Managing reputation risk

This is an edited and updated version of my speaking notes used for an address on managing strategic and reputation risk to the members of the Board of Directors of a bank based outside India. I will cover strategic risk in a future post. The talk drew substantially from the writings of Prof. Charles R. Fombrun, especially his book on Reputation, apart from other references as indicated.

What is reputation risk?

Reputation risk is the risk of lowered public and stakeholder perception on account of certain direct or indirect events, and the consequent loss of present or future business relationships and related income. The US Federal Reserve defined reputational risk as “the potential that negative publicity regarding an institution’s business practices, whether true or not, will cause a decline in the customer base, costly litigation, or revenue reductions.” A more conventional definition puts it as risk from the negative perception of stakeholders that can adversely affect a bank’s ability to maintain existing, or establish new business relationships and continued access to sources of funding.

Both reputation risk and strategic risk are related perhaps much more than any other two sets of risks. Strategic risk failures, just as operational risk failures, and credit and market risks could eventually lead to reputational risk events. Reputational risk failures could lead to changes in strategy.

A major difference is that the Board or senior management decides strategy just as market risk-related decisions also arise mostly from one point. Credit risk arises from points which take credit decisions and monitor them. This is far more than what strategic risk involves. But, operational and reputational risks are the result of actions across organizations, especially banks, cutting across hierarchy and jurisdictions. This is more or less the case across organizations. But, there are specific reasons why reputation is particularly important for banks which explains why the discussion that follows will mostly be from a banking perspective.

Reputation risk in banks

Banks and banking are almost synonymous with reliability and trust so much that ‘bank on’ is also synonymous with ‘count on’ or ‘rely on.’ But, this is a double-edged sword as public trust is contingent upon the reputation of banks and any deterioration in reputation can have disastrous consequences. Many inherent and extraneous reasons can shake this public trust.

Bank balance sheets are inherently fragile. First, liabilities in the form of deposits are mostly short term and withdrawable on demand. But, assets are medium to long term. Second, the value of the liabilities is more or less fixed, but the value of assets whether in the form of loans or investments could deteriorate over time.

Asymmetry of information between a bank and its depositors where the latter has hardly any knowledge of the competence of the bank management, the composition and quality of its loans, and have no time or ability to access and comprehend bank financials, make banks prone to rumours and runs. Such eventualities further depress the value of assets when banks try to convert them into cash to be able to repay depositors transforming a liquidity problem into an insolvency case. Liquidation of a bank has negative externalities all around affecting not only depositors but the borrowers, the economy, the government’s fiscal position and the effectiveness of monetary policy. Failure of one bank can have consequences for other such institutions within the country and abroad. All these provide the rationale for national and global banking regulation and the need to maintain reputation.

Increasing importance of reputation risk

Major events

The importance of reputation risk has grown in the last three decades. There was the classic case of BCCI, not the cricket body, but the Luxembourg based bank, which went into liquidation in the year 1991. A bad reputation almost since its inception in 1972 did not prevent it from spreading its presence across continents. As Dr IG Patel, former Governor of Reserve Bank of India (1977-1982) wrote in his memoirs, he resisted pressures from New Delhi to grant the bank a licence to open a branch in India. Maybe formal regulatory attention to reputation risk and cross-border sharing of regulatory information would have prevented the subsequent issue of a licence.

Then there was the case of Barings, the 233-years-old banker to British royalty which collapsed due to the activities of a young trader in Singapore. There were regulatory concerns in Singapore and the reputation in the markets was not good. Harnessing these would have perhaps prevented the collapse.

The decisive development that brought regulators to focus on reputation came from outside the fold of finance, namely the case of Enron, which had a ‘crooked’ E as its logo. The Basel Committee which was framing Basel II in those years brought reputation risk within the fold of the new capital accord for banks. Reputation risk does not lend itself easily to measurement. Moreover, it is the end manifestation of various other risks. Therefore, Basel II put reputation risk under its second pillar, a matter for supervisory assessment.

Increasing sources and frequency

Apart from the growing attention of supervisory authorities, the focus on reputation risk has also increased due to the increasing sources of such risk. This includes reputation risk on account of mergers and acquisitions which went wrong, IT-related issues, and operational risks on account of globalisation, structured financial products, and increasing complexity in banking. The frequency of such events has also been increasing. A good reputation is ongoing, dynamic, and multi-dimensional, and there is no minimum tolerance level.

