Society Brand Reputation

A Society Brand. That's an interesting way of phrasing the importance of corporate responsibility for companies and its impact on stakeholders. An article in PRWeek described a study by StockWell where they interviewed 26 financial leaders in the UK -- financial analysts, investment bankers,  investors, brokers, risk officers and IR directors -- about corporate reputation today. Interestingly, they learned that financial performance is not the end-all be-all of what drives a company's reputation. Although financial value is fundamental to a company's reputation, the relationship with the wider community is now recognized as having the potential to put that reputation and financial value at risk, especially if tampered with. The moneyed group now strongly believes that reputation is more important than ever and that a strong "society brand" is critical to a company’s long-term commercial future. As the report says, "...non-financial performance factors now have a significant bearing on corporate valuations and investment decisions."

However, this group is very sceptical of CSR initiatives and CSR reports and do not see them as solving reputational challenges. Yet, that does not surprise me when it comes to financial perspectives on CSR. Although they may be perceived as window dressing, CSR is not. It focuses leadership and as government directs fewer resources towards citizen well-being such as health and education, companies have a critical role in safeguarding families and communities in these areas. What surprised me was that nearly half of these financial leaders could not name three companies that had reputable Society Brand reputations and 12% could not even name one company that fit this bill. Paltry to say the least.

  • Almost all (96%) saw reputation as having increased in importance over the past few years.
  • Over two-thirds (69%) considered reputation a critical area for corporate risk management.
  • Four-fifths (80%) agree that a strong Society Brand is critical to a company’s long term commercial future.
  • More than half felt there was too much emphasis on the Financial Brand.
  • 81% saw Society Brand as relevant to all investors, not just SRI funds.
  • 46% felt that a Society Brand was reasonably or very relevant to investment decisions.
  • 46% couldn’t list three companies with a good Society Brand.
  • 61% agreed that companies with a poor Society Brand trade at a discount as markets and analysts build in reputational risk.


Cybersecurity reputational risk

Just recently heard that our first US homeland security chief Tom Ridge is helping to launch an insurance product that specializes in corporate cyber security policies. In the article, I read that the global economy has lost more than $400 billion annually due to these cyber breaches that seem to be coming at us like a tsunami. Moreover, only one in four companies, if that much, have some form of cyber attack coverage.

I also learned awhile back when we did our Employees Rising survey on how employees were using social media to champion and possibly sabotage their companies, that one of the reasons that companies have chosen to train their work forces about being responsible social citizens was to caution them about how cyber hacking often occurs. And that is from employees themselves who can be unintentionally loose with passwords, clicking on errant links or not understanding well enough the safeguards of protecting confidential documents. Again, another reason for formal social media training at work and recognizing the importance of internal employee communications. 

Cyber breaches are clearly hurting the reputations of companies that find their customer data let loose online from hacking. This has become a major reputational issue and one that companies have to get smart about or they will be joining the ever growing long list of the largest data breaches. Plus the background stories in the media often reveal that companies and their leaders had some forewarning or were lax about privacy controls which only makes matters worse. Need I even add that CEOs have lost their jobs over cyber breaches! This is becoming a reputational issue of epic proportions.

Reputation risk, repair and strategy

[from October 6th and somehow I lost it so replacing here now]

It has been a crazy few weeks -- traveling to Berlin, San Francisco and Istanbul. But I am back in the USA. So here are a few observations about things I've read and learned that I wanted to share:

1. Deloitte Touche Tohmatsu just issued a new report on reputation risk. Reputation risk was the top strategic risk among 300 global C-suite executives surveyed. The survey found 40% of respondents listed reputation as their top risk concern today, with their business model second at 32% and economic trends/competition third at 27%. In 2010, reputation risk was at 26% so we can see that it has moved to the very top of the C-suite agenda. The meta of all risks!

