In 2019, I was invited to deliver a keynote talk on reputational risk at the annual GRC (Governance, Risk Management, and Compliance) summit of a global software provider in the city of Baltimore.
The summit's theme-'Performing with Integrity'- was instantly captivating and persuaded me to participate, despite a hectic schedule and approaching summer days. The opportunity energized me and became an unforgettable experience.
During my talk, I first explored how to address reputational risks within a traditional enterprise-level risk management framework. Then, I challenged the group to consider new metrics due to the increasing transparency in corporate behavior demanded by financial and non-financial stakeholders. Finally, I discussed assessing whether businesses effectively manage reputational risks independently or prefer to think of it as a peer benchmarking exercise.
Little did I know that this experience would influence my perceptions of transparency in both business and life.
Governance in context
Although the word “governance” is commonly used in the everyday jargon of corporations, the way its definitions compare in different contexts is intriguing.
For example, the CFA Society defines corporate governance as the system of internal controls, processes, and procedures by which a company is managed, directed or controlled (1). It should come as no surprise that governance structures recognize the existence of interest groups within and outside an organization, which may influence its day to day, and likely each with a distinct set of interests.
So, what do we mean by reputational risk?
To align corporate decision-making with stakeholder commitments and organizational incentives, the definition of reputational risk now encompasses a broader scope.
Let’s think, for example, of:
Heightened regulatory demand for transparency vs. short-termism
Scrutiny over performance-based executive compensation arrangements
A deeper awareness of the role played by intangible variables such as diversity
The rise of millennial consumers and millennial employees
Technology reshaping virtually every business function
Every aspect is raising the integrity bar higher.
If a decade or so ago, reputational risk gauged business readiness - for example, seeking to answer “Are we building organizational resilience enough?” - now, it is increasingly assessing whether all aspects of resilience, including non-financial dimensions, are being evaluated in a company’s day to day.
The shift in the approach highlights a crucial fact.
The evolution of reputational risk, while intimately tied to governance decisions made by leadership teams and boards, has fallen out of step with the lightning-fast pace of change.
Data from RepRisk, the Swiss provider of reputational risk and ESG due diligence, reminded our group that controversial business activities evolve.
Governance structures that do not consider the impact of emerging reputational risks are a warning sign of corporate commitments, be they financial or societal, that likely don't align with daily business practices to begin with. Yet, these practices are the ones that informal organizational structures observe and adopt as “precedents” when making decisions.
How reputational risk is evolving
Pre-pandemic times, between 2014 and 2019, I surveyed 1,000 corporate practitioners from expert groups. I aimed to study the evolution of reputational risk in emerging sustainability areas. The informal makeup of corporate functions for how these risks would be perceived was also considered.
Most participants reported that the trend is due to businesses' increased environmental and social responsibility awareness. Consumers and shareholders nowadays have a lower tolerance towards negative headlines, which compounds the need for such awareness.
The key findings from this study were the following:
The trend can be attributed to organizational awareness about businesses' environmental and social impact and reduced tolerance for negative publicity among shareholders and consumers.
Reputational risk is often treated as an operational risk, but its true nature lies in cultural aspects. The perception of reputational risk linked to company culture is gaining importance and demands a distinct approach.
Everyone involved in a company is responsible for overseeing and managing reputational risks. It is not confined to the traditional governance structures where ownership lies with the CEO or board of directors but is a shared obligation.
The respondents noted the influence of their sector-specific financial or consumer conduct authority in broadening the definition. Only a small fraction mentioned political influences and potential conflicts of interest associated with lobbying activities.
Reputational risk is linked to company culture and demands a distinct approach. Everyone in a company manages reputational risks, not just the CEO or board of directors. And companies need to be aware of political influences and potential conflicts of interest associated with lobbying activities when considering reputational risk.
To learn more on the topic, you can access The Impact Challenge in open source here. It highlights how effective governance can elevate reputational risk from just operational oversight to a significant measure of business impact.
1. CFA Level 1: https://analystprep.com/cfa-level-1-exam/corporate-finance/describe-corporate-governance/