reputational risk in banks nibm lecture 220213
TRANSCRIPT
K. Ram Mohan, General Manager (Chief
Operations Officer)Punjab National Bank, Head Office:
New Delhi
The fragility of reputation“ It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently “
“Our assets are our people, capital and reputation. If any of these are ever diminished, the last is the most difficult to restore.” (Goldman Sachs Business Principles)
Reputational Risk in Banks: Agenda
1. Reputation, Its Attributes , Importance & Value to firm
2. Reputational Risk: Definitions, Reputational Risk Capital, Case Studies, Examples & Surveys
3. Reputational Risk Measurement: Broad Qualitative & Quantitative Measures
4. Reputational Risk Assessment framework of PNB
5. Assessment/Evaluation (Off-site & On-site) of Reputational Risk by Regulator: Important Points to consider
6. Reputational Risk Management7. Case Study of a Better managed
Reputational Risk
“The beliefs or opinions that aregenerally held about someone orsomething
A widespread belief that someoneor something has a particularcharacteristic”
Compact Oxford English Dictionary
Reputation
It is : an intangible asset not a brand the sum total of all stakeholders’ experience public information regarding an organization’s
trustworthiness
It also assures: premium value growth opportunities to shareholders
(value growth resulting from managerial experience, innovation, intellectual property)
continued comparative advantage
What is Reputation
• Customers• Suppliers• Investors• Advocacy groups• Regulators• Policymakers• General public
Reputation = judgments and perceptions of others
Reputation is “owned” by stakeholders
Stakeholders’ perceptions develop via three channels
• Direct experience with the company• What others say about the company (online and off)• What the company says about itself (marketing, PR,
exec comments, etc.)
Attributes of Reputation
Importance of Reputation to Stakeholders
Employees: Are more loyal to a company with goodreputation.
Investors and business partners: Will take risk in acompany that they can thrust based upon its
reputation. (More than 90% think about reputation ininvestment decisions: 40% care about reputation, 50%care partially). Lawmakers and regulators: Reputation can help
lessen the legal burden on a company. Public at large: Preserve ―social license to operate
Customers and Depositors: Support loyalty to company
Competition: Barrier to entry
Information asymmetry
Outsiders don’t know as much about a company asinsiders, so a good reputation alleviates and allows
customers to make a choice
Important for all companies but crucial and vital tobanks as our relationship is solely built on
faith/trust. More important in a period of rapid changes, globalization, internet blogs, activism, mass media.
Importance of Reputation and Trust
Positive reputation yields measurable value
- Strong brand loyalty- Returning high value customers- Lower employee turnover- Easier recruitment of high-caliber employees- Higher investor confidence- Positive regulatory environment- Lower costs of capital
A company highly regarded by its stakeholders is more likely to enjoy:
The risk: Negative reputation exacts a measurable penalty
- Increased customer churn- Elevated customer acquisition costs- Higher employee training costs- Regulatory constraints- Increased cost of capital- Lower investor confidence- Increased vulnerability to competitors
A company viewed with distrust and outrage by its stakeholders is more likely to suffer:
Reputation: Penalty or Advantage?BP Stock Price vs. DJIA: 2007-2012
Reputation: Penalty or Advantage?Apple Stock Price vs. DJIA: 2007-2012
Banks may encounter various issues that could significantly harm or even destroy their brand name in a short period of time.
Some of the important factors which may lead to same: Adverse regulatory reports and sanctions Continued decline in share price Consistent unfavorable ratings Increased incidences of fraud Sudden change of management; no succession planning Public perception of organization’s standards drop Actions that result in stakeholders lose of trust and confidence
How can Reputation be Tarnished?
Reputational Risk While building and maintaining a solid reputation is
important for all types of organizations, it is especially important for financial institutions / Banks.
It could be argued that protecting reputation is the most significant risk management challenges that boards of directors face today.
As for ladies in Victorian times, the reputation of a bank is both its most important asset and the asset that is most difficult to recover once it is lost.
While expectations of women’s virtues have nowadays relaxed a bit, those of the virtues of financial institutions have hardened to the point where the value of a bank’s reputation is practically impossible to underestimate.
Reputational Risk: Regulatory Definitions
FSA(UK): The risk that the firm may be exposed to negative publicity -Trust - about its business practices or internal controls – Actions -, which could have an impact on the liquidity or capital of the firm or cause a change in its credit rating. -Affecting its stakeholders-.
