Operational risk management

Easily identify, measure, control and monitor the operational risks of your organization→


security risks

Ensures the confidentiality, integrity and availability of your information assets →



Keep track of all regulations and regulations that your organization must comply with →


Anti-Money Laundering

Easily identify, establish controls, and monitor AML risks→



Improve your internal audit processes, support regulatory compliance, and generate value for your organization through continuous improvement →

What will you learn? Learn with our experts about critical topics on Risk Management that will be useful in your daily work.

Download a free e-Book
Download a free Excel Risk Matrix Template
Free e-book Prevention & Correction of Human Error For Risk Management

What is reputational risk and how to manage it?

Portada-What is reputational risk and how to manage it


One of the most valuable intangibles for organizations is their reputation, which can be understood as the perceptions, opinions, and prestige that different stakeholder groups have about it. To build a good reputation, it is key to generate trust in each of these groups, i.e., employees, clients, suppliers, partners, shareholders, media, government entities, and the general community. And this must be done continuously through what is said and what is done, it is necessary to be consistent.

Having a good corporate reputation, that is, constantly meeting stakeholders' expectations, represents a competitive advantage and contributes to increasing the company's or brand's value.

Additionally, it is a good indicator that allows, for example, to attract and retain human talent, facilitate operations and partnerships with other companies and entities, and achieve greater customer loyalty.

That's why it is necessary for all organizations, regardless of their industry or size, to not only build a good reputation but also to take care of it and manage it properly, because a poorly managed reputational risk can even put the continuity of the business in question.

In this ebook, we will tell you about reputational risk: what it is, its characteristics, what risks can lead to reputational risk, some cases of companies that have experienced this risk due to different situations, and good practices for managing it.

ebook What is reputational risk and how to manage it?

What is a reputational risk?

This type of risk can be defined as one that is associated with changes in perception or opinion about a company held by its stakeholders. In other words, it has to do with an unfavorable perception of an organization's image.

Reputational risk can arise unexpectedly, it is related to the loss of trust and negatively affects the normal functioning of the company, generating a loss of value and even jeopardizing its continuity.

For this reason, given the significant impact, it can have, it is important to consider reputational risk as a strategic risk and manage it appropriately to prevent its materialization or, in case it does happen, to be able to mitigate it properly.

Characteristics of reputational risk 

Among others, this risk is characterized by:

  • Being of a changing and subjective nature, often not easy to prevent and can occur at any time.

  • Being transversal to all areas of the company, meaning that when it materializes it impacts the entire organization and not just a specific area, process, or person.

  • Being viral on many occasions. Currently, thanks to social awareness and media such as social networks, information spreads very quickly and can cause the company to enter a reputational crisis. In addition, in some cases, reputational risk can extend to an entire sector.

  • Being strategic. As mentioned earlier, the impacts that the loss of trust and change in perception by the company's stakeholders can bring may affect its continuity, which is why strategic decisions must be made to overcome what has happened and be able to continue.

In addition to this, reputational risk, according to experts in the field, requires a multidisciplinary vision and constant monitoring from the organization. That is, it is key to involve people with different profiles and perspectives in the management and care of reputation.

Risks that can cause reputational risk

Different situations can favor the materialization of reputational risk in an organization, for example, business actions and practices such as low-quality products and services, inappropriate working conditions for employees, and misleading advertising, among others.

Likewise, reputational risk can be generated by actions or behaviors of people who have a direct relationship with the company, such as partners and investors, leaders, employees, and suppliers, who may engage in bad practices that, when made public, will undoubtedly impact the trust and perception of the company, i.e., its reputation.

Another scenario to consider is customers, who can also facilitate the materialization of reputational risk, mainly when they have had a bad experience with the company or the brand and decide to talk about it on their social networks, quickly making it known to many people.

Likewise, it is important to keep in mind the reviews and comments that users and customers leave on the website, e-commerce, and even what the media says about the company.

In addition to all this, it is important to know that several risks can also cause reputational risk, for example:

Pirani Risks that can cause reputational risk

Internal fraud

That one or more employees of the organization commit internal fraud, that is, carry out actions that undermine its assets, for example, illegal appropriation of cash or assets, alteration of accounting or financial records, diversion of funds, tax fraud, omission of existing transactions, among others, not only generate large economic losses but also has a major impact on the reputation because the company or brand loses credibility and trust in its stakeholders, who consider these types of actions as disloyal and corrupt.

Money laundering and financing of terrorism

Whether because the company launders money, that is, carries out different financial and commercial transactions to pass off illicit resources from activities such as drug trafficking, arms trafficking, or human trafficking as legal, or because it has relationships with entities and natural persons who commit this crime, the good reputation and image of the organization or brand will be seriously affected because money laundering or capital laundering is a crime that impacts the entire global economy and being involved in this in one way or another is a reason for rejection by many groups and individuals.

Non-compliance with laws, regulations, and regulations

Not complying with the rules and regulations that an organization is obliged to follow also generates reputational risk because it sends a message to stakeholders and society that the company is above any regulations and operates under its own rules without taking into account the commitments and obligations it has with the state, its stakeholders, and the community in general.

Operational risks

Among these, some that can generate negative impacts on reputation are poor practices that affect the quality of products or services offered, frequent employee errors, delays in the production of goods, recurrent failures in the supply chain, and others.

Information security Information and cybersecurity and cybersecurity risks

Being the victim of a cyber attack can have several consequences for a company, one of which is the impact on its reputation and corporate image. When it becomes publicly known that a company's computer systems have suffered a cyber attack trust in the organization will likely decrease, as it reveals that the company is vulnerable and has flaws in its protocols for ensuring and safeguarding information, including valuable data belonging to its customers, partners, and suppliers.