Future business growth

Depositors and borrowers would like to associate with reputed banks. Reputation also affects what one can charge for underwriting or syndication. It affects who could get invited and what would be the share in the fees. Reputation also affects the ability to attract the best fresh talent from graduate schools. Thus, managing reputation risk is important for not only maintaining existing relationships but also for attracting new ones.

Measures of reputation

Reputation depends on how it is perceived by the public and the quality of its interactions with different stakeholders. These stakeholders include not just shareholders, investors, customers, vendors, and retailers, but also the public, the government, and as the British Petroleum case shows, even the environment and wildlife. The relative importance of stakeholders would vary depending on who is assessing the reputation. For a prospective customer, it would be customer service reputation. For a future employee, it would be the quality of employment practices. But, they would also look at other aspects of a reputation as indirectly affecting them. For instance, poor financials would put at risk the continued servicing of products and services for a customer just as continued employment for an employee.

Is there a composite reputation indicator? People imagine reputation in terms of corporate leadership, governance reputation, financial performance, product quality, service quality, employment practices, environmental commitment, social contribution, stock performance, debt repayment reputation, and a largely positive media presence. A large negative in any of these could translate into an overall negative however positive might be the performance in the other. The extent to which a negative in any one of them might drag down the overall score would vary and perhaps from industry to industry and across different cultures. For instance, bribing officials in another country might not affect local reputation as much in one country as in another.

Different reputations

Fombrun and Shanley (1990) suggested that firms could have not one but several reputations depending on the domain and audience. That is why they stated that “reputations signal publics about how a firm’s products, jobs, strategies and prospects compare to those of competing firms.”

How can one measure reputation? When it comes to countries, there are different parameters, from GDP growth rate to their relative positions in the corruption index, democracy index, and hunger index, all brought out by different non-official organizations.

When it comes to corporates, including banks, the standing in the stock market could be one indicator. Or their credit rating. Fortune brings out a corporate reputation index every year. In the 1970s,

Fortune now comes out with a list of Most Admired Companies which is based not on any survey but a peer perception on nine attributes. These include quality of leadership and management, quality of products/services offered, innovativeness, community responsibility, the wise use of company assets, effectiveness in running a global business, value as a long-term investment, soundness of financial investment, and ability to attract and retain talent. For more details, see here.

Among the companies which were at the top fifty years back, IBM is now (2022) at 46, General Motors is at IBM is at 154, and Sears Roebuck and Company went bankrupt. BigTech companies dominate the list. Apple has been at the top of the list for about 15 years. 

Major cases of reputation risk

In the financial sector, as might be expected, there have been many cases of reputation risk failures over the last three to four decades. Drexel Burnham Lambert collapsed in the late 1980s throwing Mike Milken into financial folklore and even inspiring a few movies. We have mentioned earlier BCCI (1991) and Barings (1995). Prudential Insurance which sponsored the first two World Cups in cricket admitted to fraud in 1993. Kidder Peabody, the nearly 120 years old firm admitted to fraud in 1994.

In more recent years, there was Barclays and others involved in the LIBOR scandal. Goldman Sachs was recently penalised in the Malaysian 1MDB scandal. And then there were Lehman Brothers, UniCredit, and Intesa Sanpaolo. Wells Fargo, one of the few major banks untouched by the financial crisis of 2007-09, got into a major cross-selling scandal a few years later. To meet their targets, employees were selling about seven financial products to each customer without their knowledge and affecting their individual credit ratings.

In India, there was Indian Bank in the 1990s, Global Trust Bank a decade later, and more recently Punjab National Bank and YES Bank involved in some major fraud or the other.

Determinants of reputation risk

A Harvard Business Review study of 2007 (Eccles and others, Reputation and its risks) identified the following as determinants of reputation risk:

Reputation-reality gap

Gap between the perception of reputation and reality, which will be exposed in due course. British Petroleum enjoyed a great reputation with its tagline, Beyond Petroleum. But, when its Deepwater Horizon rig exploded off the Mexican coast in 2010, resulting in the largest ever marine oil spill, investigations revealed deficiencies at various levels including the design of the well, its maintenance, and failure to act on early warning signals. The cost to the environment, ocean life, people, and the economy was enormous. The company had to pay billions of dollars in penalties and compensation which along with clean up charges added up to 65 billion dollars by 2018. A picture of an oil-drenched and immobile pelican became the lasting image of the sordid episode.

