Reputation risk, repair and strategy

[from October 6th and somehow I lost it so replacing here now]

It has been a crazy few weeks -- traveling to Berlin, San Francisco and Istanbul. But I am back in the USA. So here are a few observations about things I've read and learned that I wanted to share:

1. Deloitte Touche Tohmatsu just issued a new report on reputation risk. Reputation risk was the top strategic risk among 300 global C-suite executives surveyed. The survey found 40% of respondents listed reputation as their top risk concern today, with their business model second at 32% and economic trends/competition third at 27%. In 2010, reputation risk was at 26% so we can see that it has moved to the very top of the C-suite agenda. The meta of all risks!

2. In Istanbul, I spoke about Reputation Warfare, the theme of my Harvard Business Review article. The occasion was the 2nd International Reputation Management Conference at Kadir Has University. It was very impressive because there are not many reputation management conferences in this world (Reputation Institute holds one annual one each year). Henry Ristuccia, global leader of governance, risk and compliance at Deloitte had this to say (love this quote): “Reputation risk is going to always be the meta of all risks…how you manage the underlying factors that could affect the organization’s reputation or brand…how resilient are the people, the culture?”) and here I was in Istanbul. Very forward-looking of the university. The summer protests in Turkey at Gezi Park was an interesting backdrop to my discussion on using social media as an opportunity to defend one's reputation in addition to the risk. Additionally, there was discussion about how the protests had affected the reputation of the country. Tourism took a hit in July but from the looks of it, it was pretty healthy this week. I am going to keep a watch out for how Turkey repairs its reputation and what types of reputation recovery strategies are employed. All very interesting and doable. I also experienced some of the Turkish hospitality that they are so well-known for.

3. Just this past week, I read two articles on how Goldman Sachs and JPMorgan are repairing their reputations. All in one week. Clearly this is a topic that has grown exponentially and particularly in the financial sector. The Economist article on Goldman Sachs was fascinating because it described the scenario setting that is being used to train vice presidents to better understand their responsibilities to the firm when faced with ambiguous and complex challenges to doing business today. The case study is preceded by a film that is described this way: "...an emotive documentary on the history of Goldman Sachs, filled with interviews of luminaries and former executives, each hammering home the virtues that supposedly make the firm distinctive—teamwork, personal accountability and the legendary exhortation by Gus Levy, a former leader of the firm, to be 'long-term greedy', by which he meant it should forgo short-term profits if they came at the expense of client relationships." I mentioned in a previous post how Goldman Sachs is super-engaging in training which included their CEO from the start. In addition, incentives have been revamped and tied more to collaboration and teamwork. The WSJ article on JPMorgan's CEO Jamie Dimon focuses on how he is conveying "business as usual" as he faces an imminent federal lawsuit, another revealing reputation recovery strategy. He has been touring midsize cities such as Cleveland, Oklahoma City and St. Louis meeting with local businesses and community leaders that are supported by JPMorgan's philanthropy. According to the article, Dimon's messages are fine-tuned, upbeat and focused on the customer.

 

Reputation damaging close calls

Always good practice to learn from crises or disasters. If they have to happen and tragedy occurs, at least we can try to apply lessons from them going forward. Crises, disasters or issues are sure to come to companies or organizations at one time or another. No one is immune -- every company faces their 15 minutes of shame, not just their 15 minutes of fame. The derailment of Metro-North Railroad in the Bronx one week ago today that killed four people and injured many is rightfully capturing a lot of attention on how to make trains safer.

I was reading this article about the derailment on my subway trip home Friday night and at its close, I came across this important best practice. "The railroad administration instructed the authority to adopt a confidential system to report 'close call' incidents." Many companies could do a better job of understanding their close calls. Close calls are similar to "near misses" which are defined this way according to the National Safety Council:

A Near Miss is an unplanned event that did not result in injury, illness, or damage – but had the potential to do so. Only a fortunate break in the chain of events prevented an injury, fatality or damage; in other words, a miss that was nonetheless very near.

A faulty process or management system invariably is the root cause for the increased risk that leads to the near miss and should be the focus of improvement. Other familiar terms for these events are a “close call,” a “narrow escape,” or in the case of moving objects, “near collision” or a “near hit.”

