GARP 翻译：如何控制名誉风险？（How to Manage Reputational Risk？）

How to Manage Reputational Risk

A strong risk culture, a proactive board and operational resilience are among the keys to successful reputational risk management.

As Warren Buffett once said, “It takes 20 years to build a reputation and five minutes to ruin it.” This rings especially true today, as high-profile crises – including cyberattacks, product recalls and damaging social media posts – become more prevalent.

Reputation represents an interpretation or perception of an organization’s trustworthiness or integrity. Reputation equals integrity and integrity equals social responsibility – i.e., sustaining the “social license to operate” and ensuring that business practices, operating procedures and corporate behaviors are acceptable to employees, stakeholders and the public.

Reputational risk is the current and prospective impact on earnings and enterprise value arising from stakeholder opinion. To understand and address reputational risks, and to create a sustainable plan for mitigating them, an organization must first identify and assign ownership for each of its risks and then determine its appetite for risk/reward.

Management of reputational risk can then be addressed via the three lines of defense, which include strategic alignment, cultural alignment and operational focus.

Strategic Alignment

Create effective board oversight.

Reputational risk management starts at the top. Matters of strategy, policy, execution and transparency (particularly with respect to reporting) must be closely overseen by the board. Indeed, these issues are vital to effective corporate governance, which plays a huge role in sustaining reputation.

Managing reputational risk doesn’t typically fit neatly into a single function. Ultimately governed by the board, it requires clear accountability, leadership and engagement across numerous teams.

Integrate risk into strategy setting and business planning.

The board and executive management must ensure that risk is not an afterthought to strategy setting and business planning. Reputational risk must be identified as both a material risk and a strategic risk, and should be inextricably linked to the company’s risk management and crisis management disciplines.

Board and senior management should also ensure that there is adequate focus on the critical enterprise risks that could impair the firm’s reputation. What’s more, a process for identifying emerging risks on a timely basis must be established, and the company’s risk profile must be continuously appraised.

Emphasize effective communications, image and brand building.

Building brand recognition unique to a business is vital to market success and, when all else is working well, augments reputation. A good story is easy to tell. Typically, though, the best companies (1) develop powerful and distinctive messaging; (2) establish accountability for results with metrics and monitoring; (3) work social media effectively; and (4) passionately live up to their values every day.

Pay close attention to crisis planning and operational resilience.
Successful management of a crisis event can mitigate potential reputational damage. Through an effective crisis management framework, an organization can integrate the right processes, roles and governance into existing contingency plans.

Of course, it often takes practice to know when to mobilize a crisis response, what information to communicate to which stakeholders and how to coordinate communications across different teams. Companies can test processes and gain experience by running crisis simulation rehearsals based on the most critical reputational risks.

Collaborate with stakeholders.

The executive team and board of directors should interact more with customers, employees, suppliers, regulators and shareholders. News about risks, business operations and branding should be communicated proactively.

No organization or brand will be able to succeed without doing good and doing well — i.e., delivering financial performance while also making a positive contribution to society. Social purpose needs to be embedded into the very fabric and heart of the enterprise.

Cultural Alignment

Establish strong corporate values, supported by appropriate performance incentives.

Boards need to ensure that executive management implements a strong tone at the top, a variety of effective escalatory processes and periodic assessments of the tone in the middle and tone at the bottom. To shape and influence the corporate culture from end-to-end, the executive team must align performance incentives with corporate values.

Moreover, executives and directors need to pay attention to the warning signs posted by the independent risk management function and to audit reports that offer evidence of possible dysfunctional behavior.
Comply with laws, regulations and internal policies.

Few incidents undermine reputation more than serious compliance violations. The accompanying media headlines can drag a company’s brand through the mud. Senior executives, with board oversight, should take steps to implement effective, compliance-driven internal controls.

Operational Focus

Build a strong control environment.

Embarrassing control breakdowns, especially in the arena of public reporting, can tarnish reputation. Every board should therefore expect and demand a strong control environment that not only signals management’s commitment to integrity and ethics but also lays the foundation for a risk-aware culture.

Develop an early warning system.

Embedding risk sensing into an organization’s risk governance program enables the continual identification of emerging threats. To spot potential risks, many leading companies perform 24/7 monitoring of traditional and social media outlets and internal data sources.

Monitoring teams can support both daily reputational threat sensing and crisis management response.

Companies with strong monitoring capabilities can more effectively analyze and interpret data, leading to better, more-informed business decisions.
Parting Thoughts

Reputation is everything, and financial institutions must therefore do everything in their power to better measure and mitigate reputational risk. This is a challenging task, but a strong risk culture, a proactive board and a comprehensive framework for operational resilience are excellent starting points. To be effective, they must all act in harmony with each other; this is not the place for compromise or shortcuts.

