Archive

Reputation management

By any measure, payment processor company Wirecard’s demise has been dramatic. Within a month of KPMG refusing to verify the company’s accounts, CEO Markus Braun had resigned and it had filed for insolvency with debts of over GBP 3 billion.

Given that the writing had been on the wall for over five years, plenty of tricky questions are now being asked of Wirecard’s management and its business partners. Its long-term auditor EY and Germany’s banking regulator are in the firing line. There is widespread talk of another Enron.

Professional services in the spotlight

Other advisors are also attracting red ink, including Wirecard’s crisis law firm and PR agency. Legal and communications firms generally manage to keep their names out of the media spotlight during major controversies involving their clients.

In part, this can be ascribed to an unwritten convention between the mainstream media and the hands that feed it that says that every organisation has the right to be heard, however unsavoury it’s reputation, and that their advisors are only doing what is expected of them.

With one man’s meat being another man’s poison, it remains to be seen whether Wirecard’s dramatic collapse hinders or benefits its crisis advisors.

However, with corporate governance, responsibility, and transparency in the spotlight as never before, it is incumbent on consulting companies of all stripes to ask difficult questions of clients before they are engaged, not afterwards.

As Arthur Andersen discovered with Enron, not asking difficult questions upfront can prove a perilous defence.

The COVID-19 pandemic has exposed UK government decision-making in a manner not seen for decades. Here is a chronological overview of the government’s response to the virus, with a focus on central government in England. It is updated on an ongoing basis.

The government’s response from the start of the outbreak until February 2021 is seen through a communications and reputational lens. External factors such as health, financial, economic, social, cultural, political, legal and regulatory actions and events, and media coverage and public opinion polling, are highlighted in italics.

The timeline is updated as new facts are made public.

Pollsters IPSOS-MORI, YouGov and Opinium provide useful data and insights on UK public opinion on the COVID-19 pandemic. For an international perspective see Pew Research.


Source: IPSOS MORI

February 2021


Source: Opinium

January 2021



December 2020



November 2020


UK political party fitness to govern, Ipsos MORI, October 2020


October 2020


Voting intention since 2019 general election, Opinium, Sept 2020

September 2020


Approval for UK govt handling of COVID-19, Opinium, August 2020

August 2020


Perception of COVID-19 management by UK govt, Kings College/Ipsos MORI, July 2020

July 2020


Confidence in UK govt, UCL, August 2020

June 2020


UK govt priorities during COVID-19, Ipsos MORI, May 2020

May 2020


Health vs economy priorities dusing COVID-19, Ipsos MORI, April 2020

April 2020


Perceptions of COVID-19 management in the UK, YouGov, March 2020

March 2020


February 2020


January 2020


December 2019

  • 31: Wuhan Municipal Health Commission informs WHO of cases of ‘pneumonia of unknown cause’

This timeline aims to give a balanced view of the UK government’s response to COVID-19. It does not claim to be comprehensive.

Let me know if there is anything important that is missing, unfair or inaccurate.

You are welcome to use, copy and adapt the contents of this timeline. When doing so, ensure you attributeCharlie Pownall/CPC & Associates‘ and provide a clear, prominent link back to this resource in line with the following licence: https://creativecommons.org/licenses/by/4.0/


The coronavirus pandemic has resulted in an orgy of news stories, commentary and analysis in which the terms crisis, disaster and emergency have been used almost interchangeably. What is the correct terminology?

According to Muckrack’s Trends research tool, the terms crisis and emergency dominate media headlines and body copy.

These three terms are closely related and overlap significantly, yet each has its own distinct meaning and implications.

  • A crisis is an issue or event that invites unwanted external scrutiny, seriously impacts an organisation’s ability to do business, and jeopardises its reputation. There are many types of crises (and non-crises); research shows most crises stem from management weaknesses.
  • An emergency is an unplanned event such as fire, flood, evacuation, violent crime or fatality that affects an organisation locally and requires immediate action. The impact of an emergency is generally limited to the initial event itself.
  • A disaster is a severe situation that affects broader society and which has the potential to interrupt business operations on a longer-term basis. Examples include an earthquake, a tornado, a major flood or power outage, or a serious health pandemic.

Despite the coronavirus technically classifying as a disaster, it is no surprise that journalists and commentators prefer the term crisis given it is media shorthand for pretty much anything that goes or can go wrong.

Blurred boundaries

Yet the boundaries between crisis, emergency and disaster are less straightforward than they first appear.

The coronavirus may be a disaster for health organisations and inter-governmental organisations, but it is also resulting in serious crises for companies shut down by government decree or mishandling how they manage their response.

And a really serious crisis resulting in significant environmental, social, economic or geo-political damage – think BP Deepwater Horizon – is often termed a disaster (‘a crisis with a bad ending’), or even a catastrophe.

Communicators beware

Crisis teams and communicators, however, should take real care with their terminology. Planning and responding to serious negative events requires precision with what words mean and imply.

