Companies often have more to lose than they think from mistakes or unpopular policies. Especially in an age of near-instantaneous digital communication, word of a company’s blunder or objectionable stance can spread quickly among customers, stakeholders, and the general public. This is often quickly followed by criticisms and questions regarding how the company let an error happen, or why it’s acting the way it is.
If not addressed promptly and professionally, these concerns can compound an already bad situation for a company by draining the goodwill of the people it relies on for its business. This is known as reputational risk.
In this article, we’ll talk about what causes reputational risk and what a company can do to avoid it—or at least limit the potential damage to its standing.
What is Reputational Risk?
Reputational risk refers to actions and circumstances that can cause an organization or other entity to lose credibility with stakeholders, customers, partners, or the general public. This loss of trust, if not addressed quickly and adequately, can, in turn, cause an entity severe financial damage.
Reputational risk is often (but not always) related to operational risk. A significant failure inside an organization, if made public, can impact the organization’s perception by outside parties and result in further consequences. People and organizations that previously supported the company may choose to take their business elsewhere, having lost faith in the company itself.
It's also a key factor for risk management in banking.
What Causes Reputational Risk?
Reputational risks can sometimes be caused by isolated but severe incidents, some of which happen without warning. Other times, they can be caused by the nature of an entity’s activities, and last for extended periods. What’s common is that the impact of reputational risk on an entity’s credibility—and often, by extension, their finances—often takes a long time to undo.
Causes of reputational risk can be classified as direct, indirect, or tangential.
- Direct: Risks that are the result of the collective actions (or inactions) of a business.
- Indirect: Risks resulting from misconduct by a company’s representatives.
- Tangential: Risks that come from a company’s relationship with a third party that’s receiving reputational damage.
So what do reputational risks look like in practical terms? We’ll demonstrate in the next section by offering some reputational risk examples.
9 Types of Reputational Risk
Reputational risk can come from many different sources, from a company’s overall business model or corporate culture to embarrassing actions or employee disparaging remarks. A company can even face threats to its reputation through “guilt by association” if a business partner or high-profile client is having trouble with its public image.
Here are 9 common sources of reputational risk.
Poor Quality Products and/or Services
Providing products and/or services that don’t meet customer expectations is a quintessential reputational risk. This is especially true in an age of rapid communication over digital channels.
Even if most customers are satisfied with what they get from an organization, dissatisfied customers can spread negative publicity quickly over the internet. And if an organization doesn’t do a good enough job of addressing these concerns (or at least appearing to), while it may not lose loyal customers, it can have a more difficult time bringing in new customers.
Misconduct by Representatives
People affiliated with an organization can cause reputational risk for it if they behave badly, as the public often sees these actions as reflective of the organization itself. Often, this is associated with unethical or other poor conduct—especially crime—by C-suite executives or beneficial owners, either in a business context or in public life.
Even rank-and-file employees can cause reputation problems, though. They can cause incidents at work or in public that get picked up by news outlets. They can get into confrontations with customers or fail to follow a company’s brand messaging. Or they can criticize their own company or spread other negative messages on social media.
Security Failures
This can refer to both physical security and cybersecurity. If someone breaks into a company’s physical office and steals or destroys property, that can lower the faith of outside parties in a company’s ability to protect its assets. Even more damaging to reputation, however, can be a business suffering a cyberattack like a DDoS attack, data breach, or malware attack.
There are two reasons for this. The first is that a cyberattack can cripple a company’s functionality and prevent it from delivering its services (at least much easier than physical theft can). The second is that cybercriminals can steal customer data and use it to commit all manner of fraud.
Compliance Shortcomings
In heavily-regulated industries, such as financial services, businesses have several extra rules they must adhere to. So a major source of reputational risk in banks, for example, is being caught skirting these compliance requirements.
