4 strategies for managing reputational risk

The good news is that the reputation of the U.S. banking industry has taken a turn for the better, according to the November 2014 U.S. RepTrak Pulse Ranking from Reputation Institute. Banks improved in the perception of stakeholders across seven reputation dimensions, from a reputation score of 58 in 2013 to 62.6 in 2014.

The bad news? A score of 62.6 barely puts banks into the “average” reputation category. And some of the larger financial institutions—including Citibank, HSBC, and Bank of America—are in the weak category. (By contrast, the number one company, BMW Group, scored 78.9.)

Reputation is all about perception: how customers, employees, investors, and other stakeholders view your financial institution. The goal is alignment between the image you think you portray and what people really think. Reputation drives revenues—and it can also help insulate your institution from brand damage due to events such as cyber attacks and regulatory actions. The key is to build your brand resilience so that customers perceive your institution positively, even when unfortunate situations occur.

Organizations, including financial services institutions, are paying more attention to reputational risk management. For the first time since 2007, damage to brand and reputation has emerged as the top-ranked risk in the Aon Risk Solutions Global Risk Management 2015 study. Deloitte’s 2014 Global Survey on Reputation Risk also points to a renewed focus, with 88% of executives saying their firms are explicitly focusing on managing reputational risk.

One reason banks, in particular, are paying more attention to it is because regulators are as well. There are no regulations governing or quantifying reputational risk, but the banking agencies include it in their commentary on risks banks should pay attention to. It is one of OCC’s eight categories of risk covered in its large-bank supervision handbook, for example.

Dealing with the subjective

Managing and measuring reputational risk can be more elusive than managing operational risk or credit risk, according to Merrie Spaeth, president and founder of Spaeth Communications.

To make managing reputational risk even more difficult, it’s ill-defined by the regulators, says Peter Weinstock, head of the Financial Institutions Corporate and Regulatory practice at Hunton & Williams LLP.

Weinstock calls reputational risk a “house of cards” that has no basis in facts and figures. While it’s widely accepted that damage to a financial institution’s reputation is financially harmful, Weinstock contends that there is no proven correlation between reputational risk and financial stability. “It’s not illegal for banks to engage in activity that has reputational risk.”

That said, financial institutions have exited entire lines of business trying to appease regulators, according to Weinstock. “It’s not about what the banks consider risky,” he says. “They are feeling forced to de-risk based on what the regulators subjectively consider risky to the bank’s reputation.”

So how can financial institutions approach reputational risk, given the challenges of managing and measuring the risk, and—as Weinstock notes—the subjective nature of the regulatory definition of reputational risk?

No financial institution can fully protect itself from incidents that can damage its reputation, says Steve Culp, senior global managing director of Accenture’s Finance and Risk Services practice. “Bad things are going to happen; you can’t build the walls high enough. Financial institutions need to ensure that their risk management programs are compliant and that they have built resiliency.”

Follow these 4 guidelines

For most financial institutions, the best defense will be a good offense: going out of their way to build goodwill that can carry them through a tarnish to their brand; monitoring their reputation on social media; and preparing for the inevitable event that can potentially damage reputation with a well-thought-out crisis playbook. Below is more detail on these three points, plus a fourth: the importance of being flexible.

1. Build goodwill

“A great reputation can get you through a problem,” points out Davia Temin, president and CEO of Temin and Company. “It’s a simple concept, but people often forget it.”

For Spaeth, building goodwill requires touching customers on a regular basis, even if that contact is digital. The key is to make customers feel like individuals. “You want customers to be on your side. You don’t get them on your side with facts and statistics, but by forming a bond based on feelings,” she says.

This frequent communication with customers should be informal and strive to create engagement. Financial institutions also should communicate with and engage their own employees so that employees will serve as brand ambassadors in the community.

If you want customers to feel that your bank is a good citizen, you’ve got to be willing to always do the right thing and then get attention for it. “Do what you’ve always done, but do more of it,” advises Spaeth. “Get out in the community, talk about your values, provide testimonials of people you’ve helped.” 

“Banks are the economic lifeblood of their communities,” Spaeth adds. “They need to do a better job of translating that good work into a good reputation.”

Anther important component of building goodwill is how you address customer issues. “Anytime a customer has a problem, take care of it so well that they don’t hold a grudge,” advises Temin.

