Sometimes it’s important to challenge conventional “wisdom”. That’s one of the important ways in which a profession evolves. Of course, sometimes conventional wisdom stands up well to critical examination, which helps to strengthen its position. Other times…
So, with that gauntlet thrown down, which of the following is not like the others:
- Fraud risk
- Strategic risk
- Market risk
- Credit risk
- Reputation risk
Clearly, the title of this blog post gives away the answer, so let me ask a different question. Why? Why is “reputation risk” different, and why doesn’t it belong with the others in a list of risk types? Take a moment to think about it…
In order to answer the question, I’ll start with an analogy. Imagine if the medical or insurance professions used a list of “causes of death”, which included:
Think about it. Isn’t bleeding often an outcome of the other four “causes”? As such, it wouldn’t make much sense for it to be listed as a distinct cause of death. It’s simply an outcome or symptom of events, rather than a cause. In fact, I can’t think of a single circumstance where a loss of blood occurs without some event happening to cause it.
So, when does reputation damage occur? It occurs as an outcome from a wide variety of events. For example:
- A massive fraud event occurs in a bank and the banks stock price suffers and/or its market share falls as a result.
- One company merges with a competitor only to discover some profound incompatibility in culture and/or technology, which results in unhappy customers and ticked-off shareholders.
- There’s an unforeseen shift in the market that a company is unprepared to respond to, resulting in reduced market share and lower stock price because the company’s value proposition is diminished.
- An organization finds itself unable to meet its obligations to its creditors, or the people/organizations it has extended credit to can’t meet their obligations. The result — potentially higher costs for additional credit and/or reduced share price.
Notice anything about these examples? They’re events that match the first four risk types listed at the top of this article. Also, each of the examples reflects the effect of damaged reputation on stock price, market share, etc. So my point isn’t that the potential for reputation damage doesn’t exist. It absolutely does. My point is that reputation damage is not a type of risk. It’s an outcome.
Why does it matter?
Well, for one thing, I often hear people say that, “You can’t measure reputation risk.” Given my perspective above, I’d agree with them because "reputation risk" is not an accurate representation of how reputation factors into the risk picture. You can, however, measure reputation damage. The difference is that if you stick with the common use of "reputation risk", you end up being unable to measure a critical component of the risk landscape. If, however, you treat reputation damage as an outcome of the actual risk types, then you can do meaningful risk measurement.
I’m sure some people will think I’m nit picking. Others may try to defend “Reputation Risk” as a well-established principle. To the first group, I’d answer that mature professions don’t operate with fundamental logical flaws in their foundational terminology. Furthermore, if we’re going to accurately and meaningfully measure risk within the organizations we serve, we have to avoid making these kinds of conceptual errors. Errors that genuinely prevent us from measuring risk well. To the second group, I’d ask for a logical and rational defense for "reputation risk" that — frankly — I don’t think exists. I’m all ears though, for someone who cares to offer one.
What needs to happen?
This is just one example of where the risk management profession hasn’t applied enough critical thinking to really understand the problem space. I could make the very same argument about “Liquidity Risk”, "Financial Risk" or a number of other terms and concepts that are regularly used in our industry. All I’m suggesting is that the risk management profession needs to take a step back and more carefully examine common terminology and practices. There’s room for improvement, and each of us can help to move the needle. The next time you're about to use the phrase "reputation risk", remind yourself that there's no such thing — that it isn't a type of risk. Instead, refer to reputation damage as a potential outcome of legitimate forms of risk.
The good news is that FAIR treats reputation damage as an outcome, which is one of the reasons why it's been so effective at dealing with this aspect of risk measurement.