The collapse of Silicon Valley Bank (SVB) provides many important lessons for financial industry leaders, including Board members, senior management, and risk professionals. The information foretelling SVB’s demise was, with the benefit of hindsight, available in SVB’s quarterly SEC filings. The questions bank leaders should ask now are: “What should we look for in our own institution?” and “What actions can we take with the knowledge gained?” In short, it is imperative that financial institution Boards, senior management, and risk leaders take a fresh look at their financial risk data with a more critical eye to identify potential weaknesses requiring proactive responses. Access to the consistent capture, measurement, and reporting of data is key, and that data must provide meaningful information that generates insights for actionable decisions.
Hiding in Plain Sight (Hindsight Is Always Clearer)
Last year marked a sharp change in interest rates. While some may have missed the early rate pivot, it was clear that financial institutions needed to evaluate their strategic plans and balance sheet composition against an increasing interest rate environment. This is not necessarily easy to do, but we can learn from the information available to us about SVB and what contributed to its failure:
- SVB grew very rapidly, both organically and through acquisition (Boston Private), in a relatively short period of time. This level of growth is a red flag even before one considers what form the growth actually took. Although SVB was rebuilding its risk team during this historic growth, even mature risk management teams often can’t keep pace with rapid growth, as became evident at SVB.
- SVB’s business model and financial positions were highly concentrated and seemingly correlated, which can be exacerbated further in times of stress. The business lines relied on short-term funding (deposits) and asset generation (loans) from the same source, relatively young technology firms. Further, noninterest-bearing demand deposits, time deposits, and savings deposits represented 49% of deposits. These types of deposits are typically more susceptible to flight risk.
- Poorly structured portfolio concentration risk of long-dated securities, combined with short-term funding from a closely entwined start-up industry, heightened the depositor concerns due to viral social media commentary by venture funds.
- SVB’s rapid growth created a large pool of investable funds that were placed in concentrated holdings of longer-duration securities, resulting in significant unrealized losses as interest rates rose. This risk exposure was visible throughout 2022 culminating in unrecognized losses of over $17B, exceeding the bank’s equity capital by year end 2022.
- All of this was further exacerbated by the absence of the critical position of Chief Risk Officer, which was open for many months and only recently filled. Risk management, therefore was in transition while the external environment was rapidly changing. Even during normal cycles, investments in risk programs take time to mature and require extensive Board and leadership support. A transitioning risk function would struggle to provide credible challenge, which is clear in hindsight.
Additional observations could be made, but the financial services industry already knows more than enough to now focus on what proactive steps need to be taken to ensure financial stability through this current cycle and beyond. Regulators no doubt will help drive this process through exams, guidance, and new rules. A hallmark of strong risk management programs is to self-identify and remediate issues before they are identified by regulators as a corrective action (i.e MRA or MRIA) requiring remediation. Reactive risk management programs often get bogged down in regulatory purgatory, which can lead to paralyzing remediation.
Where Will the Regulators Be Focusing and How Can Financial Institutions Best Prepare?
So now we know what caused the collapse of SVB and understand the various risk underpinnings. We also know that every financial institution has a unique business strategy and risk profile, but there are common themes that regulators will surely focus on in the current environment. We believe the following areas will come under increased regulatory scrutiny and require additional attention by financial institution Boards, leadership teams, business lines, risk functions, and audit groups.
- Liquidity risk management and all associated areas (treasury management, deposit betas, contingency funding plans, funding diversification, borrowing collateral review, funding line testing, etc.) will be under the regulatory microscope.
- Good old interest rate risk management is a front and center issue, and asset-liability management strategies will also come under greater scrutiny. The focus includes balance sheet management strategies, oversight, modeling, reporting, limits, controls, and governance, both at management and Board levels.
- Strategic planning will need to be revisited given the higher rate environment and related impacts on institutions’ financial performance and risk posture. These reviews must be completed in conjunction with a reassessment of the financial institution’s risk appetite statement and Board-approved risk limits. Any adjustments to the strategic plan and risk appetite will need to be incorporated into financial institution policy and governance process for proper reporting and oversight.
- Board risk committees will likely be expected to conduct internal (or external) evaluations of approved enterprise risk management programs, risk appetite/limits, sufficiency of risk function resources, effectiveness of risk reporting, and the documentation of Board challenge of management decisions.
- Regulators will evaluate more closely the strength of second-line risk management in providing credible challenge to the business strategy, balance sheet management, and risk-taking decisions. Financial institutions that do not have the depth or expertise in-house will need to demonstrate that they are bringing appropriate resources, internal or external, to fully support the financial institution’s risk management needs.
- Deposit strategies will require new perspectives considering strategies for greater diversification, account insurance (reciprocal, sweeps), varied rate structures, better term segmentation, channel sourcing, account opening, and other key areas. Many financial institutions are fairly diversified, but every financial institution will have some lessons to learn and strategic adjustments to make for greater stability.
- Risk-related information/data, risk identification, risk reporting structures, and risk reporting will all come under greater scrutiny. Financial institutions will need to critically evaluate their sources of risk information, the usefulness of risk presentations, and how these lead to more proactive risk management actions. Data must provide insights that can be used for actionable metrics.
- While regulators were highly focused on risk assessments of nonfinancial risks (BSA, fraud, cyber, compliance, ops risk, etc.), attention will swing back to the assessment of critical financial risks. Here again, the focus will be on demonstrating access to the necessary data, using that data to evaluate potential financial risks, reassessing financial risk limits, and enhancing risk management dashboards to ensure that management is operating fully aware of and within risk tolerances.
- Risk models (ALM, EVE/NII, CFP, ACL, Stress Testing, LSST, DFAST, etc.) will take on even greater importance. Much of the focus will be on assessing the model outputs, but the model governance stages will also get significant attention. Even assuming data inputs are solid, regulators will certainly be focused on model assumptions, scenarios, back testing, and credible challenge by second-line model risk management teams.
- Investment security portfolio reviews may need to be augmented to better access not only the quality of individual holdings, but more so the intention of portfolio investments (yield vs. liquidity) and related concentration parameters. Investment governance documentation will be closely assessed with a focus on portfolio diversification, risk limits, reporting, and monitoring.
How Can Treliant Help?
Enterprise risk management must extend from the Board, through the risk function, and be embraced and supported by financial institution leadership. Treliant has the experience, insights, and resources to support financial institutions in getting ahead of the emerging regulatory curve. Financial institutions’ risk committees will need to consider seeking an independent assessment of their risk management framework to ensure all meaningful risks are identified and programs are sufficient to measure, manage, and control these risks. With our firm’s deep team of former regulators, CROs, CFOs, and CCOs, Treliant stands ready as a trusted partner to financial institutions and one that provides independent, value-added insights to strengthen risk management and support appropriate risk culture enhancements.