US Federal Reserve(2004): “Reputation risk is the potential loss that negative publicity regarding an institution’s business practices, whether true or not, will cause a decline in the customer base, costly litigation, or revenue reductions (financial loss).
HKMA: “Reputational risk” means the risk that an Institution’s reputation is damaged by one or more than one reputation event, as reflected from negative publicity about the Institution’s business practices, conduct or financial condition.
Such negative publicity, whether true or not, may impair public confidence in the Institution, result in costly litigation, or lead to a decline in its customer base, business or revenue.
Reputational Risk: Regulatory Definitions
Basel Definitions The Basel Committee on Banking
Supervision (BCBS (2001)) defines reputational risk as “the potential that adverse publicity regarding a bank’s business practices and associations, whether accurate or not, will cause a loss of confidence in the integrity of the institution.”
In a more recent document, the Committee (BCBS (2009)) defines it as the “risk arising from negative perception on the part of customers, counterparties, shareholders, investors, debt-holders, market analysts, other relevant parties or regulators that can adversely affect a bank’s ability to maintain existing, or establish new, business relationships and continued access to sources of funding.
It is, perhaps, an indication of the difficulty of providing a rigorous assessment framework for reputational risk that the Basel II Accord, arguably the most important regulatory document on risk of the last decade, expressly takes reputational risk out of operational risk and does not mention it anywhere else in its 300+ page document.
Basel Definitions
Relationship between Reputational Capital and Risk
The fluctuating value of the company’s reputation has been termed reputational capital and calculated as the market value of the company in excess of its liquidation value and its intellectual capital.
It constitutes the residual value of the company’s intangible assets over and above its stock of patents and know how.
While “Reputational risk is defined as the range of possible gains and losses in reputational capital for a given firm. Source: The Reputation Institute
Reputational Capital Provides a platform from which other
investment opportunities may arise similar to R&D in this respect: Upside example: sound corporate citizenship
improves relations with constituency groups and provides a holistic approach to implementing strategy
Constituency groups are Community, Regulators, Customers, Partners, Employees, Investors, Activists, and Media
Difficult to quantify these gains but they exist Downside example: Loss of reputational capital
comes from these same 8 constituency groups; threats include rogue behavior by employees, defection by partners, and the threat of legal action by regulators
Reputational Risk- Opinions / Surveys
Reputational risk is regarded as the greatest threat to a company's market value, according to a study by PricewaterhouseCoopers and the Economist Intelligence Unit.
Reputational risk also overtook credit risk the most pressing issue facing bank audit committees, according to an annual survey released on February 27, 2007, by Ernst & Young.
Reputational risk a top concern for boards• 63% of directors see reputational risk as top concern…and concerns are growing
• Primary concerns cover product quality, liability, customer satisfaction• Secondary concerns: integrity, fraud, ethics• Three-fourths of directors seek broad-based risk assessment… and they want to know more
Third Annual Board of Directors Survey 2012 - Concerns About Risks Confronting Boards – EisnerAmp
Reputational Risk- Opinions / Surveys
Reputational Risk(52)
Regulatory Risk(40)
Human Capital Risk(40)
IT RISK(35)
Financial, Market, Credit and Insurance Risk(30)
Crime, security, political, natural hazard, FX, Terrorism, Country Risk(20)
Source: Economist IntelligenceUnit, 2005
Max Scale: 100
Reputational Risk- Opinions / Surveys
According to Economist Intelligence Unit(2005) survey,―52% consider reputation risk as a risk by itself, while48% consider it as a consequence of other risks likeoperational risk - people, process, systems and
external events - compliance and financial.
Appears that if first risks are more quantitativelyanalyzed - market, credit, operational … -
Reputational risk appears as a second tier risk -mostly within financial institutions - while it appears as
a risk of its own in the corporate world - like Hilton,Cruise companies where emphasis is on theirproducts/services -.
Reputational Risk: A Risk by itself or a
Consequence (Second tier )of Other Risks
Impact of Reputational Risk – Case Study
In the midst of the global credit crisis partly caused by the U.S. subprime mortgage meltdown, Northern Rock, Britain's fifth largest mortgage lender, had to be bailed out by the British central bank, the Bank of England.
The institution began as a small local lender in early 2001, but grew excessively in 2005 and through early 2007, primarily by relying on wholesale markets rather than retail deposits.
Northern Rock bundled its loans together and packaged them into bonds that it sold to investors around the world; however, as liquidity dried up this past summer in the U.S. and across the globe, it spelled disaster for Northern Rock.