A health pandemic necessitates a different response to a workplace fatality or data privacy breach. Different teams are often involved, and each scenario demands different policies, protocols and messages. Activating the wrong plan can be disastrous.

While COVID-19 is growing exponentially, it is no emergency, no matter what the media says. But it is a crisis for some organisations and a disaster for others.

And for a few, it spells potential catastrophe.

Concern is widespread that artificially generated ‘deepfake’ videos pose a major potential problem for those targeted, be they companies, CEOs, celebrities, academics and commentators, or politicians.

A new study of 14,678 deepfake videos by cybersecurity company Deeptrace suggests otherwise. Deepfakes may generate millions of views, yet the great majority (96%) are pornographic and have little wider societal impact.

Of those that are not pornographic, such as Chinese deepfake face-swapping app Zao or a recent spoof of former Italian PM Matteo Renzi, most are designed to entertain. Only a tiny minority have been expressly designed to sow misinformation or disinformation, or to damage reputation.

The reputational threat of deepfakes

This may change all too soon. Deepfakes are increasingly realistic, freely available, and easy to make. Artificial voice company Lyrebird promises it can create a digital voice that sounds like you in a few minutes (even if my voice apparently proved less than straight-forward.)

It is surely only a matter of time before we see more regular instances of deepfakes damaging – directly or indirectly – companies, governments and individuals through false or misleading news stories, hoaxes and reputational attacks.

A recent example: controversial Canadian psychology professor Jordan Peterson recently found himself at the mercy of a website where anyone could generate clips of themselves talking in his voice, forcing him to threaten legal action. The simulator has since been taken offline.

In another case a political private secretary in the Malaysia government was arrested over a video allegedly showing him having illegal gay sex with the country’s minister of economic affairs. The country’s leader responded by saying the video was ‘cooked up’, but it remains unproven whether the video was manipulated. 

Reputational risks of deepfakes for companies include:

  • A fake CEO town hall video regarding the new company strategy is ‘leaked’ to the outside world, allegedly by a short seller
  • The voice of a politician is used to manipulate a senior director into discussing allegations of corporate fraud
  • A fake recording of two executive board directors discussing the sexual habits of a colleague is used to blackmail the company
  • An outsider gains entrance to a secured office by impersonating the voice of a company employee.

Spread over the internet and social media and excavating distrust in institutions and deep geo-political tensions, the risks of malevolent deepfakes are only now starting to emerge.

While the likelihood of a deepfake attack remains low in the short-term, and impact remains hard to quantify, every organisation would be wise to start considering what it may mean for its name and image.


Deepfakes are only one form of AI, though arguably pose the most direct reputational risk.

Visit the AIAAIC Repository to understand the risks of AI, algorithms and automation.

Last week I had the fortune to be invited to speak on the topic of reputational risk management to MBA students and assorted internal auditors, risk managers, HR and communications executives at the Othman Yeop Abdullah Graduate School of Business at the Universiti Utara Malaysia in Kuala Lumpur.

Reputation risk may not be as high up the agenda of boards of directors and management teams in Malaysia as in some other countries, but it has gained importance in recent years due largely to two major crises:

  • the 1MDB scandal that led directly to the overturning of the Malaysian government, the arrest and forthcoming trial of former prime minister Najib Razak, fraud investigations in 10+ countries, and criminal charges laid against Goldman Sachs and two of its former employees
  • and the various woes befalling Malaysia Airlines (here’s my take on the mystery of MH370 from an online/social media perspective; if you haven’t already, I strongly recommend you read this in The Atlantic for what may well be the last word on the tragedy).

Whilst unresolved, both crises helped erode confidence and trust in institutions in Malaysia and raised (and continue to raise) legitimate questions about how Malaysia Inc – which is still largely dominated by a few family-controlled businesses – operates.

Accordingly, companies (especially government-owned or linked ones) and parts of government and civil society are actively considering the extent to which they are exposed to reputational risks, and thinking harder about how these should be minimised and managed.

The whys and hows of effective reputation risk management

Predicting and managing reputational risks poses a wealth of tricky questions and challenges – amongst them:

  • How should reputation risk be defined?
  • What are the primary drivers of corporate reputation?
  • What forms do these risks take?
  • Who is responsible for an organisation’s overall reputation?
  • Who should own corporate reputation on a day-to-day basis?
  • What role(s) should communications and marketing play in reputation risk management?
  • How best measure, track and report reputational threats?
  • Why can leaders be reluctant to get to the root of reputational issues?

I tackled these and other challenges in my presentation, setting out solutions based on my professional experience, research and observation.

Here are my slides:

Fortunately, trust in Malaysia appears to have been restored to some degree over the last eighteen months.

However it is clear that organisations based in Malaysia – and elsewhere – continue to grapple with the strategic, governance and operational challenges reputation risk management inevitably raises.

%d bloggers like this: