Rise of the Chief Reputation Officer
July 2016 | FEATURE | RISK MANAGEMENT
Financier Worldwide Magazine
The chief reputation officer, or CRO, is a relatively new but increasingly influential addition to the corporate lexicon, a role which ostensibly has responsibility for overseeing an organisation’s reputational risk. The 2016 Aptean Whitepaper ‘A New Definition of CRO’ defines reputational risk as “any threat to your brand’s reputation as it is perceived by customers, employees, and other stakeholders including investors, regulators, partners and auditors that would result in a risk of loss, financial or otherwise”.
Many of the reasons behind the growing importance attached to corporate reputation can be found in Deloitte Touche Tohmatsu Ltd’s 2014 ‘Global Survey on Reputation Risk’, which offers four scenarios to exemplify why a company’s reputation should be managed “like a priceless asset” due to the comparative ease in which it can be tarnished. The scenarios presented by Deloitte are: (i) executives in financial services firms are forced to resign after employees are caught manipulating markets; (ii) retailers lose large amounts of customer and credit card data to cyber attacks; (iii) technology firms are blasted by the public and media for poor working conditions at their suppliers’ factories; and (iv) news websites redirect readers to fake news, thus damaging their credibility and the credibility of online news in general. That said, the survey is careful to make clear that scenarios such as these can be contained or prevented if an organisation is actively involved in managing the risks they face and understands the potential reputational consequences.
The Deloitte data – which showcases the views of 300 executives drawn from companies representing every major sector and jurisdiction – found that 87 percent rated reputational risk as being more important when compared to other strategic risks. In addition, 88 percent stated that their organisation was actively focused on the managing reputation, with many looking to appoint an individual to address the assorted reputational risks and get a handle on this important, but often overlooked, feature of their risk profile.
Furthermore, the financial value to companies of having a strong reputation was highlighted in a recent study by the World Economic Forum, which concluded that reputation accounts for more than 25 percent of a company’s market value – an impactful figure for any company, never mind large multinationals.
Reputational risk is a growing concern for companies, with many advocating that it should be allocated the same priority afforded to financial and compliance risk. That said, the obvious question to ask is where in an organisation’s hierarchy should the component tasked with ensuring a strong and healthy corporate reputation actually (and most appropriately) reside.
“The CRO should be responsible for ensuring an organisation is perceived positively and with trust and respect by its key stakeholders,” states Mike Lawrence, executive vice president and chief reputation officer at Cone Communications LLC. “To be effective, a CRO should report either to the CEO or to the board of directors, and should be a member of the organisation’s executive leadership team.”
For organisations resistant to appointing a CRO to handle their reputational risks, Mr Lawrence cites two reasons as to why this reluctance exists: (i) they don’t understand how the position differs from a chief communications officer or a chief marketing officer; and (ii) they don’t have a clear sense of the increased importance of reputation to organisational success.
However, some remain unconvinced. Anthony Johndrow, CEO of Reputation Economy Advisors, maintains that the chief reputation officer role is really more of a concept than a potential C-suite executive position. “On one level, it’s simply another way to add emphasis to the role of a modern-day CEO – where they are both the external face of, and the driving force behind, an organisation culture,” he asserts. “Not all CEOs understand that, nor do they have the capacity to completely fill this gap, yet no single corporate function can take responsibility for reputation. Each function has the ability to impact reputation in some way, but none have the breadth to govern it – this is why the CRO conversation keeps coming up.”
Whether a chief reputation officer should be the sole custodian of an organisation’s reputational practices is up for debate. According to Chuck Saia, a chief risk, reputation and regulatory affairs officer at Deloitte LLP, responsibility for a firm’s reputation should sit more within the domain of an enhanced chief risk officer, rather than a pure chief reputation officer. “Reputational risk is evolving and becoming a key strategic concern for CEOs and boards as it’s directly connected to and magnified by other business risks,” he explains. “For example, ethics is a business risk. When an expectation for ethical behaviour isn’t met, reputation can be impacted. An evolved chief risk officer – chief risk and reputation officer (CRRO) – understands that interconnectivity. Furthermore, I believe that the CRRO needs to be a direct report of the CEO. It’s a best practice that ensures there is equal footing between the CRRO and other business leaders.”
For all the apparent discord, chief reputation officer is an emerging role taking its place in the corporate structure, in one form or another.
For all the talk of having a CRO report directly to the CEO, there should be a good understanding of the mechanics, and importance, of the role throughout an organisation, from top to bottom. For not only will a company-wide appreciation of the CRO help to fix its position in the overall reckoning, it also assists in the organisational alignment of roles and responsibilities.