Regulatory agencies will often publicize which organizations were found to be non-compliant, why, and how they were disciplined. So even if an organization’s lack of compliance doesn’t result in any direct harm to associated parties, it can still cause them to doubt that the organization is doing what’s necessary to protect their interests.
External or Internal Fraud
This category goes hand-in-hand with risks caused by security failures and representative misconduct. Failure of a business to prevent fraud by outside actors—such as identity theft, account takeovers, and other deceptive abuses of their systems—can scare customers away because they feel unsafe or that the platform is allowing unfair dealings. In turn, that can sow doubt in stakeholders about the company’s ability to operate profitably (more on this later).
On the other hand, organizations with inadequate internal controls may get taken advantage of from the inside. Employees may exploit process weaknesses to steal money, property, or information. Or senior officials can abuse the powers and information granted by their positions to do things that are for their own benefit instead of the organization. If these actions happen repeatedly and get exposed to the public, they can cause a business significant reputational damage.
Unsafe Work Culture
Treating employees and partners poorly can also cause a business reputational risk. Employees subjected to physically and/or emotionally unsafe work conditions are likelier to leave a business, and will likely also recount their experiences to others.
This can hurt the business in two significant ways. First, not only does it increase turnover for the company, but it can also hamper the company’s efforts to attract replacement employees. Second, hearing about employee mistreatment may cause customers and investors to boycott the company, causing problems for the company’s ability to sustain itself.
Ignoring Social or Environmental Responsibility
There is a growing expectation by outside parties that companies should consider their impacts on local communities and the broader environment. Sometimes, companies have opportunities to build goodwill by supporting government projects or non-governmental organization initiatives. Examples include poverty reduction, environmental clean-up, and helping the disadvantaged. A company seen to be ignoring these opportunities can take on increased reputational risk.
Other times, this sort of reputational risk can be more-or-less inherent to the company’s operations. A common example is energy companies, especially those that deal in fossil fuels. They are repeatedly targeted by protests and informational campaigns from activists concerned about the effects of resource extraction techniques on surrounding environments.
Partner Company Failures
A company can also face reputational risk due to failures by its business partners. For example, say a retail or eCommerce business hires a logistics company to deliver its products. Said logistics company develops a bad reputation because it habitually misses deliveries, mixes up orders, or delivers items late or broken. The original business may also take a hit to its credibility, even though it wasn’t directly responsible for these mistakes because the unreliable logistics company was acting on its behalf.
Lack of Profitability
Stakeholders in a company expect returns on their investments, and a company can’t provide these if it’s not profitable. This shortfall can be caused by a number of factors: failure to adapt to market circumstances, poor executive decision-making, bad corporate governance, victimization by financial criminals, discipline by industry regulators, and so on.
Whatever the reason, failing to meet stakeholder expectations can create reputational risk for a company. It can drive away current investors and make finding new investors difficult.
Reputational Risk Management: How to Mitigate and Control Risk
Reputational risk is often a case of adding insult to injury. A business makes a mistake and pays the price for it, but then risks taking on further damage as other parties question how the business let that mistake happen in the first place.
Stemming this collateral damage requires thorough planning and swift action. To that end, here are nine strategies for how to mitigate reputational risk.
1. Assess likely reputational risks
The first step to managing reputational risks is knowing what they are. Set a baseline for the organization’s public image by doing things like:
- Interviewing employees, investors, and other stakeholders for their perspectives
- Typing the organization’s name into a search engine and viewing the results
- Searching for news stories about the organization
- Reading posts and comments about the organization on social media
From this research, classify reputational risks by how likely they are to occur and how detrimental they would be to the organization’s good standing.
2. Know what stakeholders expect
Another reason to talk to stakeholders, employees, partners, and clients is to learn what they expect from the organization. Then compare those against the ability of the organization’s business operations to fulfill those expectations. Remember, a significant source of reputational risk is when an organization promises more than it can deliver, leading to a negative reputation of being unreliable.
