What is reputational risk?

Reputational risk is all about the dangers of a possible future. It discusses things which could harm it under the right conditions, not things that have already happened. 

As part of their strategy-building, boards and management need to find those dangers and mitigate their potential. If they don’t do this, the damage could lead a company as far as “worst-case scenario” territory. 

The types of reputational risk:

• Reputational risk caused by the company, for example, a new business policy or getting fined for breaking the law.
• Reputational risk caused by individuals associated with the company; for example, an employee acting violently or an investor with controversial political comments.
• Reputational risk caused by partner organisations; for example, a supplier with poor workplace practices, 
• Reputational risk caused by consumers; for example, bad reviews or social media boycott campaigns.

The number one thing to remember about reputational risk is its potential. That potential is impossible to predict. Being such an unknown variable, it must sound alarm bells in the mind of company leadership.

• Reputational risk often hides. A company looking to mitigate risk must determine if it’s actually there. Risk will rarely shine a spotlight on itself. 

• Reputational risk is unpredictable. There is no possible way of knowing when a risk might morph into a severe corporate problem or how much impact it will have. 

• Reputational risk damages. If it becomes clear that a company mismanaged its risk, all bets are off. A company could suffer anything from a single week of bad PR to losses causing insolvency. There’s no way of knowing the limit, but some companies have never recovered from mismanaged reputational risk. 

There are many causes, but all of them centre around standards. Risk arises when a company falls short of the standards it is set by law, the standards it sets itself, and the standards stakeholders set for it within the industry. 

The main causes of reputational risk are usually a combination of the following:

• Bad workplace conditions. Faulty equipment, dangerous premises, a culture of overworking – all of these can create conditions that are below what stakeholders expect. 

• Bad products. Poor-quality goods and services regularly spark public outcry. 

• Bad managers. When CEOs, boards, or other senior management become involved in a corporate scandal, this can spell disaster for business. These people are the flag-flyers of the organisation and the products it sells. If they are seen to have acted dishonourably, the level of trust in the company will go down. 

• Bad adaption. Stakeholders’ opinions constantly change, so companies and their products should change with them. For example, in 2000, airlines wanted planes that maximised capacity, but by 2020, they wanted planes that maximised fuel efficiency to lessen their chances of being labelled “anti-sustainable”, so manufacturers adjusted accordingly. 

Firstly, because of the threat to the company’s long-term future. Boards and management are ultimately responsible for bringing a company from one year to the next, growing its potential along the way. The blunder of reputational damage goes directly against this goal. 

Furthermore, boards and management need to scrutinise risk in all its forms, including reputational. These risks must be spotted and mitigated, with contingencies in place should the worst ever happen. For some board members, this is the primary responsibility. 

No board member should ever find themselves on the receiving end of the infamous, diminishing line: ‘you had one job!’

Aside from this, boards and management should also remember that mishandled risk will often come back to them personally. Distance doesn’t matter. Seniority doesn’t matter. Even a case of bad workplace conditions in a remote warehouse, far away from company headquarters, can alter the career of a CEO or board member. 

Remember this crucial point: managing risk doesn’t mean one quick fix; it’s a marathon of continuous checks of company performance against the standards. 

• Foster a risk-conscious culture. Ensure that boards and management appreciate the importance of reputational risk and that it filters down to the lower levels. 

• Identify and assess. Match minds with whoever is relevant for however long it takes to identify reputational risks and how much of an impact they could have. 

• Know your brand. Understand who buys it, who invests in it, and what they expect from it. This is key to ensuring your products never fall short.

• Invest in PR. If you have a team of experts behind you, your chances of maintaining a good image are greater, even if your company is going through a period of damage control. 

• Listen and learn. If somebody raises a red flag that could cause severe reputational damage, don’t dismiss it, don’t underestimate it, and don’t put it on a long to-do list, hoping it may get brought up at the next quarterly meeting. Address concerns when they arise.

Potential is everything. Reputational risk gone wrong has factored into some of the past decade’s biggest corporate backlashes.

Notable examples include:

• #metoo and the Weinstein Company. The unprecedented global movement against sexual harassment began with allegations against Harvey Weinstein in the mid-2010s. Although Weinstein was removed from his CEO post once accusations began to mount, severe financial complications continued to plague the company, and it declared bankruptcy in 2018. Afterwards, analysts determined that most of the board had too close a relationship with Weinstein to properly assess the reputational risk he brought to the organisation – once one of the biggest production companies in Hollywood. 

• The Danske Bank Scandal. Danske is one of the biggest banks in Europe, but in 2017/18, authorities discovered that it had failed to accurately monitor more than €200 billion in transactions from Russia to the west, through its Estonian branch, for signs of money laundering. Much of this money is now thought to have been the proceeds of criminal activity. 

Danske’s senior management failed to follow several basic tips for managing reputational risk, notably the requirement to ensure consistent standards in financial oversight. As a result, police arrested several senior staff, CEO Thomas Bergin resigned, and Danske shut down all its services in Estonia. While all this was happening, the bank’s share price fell by around half.

Reputational risk is a vital component of company strategy. Ignoring it means exposing the company to severe damage within its industry, potentially impacting its viability in the long term. 

Further Reading:

More on reputational risk

When managing reputational risk goes wrong: case studies