 |
|
Reputational Risk
Reputational
risk is any risk
to an
organization's reputation that is likely to destroy shareholder
value.
Reputational
risk
leads to negative publicity, loss of revenue, litigation, loss of
clients and partners, exit of key employees, share price decline,
difficulty in recruiting talent.
A comprehensive
reputational risk assessment
is necessary as an important part of a risk assessment.
The Basel II definition of operational risk
excludes
1. Strategic
risk 2. Reputational risk 3. Systemic risk We have several stress tests that stress exactly that: reputational Risk. Managing reputational risk The most important principles are: 1. Educate shareholders, employees, customers and suppliers. We must explain the importance of reputational risk, and what they have to do (and to avoid). 2. Tone at the top. Board and senior management oversight. Policies and Procedures. Strong and consistent enforcement of controls. 3. Continuous monitoring of threats to reputation. 4. Establishment of a crisis management plan and team. 5. Reporting 6. Stress testing. Communication of the results. From the Bank of International Settlements: Basel Committee on Banking Supervision, Risk Management Principles for Electronic Banking, July 2003 C. Legal and Reputational Risk Management (Principles 11 to 14): 11. Appropriate disclosures for e-banking services. 12. Privacy of customer information. 13. Capacity, business continuity and contingency planning to ensure availability of ebanking systems and services. 14. Incident response planning. Legal and Reputational Risk Management To protect banks against business, legal and reputation risk, e-banking services must be delivered on a consistent and timely basis in accordance with high customer expectations for constant and rapid availability and potentially high transaction demand. The bank must have the ability to deliver e-banking services to all end-users and be able to maintain such availability in all circumstances. Effective incident response mechanisms are also critical to minimise operational, legal and reputational risks arising from unexpected events, including internal and external attacks, that may affect the provision of e-banking systems and services. To meet customers expectations, banks should therefore have effective capacity, business continuity and contingency planning. Banks should also develop appropriate incident response plans, including communication strategies, that ensure business continuity, control reputation risk and limit liability associated with disruptions in their e-banking services. |
|
|