3. Establish and firm up internal controls
Inherent risks—including reputational risks—can often be minimized or even avoided altogether by having proper detective and preventive controls. These include laying out clear policies and procedures that employees must follow, investing in security technologies, outlining business vetting processes, standardizing production quality, dividing up duties fairly, and limiting access to sensitive information or property.
It’s also important to document these controls for at least two reasons. First, it helps with reputational damage control by helping an organization explain what measures it had in place to limit the chance of something bad happening. Second, it serves as a baseline for how a company can change its controls to better detect and prevent future problems.
4. Implement a culture of strong ethics
Everyone in the organization, from frontline employees to directors and upper management, should be trained in their roles with an eye toward reputational risk management practices. They need to recognize that their conduct both inside and outside the organization, can be a source of reputational risk if handled poorly.
5. Keep communication and messaging positive
As British jewelry magnate Gerald Ratner infamously found out in 1991, it’s rarely a good idea for an organization to speak ill of its own products or customers publicly. Even if doing so is meant as humor or extreme honesty, this can tarnish the organization’s reputation.
Maintain a growth mindset in messaging, letting clients and employees know what’s going on with the organization and how it’s working to make things better. That includes being supportive rather than confrontational in both customer service and management. In the long run, this will help the organization cultivate a positive image that can help it weather storms of negative publicity.
6. Respond promptly to negative feedback
Another area where positive messaging is necessary is in addressing criticism that threatens to harm an organization’s reputation. If the criticism points out a mistake the organization made, the organization should own up to it. Communication should focus on the organization’s strengths while addressing how the organization will fix the flaws identified by the criticism.
Employees—especially those in customer service and public relations—should be trained on how to produce this kind of messaging like it’s second nature. The longer criticism goes unanswered, the higher the risk that other outside parties will begin to believe there’s substance to it.
7. Have a contingency plan
In the unfortunate event that a business encounters a scenario that gravely threatens its reputation, it should have measures in place that all employees are familiar with. Employees should know not just how to fix the situation. They should also have a plan to communicate to relevant parties:
- what went wrong, and why
- what the business had in place to minimize the chance of the problem occurring
- how the business will adapt its policies and procedures to prevent a repeat of the mistake
Again, this plan needs to be able to be put into action as soon as possible. More time spent without a response to a problem means more time for the organization’s reputation to decay.
8. Monitor changes to reputational risk
Even if a business has all the right plans to safeguard against reputational risk at a given time, circumstances will eventually change. Shifts in stakeholders, partners, social attitudes, and economic conditions can modify the expectations of a company. This can require a company to adapt its risk management strategies, if not its entire business plan.
9. Employ tools and outside resources
There are dedicated systems, such as reputation management software, that can help a company consolidate its interactions with outside parties and streamline its messaging. This technology makes it easier for a company’s public relations team to respond to criticism with the right message at the right time.
There are also entire agencies dedicated to reputational risk management. It might be worthwhile to hire one, as they can focus on looking ahead to identify, evaluate, and plan for emerging types of reputational risk. This is something a company may not have the proper type or amount of resources to do on its own.
Unit21 Helps Guard Against Reputational Risk Due to Fraud and Money Laundering
Financial crime is a major source of reputational risk in the banking sector. If a financial institution loses enough money to fraud (in a single incident or repeatedly over time), especially to bad actors working inside the bank, customers will understandably question the bank’s ability to keep their money safe. Similarly, if money laundering is exposed to be happening at a bank, clients won’t want to continue doing business with a financial institution that’s facilitating crime.
Now for the good news: avoiding these types of reputational risks is much easier if a bank has the right tools. Unit21’s Transaction Monitoring and Case Management solutions ingest and organize data from multiple sources so risk management teams can swiftly identify, stop, and report suspicious activity before it turns into financial crime. Our solutions are also ideally suited for Trust & Safety teams looking to keep online marketplaces safe and secure.
To see them work together in practice, contact us for a demo.