January 24, 2023
January 24, 2023
If you oversee an effective reputation risk strategy process, but no one knows it, is it actually effective? This is a vital question boards of directors, senior executives, and risk professionals need to ask themselves in this era of enhanced regulatory enforcement.
We now understand more than ever about corporate reputational risk—how to define it, assess its potential impact, and mitigate it—to build reputational resilience, which is valued by investors. We now know, for example, that reputational resilience is the benefit companies earn by prevailing favorably in the competition for the minds of stakeholders. We know this depends on the degree to which actual corporate performance aligns with stakeholders’ expectations. This is as true with environmental, social, and governance (ESG), compliance, disclosure, diversity, political acumen, and other reputational issues as it is with financial performance.
We know that marketing and communications strategies can manage expectations, but if they are not integrated into enterprise-wide risk management and governance, they can backfire. Incredulous stakeholders will see greenwashing, bluewashing, graywashing, noncompliance, and possibly even non-constructive obstruction.
On the other hand, a study conducted by Steel City Re found that when a crisis allows stakeholders to discover that a company has a robust, authenticated reputation risk strategy, they reward it with a reputation premium, or a higher stock price relative to its peers. Even more compelling, the study found that when companies proactively communicate with stakeholders about their processes and they are authenticated by third parties before any crisis transpires, they gain an even greater stock price premium. The average equity boosts are 5 and 9.3 percent, respectively.
Authentication of the reputation risk management process and communication with stakeholders are key, but these are elements that have been missing from most of the conversations in corporate boardrooms about reputation or ESG-related risk. At the 2022 NACD Summit, we surveyed a group of directors on what they thought comprised an effective reputation risk management and governance process. At first, only 20 percent said it would include management, the board, intelligence gathering of stakeholder expectations, and strategic value protection through a combination of third-party authentication, such as insurance, and communications.
By the end of a presentation titled “Taming the ESG Beast and the Stakeholder Risk de Jure… du Jour,” 66 percent said they favored a demonstrably effective, insurance-authenticated system, fostering thoughtful management and dutiful governance over all that was mission-critical. In other words, for a company’s process to have the desired result, it must not only be effective, but demonstrably effective. And that requires authentication, which is best communicated through insurance, whose very existence needs to be communicated strategically.
Communicating the existence of an effective authenticated management and governance system builds reputation resilience by hardening a company’s defenses. It both deters attacks by regulators, activists, and investors and puts the company and its board in a strong position to defend themselves among these stakeholders and employees, vendors, and social license holders if adverse reputational incidents occur.
That’s where marketing, communications, investor relations, government affairs, and other externally facing professionals come in. Even if a highly visible public marketing and communications campaign is not justified, it is likely possible to engage in a careful, targeted, quieter effort to inform a more limited number of influential stakeholders, such as analysts, bond raters, and regulators. How to mount such a campaign to the company’s best advantage requires its own strategy discussion.
The simpler the story the better. Being able to point to third-party authentication is tremendously valuable. Reputation insurance, the underwriting of which is designed to assess the completeness and thoughtfulness of the risk management and oversight process, is the only form of authentication that also brings with it the conviction of actual financial risk transfer. Parametric insurance, which bases claims on a series of objective, measurable metrics, is easy for stakeholders to understand and prevents the company from having to do a deep dive into aspects of its process during every presentation.
Overseeing reputation risk strategy, particularly the parts linked to ESG, is weighing heavily on boards where climate change, environmental stewardship, social justice, and dutiful governance are mission-critical issues to ESG-focused investors. Marketing executives and risk strategists are seeing their remit expand to include reputation risk strategy, but often without the necessary tools to meet the challenge without creating additional risk—especially with the politicization of nearly everything.
Reputation strategy cannot be consigned to a silo. Building resilience requires more than traditional enterprise risk management and more than aspirational communications. In the opinion of two-thirds of directors surveyed, it requires a demonstrably effective, insurance-authenticated system, fostering thoughtful management and dutiful governance over all that is mission-critical, and that it is communicated strategically.
Reputation resilience is a source of value, not a philosophical abstraction. As the United States approaches a potential recession in 2023, there’s no better time for boards to shore up their companies’ reputational resilience by publicly authenticating and communicating their reputational risk governance processes.
Nir Kossovsky is CEO of Steel City Re. Denise Williamee is Steel City Re’s vice president of corporate services.
NACD: Tools and resources to help guide you in unpredictable times.