From Collapse to Control: Lessons from Silicon Valley Bank

The Federal Reserve Bank’s (FRB) highly anticipated assessment of Silicon Valley Bank’s (SVB) risk management failures serves as a stark reminder of the critical importance of risk management and control in the financial services industry.

This, of course, is not new to any seasoned banking professional. In an industry where nearly every action involves some level of risk, banks must carefully, intentionally, and proactively balance potential risks with fair rewards.

But how much risk management is needed, and what exactly does risk management and control entail?

We’ll unpack those questions below. But first, let’s briefly explore the second-largest bank collapse in U.S. history.

What happened at SVB?

According to the FRB’s report, the collapse of SVB was the result of a fundamental failure of risk management. Specifically, it was tied to the mismanagement of interest rate risks, which is commonly referred to in the industry as asset/liability management.

The FRB’s report explained that the bank’s risk and control managers as well as bank regulators ignored numerous red flags and warning signs. It describes that the risk and control program was operating reactively toward asset liability management, rather than practicing the required proactivity needed to spot weaknesses.

In fact, the FRB points out that two-thirds of the formal Matters Requiring Attention (MRAs) reported by regulators since 2021 were related to the bank’s governance and control, not interest rate risk or asset/liability management.

In relation to governance and control, regulators had expressed concerns about the inadequacy of the bank's risk and control program, namely the scope and effectiveness of its internal audit coverage and its Risk and Control Self-Assessment (RCSA). The RCSA is crucial for management to have a comprehensive understanding of its risks and implement necessary control measures to effectively manage them.

Additional findings reported by the FRB indicate that:

  • SVB’s RCSA lacked the expected level of sophistication for large banks, as regulators has pointed out; and
  • SVB’s culture did not value controls being at least co-equal to other business objectives, such as the bank’s desire for rapid growth.

Lessons learned.

For bank regulators, this event exposed the danger of failing to spot and communicate red flags in a bank’s risk and control program. And it reminded the industry that when monitoring a bank’s first and second line of defense RCSA program, as well as the third line of defense internal audit function, proactivity is not just a nice to have. It’s the name of the game.

That’s where our experience comes in. North Highland has a long history and proven track record of partnering with financial services leaders to establish proactive and comprehensive risk and control programs that allow them to successfully navigate complex scenarios.

We work alongside business managers, federal and state regulators, leaders of risk and control and compliance functions, and internal auditors to strengthen risk and control programs by: 

  • Utilizing modern agile techniques to expedite the implementation and adoption of risk management practices.
  • Designing and maintaining RCSA programs to proactively resolve root causes of problems and remediate regulatory issues.
  • Providing control testing and trained resources to help banks quickly "pressure test" the effectiveness of their three lines of defense through mock examinations of risk management practices.
  • Securing leadership alignment on the approach, importance, diligence, and prioritization of risk efforts.
  • Cultivating a culture of risk management to help firms transition from a reactive to a proactive mindset. 
  • Developing a workforce that elevates the role of risk leaders throughout the organization.

The path forward is proactive.

The collapse of SVB has significantly raised the bar for regulators, investors, and customers, who now demand that bank management exhibit exceptional risk management and control, on par with any other business objective. This will be particularly important in the years ahead, as many banks turn their focus on business growth to navigate a challenging phase in banking, while simultaneously avoiding the creation of additional risks and regulatory scrutiny. The ability to strike this delicate balance will be crucial for banks to successfully emerge from this tumultuous period while maintaining financial stability.