2. In Istanbul, I spoke about Reputation Warfare, the theme of my Harvard Business Review article. The occasion was the 2nd International Reputation Management Conference at Kadir Has University. It was very impressive because there are not many reputation management conferences in this world (Reputation Institute holds one annual one each year). Henry Ristuccia, global leader of governance, risk and compliance at Deloitte had this to say (love this quote): “Reputation risk is going to always be the meta of all risks…how you manage the underlying factors that could affect the organization’s reputation or brand…how resilient are the people, the culture?”) and here I was in Istanbul. Very forward-looking of the university. The summer protests in Turkey at Gezi Park was an interesting backdrop to my discussion on using social media as an opportunity to defend one's reputation in addition to the risk. Additionally, there was discussion about how the protests had affected the reputation of the country. Tourism took a hit in July but from the looks of it, it was pretty healthy this week. I am going to keep a watch out for how Turkey repairs its reputation and what types of reputation recovery strategies are employed. All very interesting and doable. I also experienced some of the Turkish hospitality that they are so well-known for.

3. Just this past week, I read two articles on how Goldman Sachs and JPMorgan are repairing their reputations. All in one week. Clearly this is a topic that has grown exponentially and particularly in the financial sector. The Economist article on Goldman Sachs was fascinating because it described the scenario setting that is being used to train vice presidents to better understand their responsibilities to the firm when faced with ambiguous and complex challenges to doing business today. The case study is preceded by a film that is described this way: " emotive documentary on the history of Goldman Sachs, filled with interviews of luminaries and former executives, each hammering home the virtues that supposedly make the firm distinctive—teamwork, personal accountability and the legendary exhortation by Gus Levy, a former leader of the firm, to be 'long-term greedy', by which he meant it should forgo short-term profits if they came at the expense of client relationships." I mentioned in a previous post how Goldman Sachs is super-engaging in training which included their CEO from the start. In addition, incentives have been revamped and tied more to collaboration and teamwork. The WSJ article on JPMorgan's CEO Jamie Dimon focuses on how he is conveying "business as usual" as he faces an imminent federal lawsuit, another revealing reputation recovery strategy. He has been touring midsize cities such as Cleveland, Oklahoma City and St. Louis meeting with local businesses and community leaders that are supported by JPMorgan's philanthropy. According to the article, Dimon's messages are fine-tuned, upbeat and focused on the customer.


Reputation damaging close calls

Always good practice to learn from crises or disasters. If they have to happen and tragedy occurs, at least we can try to apply lessons from them going forward. Crises, disasters or issues are sure to come to companies or organizations at one time or another. No one is immune -- every company faces their 15 minutes of shame, not just their 15 minutes of fame. The derailment of Metro-North Railroad in the Bronx one week ago today that killed four people and injured many is rightfully capturing a lot of attention on how to make trains safer.

I was reading this article about the derailment on my subway trip home Friday night and at its close, I came across this important best practice. "The railroad administration instructed the authority to adopt a confidential system to report 'close call' incidents." Many companies could do a better job of understanding their close calls. Close calls are similar to "near misses" which are defined this way according to the National Safety Council:

A Near Miss is an unplanned event that did not result in injury, illness, or damage – but had the potential to do so. Only a fortunate break in the chain of events prevented an injury, fatality or damage; in other words, a miss that was nonetheless very near.

A faulty process or management system invariably is the root cause for the increased risk that leads to the near miss and should be the focus of improvement. Other familiar terms for these events are a “close call,” a “narrow escape,” or in the case of moving objects, “near collision” or a “near hit.”

If companies could include "close call" discussions on their internal monthly or quarterly calls, they'd be in far better shape to deal with disasters that do arise. Management could do better by discussing how they might handle near misses, how to make sure they do not happen, who else should be included in the discussion to prevent them and how to prepare should they actually happen. It could be an informal or formal hearing or process. A more formal best practice is sponsored by the American College of Physicians and the New York Chapter of the American College of Physicians -- The Near Miss Registry. The online registry collects medical near misses before they actually occur with patients. The registry allows healthcare workers to voluntarily report medical "near miss" events” using a web based tool located at  and hosted by NYACP.

Unfortunately the tendency is to bury the near misses in the hopes that they do not reach top management. However, that's exactly the point. If top management does not know how close a call they missed, they won't be able to prevent them.

