Reputational risk is any risk to the institution’s reputation. Reputational risks can come from management decisions and employee actions within the company, from joint venture partners, from suppliers, or from vendors that the firm uses for specific tasks. A risk to the company’s reputation is a threat to its good name and standing in the local and/or global community.
When the reputation risk comes from management decisions inside a financial institution, the solution is to make better choices. To do this, the bank may need to seek better information, conduct additional risk assessments, include more people in the conversation, or improve policies, procedures, or training. The company is in control of these threats to their reputation. For example, the bank managers may be considering taking an action that would be harmful to consumers and thus a reputation threat to the bank, such as aggressive overdraft charges. Instead of risking their reputation in this way, they can choose to look for extra income from other sources.
Reputational risks from employees can be difficult to manage, especially if the risk is not obvious in the workplace. However, with appropriate checks and balances, proper account opening, and adherence to Know Your Customer rules, these risks are much easier to identify. A loan officer who creates fake accounts for their own financial gain can cause tremendous reputation damage for the bank if his deeds are revealed. When major reputational risks come from outside the company, the first question to ask is how critical the relationship with a vendor or partner is to the institution. If the relationship is critical to the firm’s mission, the managers need to find a way to mitigate the risk.
Reputation damage can happen instantaneously through social media and messaging platforms. Because of this, it is crucial to have a plan for dealing with reputational risks before they happen. There may be a way to avoid the risk to the bank’s reputation by terminating an employee or vendor relationship. Controls can be put into place to prevent reputation risks. In some cases, the risk can only be reduced or transferred. If the managers decide to accept the risk, they need to create a disaster recovery plan such as working with a PR company.