By Nir Kossovsky and Denise Williamee Steel City Re
Banks hold a unique place in the public consciousness. Their very existence depends on their reputations and the trust their stakeholders—from customers to regulators to elected officials to the communities they serve—place in them. As Alan Greenspan noted during the meltdown of ’08, in markets that depend on trust, reputation has tremendous value.
Federal deposit insurance is the badge retail banks have been advertising to earn trust ever since informational economics took root in the liquidity crisis of the Great Depression. Late to the game, non-retail banks have increasingly been adopting the risk management processes implied by deposit insurance. Today, robust multi-page disclosures in annual reports link governance, leadership and controls to the statutory risks banking regulators believe need to be managed or mitigated to prevent liquidity crises.
These are good stories of enterprise risk management, but they are no longer enough. Financial institutions face significant peril from the multitude of stakeholders who are now expecting them to live up to their Business Roundtable pledges, ESG disclosures and other corporate citizenship claims. Failures to meet those expectations present reputational perils that can have tangible impacts on firms as well as their boards and executives.
Reputation risk for the banking industry is particularly complex because of the myriad expectations placed on the industry by a diverse range of stakeholders. For example, investors and regulators were pleased by announcements that some large banks were increasing their cash reserves, however, other stakeholders may question why banks are keeping their money on the sidelines rather than investing in small businesses and communities. Branch closings aligned to revenues and customer usage may seem fiscally prudent to some, while flying in the face of the expectations of communities that now feel underserved. As banks tighten their belts in response to rising defaults, they may look to curtail lending to distressed communities, which would be pleasing one stakeholder group but anger a another.
How many financial institutions were prepared to address environmental activist demands to cease supporting most energy and non-energy mineral businesses? How many were prepared with governance, operational, communications, and financial contingencies addressing disruptions caused by the global pandemic? How many customer-facing businesses had effective contingency plans for contactless services or were prepared for the explosion of social justice issues that have required rapid public corporate governance and communications actions? How many had meaningful business interruption insurances?
Coming at a time of generalized public anger, polarized politics, and the weaponization of social media, these challenges pose new reputational perils – economic losses caused by the actions of stakeholders who are disappointed and angry over expectations that have not been met – and place the entire enterprise at substantial risk.
As the economy and the public mood continue to worsen, financial services firms and banks will be bigger targets than ever for negative media and social media commentary that can amplify the emotional intensity of a committed group of stakeholders and attract like-minded constituents into a material aggregate of reputational risk potential. Issues that otherwise would have had negligible business impacts – issues like downsizings of staff, complaints of discrimination or harassment, aggressive sales tactics, the ups and downs of market cap – suddenly will be headline-making news.
Board members of these companies should be particularly concerned. The Caremark International litigation that set the legal standard for board liability made it clear that boards have a duty to protect that which is mission critical to operational viability. With reputation now widely recognized as central to corporate value, plaintiffs’ lawyers are seeing opportunities.
Dozens of cases over the past two years note damage to companies’ reputations as an issue, and board members are increasingly being targeted. Courts are viewing directors’ duty of loyalty more expansively and are sustaining pleadings. The Wells Fargo derivative litigation which had a record settlement was just the beginning.
Equifax, for example, has settled two lawsuits recently, one of which cited “severe and lasting damage to the Company’s brand, reputation, and competitive position.” The other, which resulted in a $149 million settlement, claimed that the company’s profitability was dependent on what it touted in its own SEC filings as its “reputation as a trusted steward of information,” which those filings characterized as among “the principal competitive factors affecting [its] markets.” The underlying complaint: investors were led to believe that Equifax’s mission critical cybersecurity safeguards and compliance with data security laws were much better than they actually were.
At this critical time in our global economic and political cycle, banks and financial services firms now have a limited window of opportunity to mitigate these reputational risks. They must augment their existing enterprise risk management frameworks with a strategic intelligence gathering and analysis capability, spread across corporate silos and touching every corner of the organization. They need a management-level Integrated Reputation Group (IRG) to develop an understanding of stakeholders’ expectations by gathering intelligence from sales, investor relations, treasury, and legal – and to gather the corresponding operational intelligence from the respective line operations.
The IRG would also flag material risks, determine the financial damage that missed stakeholder expectations could cause, and, with the board’s and executive leadership’s support, coordinate the deployment of departmental resources to both meet and manage expectations. If the gap between stakeholders expectations and operational capabilities cannot be bridged, then the potential costs of disappointment (aka, reputational risk) needs to be anticipated, financed with a captive, or transferred with insurances. Last, governance needs to be tweaked because a comprehensive reputation risk management solution demands that the board oversee and monitor its execution.
Areas of major concern to stakeholders—such as ethics, innovation, safety, security, sustainability, and quality—are areas the Integrated Reputation Group would focus on. It would identify reputational threats that had not previously been recognized, mitigated or elevated to board level. And even if an unanticipated crisis happens, having had a trained Integrated Reputation Group in place will give companies and their boards the strongest possible defense.
An Integrated Reputation Group creates an authentic, prepositioned, marketable story of reputational resilience and value with its ability to identify and mitigate potential threats.
Overseeing and monitoring the IRG would be a corresponding committee of the board comprising socially-aware directors familiar with behavioral science and behavioral economics.
Companies that employ a team to go above and beyond the traditional ERM model, and anticipate and address 21st century risks, will see tangible, financial benefits such as preferential equity investment allocations, bond ratings, and liability insurance costs. And with Reputation Insurance as the executive summary of superior ERM – simple, easy to understand, completely credible, and prepositioned like FDIC coverage nearly a century ago—the enhanced reputations will help preserve value and accelerate recovery.
When plaintiffs’ lawyers, activist investors, regulators and government officials come knocking, board members will want to be able to say that their Integrated Reputation Group is implementing today’s most robust, cutting-edge reputation risk management strategies. How well financial institutions and their boards weather this global upheaval hinges on their ability to anticipate and mitigate 21st century risks. They need a modern enterprise-wide risk management and governance model that, in and of itself, is a reputational asset.