I think it is a good step that Metro-North is adopting this process.


License to Commit Ill

A new study is out that shows that companies that engage in socially responsible behavior are also more likely to engage in socially irresponsible behavior. And the research found this to be fairly common among Fortune 500 company CEOs who work hard at setting a highly moral image and identity. How could that be? The paper, “License to Ill: The Effects of Corporate Social Responsibility and CEO Moral Identity on Corporate Irresponsibility,” was co-written by professors at London Business School and University of California, Riverside School of Business Administration.  The author-researchers found that for approximately every five positive actions that a firm takes, it gives them license to commit one negative action. As one of the co-authors says, “These findings show that CEOs should be aware of this tendency so that they can prevent their companies from slipping into this pattern. Additionally, corporate boards can’t allow CEOs to rest on their laurels. They need to be vigilant in monitoring CEOs.” Good advice. They held up BP and Enron as examples of companies that proclaimed high corporate social responsibility (i.e., beyond petroleum and all the philanthropy engaged in by Enron’s Ken Lay) and yet transgressed. You might be scratching your head. It is hard to understand how this could be. The research which is pretty impressive found that leaders who direct their company’s CSR strategy end up with “moral credits.” These moral credits blind them to irresponsible behavior and being less vigilant about how they manage stakeholder needs. And this goes for employees too who also tend to internalize the prior ethical CSR image of their employers and feel that they too are untouchable when committing unethical behavior.

The best part of the article or at least one of the many best parts is how they use the term CSiR for corporate social irresponsibility. It's a new term to me and one I will use again and again.




Repairing trust and reputation

care_puzzle_red I wanted to read the chapter in Trust Inc. by Linda Locke on "Trust, Emotion and Corporate Reputation." I bought the book because Barbara Brooks Kimmel has done such a terrific job building Trust Across America-Trust Around the World, an organization focused on the fundamental element of trust. Linda is the founder of Reputare Consulting which is a reputation management consulting firm.  I know Linda from events at Reputation Institute and her work leading reputation management at MasterCard. She really knows the field, is a thought leader on reputation, has powerful insights,  and I follow her regularly on Twitter (@reputationista) that handle.

In the chapter, Linda mentions that facts are often not enough. It is a good starting place to build trust but if that's all a company has to provide in a crisis situation, it is not going to work today.  She says: "To earn trust, a company must go beyond the requirements, beyond the simple facts of the situation, and demonstrate that it understands the concerns of the stakeholders."  Showing empathy, care and concern are necessary ingredients to rebuilding trust, protecting reputation for the long-term and beginning to repair the reputation tear.  What caught my attention was her recommended breakdown of communications content when a company's reputation is under the glare of spotlights:

  • 50% of a company's external communciations should express care and concern
  • 25% should express the company's commitment to fixing the situation (what are you going to do, when and how)
  • 25% should focus on the facts (again, facts have to be there but it is not all there is).

These are very helpful proportions to use when explaining to companies what they need to do about the content of their risk communications. What fascinates me the most, however, is how companies today have to show their "softer side" when they are in the middle of a brewing crisis and be more vulnerable and empathic. This is a major change in how companies are expected to communicate when they have done wrong in the public's view.

Linda provides some case studies in her chapter that truly intrigued me. She provides a social-pyschological framework to understanding the public's emotions to losing trust in institutions.  Here's one to share. She gave an example of a financial services firm managing their reputation during the horrific and unprecedented financial recession of 2007-2008. The firm analysed what people were saying about how they felt during this period.  As she describes it, the firm found that three emotions were most evident in the public discussions about the financial downslide that was causing a real sense of fear and loss of trust. They were: irreversibility (consumers fear that what was happening was irreversible and would be permanent); unfamiliarity (consumers having never experienced anything like this economic uncertainty before) and involuntariness (consumers had no control over what was happening to them and could not influence the outcome whatsoever). The consuming public was paralyzed by fear and what could companies do to assuage their loss of trust. For companies faced with these raw emotions, Linda recommends explaining in everyday language (certainly not corporate speak) how the situation happened, how it is similar to a familiar experience they may have encountered in the past, the role of the responsible parties to fix the situation so it does not happen again and how the company will do whatever it takes to repair that broken bond of trust. And certainly empathisize with those affected and show you care if you want to keep your reputation from cratering.