When news leaked out that Northern Rock had approached the Bank of England to obtain emergency funding, customers reportedly withdrew £2 billion in one day.
Britain's first bank run in 140 years occurred despite the bank's solvency, the nation's strong economy, low interest rates, and low inflation.
Northern Rock became a victim of reputational risk.
Impact of Reputational Risk – Case Study
Scandals/Fraud: Arthur Andersen co. fell almost entirely due to its
damage to its reputation after Enron’s scandal in2002.
Interesting case in the field of reputation. Similar toBarings in the field of operational risk.
One year earlier in 2001, the Chief Executive wassaying: ―There is extraordinary power in our namebecause it stands for time-tested values, a unique
one-firm global operating approach and recognizedsuperior performance.‖
Other Examples – Financial Sectors
Fraud: KPMG paid 456 million dollars but escaped indictment that could have crippled the firm.Market Timing/Fraud in 2003/2004 at Putnam Investments Paid 4 million in fines.
Fired top management of international funds. Lost 14 billion of assets under management in a week (5%). Assets under management from 272 billion (03) to 192 (07).
Never recovered from institutional clients. Putnam sold to Great-West Life in Feb. 07 ending a history
dating back to 1937.
©Enterprise Risk Advisory, LLC 28
Other Examples – Financial Sectors
Safety Issue: Union Carbide chemical leak in Bhopal in 1984.
Environmental issue: Home Depot promising to stop selling woodfrom protected forests after Rainforest Group Action intervention,Exxon Valdez
Catastrophe: Concorde crash and impact on both Air France (lessimpact ) and British Airways (larger impact due to slow response).
Product Recall: Tylenol tampering scare in 1982 due to cyanide. Limitedimpact due to Johnson and Johnson quick responses in the
end. In fact, Johnson and Johnson has been rated top inreputation by Harris Interactive.
Perrier suffered longer from toluene traces found in its watersdue to lack of crisis management.
©Enterprise Risk Advisory, LLC 26
Examples – Non Financial Sectors
The Basel Committee is of the view that existence of assessment framework may help Board & senior management to better understand threats to reputation and to develop proactive reputation risk management plans in response.
Although the causes of reputational risk and its indicators appear to be quite straightforward, their assessments are not quantitatively possible as:- The Indications of reputational risk cannot be always
linked to the factors enumerated above, and Most of the indicators and the causal factors listed
above cannot be captured objectively and hence quantification is quite difficult.
Some of the broad factors (both qualitative as well as quantitative) are listed in the next slides:
Reputational Risk Assessment / Measurement
Complaints by all stakeholders act as an early warning system:Monitor and analyze trends.
Identify and monitor your company’s HOT SPOTS in relation to allyour stakeholders’ interests, particularly in periods of rapidchange. Ex. Organizational changes, new products/services.
Compliance/Audit functions. Are they proactively identifying andfollowing-up on issues?
Assess flows of risk information in the institution. Assess the link between compensation programs and desired
behaviours. Is reputation risk part of the new product approval process?
Is there a Code of Ethics? Reward ethical behavior? Penalizemisbehavior?
Evaluation of media coverage of companies Monitor internet blogs
20
Reputational Risk – Qualitative Measures
Measured as the market value impact of an event which is abovethe direct value of the event itself, the excess is qualified as the
reputational impact.
Ex. Federal Reserve Bank of Boston measured Reputationalimpacts of operational events: Internal Fraud: The market value impact was more than 6times the value of the internal fraud itself, which is due to lack
of control by the company and lack of confidence in actualmanagement.
Externally caused events: No reputational impact. Thus, seems to confirm the initial definition of reputation as
being based on ACTIONS by company. Fines account for less than 10% of total market value loss.
©Enterprise Risk Advisory, LLC 22
Reputational Risk – Quantitative Measures
Failures by companies that have a reputational impact have alasting financial effect on the market value of companies:
1/3 of financial analysts say that their evaluation of a companywill take into account the impact of a failure in reputation up to
3 years after the event. (Hill/Knowlton 2006 survey) Companies take up to 3 years to recover from a crisis that
affected their reputation. (Burson/Marstelle Market research)
Model developed by UK-Based OxFord Metrica calledValueReaction Model: Analyze impact of reputation crisis oncompany stock price. Will company recover from a crisis? Ifmanagement handles crisis badly, investors conclude thatmanagement cannot handle unexpected events.
