Nicola Maclennan, vice president, AIG Europe (UK), gives the background preview to her talk at the AIRMIC conference on the impact of new Corporate Governance Guidelines on a company's reputation....
Many of the delegates at this year's annual AIRMIC conference will be thinking about practical ways to adopt and enforce recent guidelines on sound corporate governance, particularly where they apply to intangible assets. The new guidelines starting to emerge around the world have expanded the responsibilities companies have in relation to their traditional operational and financial risks so that they now include broader-based – and less tangible – business exposures. So where does one start?
The criteria are wide and companies are now encouraged to manage and monitor any risk that could prevent them attaining their business objectives and which could affect shareholder value. According to the UK guidance, this specifically includes: "market, credit liquidity, technological, legal, health, safety, and environmental, reputation and business probity". With resources so stretched no organisation can expect to identify, evaluate and deal with every possible risk. So what are some of the key risks to focus on?
Recently, we have seen a number of new risks emerging such as political risk, weather, environmental and ethical issues; employment practice liability; and so the list grows. But one of the risks attracting most attention must be the risk to reputation.
The question we are frequently asked is: "What can we do to protect our corporate reputation and our brands ?" Some will argue that "reputation is beyond the pale" when it comes to risk management. At AIG Europe we take a different view. We believe that reputation can be assessed, managed and monitored in the same way as more conventional risk. It just takes a combination of skills, ranging from risk assessment, contingency planning, and insurance solutions.
The key questions are: what is it that makes up an organisation's reputation and what are the risks it faces?
As an asset, reputation and its impact on shareholder value is only just starting to be valued by the board, and yet potentially it is the most vulnerable of all assets. It is not only affected by the actions taken by the key executives of the organisation – which are within its control – but also how those actions (or lack of actions) are reported onwards, which are often not within its control.
Clearly, reputation is no one item like a building or a contract. It is a blend of images, ranging from intellectual capital through to the perceptions of key stakeholders like customers, shareholders and of course employees. Firstly, the organisation needs to understand what reputational risk means. David Brotzen of reputation protection consultancy, Brotzen Mayne, describes it as: "Any event which has the potential to affect the long-term trust placed in the organisation by its stakeholders, thus affecting areas such as: customer loyalty, staff retention and ultimately, shareholder value."
So, what should risk managers be encouraging their boards to do? The first step is to decide who owns the issue. Reputation has traditionally resided with the CEO or the corporate communications department, whereas risk has been the domain of risk management or treasury departments. Reputational risk falls between the two. But, reputation cuts across every aspect of the business and needs a cross-functional team to create and implement the strategy.
The organisation then needs to have a clear understanding of the value of this intangible asset and what it is that threatens that asset. Even this is not black and white, as reputation might mean different things to different companies and in different situations. For example, one crisis might trigger a loss of trust among shareholders without affecting sales, while a different type of crisis within the same organisation might trigger a loss of trust among consumers, and not have a significant impact on share price. The only common ground is that for a risk to become a reputational risk it needs to have the added dimension of attracting public attention. This is most likely to be through media coverage, but could be through internet coverage or governmental activity or even through public meetings.
This then raises the question: "What constitutes a reputational crisis ?" Does it need to be reported in a national paper? If so, does it mean that one negative report is sufficient? If not, what is the distinction between positive and negative media coverage? All these questions need to be answered to help an organisation decide the factors that threaten its reputation and then assess the potential cost of the loss of that reputation. Once the risks have been quantified they need to be prioritised to help management determine where to devote effort and resources.
Recent research shows that good crisis management can minimise loss of reputation and even enhance the view of management as it provides a rare opportunity for the management team to demonstrate publicly their competence. This does, however, require them to have thought-through their responses and procedures ahead of time. Where they do not demonstrate effective crisis management, the same research shows that the financial value of a company can reduce dramatically, at any rate in the short term, with some never recovering.
As part of its risk management strategy, the organisation then needs to consider how it plans to fund the reputational risks it faces. Does it plan to retain the risk, reduce, it remove it or transfer it? A company's financial worth can be affected if it is known to have a significant package of liabilities whose precise value is difficult to estimate and with a payment date several years in the future. Therefore, directors must decide whether it is beneficial to remove uncertainties and possibly free-up capital held in reserves by transferring these liabilities.
From an insurance perspective, we believe organisations should look at the way they manage the total cost of risk. Use of alternative risk financing, bringing financial market exposures and traditional insurable risks together in an integrated framework may limit the impact from these risks and reduce the costs.
The message is clear: organisations need to assess how important their corporate reputation is to their businesses in quantifiable terms. They then need to determine how that reputation could be threatened and build-in early detection and response systems, based upon sound risk financing strategies. They then need to consider how to ensure the policies and procedures are implemented. Once that has been completed, new corporate governance guidelines, around the world, mean organisations will need to report on the adequacy of those plans in their annual report and accounts. Finally, they need to partner with organisations, including insurers, who understand the importance of reputation and will work with the organisation to protect it when events occur.
While reputation might be an intangible asset, it is also a highly fragile one and so the advice is to quantify the risks to that reputation and proactively adopt a strategy to protect that asset.
It is all too easy to value a reputation once it has been destroyed.