Reputational risk: what it is, and how to manage it

For both individuals and organizations, our reputation is important. We instinctively understand why that is the case, but the science backs up that perception. In their 2021 report on US listed companies, Reputation Dividend found that “as of April 2021, company reputations were inspiring sufficient confidence within the investment community to underpin close to 30% of market capitalization”.

That’s a lot of money.

Of course, many things contribute to a great reputation. Product, customer service, brand equity: the things that global leaders spend decades, and billions of dollars, to build. There is no shortcut when it comes to a great reputation.

But whilst building a reputation takes time, losing one can happen in minutes. Welcome to the world of reputational risk.

What is reputational risk?

In the broad sense, reputational risk is any threat or danger to the good name of a business or organization. However, it can be helpful to see reputational risk in the context of other forms of risk, specifically:

• Operational risk: or risks to organizations that emerge from their own internal operations and processes. 
• Financial risk: meaning risks associated with investment decisions.

Clearly, there is a significant overlap between operational and reputational risk specifically. It may help to consider operational risks as internal risks emerging gradually and organically over time, whereas reputational risk tends to focus on events: actions of the company itself, employees, partners, or customers. 

Identifying those events, and managing their consequences, is what effective reputational risk management is about.

Types of reputational risk

Reputational risks can take many forms, and emerge from many sources. To give just four infamous real-world examples, reputations can be damaged by:

• Accidents involving major environmental impacts, such as the Deepwater Horizon oil spill of 2010. As an aside, it’s worth nothing that the increased focus on environmental, social and corporate governance (ECG) these events are more and more damaging to an organization’s reputation.
• Issues with suppliers or partners failing to meet international standards - as seen in multiple ‘sweatshop’ controversies.
• Rogue employees (or those enabled by a poor organizational culture), such as in the multiple scandals involving Oxfam workers in the developing world.
• Adverse media events relating to customers, such as those that led to a $150 million fine for Deutsche Bank relating to dealings with Jeffrey Epstein. 
• When we consider this list, it becomes apparent that between events relating to the business itself, and those relating to partners, employees, and customers, there are an awful lot of potential dangers out there. And any one of them can cause reputational damage that can in turn cost billions. 

It’s also important to bear in mind that any organization has several reputations: one with each set of stakeholders. It is possible to have a high reputation with investors, for example, whilst having a low reputation with regulatory bodies. That means more potential risks again.

And to complicate things even further, reputational risks can emerge that are not necessarily based on reality. The accusations of a disgruntled customer or employee can be rapidly amplified and reach a point at which the truth becomes almost irrelevant - they remain a risk.

In this environment, managing reputational risk requires constant vigilance. Let’s talk about how to do that.

Identifying emerging risks: reputational risk monitoring

Reputational risk monitoring means spotting those risks when they are on the horizon. There are a number of ways to handle events that can cause reputational damage, some of which are discussed below. But all these are useless, however, if the organization is too slow to respond. When that happens, and we are quite literally ‘overtaken by events’, the damage can be done before the organization has had any opportunity to manage its way out of difficulty.

To make matters even more challenging, the rise of social media has only made bad news travel faster than ever before. So reputational risk events can get from the horizon to the center with alarming speed.

Spotting these risks on the horizon requires active monitoring of pretty much everything that is being said in public about:

• The organization
• Individual employees or executives of the organization
• Partners, suppliers and customers

This in turn demands the ability to monitor news sources from all corners of the globe, in multiple languages, and of both a general and specialist nature. That’s a lot of content: certainly more than any analyst or even team of analysts could hope to monitor manually and in a timely manner.

Instead, proper reputational risk monitoring needs to be automated, automatically identifying any content relating to the topics above, establishing significance and sentiment, and then alerting the relevant analyst immediately when given criteria are met. 

This, essentially, is the job RADAR does. We allow organizations to leverage the extended global media to surface stories, or anything of interest that might lead to reputational damage, as early as possible in their lifecycle. And by doing this, we enable those organizations to do something about it.

Managing reputational risk

It is important to re-iterate that early detection is the single most important factor in successfully managing reputational risk. As briefly mentioned above, it allows the organization to stay ahead of the story.

With the luxury of time that early detection affords, a number of practical steps become possible. Here are four simple rules that will help any organization minimize reputational risks. They aren’t the whole story, of course, but as guiding principles they will certainly put your on the right track:

1. Act quickly

Knowing early only helps if you also act quickly. When your monitoring system alerts your organization to a threat, act fast. That typically means ensuring you have internal processes and appropriate autonomy in the right places to make decisions and move quickly. Even better, contingency plans for known risks can be a hugely effective way to respond quickly when necessary.

2. Be decisive, and communicate clearly

In particular, where employees, suppliers, partners and customers are concerned, don’t be afraid to move quickly to cut ties and communicate that action without apology. In situations where the organization was genuinely unaware of the issue (which are legion), early awareness plus early decisive action is often enough.

3. Be ready to admit mistakes

Public opinion tends to be unforgiving of organizations that back themselves into a corner and are unable to offer up an unambiguous ‘mea culpa’ when events of their own making trigger reputational risk. If the situation merits it, be open and honest: don’t attempt to excuse behavior for which there IS no excuse.

4. Change the culture

This may sound obvious, but let’s state it just to be clear. This is not just a PR exercise, and organizations that treat it like one are often seen through by stakeholders. If events cause real reputational risk to the organization, by all means, communicate and manage them as best as possible, but also look to root causes and change culture as appropriate. 

In conclusion: managing reputational risk can be done if the organization is ready to act quickly and decisively. But to enable that to happen, it is vitally important to identify potential issues on the horizon, through active reputational risk monitoring. That’s where AYLIEN comes in. If you’d like the ability to identify and manage issues before they cause meaningful reputational damange - drop us a line.