The rise of reputational risk Sara Hunt Head, Reputational Risk Management & Reporting 12 November 2015 0
Reputation Reputation where you are Brand where you want to be 1
A new phenomenon The proactive management and control of reputational risk is a relatively new risk discipline and is still evolving It requires a robust approach Levels of regulatory scrutiny are increasing 2
Standard Chartered s definition Reputational risk is the potential for damage to the franchise, resulting in loss of earnings or adverse impact on market capitalisation as a result of stakeholders taking a negative view of the organisation or its actions. Failures in behaviours or systems may affect stakeholders perceptions of Standard Chartered s commitment to its Here for good brand promise. 3
Reputational risk management is not the same as issue or crisis management 1980s Rep risk Dramatic shift in Andersen s corporate culture as it moved from respected auditor to aggressive consulting firm Issue 2001 Andersen s alleged involvement in fraudulent accounting and auditing Crisis June 2002 Andersen s conviction for shredding documents related to the Enron audit 4
Sources of reputational risk Clients, Products and Transactions Operational Failure Priority Themes and Stakeholder Management The business we choose to do Who we deal with How we sell to them The design and control of our internal processes e.g. data loss Internal and external thematic issues e.g. executive remuneration; performance 5
Reputational risk governance Board Board Risk Committee Brand, Values & Conduct Committee Group Group Risk Committee Corporate Affairs Reputational Risk & Responsibility Group Global Business Risk Committee Business Responsibility & Reputational Risk Committee Product Approval (PPG) Client On boarding (CDD) Transaction Approval Group Level Operational Risk Committees Operational Risk Assessments Unsatisfactory OR Events External Events Investor Relations Communications / Media Other Themes Products, Clients and Transactions Operational Failure Priority Themes and Stakeholder Management Country Country Corporate Affairs (on an ongoing basis and via various country level committees) Governance Committees Management Forums Process Source Oversight Committees 6
Policies and procedures A stand-alone policy setting out the principal means through which reputational risk may arise with responsibilities and procedures in place to identify, analyse and escalate reputational risk and mitigants to control the risk is a cornerstone of effective reputational risk management Acknowledge that a policy is not a catch all. Failure to adhere to appropriate standards or perceived norms in any behaviour or activity could lead to reputational risk 7
Defining reputational risk appetite Banking is inherently a risk based business Having no tolerance for reputational risk is unrealistic Practical steps can be taken not to undertake business activities or operational processes that could reasonably be expected to harm a company s reputation or cause material damage to its franchise 8
Understanding stakeholders Media Employees Customers Clients NGOs Crisis management Customer satisfaction Corporate governance Business practices Contagion risk/ rumours Staff competence Reputation Compliance Conduct Performance Governments Data security Corporate culture Regulators Vendors Business partners Public sector Analysts Business viability Financial soundness Employment of local labour force Investors 9
Ensuring effectiveness The Board needs assurance that the Group is managing rep risk effectively. Changing the culture & mindset Improving the process Being anticipatory 10
Being anticipatory Enabling more effective reputational risk identification, analysis, indicators and reporting. Isolated local events can be the start of an emerging theme. Stakeholder perceptions Pan-Bank view Digital listening Horizon scanning Risk management system Assessing risks from the stakeholder viewpoint Consistent approach to reporting Discovering what is happening in other regions and creating linkages Need to read across at every level Data analysis of all rep risks including local events/triggers with reputational consequences that can be managed locally and won t impact a company s franchise. Expanding current set-up to monitor the pulse of sentiments held by stakeholders Trend analysis of outputs to enhance the ability to anticipate risks Utilising tracking tools Discovering what is happening in other financial (and nonfinancial) services companies Building stronger collaboration to proactively fact find and ensure a line of sight over emerging issues Implementing an external reputational risk management system incorporating stakeholder mapping 11
The right culture and mindset Consistent lens and definition. Uniform understanding. Defined ownership and accountability for reputational risk management Ensure the right mindset in assessing reputational risks. Think about How bad can things get? It s not just about the media. Embed the stakeholder viewpoint Proactively manage regulatory expectations 12
Qualitative versus quantitative analysis Due to its nebulous nature, reputational risk requires qualitative analysis It is impossible to accurately forecast the financial impact of a reputational risk. However judgment based evaluation is always going to be subjective Regulators have started to ask banks how much capital they are setting aside for reputational risk Taking a quantitative, mathematical approach to this is very challenging It s doubtful that a robust enough model can be developed to meaningfully address this Reputational risks should be considered from a range of stakeholder perspectives 13
The rise of reputational risk Never assume that because something has been common practice [in the past] it will not be judged harshly in the future. Paul Achleitner Chairman of the supervisory board, Deutsche Bank 14