John Thackeray is the founder and CEO of Risk Smart Inc. Over his long career, he has held many risk positions, including CRO posts where he interacted and engaged with US and European regulators. He frequently contributes articles on his risk insights to the Financial Executives Networking Group (FENG).

Friday, March 01, 2019

By John Thackeray

---

如何控制名誉风险

主旨：强劲的风险文化、董事会的积极行动以及操作弹性是名誉风险管理的成功要素

---

• 沃伦巴菲特曾说，20年的名誉建立，5分钟就能毁灭。这句话在如今相当真实贴切。类似于，网络攻击、产品回收、社交媒体的报道等等高关注度的危机，现在十分普遍。
• 名誉代表了一个组织的部分的信用，信用代表了社会责任 - 比如坚持社会经营执照，保证公司的实务，经营步骤以及企业行为被员工，股东以及社会大众所接受。
• 从股东的角度出发，名誉风险是提升企业收入与企业价值的潜在预期风险。为了理解以及处理名誉风险，制定转移此风险的应急机制，组织必须首先识别出每一种风险，并针对此决定风险偏好。
• 名誉风险同样可以通过三层防线进行管理，包括战略应对、文化应对以及操作性关切。

战略应对

创建有效的审核机制

• 名誉风险管理需要从头开始。有关于战略、政策、执行、透明度（尤其关于汇报）的部分必须有董事会审核，实质上，上述有效的公司治理内容对维护声誉来说至关重要。
• 管理名誉风险并不仅限于单一的功能机构，最终由董事会管控，实质上，是需要明确的问责制、领导、以及各个部门的参与。

在战略设置和商业计划中融合名誉风险管理

• 董事会以及高管必须保证对名誉风险的管理并非是滞后的，必须认识到，它是同时是战略风险和关键风险，而且必须与公司的风险管理以及危机管理政策相联系
• 董事会以及高管必须保证会对公司声誉产生影响的关键公司风险有适当充足的关注。更进一步说，有限时间识别紧急风险的过程必须提前建立，风险现状的评估也必须持续不断

加强有效的沟通，形象品牌建立

• 对于营销来说，建立品牌识别度是至关重要的，当其他一切因素都运行良好的时候，增强放大声誉。榜样的树立很容易，尤其当一家接触的公司有如下特质：

1. 开发强大独特的信息系统
2. 以指标以及监督建立问责制度
3. 与社会媒体进行有效沟通机制
4. 对自身价值观充满热情

对于危机公关以及操作弹性要有更深入的关注

• 成功的危机事件处理能够转移潜在的声誉损失。通过有效的危机管理框架，公式可以将正确的流程、角色和治理整合到现有的应急计划中。
• 当然，对于危机应对来说，何时回应，以什么信息与那个股东沟通，以及如何在不同部门中进行协调沟通。公司可以通过举行以致命的声誉风险为对象的危机模拟听证会来获得应对经验

与股东的合作

• 公司高层以及董事会成员必须与客户、职员、供应商、监管者、以及股东保持互动。对于风险，业务运作、品牌经营的信息应予以提前沟通
• 没有哪个公司组织或者品牌可以成功而不付出代价—比如对社会有正面的贡献同时业绩出众。社会目标需要嵌入到企业的核心

文化应对

建立强健的公司价值观，以合适的有效激励机制辅助

• 董事会必须保证高管执行一个强有力的基调，对中层以及底层也需要进行有效的，周期性的评估。
• 为了从头至尾塑造企业文化，高层必须将公司价值观与激励机制联系在一起
• 此外，管理层董事会必须对独立风险管理机构提供的风险警示以及审计报告提供的可能失当行为的证据线索提供必要的关切

符合法律，规章以及国际惯例的规定

• 很少有比违规更加严重的声誉损害事件，伴随着媒体头条，一家企业的品牌可能毁于一旦，高层及董事会必须执行有效的，合规导向的内控制度

操作性关切

建立强健的控制环境

• 在公共报告领域的控制失当，会使声誉损失。每个董事会都应当期待并要求一个不仅仅能够体现管理层的道德与诚实品格，同时又对公司风险意识奠基起到作用的强健控制环境。

开发早期预警系统

• 将风险感知嵌入到公司的风险治理计划中能够可以持续识别新出现的威胁。为了及时发现潜在的风险，很多前沿公司对传统以及社交媒体信息，内部数据源进行24小时的内容监控
• 监控团队可以同时完成日常名誉风险探测以及危机管理回应的任务。有着强有力监察能力的公司可以更有效地分析诠释数据，导向积极的方面，做出更明智的商业决策。

想法：

• 声誉至关重要，金融机构需要全力去衡量转移声誉风险。这非常具有挑战性，但是有强健的风险文化，警觉的董事会，以及一个全面的操作弹性关切架构是一种很好的开始。和谐是有效的基础，声誉风险的管理上并不存在妥协。