Changing beliefs and expectations

Changing beliefs and expectations are another determinant. Expectations as to moral and ethical behaviour by corporates vary over time. Using fiduciary banking information to sell investment products, giving one’s auditors highly remunerative consultancy work, and appointing the CEO’s friends as directors were not looked down upon until about three to four decades back. But, the norms changed with one event after the other. Those who did not keep up with the changing expectations, and how they vary across jurisdictions, paid the price. This included Enron, Tyco, WorldCom, GSK with their aids drugs, and Monsanto with their genetically modified plants.

Weak internal coordination

Weak internal coordination could lead to mismatches between, say, what marketing promises and what the product is capable of delivering. Or when the Board promises across-the-board wage increases while it is also trying to cut costs. This lack of coordination also affects the ability to anticipate and recognise changing beliefs and expectations as and when they happen.

Drivers of reputation risk in banks

Apart from the above, banks have sources of reputation risk peculiar to the sector. As stated earlier, banks are inherently susceptible to rumours and runs which could result in short term liquidity crises which, if not managed well, might in turn result in a solvency problem.

Banks are also susceptible to fraud. This could be due to the rogue character of the bank itself as in the case of BCCI. It could also result from failure to infuse sound judgement and a culture of compliance with regulations and laid down internal systems and procedures.

Penalties/sanctions resulting from non-compliance could also affect the reputation of banks. So will corporate governance failures as in the case of Wells Fargo in recent times.

Managing reputation risk

Management of reputation risk can be thought of in three stages: prevention or pre-crisis management, during crisis containment of fallout, and post-crisis consolidation and recouping of lost ground.

Of these, prevention is no doubt the most important. According to the HBR study referred to above, effective management of reputation risk involves five steps:

“assessing your company’s reputation among stakeholders, evaluating your company’s real character, closing reputation-reality gaps, monitoring changing beliefs and expectations, and putting a senior executive below the CEO in charge.”

Otherwise, reputation risk essentially involves addressing the sources of reputation risk discussed above. Viewed in this perspective, managing the reputation risk of a bank would involve the following:

• Maintain adequate liquidity and have contingency plans to manage liquidity risk
• Have adequate capital with sufficient buffer to take care of future growth in business
• High standards of corporate governance
• Robust compliance function that will also prevent penalties
• A healthy corporate culture that will also help prevent and mitigate reputation risk
• Transparent corporate disclosure and effective corporate communication will be relevant whether the causes are internal or external. This has to be timely, transparent, and truthful. This will help prevent and manage reputation risk, and also regain lost reputation, by maintaining trust and credibility.
• Contingency plans and reputation crisis management plan

Reputation risk management

Charles Fombrun, Professor Emeritus at the Stern School of Business, New York University, is the founder of RepTrak, the world’s leading reputation consulting firm. In his Reputation – Realizing Value from the Corporate Image (Harvard Business School Press, 1996), Fombrun discusses many case studies relating to the management of reputation risk. Of these, JP Morgan and Salomon Brothers are pertinent to the financial sector – the former from a preventive point of view and the latter as an example of post-crisis management. (The discussion of the two cases here is a bit dated, but might only have been improved upon).

prevention: JP Morgan

The main features of the JP Morgan policy were as follows:

• It was proactive and not reactive
• There was a press policy in place
• The approach was preventive with contingency plans
• JPM engaged with constituents other than its clients/customers
• The underlying principle was ‘doing good is good business.’
• ‘Enlightened self-interest’ was the motto of John Pierpont Morgan (1837-1913), who started early in contributing to the society – religious, cultural and educational institutions, including churches, hospitals, museums, opera, YMCA, art, and so on.
• JPM encourages employee engagement with the community through various citizenship programmes that included community investments, charitable grants, community development, volunteerism, networking, and communication.
• JPM matched contributions made by the employees.
• Support for non-profit organisations included training in soft skills
• Informal luncheons and other meetings encouraged sharing of ideas and experience
• Apart from financial and HR, assistance included donating furniture and equipment, free use of meeting facilities, etc.
• About 4% of employees engaged in volunteering over time.
• JPM was reticent about its philanthropy but there was communication within and outside to encourage employee bonding and there were reminders such as mementoes displayed in public meeting places to encourage a sense of belonging.

