Is Reputation Risk Your Number One Risk?
By Carol Stern, FLMI, AIRC, ACS
Senior Consultant, First Consulting & Administration, Inc.
If So, That’s Good News for Compliance Officers!
When reputation risk is the Company’s highest risk, senior management can set a tone at the top that will establish an excellent environment to advance a culture of compliance and ethics. Compliance Officers will be authorized to enforce code of business conduct and ethics standards to prevent any exceptions and variances that would put the reputation of the Company at risk.
Monitoring in the Global Village to Prevent Controllable Risk Incidents
We live in the Global Village predicted by Marshal McLuhan in the 1960s[1], but he had no way to know how small the world would actually become. Today, the reputation of a company can be instantly destroyed by the postings of disgruntled customers on a Facebook site, Twitter or other social media sites, or by hackers stealing personal information or customer funds with a few mouse clicks.
A company’s previously untarnished reputation for protecting their customer’s privacy and security can be harmed so quickly today that most companies spend an inordinate amount of time monitoring for these incidents and insuring themselves against the cost of fallout. Unfortunately, most of the cyber-attacks are totally out of a Company’s control and very hard to prevent. Realistically, a company’s resources should be focused on what they can control, such as monitoring the use of their brand on the internet and being continually responsive to customer comments on social media.
Reputation Risk is a Key Strategic Risk for Any Organization
Reputation risk is considered a strategic risk and is managed under an Enterprise Risk Management (ERM) program with the highest priority, where incidents that might have reputation risk are escalated immediately for senior management oversight and decision-making. Examples of this kind of risk incident are any breaches of the code of conduct, such as employee fraud, or any internal corporate corruption such as intentional misstatements on financial filings, shredding of subpoenaed documents or violating bribery laws (FATCA). The privacy and security risks involving the exposure of customers’ personal information, such as social security numbers or credit card information are included in this category.
In the insurance industry, the risk of our third party relationships such as agents, brokers, registered representatives or even outsourcing vendors and third party administrators perpetrating fraud or abuse against our mutual customers has dramatic reputational risk potential. Ultimately, the insurance company may be held responsible for any fraudulent or criminal misconduct of these third parties that regulators believe should have been detected, so regular audits of those entities based on an annual risk assessment are critical to the Company protection of reputation.
The Importance of Tone at the Top
Protecting a company’s brand is at the heart of preventing a reputation risk incident. A damaged brand can have huge bottom line repercussions and some companies never fully recover. Implementation of strong policies and procedures to prevent risk incidents that can be controlled such as employee misconduct and breaches of the code of conduct are part of the compliance officer’s responsibilities.
This is why making reputation risk the company’s number one risk may bring smiles to the faces of compliance officers. Implementation of strict ethical standards and taking action on violators of the Company compliance requirements and code of conduct are the best foundation to build a strong culture of compliance and ethics. When the tone at the top really supports the compliance officer and stands behind a no-exception policy for misconduct, then reputation risk can be better controlled.
Those “at the top” must enforce a policy where serious repercussions are dealt out consistently and fairly for breaches of the code of conduct no matter how important an agent may be to the bottom line or how high the officer sits on the organizational chart. When this tone is set by the CEO and the Board of Directors, then the Company should feel comfortable that it has a framework to prevent internal fraud and malfeasance, managed and maintained by a vibrant compliance and ethics program.
[1] The Gutenberg Galaxy, published in 1962, and Understanding Media, published in 1964.