March was a rollercoaster in financial markets. The failures of Silicon Valley Bank (SVB), Signature Bank, and, more recently, Credit Suisse sent shock waves through the markets, and there are various takeaways for GRC professionals on good governance, risk management, and compliance. This month’s insight highlights some valuable lessons from SVB failure.
SVB was a major lender for the tech and venture capital sectors, and its collapse has been deemed as the biggest bank failure since the 2008 global financial crisis. The SVB failure came from a lack of sound risk management; the key problem was a mismatch of the bank’s balance sheet from long-term investment securities funded by short-term deposits, coupled with a failure to hedge much of the interest rate risk. When interest rates rose, the value of the securities dropped, creating unrealised losses that eroded the bank’s capital base. The bank tried to raise capital to fill the hole, but, learning of the problems, depositors lost confidence in the bank, which led to a total withdrawal of $42 billion in a day. This was a quarter of the bank’s deposits, ultimately resulting in the bank’s failure.
Risk management requires good governance and oversight
SVB had no official Chief Risk Officer responsible for overseeing the bank’s risk framework for eight months. A CRO typically safeguards a firm against disaster by monitoring its risk management procedures to limit firmwide exposure to risks and flag concerns to the C-suite or senior management. Without someone responsible for overseeing risk management and connecting the dots, fundamental risk issues that can be managed can eventually be catastrophic. Nonetheless, risk should have also been the shared responsibility of the board and a crucial topic that was prioritised and resourced accordingly.
Risk assessment needs to be continuous
In addition, there was also a lack of continuous risk monitoring. New risks are continuously arising and constantly evolving, and risk professionals need to identify developing risks and determine risk thresholds and their risk tolerance. Without continuous monitoring, firms have blind spots and become more vulnerable to material risk. Risk managers need to be proactive in their approach.
The role of regulators and better compliance
Furthermore, US policymakers and regulators have also been criticised for lacking oversight of SVB’s operation. SVB bought its bonds in a world where interest rates had been very low for quite some time. The US central bank, the Federal Reserve, set these low-interest rate levels with the best intentions to stimulate the economy and recover from the global crisis in 2008. Central banks worldwide, including here in the UK, did the same.
As firms adapted to the low-interest rates, they eventually faced significant difficulties when the rates increased. When the Fed raised interest rates sharply to fight inflation, the value of SVB’s bonds fell; this should have raised alarm bells. SVB’s management could have reduced positions and realised losses but chose to buy even more bonds, and the regulators allowed this. The collapse was inevitable; the state and federal regulators missed warning signs. In 2021, the Fed was aware that SVB’s liquidity risk management was insufficient; early measures to ensure better compliance could have been taken.
To conclude, the collapse of SVB serves as a reminder of the dynamic nature of the recent risk landscape in financial services. Effective risk management requires competent risk management fundamentals, good governance, proactive risk management, and agile intervention. It is anticipated that regulators will be doing more work in this area too and firms should expect an increase in global regulatory scrutiny in subsequent years.