Building trust is the bedrock of reputation. If your company is not trusted and credible, it is going to fail fast and I mean really fast.



Reputation Resilience


Reputation resilience is a topic I often think about because it should be on all leaders' minds. How can I build the most resilient culture so that we can withstand a crisis that risks our hard fought for reputation? A new report from Schillings in the U.K. examined UK FTSE 350 and leading private companies about reputation risk and resilience. Respondents were Communications, Legal and Risk executives. Here are some of the findings:

  • All executives surveyed are spending more time on reputation risk management than they did two years ago -- 80% say more time (among risk managers), 68% (among communications heads), and 53% (among legal executives). No one said less time.
  • Only 17% say that there is formal reporting to the board of directors on reputation risk. Clearly, not good enough.
  • The top five threats to their company's reputation are (in rank order): business underperformance, information risk, operational risk, health and safety incidents, and employee behavior. Social media comes in at 6th place.
  • When asked what was the biggest obstacle to making reputation risk management top of mind at the company they work for, 37% of respondents said "CEO/Board removed from reputation risk: lack of focus without a crisis and too much reporting." That is unfortunate.  Companies should not need a real crisis to get them to pay attention to risk management.
  • Fortunately, communciations and legal executives are onto it. They know that their jobs require them to take charge of their company's reputation and any associated risks. A full 72% of communications executives said they feel directly responsible and 63% of legal executives are responsible for their company's reputation.
  • How resilient are companies to facing challenges to their reputation? There is a surprising (to me) fair amount of confidence. 55% are "confident enough," 29% are "very or extremely confident" and 16% are "not at all confident or unsure." Although this bodes well for many companies, I would be wary -- essentially 84% of top executives are confident.  If you ask me, they are not worrying enough about all the possibilities that could befall their reputations. Risks to reputation seem to be coming from all directions today and being over-confident is the wrong stance.

Another interesting aspect of this newly issued report is that Schillings is a law firm. They have rebranded themselves to be all about managing reputation risk. Their tag line is "Law at the speed of reputation." Serious business. What would compell a law firm to switch to focusing on reputation? Here is what they say about their transformation: "To continue to lead at a time of such extensive change, we’ve fundamentally changed our own offering. By combining our unrivalled expertise in reputation law with new risk consulting and IT security expertise, we have been able to create an integrated offer that continues to safeguard the successful businesses and individuals we represent whilst living up to the promise that underpinned our business from day one." It would be hard to name many law firms that have done the same. Reputation is changing the face of organizations all across the globe and some firms see the opportunity ahead. Maybe Schillings sees the risks down the road for them as a law firm and are taking their risk by the horns. Interesting approach.

Risky business for CEOs


A new McKinsey survey among board members reports that members acknowledge knowing little about risk. Nearly three in ten (29%) say their boards have limited or no understanding of the risks their companies face. Even more compelling, members say their boards spend just 12% of their time on risk management, an even smaller share of time than two years ago. Not sure about you, but I'd say that the business environment has become more complex and risky, not less complex and risk-free.

This is not good news for executive teams. When it comes to risk management, reputation is high on the list of vulnerabilities that can damage a company's good name. This has me thinking that if board members are not focusing enough on risk, executive teams are going to be held even more responsible for any misdoings and misdeeds. They had better been attuned to crises and risks that are lurking around the corner. CEOs and their direct reports should make reputational issues an A-1 priority on their management agendas.

I received an email about two weeks ago asking if I had information on whose most to blame when crisis strikes. Years ago, I asked that question of executives and if I recall right, CEOs received most of the blame, regardless of whether they knew about the problem or not. The McKinsey research is hinting at the same blame chain. The CEO takes all the credit when things go right and all the blame when things go wrong. The board is looking in all the wrong places. CEOs, beware.