Set up Loss Data Base of operational events and theirreputational impacts.
Scenarios modeling of major threats using expert judgment
23
Reputational Risk – Quantitative Measures
Reputation Risk: Model Quantitative Financialand non Financial Impacts of Damage: Factors
Stock Price decline
Run on the bank Decrease in business, decline in market share Ratings downgrade
Regulatory investigations, Penalties, fines Shareholders’ litigations Negative media coverage
Pressure groups and public opinion Employees and contractors resignations / withdrawals.
©Enterprise Risk Advisory, LLC 24
Reputational Risk Assessment Framework of PNB
Assessing reputational risk is not an objective process, rather it is a subjective assessment that could reflect a number of different factors.
The bank has attempted to create an Reputational Risk index which will provide the insight into the bank’s reputation risk status.
The bank’s reputational risk framework consists of 17 risk parameters selected after prolonged discussion by a group of risk experts
Each parameter has been categorized into different attributes depending on the severity of the occurrence of an event within the parameter.
Reputational Risk Assessment Framework of PNB
After finalization of weights, simulation techniques have been used to generate distribution of all the possible scores.
In the absence of adequate data set, a methodology has been developed for generating total number of possible scenarios with the given parameters and their attributes.
Methodology developed to capture most representative distribution depicting all the scenario.
The distribution has been generated by assigning different probabilities to different attributes.
Reputational Risk Assessment Framework of PNB
Graphically representation of the framework:
Resultant Loss Distribution
Score Bands of Risk Index The distribution matches with intuition that
distribution of the reputational risk shall be skewed as majority of the events will cause negligible or low risk but some events may lead to sudden increase in reputational risk
Based on this distribution total score has been divided into different score bands.
Based on this distribution total score has been divided into different score bands and different ratings.
Reporting & Action Points The Bank tracks the Reputational Risk Index on
regular basis and put up to the top management.
The increase or decrease in the overall scores is further analyzed granularly.
Score of each of the parameters are analyzed in detail and the concerned user divisions are advised to take corrective actions for improvement.
Assessment /Evaluation of Reputational Risk by Regulator
One of the most difficult tasks for regulators is to determine how to assess a financial institution's reputational risk.
Regulators may complete a risk matrix when conducting full-scope examinations.
To arrive at a composite risk rating for one of the risk areas, the following criteria may be used when assessing risk:
Level of inherent risk - High, Moderate, or Low Adequacy of risk management - Strong,
Acceptable, or Weak Trend or direction of risk - Decreasing, Stable, or
Increasing
Off-site examination by Regulator Regulators may review corporate press
releases, letters to shareholders, stock message boards, and stock analyst comments to gain an initial indication of reputational risk.
They may also consider: : whether an institution responds to the
customer concerns; Whether the stock analyst recommends
buying or selling and why; and what the shareholders, employees, or
general public are saying about the institution.
Off-site examination by Regulator Further, they may also
analyze the financial statements, review marketing plans & advertising
campaigns, consider whether the institution is growing
excessively and what types of risky products and services it is providing, if any.
They may also consider whether the institution is expanding outside its normal geographical area and is supportive of the community.
On-site examination by Regulator While on-site, Regulators may:
talk to both bank employees and management to get a sense for items like corporate ethics,
talk to Human Resources to determine whether a consistent message on the importance of ethics is being conveyed throughout the organization, and
consider whether the institution's risk management practices are strong and commensurate with the size and complexity of the institution.
assess whether an institution's expertise is adequate and controls are in place to oversee growth if the institution should engage in riskier products or enter into new business lines.
On-site examination by Regulator In addition, Regulators may determine
whether there are violations of consumer law. For example, Is the institution involved in unfair or
deceptive practices, such as charging excessive interest rates, or
Are there situations where the institution is overcharging its customers for accrued interest on loans?
Reimbursing consumers for these charges could be embarrassing and tarnish an institution's reputation.
Excessive violations could result in class action suits, civil money penalties, or other regulatory actions.
On-site examination by Regulator In the information technology area, where
reputational risk and operational risk go hand in hand, examiners may also measure board and management oversight from the top down. E.g. Is oversight adequate? Are policies and procedures tailored to the
institution, rather than boiler-plate? Are there adequate internal controls?
Lax oversight and controls leave an institution open to security breaches and employee theft, which again could result in unfavorable media attention and may damage the institution's brand name and reduce the public's confidence in the institution.
