top of page
  • Richard Bistrong

Corruption, Reputation & Risk: An Interview with Andrea Bonime-Blanc

Hi Andrea, and thank you for joining me in a Q & A and to reflect on your recent book The Reputation Risk Handbook ( ), which I found very relevant to today’s enforcement and risk environment. As you well state “at the end of the day, each one of us owns 100% of our personal reputation risk management.” If you don’t mind, could you share some of your background and experience as to provide even greater context for your work.

Andrea: Thank you for the opportunity to have this conversation, Richard. After almost 20 years as a senior executive leading a variety of legal, GRC and CSR roles at four global businesses, I started GEC Risk Advisory ( to provide a more strategic, holistic and value-added approach to all things GRC/CSR. We are focused on transforming risk into value for our clients and in just two years, we are doing business and developing innovative solutions with clients and partners on almost every continent. We are honored to have received recognition in a short period of time including being named to the 2014 100 Most Influential People in Business Ethics by Ethisphere,  and by participating extensively in conferences, and  media. My writing is referenced through The GlobalEthicist bimonthly column for Ethical Corporation Magazine,  and tweeting @GlobalEthicist.

Q:  Thank you Andrea. As someone who has experienced, first hand, how reputation and risk have an impact on people and corporations, I found your work extremely resonating. I really enjoyed your setting out the challenge up-front in that we all have “a chance to enhance reputation,” and that “its not just about protecting the downside, it’s about enhancing the upside.” Thus, from an individual and corporate perspective, where do you see the greatest opportunities for “enhancement?

Andrea: I think that both the personal and the corporate, or more accurately institutional, perspectives are intricately interrelated. Let me explain, each of us individually (personally and professionally) need to think about reputation as a valuable asset that we build over time and can either increase or decrease in value depending on our actions, who we associate with and who associates with us and other circumstances that are often beyond our control. In the “Age of Hyper-Transparency” and super-connectivity we now live in, these issues are more important than ever both personally and institutionally as bad news (as well as good) can travel at the speed of light. As Warren Buffet famously said a while back “it takes 20 years to build a reputation and 5 minutes to ruin it”. Nowadays it takes a nanosecond.

So to answer your question more directly, I believe that if everyone understood this fact clearly – that reputation risk management is both an individual and corporate/institutional matter and that they are intricately intertwined – we would be more proactive about protecting the downside and building the upside while at work. Building the upside or enhancing reputation might include, for example, (1) paying attention to the quality and accuracy of the information you create, share, distribute or post; (2) ensuring that you understand the 360 of who your stakeholders are: stakeholders at an individual level might include family, friends, school, colleagues, etc.; stakeholders at the institutional level would include customers, regulators, suppliers, etc. If you maintain a mindset at work that quality of information, communication and interaction with your stakeholders is key to protecting value, you might become more aware of how to enhance both your own and your company’s reputation.

Q: As I spend most of my time reading and writing about corruption risk, I found your sub-chapter “Reputational hits and consequences” to be reflective of what we have recently been reading about in terms of anti-bribery enforcement actions. You speak of “reputation management generally with a pretty veneer but not substance,” as “neither sustainable nor responsible.” In your Chapter “The Business Case for Effective Reputation Risk Management,” I see you as returning to that theme when you state that throwing billions of dollars and thousands of people at ‘compliance’ does not address the more “systemic cultural and leadership problem in need of a more strategic solution.” You add that “the real challenge begins and ends at the very top: the CEO and the board.”

Well, I am the choir on that chapter! We continue to see in the anti-bribery field numerous corporations, which when commenting on enforcement actions reference their ‘ethics program’ and ‘commitment to compliance’ and then take out the ‘rogue employee or group’ script to explain away the conduct. Is that reputation risk management? Or, is that the abandonment of risk and reputation management as “related to mistakes by organizations, (and) their senior managers, in exercising their responsibilities as leaders?”

