What drives reputational risk? Evidence from textual risk disclosures in financial statements

The paper addresses the unresolved question of which drivers cause reputational risk in financial institutions. Reputation is critical and hard to restore once damaged, and its importance has grown with faster information diffusion via the internet and social media. Existing definitions (e.g., BCBS) are broad and focus on negative perceptions, leaving the specific antecedents unclear. Prior research often assumes reputational losses follow operational risk events, but this may underestimate the broader set of drivers. Proactive risk management and quantitative measurement require a systematic, comprehensive identification of drivers. The authors propose using standardized textual risk factor disclosures (Item 1A in Form 10-K) as a rich, industry-wide source of senior managers’ perceptions to systematically identify reputational risk drivers and quantify their prominence over time.

Empirical work largely links reputational damage to operational risk events, documenting negative market reactions and heterogeneity across event types (e.g., internal vs. external fraud). Some studies highlight other potential drivers such as third-party misconduct, rating downgrades, data breaches/cyber risks, product recalls, downsizing, and media tone. A few frameworks attempt to classify drivers (e.g., internal vs. external categories), but the overall understanding remains fragmented and incomplete, with limited empirical evidence beyond operational risk. The paper motivates leveraging risk factor disclosures to aggregate firms’ real operating experiences and perceptions to construct a comprehensive, empirically grounded system of reputational risk drivers.

The study mines textual risk factor disclosures in U.S. Form 10-K filings to extract reputational risk drivers. Key steps: (1) Data collection: Identify financial institutions via GICS codes (4010 banks, 4020 diversified financials, 4030 insurance, 4040 real estate). Collect Form 10-K filings from EDGAR (2006–2019). Extract risk headings from Item 1A using a crawler; manually review filings where headings cannot be programmatically separated. Filter headings containing the keywords “reputation” or “reputational” as reputational-risk-related. Final corpus: 352,326 total risk headings from 11,921 10-Ks (1,570 firms); reputational subset: 7,856 headings from 4,590 10-Ks across 828 firms. (2) Topic modeling: Use Sentence-LDA (Sent-LDA), which assumes each sentence addresses one topic—appropriate for concise risk headings. Train with Variational EM (better for short texts) and hyperparameters per prior literature (α = 50/k; VEM convergence settings). Determine topic number via perplexity with extensive grid (5–170, step 5), preferring convergence region; select 120 topics after quantitative and manual checks. (3) Model improvement: Original Sent-LDA topics are contaminated by high-frequency but semantically uninformative words common to risk headings (e.g., “reputation”, “business”). The authors design a word intrusion task (per Chang et al., 2009) with domain experts to identify and label as stop words terms frequently mistaken as intruders. Remove these corpus-specific stop words (e.g., reputation/reputational, operation/operational, generic modal/affect terms) and rerun Sent-LDA (improved Sent-LDA). Quantitatively, improved Sent-LDA yields consistently lower perplexity than baseline; qualitatively, topic word clouds reveal clearer driver-indicative keywords. (4) Topic labeling and consolidation: For each of the 120 topics, inspect high-frequency words; manually assign driver labels using domain expertise. Merge semantically duplicative topics into unified drivers; topics too mixed or unclear are labeled “others.” (5) Importance quantification: Compute Importance_i as the proportion of headings assigned to driver i relative to all reputational headings (sum of topic proportions across documents), noting that higher proportions reflect frequency of disclosure, not severity of impact. The method also enables subsector and temporal analyses by tracing headings back to source firms and years.

