Followers of reputation with a penchant for American corporate filings should take a peek at page 15 of Starbucks’ accounts for 2011.
Its formal disclosure of risks facing the business told investors how Starbucks designed its policies to comply with applicable laws and tax requirements. It warned failure to do so "may result in damage to our reputation" as well as fines and penalties.
What the filing did not tell investors was the risk of reputational harm posed by simply complying – the risk of a well-designed and fully compliant accounting system not reflecting the changing expectations of regulators, legislators and even customers.
The ensuing outcry at the news that the company had perfectly legally not paid any tax for three years saw Starbucks feel compelled to make a £20m voluntary payment to the UK exchequer.
Yet it is hard to say that the risk was unforeseeable. The preceding decade had seen a rise in the volume and noise of commentary around corporate tax practices, starting from grassroots comment and campaigning that morphed into strident positions taken by campaigning groups such as UK Uncut and the Tax Justice Network.
This was no obscure campaign; by 2008 The Guardian had raised questions about Starbucks, and in 2009 tax avoidance was before the Treasury Select Committee. By 2010 it was in the Daily Mail.
The banks stretched government coffers in subsequent years, so it came as little surprise that tax practices gained in political and public importance.
Analysing a reputation issue retrospectively smacks of being wise after the event, so let’s be under no illusions: this is an exercise in being wise after the event. Only those in Starbucks at the time can know how well they identified the capacity for reputation harm from perfectly legal accounting practices and knowingly took that risk. Yet their experience nearly three years ago is informative for businesses wrestling with growing demands to see around corners and avoid the sort of harm so publicly visited on Starbucks and other brands by unexpected corporate reputation problems.
Reputation under construction: Balfour Beatty has issued profit warnings and been criticised over safety practices
The trend for advance warning
This is a preoccupation for boards, and CEOs in particular. As a high-performing and typically ultra-educated group, the fates of their peers, who have presided over events causing major reputation harm in businesses from G4S to Balfour Beatty, provide motivation to avoid a similar fate.
In 2013 Schillings undertook research entitled Reputation Resilience, in which one CEO anonymously reflected: "My number one job is reputation management, especially if things go wrong. As the CEO of the business I own the responsibility. I’m constantly thinking, ‘have I got everything in place to combat the threat?’"
Late last year the accountant Deloitte published its first Reputation@Risk report – a sure sign in itself of rising interest in the topic – and reflected the same emphasis. Thirty-six per cent of businesses surveyed said reputation risk sat with the CEO and a further 25 per cent with the board or CFO.
To that board responsibility add fresh demands from key stakeholders. Last year the Financial Reporting Council brought forward proposed changes to the Corporate Governance Code including asking that businesses start publishing better forward-facing information on risks that would impact shareholders. In effect, the FRC is asking businesses to start disclosing risks that have the potential to impact their reputation with shareholders.
Yet look back at Deloitte’s findings – which match precisely the experience of dealing with many PLC boards – and this reflects not only the sense that other business risks were the influencing factor in reputation harm, but also that a defined reputation risk in itself was the leading strategic risk. Somewhere the link between the activities that generate reputation risk and the means of managing it is being broken.
Loss of control
It is easy to wonder why this is suddenly becoming important when several decades of commerce have progressed without the need for sophisticated reputation risk management. The answer perhaps lies in a conflation of trends – legal, technological and societal – that contribute to a sense of loss of control where corporate reputation is concerned.
Ten or more years ago it was reasonable to assume that if an issue could be kept out of the mainstream media then it could be reasonably contained. This focus on management of reputation being achieved by managing the press is, of course, the historic root for much of the comms industry, born out of press office functions.
Controversy: Protests were held at G4s’ AGM over its supply of equipment in occupied Palestinian territories
Much the same origin applies to many of the legal approaches to dealing with reputation. Throw a stone in certain parts of London now and you’ll hit a lawyer explaining how legal changes have made it harder for a business to sue a newspaper, ignoring the fact that in recent years only businesses faced with the most damaging problems have wanted to do so. Yet these changes crystallise the demise of the old approach.
When a publisher knows they will be protected as long as their belief that their article will not cause financial loss and that they are acting in the public interest is not contradicted, simple bombast will not of itself achieve much. This is no news for international business, where debunking has had to outstrip dissuasion to fit local laws, but reflects the shifting advantage that belongs to businesses with the time and opportunity to have better information on the topics that threaten them.
Perhaps most pertinent of all, though, is that the linear route of information to the public via media has been resoundingly broken by technological advances. Vast quantities of paper and pixel have been dedicated to the topic already, but a reliance on dealing with mainstream media outlets no longer cuts it in a world where some NGOs boast slicker marketing operations than some of the businesses about which they write. With negligible barriers to publication, individual campaigners can effectively use SEO and social media analysis to target and pick off those stakeholders who matter most to the business.
To that liberty and wide range of opportunities can be added those who have realised that the reputation a business holds with its stakeholders can be an effective bargaining chip.
The past two years have seen the emergence of the ‘hedge fund dossier’ as an effective mode of challenging the reputation a business holds with its shareholders and the wider market, shifting sentiment and bringing a share price within a lucrative range for the publisher. The aggressive tactics of law firms seeking potential claimants to join group litigation or force a hushed settlement have a similar effect, highlighting the most serious claims in the most damaging way.
Yet these again are examples at the acute end, when reputation harm is imminent or already being endured. All of them have their spark. That can be from the footprint of public information that the business, its senior executives and its people create – the corporate filings, individual records and public statements – right down to board members’ planning applications and investments. It can be from the legal proceedings a business is drawn into, generating public hearings to be reported on and obligations to disclose internal documents. It can even be when it is careless about information like mishandling whistleblowers so they are compelled to take their concerns outside the business.
Its attitudes to data protection, freedom of information and even its information security practices can all be the start of a reputation problem.
It is here, when we start to identify the origin of the reputation harm that boards and shareholders are so desperate to avoid, that the emergence of reputation risk as a discipline starts to be seen.
So many of the topics that cause serious harm to reputation could have been spotted earlier with access to the right data, not only about the existence of the risk, but also the ability to see leading indicators that the feared event may be occurring. These opportunities let businesses proactively avoid underlying problems.
Where the business has to react and defend itself, it gives the communicators and lawyers tasked with guarding its reputation the time and opportunity to be in the best possible position. With all our cultural, legal and technological factors eroding certainty that issues can be controlled when they become urgent and serious at the last minute, so a desire to spot them and be better prepared is taking root.
That internal data exists in spades. A large PLC will create risk registers for different business units of its different divisions; it’s not unusual to see hundreds of risk registers in a single group, never mind the number of actual documented risks. But look back to where we started with Starbucks, and while that data reflects perceptions from the inside of the business, it can lose track of how those activities relate to external perception.
Hot water: Starbucks has faced public and political censure over its UK tax policies
The challenge for corporate affairs and legal teams is to identify diverse data sources that can be used to extract early warning signals about reputation, from inside and outside the organisation.
Developing those leading indicators and creating a truly useful and usable flow of information to the top of the organisation means implementing a form of business intelligence around reputation – something that supply chain, sales and customer operations teams have been implementing for some time now.
With the moves for better disclosure to shareholders and the demand from boards for better protection, we are nearing the end of the age in which it is an acceptable answer to shrug, whistle and say most reputation problems were not predictable. The reward for those who take the challenge and get that data to them is obvious.