Philippines – Reputational Risk Management.

16 July 2021

 

Cybersecurity threats and negative publicity on social media are part of modern obstacles a normal corporation faces. In this global digital age, banks and non-bank financial institutions are certainly no exception from these dangers. Because of the nature of their business, these financial institutions carry a heavier burden in preventing these risks and preserving the public’s confidence in using financial services.

 

Thus, to guard against any reputational threat that could potentially lead to financial losses, negative exposure, and loss of stakeholder confidence, the Bangko Sentral ng Pilipinas (BSP) issued, last 16 April 2021, Circular 1114, which provides guidelines on managing reputational risk for BSP-Supervised Financial Institutions (BSFI).
 

Reputational risk, as defined in the guidelines, refer to the risk to earnings, capital, and liquidity arising from negative perception on the BSFI that can adversely affect the BSFI’s ability to maintain existing business relationships, establish new ventures, or continuously access varied sources of funding.

 

The guidelines add that reputational risks are closely interlinked with other risk exposures from different sources such as credit, market, liquidity, and operational risks. Such kinds of risk exposures may trigger reputational risks, and vice versa.

 

Negative perception affecting a BSFI’s reputation may come from its customers, shareholders, investors, employees, market analysts, the media, and other stakeholders, including regulators and government agencies. According to the BSP, this kind of perception may be in relation to various areas such as personnel/management ethics and integrity, business practices, and product/service quality.

 

The guidelines emphasize that understanding the various sources of reputational risk and how these sources may potentially impact the BSFI is crucial in determining the appropriate approach to managing reputational risk.

 

The main focus of the guidelines mandate BSFI to adopt an appropriate reputational risk management framework as part of the enterprise risk management system that is commensurate to their size, nature, operational complexity, overall risk profile, and systemic importance.
 

In implementing a framework, the guidelines expect BSFI to identify the clear objectives and expectations on reputational risk management, as well as define the role and responsibilities of those involved in the risk management process. The BSP also expects BSFI to clearly communicate and disseminate these roles and responsibilities.

 

The guidelines, however, afford BSFI with flexibility in designing and implementing their reputational risk management function, which may be a stand-alone function or integrated with other risk management functions depending on how reputational risk exposures are being managed.

 

Recognizing that reputational risk is inherent in all the risks an institution faces, the guidelines allow BSFI to continue to use their existing measures or consider adopting the tools suggested in the guidelines to identify and assess reputational risks relevant to their business. The guidelines mentioned tools in the form of interviews, surveys, focus group discussions, or other techniques as deemed appropriate.

 

An important feature of the framework is a mechanism in reporting the reputational risks. In cases of reputational risk events, BSFI shall immediately notify the BSP within five calendar days from the date of determination of any reputation event. Reputational risk events include any issues raised on social media platforms that may affect its stakeholders and lead to a full-blown crisis if not respondent to in a timely and effective manner. Upon receipt of notification, the BSP may require, if warranted, the BSFI to submit a report detailing the causes and impact of such events and an action plan to address the issue.

 

Meanwhile, in cases of operational risk events, BSFI shall comply with the notification/reporting requirements prescribed under existing regulations. Operational risk events include major cyber-related incidents and/or disruption of financial services and operations, or liquidity or funding emergencies.

 

The guidelines remind BSFI to ensure the reliability, integrity, and transparency of publicly reported information by maintaining effective internal control over financial reporting and information disclosures.

 

The BSP gave BSFI a period of one year from effectivity to fully comply with the guidelines on reputational risk management.