The financial markets have witnessed a string of high profile corporate failures that have sent shock waves through both Wall Street and Main Street. The failures have revealed accounting deception, fiduciary failure, inappropriate conflicts of interest, excessive compensation, and a lack of independence resulting in a crisis of confidence in corporate America. Besides the financial toll these problems have on investors, many corporate and individual reputations have been destroyed. Reputation risk is at material levels for CEOs and Boards of Directors, placing a premium on corporate and personal accountability.
As defined by Merriam-Webster, reputation is the overall quality or character as seen or judged by people in general. As defined in the Commercial Bank Examination Manual, for a financial institution, reputation risk is the potential that negative publicity regarding an institution's business practices, whether true or not, will cause a decline in the customer base, costly litigation, or revenue reductions. As we've seen in recent months, reputation risk can also cause liquidity constraints and significant depreciation in market capitalization.
A company's reputation is a critical component of its value, and is monitored by customers and prospective customers, business partners, investors, rating agencies, regulators, employees, and legislators. Reputations are built in countless small ways on a daily basis. However, while an individual or company can, to some extent, influence his, her, or its reputation, in the end, a reputation, like beauty, is in the eyes of the beholder. This is why reputation risk will increase and control of one's reputation will decrease in times of turmoil or crisis. To ensure that an individual or company's reputation is not irreparably damaged during a crisis, management must communicate consistently, openly, and honestly with its constituents.
Corporate crises and vulnerability to reputation risk can arise from many sources, including financial performance and profitability; corporate governance and quality of management; social, ethical, and environmental performance; employees and corporate culture; marketing, innovation, and customer relations; regulatory compliance and litigation; and communications and crisis management.1 A weakness in any one of these areas might be enough to significantly damage a reputation; weaknesses in multiple areas might bring a company to its knees.
What makes reputation risk difficult to quantify is that reputation risk is a risk in its own right as well as a derivative risk from other areas of risk. For example, exposure to significant credit losses could significantly affect the health of a financial institution. Adverse publicity concerning the same credit losses could disproportionately increase total corporate risk, as the financial institution's reputation as a safe and sound lender is irreparably harmed. Violations of consumer-related regulations and statutes and unfair or deceptive practices, whether inadvertent or intentional, affect compliance risk, legal risk, and reputation risk; offering controversial or high-risk products affects legal risk, credit risk, and reputation risk; and decisions regarding outsourcing to vendors and other third party arrangements are fraught with reputation risk, in addition to operations risk and credit risk.
At this writing, corporate trust and confidence are in short supply, and investors and analysts increasingly put a premium on information about companies' reputations. In a recent survey by Rating Research LLC2, more than two-thirds (68 percent) of investors say that access to information on the reputation and business practices of publicly traded companies is very important, with over one half stating that this information is more important today than one year ago. In addition, 65 percent of investors believe CEOs are "not as concerned as they should be" about the reputation of their companies, with almost 47 percent attributing that to self-interest, including personal financial gain. Only 1 percent of 1,000 investors polled by Rating Research said they are very confident that CEOs at publicly held companies are ethical.3
I encourage all financial institutions to pay as much attention to their reputation as to their financial statements, as the two are inextricably linked and the risks to one are risks to the other.
Which Category Best Describes Your Organization?
|Management anticipates and responds well to changes of a market or regulatory nature that impact its reputation in the marketplace. Management fosters a sound culture that is well supported throughout the institution and has proven very effective over time. Management is well versed in complex risks. The institution effectively self-polices risks. Internal controls and audit are fully effective. (Strong Reputational Risk Management Processes)|
|Management adequately responds to changes of a market or regulatory nature that impact the institution's reputation in the marketplace. Internal controls and audit are generally effective. The institution effectively self-polices risks. Management has a good record of correcting problems. Any deficiencies in management information systems are minor. Administration procedures and processes are satisfactory. The institution has avoided conflicts of interest and other legal or control breaches. (Acceptable Reputational Risk Management Processes)|
|Management does not anticipate or take timely or appropriate actions in response to changes of a market or regulatory nature. Weaknesses may be observed in one or more of the critical operational, administrative, or investment activities. The institution's performance in self-policing risk is suspect. Management information at various levels of the institution exhibits significant weaknesses. Poor administration, conflicts of interest, and other legal or control breaches may be evident. Internal controls or audit are less than effective in reducing exposure. Management has either not initiated or has a poor record of corrective action to address problems. (Weak Reputational Risk Management Processes)|
The views expressed in this article are those of the author and are not necessarily those of this Reserve Bank or the Federal Reserve System.