Can we quantify reputational risk? Basel Committee is getting close to asking this.

quantify reputational risk

The Basel Committee is getting closer to asking firms to try to quantify reputational risk and at Riskope we consider it absolutely feasible.
Indeed, in the probability-cost of consequence plot (i.e. the “risk space”) reputational risks can be easily added (they come as costs multipliers).
These two presentations: Pres1 and Pres2 contain information from our courses and book related to adding reputational components to standard risk assessments and risk based decision making.

Exxon Mobil Corporation, ConocoPhillips,
Hess Corp., BP plc (ADR),
Chevron Corporation, Royal Dutch Shell plc (ADR)

This type of analyses can show that a small “physical” risk can lead to a huge “total” risk, once the reputational part is added. And the total risk may well slide over corporate’s tolerance. At Riskope we believe that any risk management effort should encompass the definition of the corporate’s tolerance threshold, and we have developed the methodologies to derive that threshold.
Some specialists seem to believe that reputation risks should be treated as “absolute hazards”, meaning that they either exist, and may lead to the corporate destruction, or they do not. Other suggest using a “proxy variable” like counting the number of clients the bank will lose in case of a “hit”.
We disagree with the idea of using a “binary” destruction/not destruction method because it sets us back almost a century in management history, as it means doing hazard management rather than risk management, like European Railroads used to do, for example, in the early ‘900s.
We also disagree about using a proxy variable. Indeed, counting how many clients the bank will lose, is just a small step removed from evaluating how much business (money) the bank will lose, so why shall we not do things transparently?

Inserting reputational risks in a global transparent and easy to understand perspective for the organization will allow proper prioritization and a sensible risk management plan.

Corporations do need to “do business in a better way”, and in my mind that has to be coupled with sensible, transparent holistic and “homogeneous” understanding and prioritization of risks.

So, let’s try to summarize: reputational risks come as an additional component to other risks.

Example 1: a wrong communication from a bank can generate a damage of 50,000$ to a couple clients, with the annual probability of 1/25, but it is estimated that the reputational component would “multiply” that damage by 100 (so, now we have 5.05M$) when scores of clients run away from that bank.
This way of thinking allows proper prioritization of risks.
Example 2: the bank has another operational risk that could generate a damage of 3M$ with the same annual probability of 1/25. It looks that this second risk is higher than the one of Example 1: WRONG conclusion, because the first risk has a strong reputational component (5.05M$ is larger than 3M$, at same probability).
We have several real life examples of this: a) a small rock falls from a cliff, damages a vehicle inspecting a railroad, and the whole worker’s union goes to strike because the railroad is unsafe, b) a high-tech company runs a fire drill which goes very bad and the whole city starts a blockade because they panic over the “corporate unpreparedness”.

It is only once tolerance thresholds are added in the p-C plot that proper prioritization of complex risk portfolios can be rationally achieved, by comparing the “intolerable part” of each risk scenario.

Now, if you want to read about a “small risk” that ended up costing an arm and a leg to a famous US airline, please look at Post1 and Post2

Tagged with: Acceptability, assessment, banks, Basel, basle, compliant, crises, crisis, decision, economic, holistic, management, operational, risk, sustainability, tolerance

Category: Consequences, Hazard, Mitigations, Probabilities, Risk analysis, Risk management, Tolerance/Acceptability