Stakeholder disappointment and anger over a succession of failures by companies to anticipate, mitigate and respond to the impacts of reputational crises — including COVID-19, social justice issues, privacy breaches, sexual harassment and abuse in the workplace — have propelled a tsunami of reputational challenges into corporate boardrooms. How boards oversee these challenges could affect the present trajectory of derivative litigation as well as transform enterprise risk management and its governance for generations to come.
Enterprise risk management needs an overhaul urgently. Board members are right to be concerned; they personally have a lot at stake.
Most companies today disclose in public filings that their reputation is core to their competitiveness and loss of that reputation would likely impair their ability to meet operational and financial goals. It is an asset affecting the value of the enterprise. The Caremark International litigation that set the legal standard for board liability implied that boards have a duty to oversee mission-critical processes. Marchand v. Barnhill affirmed recently that “mission-critical” means a host of business-specific processes (such as safety, innovation and even environmental protection) that underpin certain companies’ reputations and enterprise values. Plaintiffs’ lawyers are thus seeing a new array of potential opportunities to spotlight boards’ mishandling of reputation and breaches of their duty of loyalty.
In addition, board members are being targeted in the court of public opinion, their personal reputations sullied, their board seats lost and their opportunities for service on other boards diminished. Recent high-profile targets of social and mainstream media thrashings include directors from Wells Fargo, Boeing, PG&E, Equifax, Weinstein Company and Perdue Pharmaceuticals.
If they are going to be in the crosshairs for reputational crises, board members should take control of the reputation risk oversight process. As a first step, they need to steer their companies toward viewing the enterprise risk management process differently.
Reputational risk is a strategic behavioral economic peril of angry, disappointed stakeholders whose expectations are not fulfilled by corporate actions. The risk can affect sales, margins, market cap, employee relations, cash flows, regulatory actions and more.
Effectively managing this strategic risk requires transforming enterprise risk management at the operational level into a strategic intelligence gathering and analysis process. The enterprise risk management team should comprise a select group of executives within the company who understand the behavioral economic nature of reputational risk and would be empowered with the duties, responsibilities and authority to gather relevant intelligence from every corporate silo. They would gather customer expectation intelligence from sales, investor expectation intelligence from investor relations, bond market intelligence from treasury, compliance intelligence from legal as well as corresponding operational capability intelligence from the respective line operations and corporate functions.
Analysis of the intelligence would yield a schedule of material enterprise risks and their respective stakeholders, the costs of missed expectations and the budget to upgrade operations and finance with captive and commercial insurances the economic consequences of irreconcilable expectation gaps.
In overseeing and monitoring the management of these reputational risks to the enterprise, the board could consider deploying its own mechanism — an integrated reputation governance (IRG) committee.
An IRG committee would include directors with knowledge of informational and behavioral economics, behavioral sciences and communications. It would begin oversight with a single question: What issue or event could put our firm so at odds with our stakeholders that our existence would be threatened? The committee would focus on areas of major concern: ethics, innovation, safety, security, sustainability and quality. It would also engage metrics to monitor and oversee reputation just as the board today oversees compliance and financial performance.
Oversight by an IRG committee could add the gravitas needed by the enterprise risk management group to coordinate among the silos to manage stakeholder expectations, upgrade operations or finance the reputation risk arising. In the event of a crisis, notwithstanding dutiful oversight and authentic enterprise risk management, the IRG would give boards their strongest possible defense.
Consider the leisure cruise ship industry, which for years has been plagued with outbreaks of shipboard infectious disease. An IRG would understand that safety, being a core expectation among both passengers and employees, is mission-critical. Failing to prepare for the rampant outbreak of a virus would breach those expectations and imperil the enterprise’s reputation and value.
For a whole range of other businesses, if the risk management department offered up business interruption insurances that excluded infectious diseases (as appears to have happened on a wide basis) the IRG would prompt serious and detailed discussions about how the company would manage that type of business interruption and develop contingency plans. Or, instead, it might prompt a discussion about the creation of an insurance captive (an insurance company wholly owned and controlled by the insureds) through which the company could better protect itself by financing potential losses.
An IRG’s value to the firm would be greater than any specific threat it might expose or mitigate. Having a robust IRG makes for a good story. Reputation insurance is the executive summary of that good story. Companies that deploy an integrated governance and managerial program to identify and anticipate the true enterprise-wide risks of the 21st century demonstrate transparently that they are not satisfied with only the traditional manner of enterprise risk management. Benefits could be recognized in preferential equity investment allocations, bond ratings and liability insurance costs.
Last, given the dramatic increase in board exposure due to Marchand v Barnhill, a well-ordered and publicized IRG could immediately enable companies to mount stronger defenses to plaintiffs’ lawyers, activist investors, regulators and government officials. When questioned about their reputation risk management practices, will board members be able to point to their integrated reputational risk governance and operations, or will they simply shrug and point to their chief marketing officer?
Nir Kossovsky is CEO and Denise Williamee is vice president, Corporate Services, of Steel City Re, which provides reputation risk management and insurance solutions by combining financial modeling strategies with insights from informational and behavioral economics.