Do You Know Who Your Friends Are? Managing Reputational Risk in an Interconnected World
Finding the name of your business splashed across the front pages of the newspaper can be a great thing if the publicity is positive.
But if your business is facing scrutiny due to allegations of malfeasance, even ones that turn out to be untrue, your reputation can suffer. Reputational risk is a concern for any business — and adding a business partner can amplify the damage when things go wrong.
The news will always feature examples of institutions facing reputational risk from a business partnership turned sour.
Recent scandals involving Bill Cosby, the Sackler family, and Jeffrey Epstein have caused institutions previously affiliated with these individuals to remove their names from buildings and scholarships in a bid to create distance from the scandal.
In recent months, the Sackler name has been erased from association with The Metropolitan Museum, the Tate, the Louvre and the British Museum in an effort to separate those institutions from the family at the center of the global opioid crisis.
Rebecca Cady, a former Risk All Star and vice president and chief risk officer at Children’s National Health System in Washington, D.C., covered the perils of reputational risk during a session at RIMS 2022 in San Francisco.
Her session, “Guilty by Association — Avoiding Reputational Risk from Business Partnerships,” presented a view of the risks involved with business partnerships and outlined a roadmap for managing reputational risk.
How to Handle Reputational Risk
Once a reputational risk concern has been raised, organizations have to decide how to handle it.
If the individual involved in a scandal is someone who has donated money or received an honorarium from the organization, it can make unraveling the tangle that much more complicated. That is why doing due diligence before entering into a partnership or accepting a donation is critical for organizations trying to reduce their risk of reputational harm.
And while it may be impossible to discover everything about a potential partner before working together, organizations can seek to learn as much as possible first.
“The question for us is what is knowable at any given point in time and trying to get at that before you get into a relationship with another individual or company,” Cady said.
International business relationships add another layer of complexity with even more potential for reputational risk.
The drivers of risk with international partnerships include the concern of data loss, foreign laws and regulations to comply with, receiving gifts from foreign entities or governments, macro geopolitical issues that could harm the organization’s reputation by association, and the risks associated with research and clinical trials in foreign countries.
Risk Management Tools to Reduce Reputational Risk
To reduce reputational risk, Cady and her team developed a risk management assessment tool to use with every potential business partnership they consider.
She said they needed a way to identify and transfer risks to the right department responsible for mitigating the risk, so they created their risk assessment tool as a framework around their mission.
The key components of a risk assessment could include examining critical risk areas like cyber security, reputation, financial, and brand.
Cady cautioned your mileage may vary: “It’s important to sit down and figure out the big buckets you are worried about here. It’s worth asking the questions in case there is something else that is unique to your business.”
Some aspects to consider in assessing a potential business relationship include the level of your relationship (is it just an alliance on paper or will you perform business together?); your history with the potential partner; what level of your organization will sign off on the business arrangement; and the context of the risk in relation to other organizations you have partnered with in the past.
You can also use tools like a background check or a “go-no-go” checklist before performing a full risk management assessment. If an organization you intend to partner with fails the first level of your due diligence process, you can avoid the full risk management assessment and stop the progression of the partnership then.
Some important documents to review during your due diligence risk management assessment of your potential partner include their SEC filings, their most recent annual report, any customer-facing documents like releases or terms of use, IT security due diligence results, and proof of any required insurance.
If you do move forward with a partnership, Cady recommended creating controlling management policies and procedures for all your shared business activities, such as procurement, contract review, philanthropy, gift acceptance, IT risk assessment, data privacy, and security policies.
Cady summarized the benefits of employing a risk management tool to reduce reputational risk when considering a potential partner: “Using a standard method to assess potential business partners can help an organization avoid pitfalls which will cost it time, money, and damage to reputation.” &