• Scale and awareness: From 2006–2019, the proportion of firms and risk headings disclosing reputational risk increased markedly, evidencing growing awareness across financial institutions. Dataset includes 352,326 total risk headings; reputational-risk subset has 7,856 headings from 4,590 filings by 828 institutions. - Drivers identified: Thirteen reputational risk drivers were identified and defined: (1) Inadequate information safeguards, (2) System interruptions, (3) Litigation risk, (4) Human error, (5) Compliance risk, (6) Partners’ performance, (7) Product and service problems, (8) Conflicts of interest, (9) Investment risk, (10) Fraud, (11) Loss of professionals, (12) Credit risk, (13) Liquidity risk. Seven of these (system interruptions, litigation risk, compliance risk, conflicts of interest, investment risk, credit risk, liquidity risk) were rarely mentioned previously, significantly extending the literature. - Importance (proportion of disclosures by driver; Table 6): Inadequate information safeguards 20.15%; System interruptions 15.19%; Litigation risk 10.07%; Human error 7.79%; Compliance risk 7.04%; Partners’ performance 4.76%; Product and service problems 4.53%; Conflicts of interest 3.44%; Investment risk 3.28%; Fraud 2.34%; Loss of professionals 2.19%; Credit risk 2.07%; Liquidity risk 1.03%; Others 15.85%. - Operational vs. legal drivers: Operational-risk-related drivers (product/service problems, human error, fraud, loss of professionals) constitute 52.19% of disclosures, confirming operational events as major sources. Legal/regulatory drivers (litigation and compliance) together account for 17.11%, underscoring legal risk as an important, under-studied contributor to reputational damage. - Subsector differences (Table 7): All subsectors (banks, diversified financials, insurance) most frequently disclose inadequate information safeguards, system interruptions, and litigation risk. Banks additionally emphasize partners’ performance and investment risk; diversified financials emphasize human error and compliance; insurance emphasizes fraud alongside information/system protection (with the top two exceeding 50% of disclosures). - Temporal evolution: Notable upward trends in disclosures for inadequate information safeguards, system interruptions, partners’ performance, product/service problems, and loss of professionals, aligning with fintech-driven digitization, increased data/system exposure, expanded third-party ecosystems, and talent needs. - Methodological validation: The improved Sent-LDA consistently outperforms baseline Sent-LDA by perplexity and yields cleaner, driver-revealing topic word clouds, demonstrating effectiveness of the corpus-specific stop-word construction via word intrusion tasks.

The findings directly address the research question by empirically deriving a comprehensive, industry-aggregated set of reputational risk drivers from standardized disclosures. They confirm the centrality of operational events to reputational damage while revealing substantial roles for legal/regulatory and other financial drivers (e.g., credit, liquidity, investment) that have been underexplored. The quantified disclosure-based importance highlights which sources firms most often perceive as reputation-threatening—especially information security and system continuity—guiding proactive risk management priorities. Subsector patterns reflect underlying business models: banks’ reliance on partners and investment activities, diversified financials’ operational complexity and regulatory exposure, and insurance’s fraud and data/system sensitivity. The temporal rise in tech-related and third-party drivers aligns with fintech and digital transformation, suggesting firms should fortify cybersecurity, IT resilience, vendor/partner governance, product quality, and talent strategies. The study advances measurement foundations for reputational risk by offering a scalable text-mining approach and a driver taxonomy suitable for integration into ERM and future quantitative models.

The study systematically identifies 13 drivers of reputational risk from large-scale 10-K risk disclosures using an improved Sent-LDA topic model, extending prior literature with seven rarely noted drivers. It shows growing organizational awareness of reputational risk and quantifies driver prominence, with inadequate information safeguards and system interruptions most frequently disclosed and rising over time. Operational risks remain central, while legal/regulatory and other financial risks also contribute meaningfully. Methodologically, the improved Sent-LDA—enhanced by a word intrusion–based stop-word list—outperforms the baseline and is applicable to other short-text contexts. The results support more proactive, targeted reputational risk management and provide a basis for future quantitative measurement. Future research could assess driver importance via market reactions or loss severity and integrate multi-source data to refine reputational risk metrics.

Driver importance is inferred from disclosure frequency, which captures perceived prevalence but not loss severity or realized impact. The focus on headings containing “reputation/reputational” may omit indirect references. Manual topic labeling, while accurate for domain-specific topics, can introduce subjectivity. Further work could triangulate driver importance with market-based measures (e.g., abnormal returns, volatility), media tone, or realized loss data, and explore causal links between drivers and reputational outcomes.