So far in this series, we’ve discussed why companies are adopting a more public focus on ethics and compliance, how reputational risk can impact a company and its brand, and the first three elements of a five-part framework for determining the impact of a reputational risk event.
Today, we’re going to discuss the last two elements, as well as share some tips for better brand resilience from Christopher McClean, Vice President and Research Director for Forrester Research’s Security and Risk division.
5 Elements of Determining Reputational Impact
Here are the last two elements of the five-piece framework for determining the impact of a reputational risk event. (Missed the first three? Find them here!)
Sony has had a poor reputation concerning information risk management in the past, to the point that security experts have speculated that Sony “executives didn’t care,” which resulted in several breaches over the past 2 years. When something happened, no one was surprised, which made them look negligent. When the Anthem breach happened, they didn’t have that kind of reputation. Ask yourself, are people likely to say, “We expected this – we know they just don’t pay enough attention to ethics and compliance”? Clearly, a breach is never ideal, but companies that with better reputations tend to weather the storm better.
Scope of Violation
Siemens received the largest ever FCPA enforcement penalty at $800 million. If you look at the SEC and DOJ reports on Siemens, they explain why their enforcement action was so high, which was that the problem was pervasive. Internal practices made it easy for people to bribe foreign officials, and in some cases even encouraged them. Compare that to Morgan Stanley – a few years ago, a single individual was fined as a single actor. The regulators said this was a one-time issue, not a pervasive cultural issue, and a as a result declined to prosecute the company. You have a reputation with regulators, examiners and law enforcement, as well as with the public. You want to be able to let those people know, “We’re doing everything we can to build an ethical culture with documentation, training, attesting to policies, etc.” You’re creating a reputation based on participation of your employees.
A resilient brand is one that, after a risk event occurs, retains the loyalty of customers and other stakeholders. The idea behind brand resilience is that the brand promise and brand experience match. People stay loyal after a risk event to a resilient brand because they can say, “This is still a company I believe in.”
You start to have a vulnerable brand when these two things are misaligned. Good examples of recent trust breaches would be apparel companies whose executives have made statements like, “These types of people should not shop in our stores or wear our clothing.” That is a serious breach of trust – you go to these apparel companies thinking, “This is going to be a reflection of my body image or how I look.” And these companies are essentially saying, “We don’t want people like you.” That’s really hard to recover from. In that case, you can clearly see where the customer’s brand promise and brand experience are wildly divergent.
Tips for Success
Christopher McClean of Forrester Research shared three tips for success to guide you as you craft your strategy for mitigating reputational risk.
- Assess your customers’ expectations. Do your customers care about CSR, do your investors care about environmental practices? What’s the damage if things go poorly? If customers care a lot about CSR, and you mess something up in that arena, the reputational impact could be disastrous.
- Tie your internal ethics and compliance communications to your external brand values. Think about things like your CSR and sustainability reports, privacy statements and how you can marry those with the public brand promise.
- Measure success by level of support for business performance metrics, including customer satisfaction and loyalty. You can show that when things go wrong, customer satisfaction and loyalty go down. Value statements can show correlation with a rise in customer loyalty.
Share Your Thoughts with Us
We’d love to hear from you! What advice would you add? How does your company manage reputational risk? You can share your thoughts with us by commenting on the blog, messaging us on JDSupra or messaging me directly on LinkedIn. We look forward to hearing from you – and don’t forget to check back next week for Part 3 of this series!
PS: Want to watch Christopher McClean, Vice President and Research Director for Forrester Research’s Security and Risk division, and Jimmy Lin, The Network’s Vice President of Product Development and Corporate Strategy, discuss all this and more? Download our on-demand webcast, Managing Reputation Risk Through Ethics and Compliance.
For More Information About Mitigating Reputation Risk with Ethics and Compliance Training, Check Out These Resources:
- Webinar: Empowering Middle Management to Elevate Your Ethics and Compliance Program
- Whitepaper: The Comprehensive Guide To Ethics and Compliance Hotline Reporting Programs
- Blog Post: The State of the Compliance and Ethics Function: Insights to Improve Your Compliance Program
ON-DEMAND WEBCAST | Managing Reputation Risk Through Ethics and Compliance Processes
In this webcast, Chris McClean of Forrester Research will dissect real-world examples to demonstrate how strong compliance and ethics training programs support robust corporate brands, and even protect the brand’s value in the event there’s a lapse.