Andrea: I don’t believe that this example is effective reputation risk management, as this would require that there be depth behind the claim – i.e., synchronization between what the company claims it has and what it really has, in this case on anti-corruption. One of the true disconnects I believe exists within many companies is that between company/leadership “talk” and “walk”. What I mean by this is that leaders may talk a good game on ethics and compliance (and anti-corruption) and may support the placement of certain program bells and whistles, but underneath that surface lies a culture of bending rules, looking the other way, burying your head in the sand, or pretending that certain things aren’t taking place when they do. There is no depth – no “there” there when it comes to an effective program. This is where the “rogue employee or group” subterfuge comes in handy to explain away a corruption incident.

Companies and leaders that are intent on a culture of integrity will provide the proper resources, speak the right words, and take the appropriate actions when and if compliance failures occur. The trick for the prosecutors and investigators is to distinguish between the “Potemkin” program and the real or effective one. As with most things in life, there is a spectrum between the two and it is true integrity leadership (or the lack thereof) that is the ultimate differentiating factor.

Q: Is this related to your definition of the “superficial leader” as someone who creates a pretty façade of compliance but who “doesn’t support a deep culture of responsibility of integrity?” I would really like to hear more about what you mean when you state that “the superficial style of leadership does not institutionalize integrity.”

Andrea: When it comes to creating a sustainable culture of integrity, the superficial leader is one who does not place deep value (either philosophically or in terms of resources and budget) to supporting the creation and implementation of an effective ethics and compliance program. They do believe in creating a surface sheen through glossy marketing, brochures and codes of conduct and displaying verbal an written commitment to “integrity”, “zero tolerance” and “values”. The superficial leader is a marketing and public relations guru who lacks the underbelly of true commitment to these issues. Thus they do not help and indeed hinder in many ways the creation of a long-term culture of integrity that is institutionalized within the organization, its processes, decision-making and performance.

Q: In your discussion of “Strategic Risk Management,” you speak of the importance of risk management “where both management and the board have a sophisticated and well informed view and infrastructure in place to deal with all entity risks including reputation risk.” There has definitely been a lot more discussion of late with respect to what responsibility the Board has with respect to corruption risk, and recent surveys have identified this as an area of great concern and risk.

You discuss how “Boards have a critical role to play with regard to reputation risk.” Well, what is your view of the current state of affairs on this issue? I am also thinking of this question in the context of you statement that Boards need to “demand a new bottom line from their chief executives.”

Andrea: As you correctly state, Richard, it has become clear in recent years that boards have a much more important and strategic role to play in risk oversight than ever before. Part of this has to do with the era of scandals we have been living through (where many boards missed some of the critical risks their companies were confronting) and part of it with the age of hyper-transparency and super-connectivity we are living through where risk issues hit harder, faster and more materially than ever before. As a result of these developments, reputation risk, which I deal with in my new book, The Reputation Risk Handbook, has become the number one concern of boards and c-suites around the world. Boards now need to step up to the strategic risk oversight plate hard and fast to keep up with the serial and concurrent risks coming at companies like bullets in a videogame. Boards need to beef up their own composition to meet this challenge as well as ensure that their companies have the right risk infrastructure and expertise in place. This ultimately entails ensuring that a CEO is in place who understands risk management almost as well as he/she understands the business and the financial bottom line.

Q: I always like to finish with the positive. In your work you reference Siemens as turning “a corner from being the corporate corruption pariah to a leader in the global fight against corruption with all the attendant reputational benefits.” Andrea, if you had to rip one page from that playbook to share with others, what might that be?

Andrea: Though it was a long, expensive and tortuous road for Siemens, they eventually embraced the changes that were necessary. Since then, Siemens has been a force (by funding the Integrity Initiative with the World Bank, for example) for deepening and expanding our understanding of corruption in many different aspects of life – not just the corporate. In addition, I recently heard that Siemens has made the internal third party anti-corruption management program they created in house available as a commercial product to other companies. Now that’s what I like to call transforming risk into value (which happens to be my company’s tagline!).

Richard: Well, thank you Andrea, and I hope that we can continue this discussion again sometime soon

Andrea: Thanks so much for this opportunity to discuss these important topics with you, Richard, and thank you for the great contributions you are making to the anti-corruption field through your writings and work in this space. I look forward to continuing the dialogue!


bottom of page