By any measure, payment processor company Wirecard’s demise has been dramatic. Within a month of KPMG refusing to verify the company’s accounts, CEO Markus Braun had resigned and it had filed for insolvency with debts of over GBP 3 billion.

Given that the writing had been on the wall for over five years, plenty of tricky questions are now being asked of Wirecard’s management and its business partners. Its long-term auditor EY and Germany’s banking regulator are in the firing line. There is widespread talk of another Enron.

Professional services in the spotlight

Other advisors are also attracting red ink, including Wirecard’s crisis law firm and PR agency. Legal and communications firms generally manage to keep their names out of the media spotlight during major controversies involving their clients.

In part, this can be ascribed to an unwritten convention between the mainstream media and the hands that feed it that says that every organisation has the right to be heard, however unsavoury it’s reputation, and that their advisors are only doing what is expected of them.

With one man’s meat being another man’s poison, it remains to be seen whether Wirecard’s dramatic collapse hinders or benefits its crisis advisors.

However, with corporate governance, responsibility, and transparency in the spotlight as never before, it is incumbent on consulting companies of all stripes to ask difficult questions of clients before they are engaged, not afterwards.

As Arthur Andersen discovered with Enron, not asking difficult questions upfront can prove a perilous defence.

Here is a chronological overview of the UK government’s response to the COVID-19 pandemic, with a focus on England. It is updated on an ongoing basis.

The government’s response is seen through a communications and reputational lens. External factors such as health, financial, economic, social, cultural, political, legal and regulatory actions and events, and media coverage and public opinion polling, are highlighted in italics.

IPSOS-MORI and YouGov provide useful data and insights on UK public opinion on the COVID-19 pandemic. See Pew Research for an international perspective.



September 2020

August 2020

July 2020

June 2020

May 2020

April 2020

March 2020

February 2020

January 2020

December 2019

  • 31: Wuhan Municipal Health Commission reports first cluster of cases of ‘pneumonia of unknown cause’

The coronavirus pandemic has resulted in an orgy of news stories, commentary and analysis in which the terms crisis, disaster and emergency have been used almost interchangeably. What is the correct terminology?

According to Muckrack’s Trends research tool, the terms crisis and emergency dominate media headlines and body copy.

These three terms are closely related and overlap significantly, yet each has its own distinct meaning and implications.

  • A crisis is an issue or event that invites unwanted external scrutiny, seriously impacts an organisation’s ability to do business, and jeopardises its reputation. There are many types of crises (and non-crises); research shows most crises stem from management weaknesses.
  • An emergency is an unplanned event such as fire, flood, evacuation, violent crime or fatality that affects an organisation locally and requires immediate action. The impact of an emergency is generally limited to the initial event itself.
  • A disaster is a severe situation that affects broader society and which has the potential to interrupt business operations on a longer-term basis. Examples include an earthquake, a tornado, a major flood or power outage, or a serious health pandemic.

Despite the coronavirus technically classifying as a disaster, it is no surprise that journalists and commentators prefer the term crisis given it is media shorthand for pretty much anything that goes or can go wrong.

Blurred boundaries

Yet the boundaries between crisis, emergency and disaster are less straightforward than they first appear.

The coronavirus may be a disaster for health organisations and inter-governmental organisations, but it is also resulting in serious crises for companies shut down by government decree or mishandling how they manage their response.

And a really serious crisis resulting in significant environmental, social, economic or geo-political damage – think BP Deepwater Horizon – is often termed a disaster (‘a crisis with a bad ending’), or even a catastrophe.

Communicators beware

Crisis teams and communicators, however, should take real care with their terminology. Planning and responding to serious negative events requires precision with what words mean and imply.

A health pandemic necessitates a different response to a workplace fatality or data privacy breach. Different teams are often involved, and each scenario demands different policies, protocols and messages. Activating the wrong plan can be disastrous.

While COVID-19 is growing exponentially, it is no emergency, no matter what the media says. But it is a crisis for some organisations and a disaster for others.

And for a few, it spells potential catastrophe.

Concern is widespread that artificially generated ‘deepfake’ videos pose a major potential problem for those targeted, be they companies, CEOs, celebrities, academics and commentators, or politicians.

A new study of 14,678 deepfake videos by cybersecurity company Deeptrace suggests otherwise. Deepfakes may generate millions of views, yet the great majority (96%) are pornographic and have little wider societal impact.

Of those that are not pornographic, such as Chinese deepfake face-swapping app Zao or a recent spoof of former Italian PM Matteo Renzi, most are designed to entertain. Only a tiny minority have been expressly designed to sow misinformation or disinformation, or to damage reputation.

The reputational threat of deepfakes

This may change all too soon. Deepfakes are increasingly realistic, freely available, and easy to make. Artificial voice company Lyrebird promises it can create a digital voice that sounds like you in a few minutes (even if my voice apparently proved less than straight-forward.)

It is surely only a matter of time before we see more regular instances of deepfakes damaging – directly or indirectly – companies, governments and individuals through false or misleading news stories, hoaxes and reputational attacks.

A recent example: controversial Canadian psychology professor Jordan Peterson recently found himself at the mercy of a website where anyone could generate clips of themselves talking in his voice, forcing him to threaten legal action. The simulator has since been taken offline.

Jordan Peterson audio deepfake

In another case a political private secretary in the Malaysia government was arrested over a video allegedly showing him having illegal gay sex with the country’s minister of economic affairs. The country’s leader responded by saying the video was ‘cooked up’, but it remains unproven whether the video was manipulated. 

Reputational risks of deepfakes for companies include:

  • A fake CEO town hall video regarding the new company strategy is ‘leaked’ to the outside world, allegedly by a short seller
  • The voice of a politician is used to manipulate a senior director into discussing allegations of corporate fraud
  • A fake recording of two executive board directors discussing the sexual habits of a colleague is used to blackmail the company
  • An outsider gains entrance to a secured office by impersonating the voice of a company employee.

Spread over the internet and social media and excavating distrust in institutions and deep geo-political tensions, the risks of malevolent deepfakes are only now starting to emerge.

While the likelihood of a deepfake attack remains low in the short-term, and impact remains hard to quantify, every organisation would be wise to start considering what it may mean for its name and image.

Deepfakes are only one form of AI, though arguably pose the most direct reputational risk.

I am collecting examples of AI risks in the public domain via my AI and Algorithmic Incident and Controversy Repositry.

Accurate and fair contributions are welcome. 

A 1MDB hoarding in Kuala Lumpur

Last week I had the fortune to be invited to speak on the topic of reputational risk management to MBA students and assorted internal auditors, risk managers, HR and communications executives at the Othman Yeop Abdullah Graduate School of Business at the Universiti Utara Malaysia in Kuala Lumpur.

Reputation risk may not be as high up the agenda of boards of directors and management teams in Malaysia as in some other countries, but it has gained importance in recent years due largely to two major crises:

  • the 1MDB scandal that led directly to the overturning of the Malaysian government, the arrest and forthcoming trial of former prime minister Najib Razak, fraud investigations in 10+ countries, and criminal charges laid against Goldman Sachs and two of its former employees
  • and the various woes befalling Malaysia Airlines (here’s my take on the mystery of MH370 from an online/social media perspective; if you haven’t already, I strongly recommend you read this in The Atlantic for what may well be the last word on the tragedy).

Whilst unresolved, both crises helped erode confidence and trust in institutions in Malaysia and raised (and continue to raise) legitimate questions about how Malaysia Inc – which is still largely dominated by a few family-controlled businesses – operates.

Accordingly, companies (especially government-owned or linked ones) and parts of government and civil society are actively considering the extent to which they are exposed to reputational risks, and thinking harder about how these should be minimised and managed.

The whys and hows of effective reputation risk management

Predicting and managing reputational risks poses a wealth of tricky questions and challenges – amongst them:

  • How should reputation risk be defined?
  • What are the primary drivers of corporate reputation?
  • What forms do these risks take?
  • Who is responsible for an organisation’s overall reputation?
  • Who should own corporate reputation on a day-to-day basis?
  • What role(s) should communications and marketing play in reputation risk management?
  • How best measure, track and report reputational threats?
  • Why can leaders be reluctant to get to the root of reputational issues?

I tackled these and other challenges in my presentation, setting out solutions based on my professional experience, research and observation.

Here are my slides:

Fortunately, trust in Malaysia appears to have been restored to some degree over the last eighteen months.

However it is clear that organisations based in Malaysia – and elsewhere – continue to grapple with the strategic, governance and operational challenges reputation risk management inevitably raises.

I will explore some of the questions raised in my talk in more depth over the coming weeks and months on this blog.

Meantime, I hope you find the slides useful.

The past few days have seen the Metropolitan Police in London, the FBI and US Immigration and Customs Enforcement (ICE) hauled over the coals for appearing to use inaccurate and non-consensual facial recognition technologies.

In the face of hostile media reports, public concerns about AI in general and complaints about their programmes specifically, as well as ongoing litigation, all three organisations have doubled down on the appropriateness and legality of their actions.

Their reaction is hardly surprising. The artificial intelligence (AI) that underpins these technologies is largely unregulated. And the general public is only starting to become aware of its benefits and risks, is largely skeptical of its promises, and is concerned about some of its potential impacts.

The looming tower of AI

The benefits of AI are many. It can help tackle climate change, strengthen cybersecurity, improve customer service and stop people making abusive comments on Instagram, amongst all manner of other applications.

However, as Stanley Kubrick highlighted in his 1968 film 2001: A Space Odyssey in the form of HAL 9000, AI poses substantial risks.

These risks include:

  • unfair or discriminatory algorithms
  • unreliable or malfunctioning outcomes
  • misuse of personal or confidential data
  • greater exposure to cyberattacks
  • loss of jobs
  • legal risks and liabilities
  • direct and indirect reputational risks, including malicious deepfakes.

It is likely that these risks will become greater and more reputational in nature as the adoption of AI technologies becomes more mainstream, awareness diversifies and grows, and public opinion consolidates.

Source: PEGA, 20

In addition, the risk management industry is looking at AI from a risk perspective, and the PR/communications industry from a communications perspective.

AI reputation management research study

However, little exists on the reputational threats posed by AI, or how these should be managed should an incident or crisis occur – an important topic given the volume of AI controversies and the general focus on corporate behaviour and governance.

Accordingly, I am pulling together examples of AI controversies driven by or relating to artificial intelligence for an initial report and possible quantitative study and white paper on the topic.

To kick-start the process, I am crowdsourcing information on the nature and impact of recent controversies through an AI and algorithimic controversy database.

The database is open, and your contribution is welcome. Given the sensitivity of these types of events, please note all contributions should be fair, accurate and supportable.

Let me know if you have any questions.

Thank you.

%d bloggers like this: