Reputational Risk
Reputational
risk is any risk
to an
organization's reputation that is likely to destroy shareholder
value.
Reputational
risk
leads to negative publicity, loss of revenue, litigation, loss of
clients and partners, exit of key employees, share price decline,
difficulty in recruiting talent.
A comprehensive
reputational risk assessment
is necessary as an important part of a risk assessment.
The Basel II definition of operational risk
excludes
1. Strategic
risk
2. Reputational risk
3.
Systemic risk
We have several
stress tests that stress exactly that: reputational Risk.
Managing reputational risk
The most important principles are:
1. Educate
shareholders, employees, customers and suppliers. We must explain
the importance of reputational risk, and what they have to do (and
to avoid).
2. Tone at the top. Board and senior management oversight.
Policies and Procedures. Strong and consistent enforcement of
controls.
3. Continuous monitoring of threats to reputation.
4. Establishment of a crisis management plan and team.
5. Reporting
6. Stress testing.
Communication of the results.
From the Bank of International Settlements:
Basel
Committee on Banking Supervision, Risk Management Principles for
Electronic Banking, July 2003
C. Legal and Reputational Risk Management (Principles 11 to 14):
11. Appropriate disclosures for e-banking services.
12. Privacy of customer information.
13. Capacity, business continuity and contingency planning to
ensure availability of ebanking systems and services.
14. Incident response planning.
Legal and Reputational Risk Management
To protect banks against business, legal and reputation risk,
e-banking services must be delivered on a consistent and timely
basis in accordance with high customer expectations for constant
and rapid availability and potentially high transaction demand.
The bank must have the ability to deliver e-banking services to
all end-users and be able to maintain such availability in all
circumstances.
Effective incident response mechanisms are also critical to
minimise operational, legal and reputational risks arising from
unexpected events, including internal and external attacks, that
may affect the provision of e-banking systems and services.
To meet customers expectations, banks should therefore have
effective capacity, business continuity and contingency planning.
Banks should also develop appropriate incident response plans,
including communication strategies, that ensure business
continuity, control reputation risk and limit liability associated
with disruptions in their e-banking services.
Free
E-book: 100 Job Descriptions in Risk and Compliance Management
|