If companies could include "close call" discussions on their internal monthly or quarterly calls, they'd be in far better shape to deal with disasters that do arise. Management could do better by discussing how they might handle near misses, how to make sure they do not happen, who else should be included in the discussion to prevent them and how to prepare should they actually happen. It could be an informal or formal hearing or process. A more formal best practice is sponsored by the American College of Physicians and the New York Chapter of the American College of Physicians -- The Near Miss Registry. The online registry collects medical near misses before they actually occur with patients. The registry allows healthcare workers to voluntarily report medical "near miss" events” using a web based tool located at www.nearmiss.org  and hosted by NYACP.

Unfortunately the tendency is to bury the near misses in the hopes that they do not reach top management. However, that's exactly the point. If top management does not know how close a call they missed, they won't be able to prevent them.

I think it is a good step that Metro-North is adopting this process.

 

License to Commit Ill

A new study is out that shows that companies that engage in socially responsible behavior are also more likely to engage in socially irresponsible behavior. And the research found this to be fairly common among Fortune 500 company CEOs who work hard at setting a highly moral image and identity. How could that be? The paper, “License to Ill: The Effects of Corporate Social Responsibility and CEO Moral Identity on Corporate Irresponsibility,” was co-written by professors at London Business School and University of California, Riverside School of Business Administration.  The author-researchers found that for approximately every five positive actions that a firm takes, it gives them license to commit one negative action. As one of the co-authors says, “These findings show that CEOs should be aware of this tendency so that they can prevent their companies from slipping into this pattern. Additionally, corporate boards can’t allow CEOs to rest on their laurels. They need to be vigilant in monitoring CEOs.” Good advice. They held up BP and Enron as examples of companies that proclaimed high corporate social responsibility (i.e., beyond petroleum and all the philanthropy engaged in by Enron’s Ken Lay) and yet transgressed. You might be scratching your head. It is hard to understand how this could be. The research which is pretty impressive found that leaders who direct their company’s CSR strategy end up with “moral credits.” These moral credits blind them to irresponsible behavior and being less vigilant about how they manage stakeholder needs. And this goes for employees too who also tend to internalize the prior ethical CSR image of their employers and feel that they too are untouchable when committing unethical behavior.

The best part of the article or at least one of the many best parts is how they use the term CSiR for corporate social irresponsibility. It's a new term to me and one I will use again and again.

 

 

 

Repairing trust and reputation

care_puzzle_red I wanted to read the chapter in Trust Inc. by Linda Locke on "Trust, Emotion and Corporate Reputation." I bought the book because Barbara Brooks Kimmel has done such a terrific job building Trust Across America-Trust Around the World, an organization focused on the fundamental element of trust. Linda is the founder of Reputare Consulting which is a reputation management consulting firm.  I know Linda from events at Reputation Institute and her work leading reputation management at MasterCard. She really knows the field, is a thought leader on reputation, has powerful insights,  and I follow her regularly on Twitter (@reputationista)...love that handle.

In the chapter, Linda mentions that facts are often not enough. It is a good starting place to build trust but if that's all a company has to provide in a crisis situation, it is not going to work today.  She says: "To earn trust, a company must go beyond the requirements, beyond the simple facts of the situation, and demonstrate that it understands the concerns of the stakeholders."  Showing empathy, care and concern are necessary ingredients to rebuilding trust, protecting reputation for the long-term and beginning to repair the reputation tear.  What caught my attention was her recommended breakdown of communications content when a company's reputation is under the glare of spotlights:

  • 50% of a company's external communciations should express care and concern
  • 25% should express the company's commitment to fixing the situation (what are you going to do, when and how)
  • 25% should focus on the facts (again, facts have to be there but it is not all there is).

These are very helpful proportions to use when explaining to companies what they need to do about the content of their risk communications. What fascinates me the most, however, is how companies today have to show their "softer side" when they are in the middle of a brewing crisis and be more vulnerable and empathic. This is a major change in how companies are expected to communicate when they have done wrong in the public's view.

