easier for organizations to not only communicate effectively with all stakeholders but also have documented action plans which explain to the appropriate internal and external stakeholders that issues will be resolved.
3. Ownership
Having a crisis communication plan in place, and departments trained to manage incidents, are both steps in the right direction but it will mean nothing if organizations are not willing to “own” or acknowledge that incidents are actually occurring. Generally speaking, organizations do not have to do anything if there are internal reports of major reputational risk issues on the horizon. However, organizations willing to disclose reports of internal issues to the general public or regulatory bodies proactively are more likely to succeed in managing their reputational risk. Why? Because it shows that they care, are transparent, and act in good faith through sound business judgment.
To put it simply, a company is more prone to public scrutiny when they’re caught with its pants down. Responding to allegations, conducting an investigation, and then devising a solution after an issue is made public makes you look unprepared. Protect reputational risk by owning up to a mistake and showing that you’re already prepared with a solution. Considering this, it is important for organizations to own any type of crisis so that they can manage it effectively, rather than allow third parties, such as regulatory bodies or the media, to manage it for them.