According to Mr Johndrow, leaders in large organisations suffer from two conditions that confound their understanding of reputation. Firstly, their purview is limited to the narrow scope of their responsibility, and secondly, their individual incentives are potentially at odds with long-term, reputation-based decision-making, such as short-term cost reduction or profit incentives. “It is quite possible for such leaders to make decisions in good faith that present outsized long-term risks to the company,” he says. “Only CEOs and board members feel the fully-loaded costs of reputation risks – a reality many of them are no longer satisfied with.”
For Mr Lawrence, it is organisations that sell directly to the public, ones that are highly regulated and those whose stock is publicly held, that tend to be most understanding of the value of having a CRO. “Increased transparency and activism driven by internet connectivity has created an empowering environment for many stakeholders that make a CRO increasingly important for these types of organisations,” he explains.
Increasing regulatory scrutiny has obviously had a major impact on organisations, particularly financial institutions, in recent years. This trend is likely to continue. Furthermore, with regulators monitoring company actions and reputations, it is imperative for organisations to take this onboard and focus on more than just issues pertaining to regulatory compliance.
“Today, senior executives understand that compliance risks, for example, can lead to not only increased regulatory scrutiny, but can also affect an organisation’s reputation,” notes Mr Saia. “If an organisation’s chief risk officer, or chief reputation officer, isn’t responsible for reputational risks, there could be a tendency for risks to be siloed. In other words, officers manage their own risks, be it compliance, financial, operational, or otherwise, but ultimately fail to see the big picture reputational risks which can impact an entire organisation.” Further, an understanding of how they are perceived by key stakeholders and the impact this can have on business operations will allow firms to factor this data into their regulatory strategies and adjust their other business strategies accordingly, he adds.
“The regulatory scrutiny of financial institutions has produced a compliance culture, where decisions are rules-based,” says Mr Johndrow. “It is impossible for a set of rules to anticipate all of the potential scenarios that produce reputation risk, so this is, at best, a partial solution. It would be ideal for a CRO to augment a risk identification process led by the chief risk officer – leveraging this discipline and process to provide the organisation with the education and strategic planning necessary to engage every employee in reputation-based decision-making.”
Fad or not
What, then, should we expect to see across the CRO landscape over the coming years? Moreover, can we say with any certainty whether the chief reputation officer role as we currently understand it is here to stay, or no more than the latest corporate fad?
“The evolution of a connected, wireless world will continue to heighten scrutiny of and expectations for how companies and non-profit organisations should operate. For this reason, organisational success will increasingly rely on reputation. That in turn will rely on alignment between the ‘value promise’ of an organisation – as delivered through its products, services, marketing and other communications – and the way the organisation actually behaves – in areas such as customer, employee, and community relationships, environment impact, and governance. The role of the CRO will be critical to ensuring this alignment. As a result, I hope to see more companies and non-profits creating a CRO role,” says Mr Lawrence.
Mr Johndrow foresees a time when major reputation crises at large, public companies will force boards of directors to do something about the flawed, siloed governance structures they typically oversee. “A CRO role with a direct line to the board and empowered to implement and enforce policies and programmes that ensure ongoing, strategic management of reputation is one possible solution,” he suggests. “For a true, cross-functional CRO role to be empowered at a company, they would have to have authority beyond that of a function head – second only to a CEO.”
Mr Saia agrees that the CRO/CRRO role (with its responsibility for identifying reputational risk) should be included in upper echelon conversations pertaining to enterprise-wide strategy – with a seat at the executive table alongside the CEO and the board. If they do not already, organisations should consider holding monthly meetings to discuss strategic risk and reputation issues, which are then used to keep the CEO and the board informed on a regular basis.
“Companies should look to invest heavily in initiatives that allow them to better protect, preserve and enhance reputation. For instance, a reputational sensing capability within an organisation can allow it to continuously ‘listen’ and analyse what key stakeholders and competitors are saying about it. Investments like these put reputation centre stage with executives and the board, allowing the company to hit reputational risk head-on,” says Mr Saia.
For the moment, it would appear that where the role of the CRO sits within an organisation falls somewhere between two distinct stools: clearly more than just a concept but not yet an accepted C-suite level position.
Moreover, wherever the role may sit, and given the inexorable rise in the complexity risks that exist across today’s business environment, what does seem certain is that the rise of the CRO will continue until the role takes its place somewhere in the corporate hierarchy.
© Financier Worldwide