One example of a bank doing a good job of building goodwill is Barclays, says Accenture’s Culp. The bank sponsors Digital Eagles, a series of free Tea and Teach workshops at branches across the United Kingdom, for customers and their friends and family to get help with online issues

Building goodwill among customers and employees is a smart strategy, but can’t be the only one. From a regulatory perspective, building goodwill doesn’t work, says Hunton & Williams’ Weinstock. “I’ve never seen regulators acknowledge activities, such as community reinvestment and low-income lending. It’s expected that banks will engage in these activities; the regulators don’t give them any credit for it.”

2. Monitor social media

Social media is a big reason for the increased focus on reputational risk. In only a few hours, for instance, dissatisfied customers and dissatisfied employees can irreparably damage a financial institution’s reputation.

As a result, financial institutions are paying much more attention to social media monitoring, notes Culp. Unlike customer surveys or focus groups, social media monitoring provides a financial institution with near real-time insights into how customers view the organization and how the organization compares to its peers.

Social media monitoring is becoming more scientific as well, allowing financial institutions to cross-reference data by geography, product line, or customer group, according to Culp.

3. Prepare for a crisis

Although most large financial institutions have crisis management programs, only about one-quarter of community banks have one, estimates Spaeth. “You need a plan before a crisis strikes,” she says. “You don’t have time during a crisis to figure everything out and take hours before you talk to your audiences.”

The first step is to put together a crisis team. While executive management will likely be involved, be sure to include what Temin calls “fast thinkers,” who can make a quick decision in real time. “You don’t have the luxury of a lot of back and forth in a crisis,” she explains.

Chuck Saia, chief strategic risk, reputation, and regulatory affairs officer for Deloitte, suggests that the crisis management team be cross-organizational. Depending on the crisis, financial institutions may need to bring in additional team members. For example, a cyber attack would likely require the input of the chief information officer and the chief security officer.

The crisis management team should meet regularly, perhaps quarterly or even monthly, to talk through reputational events that could impact the institution, and discuss how to adjust strategies to deal with reputational issues. “The committee should focus more on reputation than financial metrics,” says Saia. Temin adds that financial institutions should name a crisis spokesperson—preferably someone with crisis media training.

Saia also recommends financial institutions develop a crisis playbook that outlines not only who is on the crisis team, but how formal reporting to executives and board members about the crisis will be handled. The oil and gas and pharmaceutical industries are particularly astute at preparing such playbooks, he adds, and can serve as models for financial institutions.

The playbook outlines a formal cadence for how the crisis response should unfold. Since everyone knows his roles and responsibilities, the financial institution can execute the crisis response quickly, explains Saia.

Saia notes that Deloitte’s own crisis playbook calls for feedback and notifications to be provided to executives and board members at the end of the day. The playbook describes the exact format of the reporting and what will be included, such as potential client impact, financial impact, and media coverage. “Our executives and board know that they will receive updates at the end of the day, halting the barrage of midday phone calls from executives and board members asking for an update,” says Saia.

4. Be flexible during a crisis

Every crisis is different and requires a different response, says Temin. What’s critical, she says, is to put a crisis management infrastructure in place and then rehearse what you will do in different scenarios, recognizing that a crisis can be unpredictable or even a “black swan event”—an event so out of the realm of possibility that no one is prepared.

It’s dangerous to use the solution from one crisis and superimpose it on another, says Temin. “You can’t have a crisis plan that you kick in mindlessly. The details matter enormously, and those details will differ depending on the crisis.”

And the crisis itself will shift and morph. The social media conversation going on today will be different than the conversation on social media tomorrow morning, warns Temin. “Your communication response that worked yesterday may not work today. And it really won’t work a month from now.”

But your communications response isn’t what should drive how you mitigate the crisis, according to Temin. She refers to communications as “putting lipstick on a pig.” More important than what you say is that you have a way to fix the problem. “Organizations think that a nice communication response will fix a major blunder, but they’re wrong. Fix the blunder, and then communicate nicely,” she explains.

Reputation: a moving target

Managing reputational risk can seem daunting, especially in an environment of fast-moving social media.

“The velocity of reputation risk is much faster than ever before,” notes Saia. Financial institutions need to be on their toes and manage reputational risk more aggressively.

Banks also should recognize, say the experts, that they can’t deal with reputational risk in isolation. It needs to be part of their overall risk governance. It’s now a high-stakes C-suite issue that is getting a lot of needed attention.