Reputation is now listed routinely in surveys of major risks facing organisations. This is particularly true for professional firms. It is also regularly included amongst the lists of emerging risks. Brand and trust have always been important, but clearly there are changing dynamics that are increasing the risks.
In Aon's Global Risk Management Survey, reputation ranked as the top risk facing professional service firms for 2019 and 2020.
Why is reputation so prominent today? In an increasingly interconnected and data intensive world, news of reputational damage can spread rapidly and required levels of trust and information security have been enhanced.
Reputation is best analysed and managed as an aggregation of other business risks and the solution lies initially in having appropriate risk management in place. This includes the classic framework; identification, assessment, treatment and ownership. Reputation exposures however, have characteristics that extend beyond the realm of risk management and touch upon culture and ethics. The world is increasingly uncertain. This risk is therefore a leadership issue, and it is necessary to be prepared for a crisis before it occurs.
It is worth considering what can go wrong. Although errors of judgement and decision-making may be forgivable and not lead to damaging reputation events, organisations can invite reputation damage by departing knowingly from their principles. A less clear area is that of ethical decisions. Ideally, these are mapped with some hard lines but perfect knowledge of what is going on in the firm is not possible. Additionally, dislocation problems can be created by outsiders and ethical lines can shift with unforeseen consequences.
How would a reputation loss manifest itself? Reputation events can have cycles and can damage client retention and future opportunities. This can manifest itself in a number of ways that damage a firm’s profitability:
- Lost clients – revenue loss
- Loss of future clients – loss of opportunity
- Event response costs – immediate response costs
- Additional costs to repair reputation – recovery costs
- Fines and penalties, and third-party suits – regulatory and legal
Risk management response
You can of course design rules to contain risk, but this is a complex area for risk-averse organisations that have growth objectives and are populated by entrepreneurial types. Responsibility therefore must lie with the top group. It is the role of leadership and governance to anticipate and contain potentially damaging behaviour.
Risk identification can usefully be supplemented by a wider scan of the risk horizon. Scenario planning and stakeholder analysis can play valuable roles. Despite the existence of governance frameworks and robust risk management processes, reputation exposures can manifest in unexpected ways.
Reputation events are characterised by what the risk management community terms “velocity” and can quickly evolve into crises: action may be required without a full grasp of the situation. Cyber-attacks are a case in point. Crisis management and continuity management are vital components of the response.
In the aftermath of reputational damage, the key is to have a response plan in place that brings in different disciplines. Simultaneously, it may be necessary to manage the immediate effects and communicate sensitively with stakeholders, employees, clients and the public.
In this respect expert external advice is often crucial. Many lessons have been learnt from past successful, and indeed, unsuccessful responses. Addressing the root issue, showing understanding and communicating sensitively with all stakeholders are key.
Insurance can form part of the response. A combination of insurance responses may already provide some protection against reputation events. These may provide access to response expertise as well as reimbursement for financial losses:
- Reputation response cost protection has been added to some PI policies
- Revenue protection has been added to some business interruption covers
- Post-event public relations costs cover is available in the market as a discreet cover
- Public relations and business interruption covers are provided in cyber policies
Availability of course varies by marketplace and individual insurers.
Working with major insurers, Aon has designed a policy format to cover reputation risk. Aon has identified the scope of coverage, the underwriting process and available markets for reputation risk insurance. The solution should be easily adaptable to captives and have potential reinsurance support from leading markets.
How does a loss manifest itself and what losses could be paid by a reputation product? Possible triggers for reputation damage include:
- Data breach or other loss of sensitive data
- Litigation or regulatory proceedings
- Actual or alleged misconduct of key persons
- Allegations of improper, unethical or discriminatory behavior
- Alleged systemic errors performed in the delivery of professional services
- Association with a client who has operated illegally provided that the firm had no knowledge
The principal challenge exists around establishing the extent of a loss and how much can be attributed to the reputation event policy trigger. Depending on the nature of the risk, we can design suitable and responsive approaches.
The first step is to consider reputation scenarios and potential consequences. Building from that, Aon is able to design a suitable insurance specification and open a dialogue with insurers about the scope and operation of an insurance response.
"We see the prospect of a generic cover when markets become more comfortable with the concepts".
Keith Tracey, Managing Director, Professional Services Practice, Aon
Our understanding of professional firms and their exposures in the changing business environment enables us to guide and support clients in managing reputation risk.
If you would like to discuss any of the issues raised in this article or request access to the full report, please contact Keith Tracey.
Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.
© Aon plc 2020. All rights reserved.
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
Aon UK Limited is authorised and regulated by the Financial Conduct Authority.