Newsletters
Risk Central
Digital EditionFrom Tylenol to Opioids: The Tragic Arc of Risk Management at Johnson & Johnson
Nir Kossovsky is CEO of Steel City Re, which mitigates the hazards of reputation risk with parametric reputation insurances, ESG insurances, and risk management advisory services.
How does a company go from a reputation as the industry standard for product safety to one that is deeply sullied by a continual stream of consumer complaints, product recalls and billions of dollars’ worth of lawsuits?
Two ways, to quote Ernest Hemingway. “Gradually, then suddenly.”
Johnson & Johnson wrote the book on crisis management and reputational resilience in the 1980s, when a deranged individual poisoned bottles of Tylenol he’d purchased at stores, then returned them to the store shelves to be purchased again by unsuspecting consumers. Johnson & Johnson’s operations didn’t cause the crisis, but the company took responsibility, recalled the product, launched a massive public information campaign, and took a financial hit amounting to hundreds of millions of dollars.
The company essentially invented the tamper proof bottles that are now ubiquitous among pharmacy products and, despite going through a major short-term disruption to its business, eventually rebounded — buoyed by the reputation it had earned for forthrightness, transparency, accountability and concern for public safety. That reputation added significant value to J&J and its products over the decades that followed and became an integral part of its brand.
Fast forward more than 30 years to the present day. An $8 billion punitive damages award over side effects from its antipsychotic drug Risperdal. A $4 billion verdict to families claiming J&J’s baby powder caused ovarian cancer. A $572 million judgment in connection with the opioid-addiction crisis. Thousands of lawsuits have ensued over its pelvic mesh devices and other products.
While it may seem to those of us who remember the 1980s that all of this all happened overnight, it surely did not. Cultures change gradually. One employee at a time; one decision at a time.
In counseling clients on reputational metrics and how to bolster reputational resilience, we often talk about the need for constant vigilance. Reputation is built on stakeholder expectations. When stakeholders expect certain types of behavior, performance and results, and are disappointed by the reality — when that disappointment or anger turns into action that affects the company’s cash flows — that is a reputational crisis.
Knowing who the stakeholders are and what they expect — and recognizing that those things can change at any time — is crucial and requires ongoing attention. But operational performance can change over time as well and needs to be monitored from a reputational point of view just as carefully. Reputational risk management cannot be limited to marketing and communications. Marketing and risk management professionals need to work together, with risk managers applying the same scrutiny to reputation — and the alignment of reputation with actual operations — as they do to other enterprise wide risks.
Has there been a slippage in quality control? Has there been a change in the way R&D or clinical trials are being conducted? Is negative information making its way up the chain of command at the earliest opportunities? Are safety considerations always given priority over cost concerns? Are short-term employee incentives consistent with the long-term ethical values of the firm? Is waste management sustainable? In other words, is the company still operating according to the principles that built its reputation 30 years ago, updated for the heightened expectations of today’s society?
If an incident occurs, that strong reputation may give the company some breathing room at the outset, as stakeholders assume the best. Stakeholders don’t expect perfection — they will give a company the benefit of the doubt if they believe an incident is merely an anomaly in an otherwise well-run and well-governed operation.
But if their expectations are shattered, if they come to doubt what they’d believed about the company’s governance and management, the reputational damage will materialize swiftly, impact cash flows significantly, and persist indefinitely. Equity values will soon enough reflect the fall in the net present value of discounted future cash flows.
The same could be said for other companies, including Boeing, which saw considerable support in the immediate aftermath of the 737 MAX groundings, based on the company’s longstanding reputation for commitment to safety, enshrined pilots’ declaration, “If it ain’t Boeing, I ain’t going.”
That type of commitment rarely dissolves overnight — it takes time. Somewhere along the line, over the years, one exception was made, then another, then a process overhauled in the name of efficiency — and gradually, then suddenly, the culture had changed. And no one noticed that the operational decision-making process no longer aligned with the values that had created the company’s reputation in the past.
One thing we consider in doing underwriting and pricing reputation insurance solutions is the company’s openness to third party scrutiny and to outside voices. Richard Nixon infamously said: “If the President does it, it’s not illegal.” Executives cannot afford to fall into that same trap — believing that their corporate reputations have lives of their own and, somehow, imbue all of their actions with an aura of unassailable appropriateness.
They forget that it is the actions that justify the reputation, not the reputation that justifies the actions. They forget that they are not the arbiters of what their stakeholders expect of them.
Which, if any, of these factors played a role at J&J or Boeing may be difficult to ascertain, but the lesson is clear. A reputation, once earned, must be nurtured and protected. Stakeholders need clear signals and compelling evidence that their expectations are sound — and CEOs, boards and risk managers need to provide continual, recurring scrutiny over time, backed up by objective, third-party warranties, to be sure that operational realities live up to expectations the company itself has created. &