Linda provides some case studies in her chapter that truly intrigued me. She provides a social-pyschological framework to understanding the public's emotions to losing trust in institutions.  Here's one to share. She gave an example of a financial services firm managing their reputation during the horrific and unprecedented financial recession of 2007-2008. The firm analysed what people were saying about how they felt during this period.  As she describes it, the firm found that three emotions were most evident in the public discussions about the financial downslide that was causing a real sense of fear and loss of trust. They were: irreversibility (consumers fear that what was happening was irreversible and would be permanent); unfamiliarity (consumers having never experienced anything like this economic uncertainty before) and involuntariness (consumers had no control over what was happening to them and could not influence the outcome whatsoever). The consuming public was paralyzed by fear and what could companies do to assuage their loss of trust. For companies faced with these raw emotions, Linda recommends explaining in everyday language (certainly not corporate speak) how the situation happened, how it is similar to a familiar experience they may have encountered in the past, the role of the responsible parties to fix the situation so it does not happen again and how the company will do whatever it takes to repair that broken bond of trust. And certainly empathisize with those affected and show you care if you want to keep your reputation from cratering.

Building trust is the bedrock of reputation. If your company is not trusted and credible, it is going to fail fast and I mean really fast.

 

 

Reputation Resilience

flying-away-umbrella

Reputation resilience is a topic I often think about because it should be on all leaders' minds. How can I build the most resilient culture so that we can withstand a crisis that risks our hard fought for reputation? A new report from Schillings in the U.K. examined UK FTSE 350 and leading private companies about reputation risk and resilience. Respondents were Communications, Legal and Risk executives. Here are some of the findings:

  • All executives surveyed are spending more time on reputation risk management than they did two years ago -- 80% say more time (among risk managers), 68% (among communications heads), and 53% (among legal executives). No one said less time.
  • Only 17% say that there is formal reporting to the board of directors on reputation risk. Clearly, not good enough.
  • The top five threats to their company's reputation are (in rank order): business underperformance, information risk, operational risk, health and safety incidents, and employee behavior. Social media comes in at 6th place.
  • When asked what was the biggest obstacle to making reputation risk management top of mind at the company they work for, 37% of respondents said "CEO/Board removed from reputation risk: lack of focus without a crisis and too much reporting." That is unfortunate.  Companies should not need a real crisis to get them to pay attention to risk management.
  • Fortunately, communciations and legal executives are onto it. They know that their jobs require them to take charge of their company's reputation and any associated risks. A full 72% of communications executives said they feel directly responsible and 63% of legal executives are responsible for their company's reputation.
  • How resilient are companies to facing challenges to their reputation? There is a surprising (to me) fair amount of confidence. 55% are "confident enough," 29% are "very or extremely confident" and 16% are "not at all confident or unsure." Although this bodes well for many companies, I would be wary -- essentially 84% of top executives are confident.  If you ask me, they are not worrying enough about all the possibilities that could befall their reputations. Risks to reputation seem to be coming from all directions today and being over-confident is the wrong stance.

Another interesting aspect of this newly issued report is that Schillings is a law firm. They have rebranded themselves to be all about managing reputation risk. Their tag line is "Law at the speed of reputation." Serious business. What would compell a law firm to switch to focusing on reputation? Here is what they say about their transformation: "To continue to lead at a time of such extensive change, we’ve fundamentally changed our own offering. By combining our unrivalled expertise in reputation law with new risk consulting and IT security expertise, we have been able to create an integrated offer that continues to safeguard the successful businesses and individuals we represent whilst living up to the promise that underpinned our business from day one." It would be hard to name many law firms that have done the same. Reputation is changing the face of organizations all across the globe and some firms see the opportunity ahead. Maybe Schillings sees the risks down the road for them as a law firm and are taking their risk by the horns. Interesting approach.

Risky business for CEOs

Risk-Management  

A new McKinsey survey among board members reports that members acknowledge knowing little about risk. Nearly three in ten (29%) say their boards have limited or no understanding of the risks their companies face. Even more compelling, members say their boards spend just 12% of their time on risk management, an even smaller share of time than two years ago. Not sure about you, but I'd say that the business environment has become more complex and risky, not less complex and risk-free.

This is not good news for executive teams. When it comes to risk management, reputation is high on the list of vulnerabilities that can damage a company's good name. This has me thinking that if board members are not focusing enough on risk, executive teams are going to be held even more responsible for any misdoings and misdeeds. They had better been attuned to crises and risks that are lurking around the corner. CEOs and their direct reports should make reputational issues an A-1 priority on their management agendas.

