Risk to Reputation – Understanding Behavioural Conduct Risk
Tim LaTulippe, Director
Reputation is that thing that makes a company seem ‘cool’, ‘green’, ‘edgy’, or if you were me in high school, ‘average’. This perception is largely driven by clever marketing, a strong PR team, and some good lawyers. A single Twitter post can very quickly impact a public company’s stock price on the FTSE or NYSE. This type of behaviour can be cringe-worthy, but from a compliance and risk perspective, is relatively difficult to mitigate. In countries where such services are not blacklisted, anyone with an account and mobile handset can broadcast their thought stream onto a public Internet with a very vulnerable audience. What about behavioural conduct risk that’s within the confines of a business and perhaps more systematically rooted?
Global insurers are grappling with but developing, methods to realise and assess exposure-based risk within large data landscapes. Surfacing electronic evidence of risky behaviours such as bribery, collusion, price-fixing, sexual harassment, hate speech, gender discrimination or violations of sanctions is all very useful to know earlier rather than later –say, in The Guardian. A recent article noted that major insurer AON conducted a survey and respondents “…ranked reputation as their top risk (up from fourth in 2013) and cyber-risk as their fifth (from 18th)” (The Economist, 2018). I would be most curious to see continued survey data on this subject, as I predict compliance and risk officers worry about exposure whilst awake at night in equal measure to cyber-risk. Major broker, Willis Towers Watson goes on to comment that, “‘Even when policies are labelled ‘innovative’ it’s usually to insure physical assets in the sharing economy rather than intangibles…'”.
A popular concept that has been on the rise in insurance market discussions is one of innovative cost-trade-off risk audits. In this scenario, insurers work in a quid pro quo arrangement with premium paying customers to raise transparency and lower costs. The insurer could leverage lightweight, intelligent language analytics as exercised in a portable tool to make quick and reasonable assessments. Who has been e-mailing or communicating with whom, and what conceptually have they been discussing? This type of technology can surpass the limitations of looking merely at keywords and known values and help risk practitioners achieve a greater thematic understanding of human-authored content. Are individuals discussing nefarious conduct in plain sight, or are they doing it with obfuscated language –tools like these can help root out these hidden issues much more efficiently. If nothing untoward is revealed within the target audit data set, the insurer could potentially offer its customer a reduction in premiums for having taken proactive steps to increase transparency into the company’s conduct.
Proactive spend questions are already swirling in your minds, I can tell. Technologies like these aren’t nearly as cost heavy as full-scale data investigations and triage solutions – the type used for larger investigations, disclosure/discovery exercises and arbitration matters in which documents searched and located need to be produced in a certain format (I’m grossly oversimplifying a significant process for which my colleagues will endlessly berate me). Portable tools are engineered to look at rapidly extracted text (read: the stuff people typed or authored) derived from e-mails, memos, contracts, mobile phone chats, and others. This type of audit is a light-touch approach to understanding the themes present in data and if certain individuals and competing or sanctioned entities are in direct communication. Additionally, if problem documents or messages are found, they can be further leveraged within the same audit, or in the future as conceptually-rich and relevant examples, effectively capturing the ‘problem speak’ or vernacular of a particular business unit or region.