Three cases of reputational risk

After learning about what reputational risk is, its main characteristics, and some of the situations and risks that can favor its materialization, we share with you three cases of companies in the world, from different industries, that have experienced a negative impact on their reputation some point::


Interbolsa, a brokerage firm in Colombia

In November 2012, the Colombian government ordered the liquidation of this company. The reason? Financial malpractice such as fraudulent manipulation of stocks, conspiracy to commit crimes, and falsification of documents.

Interbolsa, which had high credibility before the fraud, was well-known in the stock market and was rated AA+. It implemented a business strategy that went awry: it gave marketability to the Colombian textile company Fabricato's stock and raised it disproportionately to earn more money from the same shares. The stock went from $26 in 2010 to $91 in November 2012. Additionally, the firm lent short-term funds to invest long-term but did not have control and backup plans to reduce the risks involved.

This case left a total of 492 victims, including individuals and companies, who claimed 254 billion pesos but only recovered 65 billion. And of course, it ended in the liquidation of the firm, which lost its reputation and the trust of its clients and society in general.


Walmart in Mexico

In 2012, according to information published by the New York Times, it was made public that this department store chain paid nearly $24 million in bribes to officials to increase its dominance in the Mexican market.

According to the newspaper, those bribed included mayors, councilors, low-level bureaucrats, and anyone who represented an obstacle to the company's expansion in the country. Through the payments, mostly in cash, Walmart executives were able to untangle bureaucratic procedures or obtain construction permits.

To put behind it this bribery case in Mexico, which also occurred in other countries such as Brazil, in 2019 Walmart reached an agreement with the U.S. Securities and Exchange Commission and the Department of Justice: to pay $282 million.
This bribery scandal undoubtedly affected the good reputation of the chain among its different stakeholders. There were legal claims from investors, and Walmart had to invest much more money to strengthen its regulatory compliance programs.



In early 2018, the Swedish fashion company H&M faced a crisis due to an advertising image posted on its website, considered by many to be controversial and racist. The image showed a black child wearing a garment that read "Coolest monkey in the jungle." As a result, the company received strong criticism, with attacks on some of its stores and protests in Stockholm.

In response to the pressure generated on social media platforms such as Facebook and Twitter, H&M removed the advertising from its website and was forced to apologize for what had happened. In this case, the brand's reputation was affected by a lack of understanding of the context and by not anticipating that users are increasingly aware and critical of social issues such as racism.

Like these three cases, many more companies and institutions have faced damage to their good reputation, for example, Volkswagen in 2015 for falsifying the emissions of more than 11 million of its vehicles, and FIFA, for lack of ethics and corruption of senior officials.

 Reputational Risk Management

To avoid the materialization of reputational risk and a crisis like the ones mentioned in the previous cases, which resulted in the liquidation of the company (Interbolsa), million-dollar payments (Walmart), and widespread rejection and criticism on social media (H&M), companies need to manage this risk adequately, consistently, and coherently.

And how is this achieved?

  1. Identify events that could generate a risk to the company's reputation.
  2. Evaluate these risk events considering the likelihood of occurrence and the level of impact they would have on the organization.
  3. Define and implement controls that allow for reducing the probability or impact of these events.
  4. Carry out periodic monitoring and follow-up to know the status of risk events, update them, or add new ones.

Additionally, adequate management of reputational risk includes developing a manual or contingency plan to act as effectively as possible in the event of a negative impact on the reputation. This plan should consider relevant information such as the actions that must be taken in each case and who is responsible for making decisions or communicating what happened to the public opinion.

On the other hand, opinion polls should also be conducted periodically to be aware of what stakeholders are saying, thinking, and perceiving about the company or brand, that is, to know their current level of trust in it. This, of course, serves to take actions that allow improving the behavior of the organization and the relationship with others, and prevent an event that could damage the business reputation.

Another fundamental aspect that helps achieve good reputational risk management is timely, consistent, and clear communication with each of the stakeholder groups.


Additional recommendations 

Other actions can help organizations avoid a case of reputational risk. Here are some of them that you can put into practice:

  • Keep in mind that anything can jeopardize people's perception and trust in the company, so act accordingly.
  • Maintain good relationships with each stakeholder group, listen to them, and show them that they are truly important to your company or brand.
  • Take into account the opinions, recommendations, and feedback of your customers.
  • Monitor and manage what is said about the company on different online platforms.
  • Ensure and guarantee the good quality of products and services offered.
  • Comply with all regulations applicable to the organization.
  • Ensure the security of information for all stakeholder groups by implementing measures that allow for data protection.
  • Offer a safe and appropriate work environment for all employees; remember that they are the first ambassadors of the company. 


Reputational risk, as mentioned, can arise unexpectedly, and in the event of its materialization, it can generate impacts on all types of companies, regardless of their industry or size.

It is key to consider and manage it strategically, as its materialization generates financial impacts, relationship impacts with stakeholders, and in some cases, can mean the definitive closure of the company, that is, a direct impact on business continuity. 

Like other types of risks, it requires involvement and commitment from all personnel in the organization.

Finally, various situations and events can trigger reputational risk (internal fraud, money laundering, regulatory non-compliance, cyber-attacks, etc.), so they must be identified and managed to avoid a crisis. With our Pirani software, we comply with national and international regulations and standards, so you can avoid losses, and sanctions, and, best of all... create the desired risk management culture in your company.

ebook What is reputational risk and how to manage it?

Bibliographic references

Let's start now!

Take your company's risk management to another level using specialized software that fits your needs.

Get started