I received an email about two weeks ago asking if I had information on whose most to blame when crisis strikes. Years ago, I asked that question of executives and if I recall right, CEOs received most of the blame, regardless of whether they knew about the problem or not. The McKinsey research is hinting at the same blame chain. The CEO takes all the credit when things go right and all the blame when things go wrong. The board is looking in all the wrong places. CEOs, beware.

reputation exposed

BusinessValuations Reputation matters and has grown in importance to companies and their leaders. In a recent article in ABA Banking Journal on the banking industry's reputation, the topic of intangibles came up that I thought was worth emphasizing.

Years ago, investors only cared about financial performance but it is now clear from some research that 80% of the value of S&P companies is attributable to intangibles like reputation. This estimate is similar to what I have been using for years since I first learned about intangibles vs tangible assets and the enormous influence of reputation on market value. Social media has now made those intangibles easier to access and therefore opened up to most of us how companies treat their employees, build leaders and brands, follow codes of conduct, treat intellectual property, disclose information, care about communities, etc. The article pointed out that Bloomberg terminals provide information on more than 120 environmental, social and governance measures that help investors value the intangibles that drive reputation. This is an important point because whereas financial performance is based on looking backwards, intangibles now available on these types of data aggregators are more forward-looking and give a clearer picture of what might lay ahead for particular companies. The article points to another data aggregator called CSRHub which looks at companies through the lens of metrics including "best of" and "worst of" awards and rankings. As the article says, "Since the market calculates the value of businesses based on anticipated future earnings, poor reputation can be an indicator of systemic problems, which can have an adverse effect on revenues." It is hard for me to remember a company whose reputation failed and where when the digging began, there weren't any warning signs ready for the asking. Sometimes I go to Glassdoor.com to just read about where those early warning signs might be for particular companies and wonder why no one has investigated further what employees are only to quick to tell the world. Apparently there's a banking industry site with reviews called MyBankTracker which was new to me.

Would we have known about Enron's demise if Glassdoor.com or some other similar site had existed when Enron imploded? I sometimes wonder about that.

 

Plan to recover reputation

jdI was eager to read JPMorgan Chase CEO Jamie Dimon's Letter to Shareholders this year. Considering the London Whale episode of the past year, I thought his Letter would be revealing. He clearly did not skirt the issue. I cut and paste some quotes below which are direct, apologetic and conciliatory. Also, I used the picture from the Letter to Shareholders here because it was surprising in that it almost looked like a man running for office but mostly because it is something that we advise clients which is to make better use of photos of their CEOs and execs with people (preferably employees) and not alone in some corner office isolated and solitary. You can't know what is going on in your company by spending too much time in the office. It derails CEOs all the time. What I like was how he presented his lessons learned for his reputation recovery plan. They are bulleted below as follows and include a favorite piece of advice of mine -- problems don't age well:

  • Fight Complaceny
  • Overcome conflict avoidance
  • Risk Management 101: Controls must match risk
  • Trust and verify
  • Problems don’t age well
  • Continue to share what you know when you know it
  • Mistakes have consequences
  • Never lose sight of the main mission: serving clients

On Responsibility: "I also  want our shareholders to know that I take  personal responsibility for what happened. I deeply apologize to you, our shareholders, and to others, including our regulators, who were affected by this mistake."

On Complacency: "Complacency sets in when you start assuming that tomorrow will look more or less like today – and when you stop looking at yourself and your colleagues with a tough, honest, critical eye. Avoiding complacency means inviting others to question your logic and decisions in a disciplined way. Even when – and especially when – things have been going well for a long time, rigorous reviews must always take place."

On the Aftermath: "There are a few things, however, that occurred this past year that we are not proud of. The “London Whale” episode not only cost us money — it was extremely embarrassing, opened us up to severe criticism, damaged our reputation and resulted in litigation and investigations that are still ongoing."

On Reputation Committees: "That’s why we have a risk committee framework within the firm with extremely detailed reporting and many other checks and balances (like reputation committees, underwriting committees and others) to make sure we have a disciplined process in place to question our own thinking so we can spot mistakes before they do real damage."