Posted: 21 Jan. 2019 10 min. read

Risk in the reputation economy

Royal Commission

In the new era of economist Joseph Schumpeter’s ‘gale of creative destruction’, some industries have lost sight of the fundamental principle: that reputation is the bedrock of every organisation.

We are in the midst of the reputation economy, driven by Royal Commissions into sexual abuse, financial services and now aged care, in which reputation and trust are burning platforms, and powerful drivers of economic and strategic change.

Consumers and community interests are armed with social media tools and instant ratings platforms. They expose and vote with their fingers. And can buy elsewhere with a simple tap.

The report of the Royal Commission into Misconduct in banking, superannuation and financial services took both banks and regulators to task for allowing greed and profit to trump the law and ignoring reputational risk.

It also said banks had treated regulatory compliance ‘as a cost of doing business’, rather than as a foundation to inform and underpin how the business must be conducted.

Heavy fines and criminal sanctions are just the beginning of a major regulatory reset –not only for financial institutions.

The reputational risk landscape includes workplace and campus safety; #MeToo; child exploitation; modern slavery; the tsunami of privacy violations; and cybercrime, in addition to the Royal Commission into aged care, and veiled threats of one for energy providers.

The cost of losing a good reputation is enormous. A World Economic Forum study sent warning signs more than six years ago when they found in 2012 that on average more than 25% of a company’s value was attributable directly to its reputation.

A subsequent Deloitte Reputation at Risk survey identified an 80% per cent chance of a company losing 20% of its value in any single month over five years because of a crisis in reputation – a loss that would be sustained.

These findings resonate with many investors today as they lose appetite for stock whose reputations have plummeted. If the 1980s was the era of deregulation, this could be shaping up to be an era of re-regulation?

Although the belief that principles-based legislation and self-regulation provide sufficient levers to ensure good corporate cultures and behaviour, Hayne challenged the fact that they weren’t delivering, heralding more directive regulation, and increased enforcement.

Any rush to regulate has problems, not only in design, implementation and enforcement, and unintended consequences, but with cleansing outdated rules and regulating for an unpredictable future.

Then there is the cost. In 2014, Deloitte Access Economics found regulation cost the Australian economy some $250 billion a year. Yet two thirds of that was generated by businesses’ internal red tape.

With hundreds of millions more dollars now spent on remediation, compliance costs can only continue to balloon.

It is likely that most businesses either under-invest, or invest inappropriately in reputational risk management. They need to align their appetite for risk management to the value of their assets.

It is not viable to continue throwing large teams into risk management and compliance costing many millions, without considering better ways to drive the right risk outcomes, and put consumers and their communities on an equal footing with shareholders and employees.

Societal norms and tougher rules are also demanding that Boards take the lead in stamping out behaviours that are detrimental to reputation and market value.

To embed a culture of properly managed reputational risk, ‘old’ skills and approaches need updating in e.g. training and communications. Technology needs to be leveraged to improve risk management within acceptable cost constraints.

Certainly an organisation’s integrity rises or falls with its people, yet we already see risk thresholds that cannot be solved by people alone. The volumes of data have grown – too much data and not enough insight.

The ‘RegTech’ (regulatory technology) industry is rising. It’s using artificial intelligence, natural language processing, sensing and machine learning to automate regulatory monitoring, reporting and compliance.

Yet risk insights are most valuable when predictive. Of the three broad areas of risk monitoring – reactive, integrated and predictive – reactive remediation should always be the last resort. It costs most, is finite, and deals with the past rather than the future.

Predictive risk intelligence is the key to helping prevent future failures and their costly damage to reputation.

Advanced technology carefully applied can help tailor an organisation’s data set to its risk-based approach, yet it does not remove the need for the trusted adviser.

In five years’ time, risk will largely be a data and digital business. But it must be augmented by the expertise of risk managers who can look over the horizon, assess and predict how adverse risk events will affect their firm’s reputation.

The reputation economy demands nothing less.

For more commentary from Deloitte on the Royal Commission, please click here.

More about the author

Sean Moore

Sean Moore

Partner, Risk Advisory

Sean has over 20 years’ experience within institutional and investment banking. At Deloitte, Sean is focused on providing his in-depth experience and expertise to financial institutions on Risk, Technology and Business Transformation. Previously, as a Managing Director at some of the largest global banks, he held key roles including Global Head of Operational Risk, APAC Head of Product Control, COO of European Equity Trading, Head of Finance for Continental Europe and COO Australia. His international career has seen him live and work in Australia, New York, London, Zurich, Frankfurt, Singapore and Hong Kong.

Mike Ritchie

Mike Ritchie

Partner, Risk Advisory

Mike is the Deloitte Risk Advisory FSI Industry Leader, and also head of the Regulatory Risk business. Mike has spent the last 30 years working in Australia, the UK and New Zealand, advising the banking and financial services sector in the areas of Governance, Operational and Strategic Risk, Regulatory Compliance, Conduct and Culture.