It is the current and prospective impact on earnings and capital arising from negative public opinion
It measures the change in perception of a company
It is linked with customer expectations regarding an organization’s ability to conduct business securely and responsibly
Reputational Risk Management
Key Goals of Management of Reputational Risk
Identify and minimize factors that could damage reputation (threats) and identify and exploit factorsthat could boost reputation (opportunities)
Identify gaps between stakeholder experience and
expectation and bridge them by: improving business
strategy/performance/behaviour and/or influencing stakeholder beliefs and
expectations so they are more closely aligned with reality and whatthe business can realistically deliver
Ensure processes are in place to enable the business to respond and ride out the storm if an unforeseencrisis hits (crisis management contingency plan)
Major Gaps in Management of Reputational Risk
Reputation literacy not on risk agenda
Risk literacy not on reputation
agenda
A dual approach to managing risk to reputation
As reputation is based on perception, notnecessarily reality, risks to both realityand perception must be actively managed
Reputation mustbe built both:
„inside-out‟Reputationand „outside-in‟
Spotting major „mismatches‟
Strategy vs expectations Performance vs objectives True intentions vs „spin‟Real vs published risk exposures Compliance „in letter‟ vs „spirit‟ Minimal disclosure vs transparencyProduct reality vs marketing claims „Easy-win‟ incentives vs stretching targets
Executive directors Non-executive directors Management Public relations Internal auditors Risk and insurancemanagers All other employees Business partners …All must play their part
in moulding and upholdingcorporate reputation
Make reputation risk management everybody’s business
Enterprise wide competence aligns organizational action
Management of Reputational Risk Internally
Maintaining timely and efficient communications among shareholders, customers, boards of directors, and employees
Establishing strong enterprise risk management policies and procedures throughout the organization, including an effective anti-fraud program
Reinforcing a risk management culture by creating awareness at all staff levels
Instilling ethics throughout the organization by enforcing a code of conduct for the board, management, and staff
Management of Reputational Risk Internally
Developing a comprehensive system of internal controls and practices, including those related to computer systems and transactional websites
Complying with current laws and regulations and enforcing existing policies and procedures
Responding promptly and accurately to bank regulators, oversight professionals (such as internal and external auditors), and law enforcement
Establishing a crisis management team in the event there is a significant action that may trigger a negative impact on the organization
In 2004, SunTrust Banks, a $180 billion financial institution headquartered in Atlanta, disclosed that due to an accounting oversight, it had to restate its corporate earnings.
Because of accounting errors, the bank had overbooked the allowance for loan and lease losses, and therefore underreported earnings, for the first two quarters of 2004 by approximately $22 million.
This led to a delay in the release of its third-quarter earnings statement.
Case Study of A Better Managed Reputational Risk
Within hours, SunTrust issued a press release announcing the accounting irregularities.
The release stated that its audit committee, with the assistance of an independent law firm, would begin a review and initiate lines of communication with independent auditors about the errors.
In short, the institution addressed the issue immediately, communicating openly with the public and its customers.
Case Study of A Better Managed Reputational Risk
Within a month of the press release, the audit committee panel determined that the errors in the loan-loss data related to the auto loan portfolio were higher by approximately $25 million.
Loan loss calculation errors and false draft meeting minutes were also uncovered.
As a result, three credit administration division members, including the top credit officer, were fired, and a controller was assigned to another division.
Case Study of A Better Managed Reputational Risk
Within a month of the press release, the audit committee panel determined that the errors in the loan-loss data related to the auto loan portfolio were higher by approximately $25 million.
Loan loss calculation errors and false draft meeting minutes were also uncovered.
As a result, three credit administration division members, including the top credit officer, were fired, and a controller was assigned to another division.
Less than two months later, the SEC launched a formal probe of SunTrust's accounting deficiencies.
Case Study of A Better Managed Reputational Risk
Case Study of A Better Managed Reputational Risk
Though this newsworthy event cast a negative light on SunTrust's reputation, overall it did not hurt the organization's franchise value.
Initially, the market and public perception were critical of the accounting issue, and SunTrust's shares fell 1.12% (less than $1 dollar to $69 per share);
however, because the organization's board and senior management were proactive in addressing the issue quickly, the stock price loss (and financial statement gain, in this case) was manageable, and reputational risk was controlled.
“The way to gain a goodreputation is toendeavour to be whatyou desire to appear “
Socrates, 469-399 BC
The concept isn’t new
“The way to gain a goodreputation is to
Socrates, 469-399 BC
Any Questions
If No Questions, then……