Following a principle of enlightened self-interest, JPM was a pioneer in corporate citizenship. JP Morgan Chase (after JP Morgan merged with Chase Manhattan) is still in the top 10 of Fortune’s 2022 rankings for the most admired companies.

cleaning up: Salomon Brothers

Greed was good

The case of Salomon Brothers is that of post-crisis management of a reputation problem. The story of the Salomon Brothers has been immortalised by Michael Lewis in his classic book, Liar’s Poker, which described bond trading on trading in Wall Street in the late 1980s. Fombrun described the culture of Salomon Brothers as follows:

• “squabbling, internal competition, buccaneering spirit”
• Decentralised decision making
• Autonomy and resources to make money
• High compensation and oversized bonuses
• The culture allowed egos to clash like fighting dogs so that they become meaner and tougher
• Nobody wanted to supervise departments making money.

“Greed was good; more greed was better,” as Salomon’s CEO, John Gutfreund used to say, immortalised in a Wall Street movie dialogue, described the culture of the firm in those days. As the New York Times described it, it was a “culture of greed, contempt for government regulations, and sneering attitude toward ethics or any other impediment to earning a buck.” Of course, regulation was also lax and there were supervisory failures.

When the storm hit

As the proverb goes, it doesn’t rain, it pours. When bad things started happening it came like a pelt of stones. When regulatory noncompliance was first talked about, competitors found it to be a time for retribution and cried for investigation. The Securities and Exchange Commission and the Justice Department got into the act. Frenzied media and negative publicity affected reputation. Investor anxiety resulted in dropping prices and lower ratings. Employee distress and dropping bonuses followed. Customers resorted to legal action, withdrew funds, and the regulators suspended trading.

Salomon’s defence

Salomon’s defence was comprehensive and consisted of the following main elements:

• It accepted responsibility
• Suspended the head of the government desk where the regulatory violations were happening
• A widely respected leader, Warren Buffett, was made Chairman. He made the message clear that if you lose money for the company, the company will adjust to it. But, if you harm the reputation of the company, you will pay for it.
• Buffett resorted to candid and complete disclosure of information. The Wachtel report which examined the case was disclosed fully.
• To rebuild confidence, Arthur Andersen was replaced with Coopers and Lybrand (which later merged with Price Waterhouse) to do a comprehensive study of internal control and compliance.
• A new PR firm was engaged
• Buffett brought in new investors
• There was comprehensive restructuring. Including the COO, six of the top nine managers were changed. Control systems were revamped. The compensation committee and executive committee for daily operations were reconstituted.
• The compensation structure was revised and a signal was given to traders that there will be no high-risk wait-out, no longer bully trading, and a less aggressive trading posture was expected. The pay was better aligned with performance and included payment in stock.
• Buffett reassured the regulators that changes were being made.
• By lobbying and providing comfort to the government, he managed to avoid Congress revisiting the securities laws.

Summary of actions

The thrust of Salomon’s efforts involved the following lessons.

• The leadership provided by Buffett
• By removing key people who were responsible, a clear message was given
• Far-reaching structural, cultural and financial reforms reduced incentives to cheat, and removed decentralisation without control.
• Well publicised efforts and addressing the root causes
• All stakeholders needed reassurance that their positions were defended and wanted information on how changes will affect them.
• Organizational changes covered the top management, risk management, compliance, internal audit, communication, and the role of HR, especially with regard to emoluments and bonuses.

Steps in restoring reputation

Based on the Salomon case, we could list various steps in restoring reputation. This has been nicely summarized by Prof. Fombrun as follows:

Step 1. Take immediate and public responsibility for what happened.

Step 2. Convey concern to all stakeholders.

Step 3. Show full and open cooperation with authorities.

Step 4. Remove all negligent incumbent managers.

Step 5. Appoint credible leaders that represent all interests.

Step 6. Dismiss suppliers and agents tied to the incumbent managers.

Step 7. Hire independent investigators, accountants, counsel, PR.

Step 8. Reorganize operations to ensure greater control.

Step 9. Establish strict procedures.

Step 10. Identify and target the practices that stimulated infractions.

Step 11. Revise internal practices and pay systems.

Step 12. Monitor compliance.

Fombrun, Charles R., Reputation – Realizing Value from the Corporate Image, Harvard Business School Press, 1996, Page 382.

Conclusion

Ultimately, there are no shortcuts to maintaining a good reputation. While adherence to ethical values and norms and compliance with regulations is key, so are transparency, clear, full and honest communication, maintaining healthy stakeholder relationships, and keeping a watch on changing norms and expectations across all jurisdictions one is operating in.

© G Sreekumar 2022

For periodical updates on all my blog posts, subscribe for free at the link below:

https://gsreekumar.substack.com/