Reputational Risk

Economist Intelligence Unit, here, a division of The Economist, here, conducted a survey of 269 business executives representing 19 industries, and the result was Reputational Risk was the top of the list of 13 available categories, and ahead of Regulatory Risk, Human capital Risk, IT Network Risk, Market Risk, and Credit Risk, see here. The question was raised, is Reputational Risk a standalone category or a consequence of other risks, and the respondents were evenly split.  Supporters of ‘consequence’ side may include risk managers who have made great efforts to structure their Governance, Risk Management, and Compliance (GRC) systems, identified their primary risks and attempted to quantify the costs of each, but are ultimately frustrated with the challenges presented by Reputational Risk. The supporters of Reputational Risk as a ‘standalone category’ may include risk managers in industries where primary risks are very hard to identify and quantify. Though Reputation was considered “one of the most important corporate assets”, a surprising revelation from this survey was that failures in Regulatory Risk and Legal Risk management were considered the greatest threat Reputation, yet environmental breaches were considered “an unlikely source of reputational damage.” Now take the survey into context, it was published in 2005. I barely recall ‘social media’ being uttered in 2005, but today, a simple twitter suggestion of bed-bugs can reach millions of people and keep hotel patrons and movie-goers away in droves. I have not been able to find a recent recreation of this study, but I would suggest that even if a 2010 survey was available (and I’m sure it is) it might be reliable for a period of only months, not years.

My support (yes it is 2010 support, and I cannot point to a written log of such support in 2005) would go to the ‘standalone category’. Damage to reputation is a very real secondary risk to every primary risk, however, since is can also be a direct loss, with no primary risk cause, the risk has to have its own policies, procedures, measurements (prioritize if not quantify) and unique solutions. This means, crisis management plans, dedicated ‘category owners’, internal (separate from) external communication plans, oversight/policing of Reputational Risk Management component of every divisional/category Risk Committee, involvement in executive level Reputation Planning (including establishment, maintenance and monitoring.)

It is largely agreed that Reputational Risk is difficult to quantify. With it also, 1) being difficult to identify the source of risk, 2) having a financial cost (potentially) much greater than most primary or corresponding risks, 3) needing the attention of every employee in the organization, and 4)  being one of the top concerns of corporate executives, it needs to be given a separate category and very serious attention.

Greg Shields, Partner, Mitchell Sandham Insurance Brokers, 416 862-5626, gshields@mitchellsandham.com

CAUTION: The information contained in the Mitchell Sandham website or blog does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making and insurance or legal decision. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this site from any external website must seek the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.