Safeguarding corporate reputation and brand value is now firmly on the boardroom agenda as executives must learn to be nimble in response to criticism and crises
Companies often say staff are their most important asset, but brand and reputation are arguably more valuable.
A reputational crisis can wipe tens of millions of pounds from a company’s value, and this risk has increased because the rise of online and social media means crises are now less predictable and can happen faster.
Lorna Tilbian, executive director at the investment bank Numis Securities, says: “Of course, risk is impossible to eliminate, but fail to identify and monitor it and you and your brand are dead.”
Deloitte’s annual survey of reputation risk found “reputation damage is the number-one risk concern for business executives around the world”. Some 87 per cent of 300 senior figures surveyed said reputation risk was “more important or much more important than other strategic risks their companies are facing”.
Reputational crises can be divided into four main risk areas, according to Deloitte. Issues of ethics and integrity, such as fraud and corruption, are arguably the most serious. It says a lot about the problems facing the banking industry that, seven years after the collapse of Lehman Brothers and the bailout of Royal Bank of Scotland and Lloyds Banking Group, trust remains so low because of interest rate and foreign exchange fixing, mis-selling and tax avoidance.
Security risks, both physical and cyber breaches, are a second area of concern. Sony has suffered at both a consumer level, when PlayStation customers’ personal details were leaked, and at a corporate level, when its Hollywood executives’ e-mails were hacked and embarrassing details published on the internet.
Product and service risks around safety, health and the environment are a third issue. Recent examples include BP’s 2010 oil spill in the Gulf of Mexico, and the 2013 scandal over Tesco and other supermarkets selling horse meat in beef and other meat products.
Third-party relationships also pose a risk because, in the words of Deloitte, companies are “increasingly being held accountable for the actions of their suppliers and vendors”. The travel company Thomas Cook recently found itself embroiled in legal action over the death of two children who died of carbon monoxide poisoning in a Corfu hotel run by a third party. Even though the hotel admitted liability, Thomas Cook was criticised for failing to apologise or pay adequate compensation to the bereaved parents.
In many cases, the crisis became personal as the chief executive and other bosses were thrust into the spotlight, with online and social media feeding TV and newspaper coverage. Facebook users set up no fewer than nine campaigns on the site criticising Thomas Cook and calling for a boycott.
Little wonder that there is growing recognition in the boardroom that companies must improve their risk controls. Ms Tilbian says: “The majority of boards in financial services spend more time on risk, regulation, governance and compliance than they do on strategy.”
Seven years after the banking meltdown, demand for candidates with experience in risk and compliance remains strong. “There may be up to ten jobs listed for one role from a single client,” says Sholto Douglas-Home, group marketing director of Hays, the global recruitment firm.
Andrew Linger, a director of executive search at headhunters Robert Walters, says boards are not only more proactive, but also improving their internal controls. “Old style internal audit departments concerned with processes and controls would spot risks, but not necessarily quantify them,” he says. “With this new approach, risk is examined in a detailed and quantifiable manner by far more sophisticated methods, and it has become a major focus for businesses and brands, and no longer just a back-room exercise.”
For companies facing a reputational crisis, handling Facebook, Twitter, YouTube and user-generated blogs is proving tougher
Devising practical strategies to cope with a reputational crisis is still a challenge. As Deloitte puts it: “Companies are least confident when it comes to risks that are beyond their direct control.”
Co-operating with regulators and government is within the corporate comfort zone. However, any apology needs to be sincere. Bob Diamond, the then chief executive of Barclays, memorably told MPs in 2011 that the time for “remorse” for banks should be over – a remark that came back to haunt him a year later when the libor-fixing scandal exploded.
Appearances matter. Tony Hayward, chief executive of BP during the Gulf of Mexico spill, found his British accent did nothing to endear him to angry Americans during the crisis. A senior, local BP official proved to be a better face for the company on US TV screens.
For companies facing a reputational crisis, handling Facebook, Twitter, YouTube and user-generated blogs is proving tougher.
Companies can appear paralysed by the speed of online media. When Barclays was plunged into crisis in 2012 over libor-fixing, the bank made little use of social media or its own website to apologise or explain its behaviour.
Being too open online has pitfalls. When BP set up a live video feed of the gushing leak in 2010, it illustrated how slow the company was being in stopping the flow of oil into the sea.
Now that boards have seen the growing power of social media, they are taking action. Deloitte found that more than half of companies “plan to address reputation risk by investing in technology such as analytical and brand monitoring tools”. They are also doing more scenario-planning and devising crisis management plans.
Smart boards are beefing up their in-house public relations and social media-monitoring, and ensuring PR is part of the senior management team.
A clear chain of command, starting with the chief executive, is important because, when a crisis strikes, there is so much online “noise”. Deloitte says: “Response times should be in minutes, not hours and days.”
The danger about an increase in risk control is that it leads to a risk-averse mentality. America’s anti-fraud Sarbanes-Oxley Act has forced companies to spend more on monitoring internal processes. But Mr Linger warns: “Some businesses, who have been strongly and commercially risk aware all along, may argue that Sarbanes-Oxley, and other similar approaches, actually send them back in time due to their ‘box-ticking’ approach which may actually divert from the important focus of commercial impact.”
Jim Prior, chief executive of WPP’s branding agencies The Partners and Lambie-Nairn, goes further. “Risk should not be confused with bad decision-making,” Mr Prior argues. “For a business to do something that is clearly morally or legally wrong, such as selling horse meat or libor rate-fixing, has nothing to do with risk. That is just stupidity and, of course, when it gets found out, it will damage the brand and reputation, quite deservedly.
“Risk is important because for businesses to grow and evolve in line with the ever-changing demands of the market, they need to pursue new ideas and innovative approaches, without which they will stagnate and ultimately fail.”
He cites Virgin, Apple, Google and Red Bull as brands that “demonstrate how taking risks leads to enhancement, not damage, to the brand”.