Like Barings Bank, Bear Stearns and Lehman Brothers before it, Silicon Valley Bank, well-known now as SVB, has made sure it goes down in history for all the wrong reasons. It’s a case study on how not to manage a bank. It’s also a case study of why risk management is an imperative in banking.
SVB was the 14th largest bank in the United States until it collapsed on 10 March 2023. It was the second-biggest bank failure in US history. SVB catered to a specific demographic – primarily start-ups who dumped large capital raises into the bank.
What happened at SVB?
We’re an outsider looking in, and I’m sure we will learn more in the coming days, weeks and months – and everything looks obvious in hindsight.
The short version is that SVB didn’t follow the principles of Banking 101. Mismanagement of its assets and liabilities, the basics of banking, seems to be the main cause. A poorly worded press release led to doubt that resulted in a classic run on the bank, leading the company to simply run out of money as clients withdrew US$42 billion in a single day, leaving the bank with US$1 billion in negative cash balance. The longer version includes a range of drivers that put the bank on its runway to failure.
Most of SVB’s woes seem to stem from management decisions surrounding interest rates and liquidity risks. Multiple factors created a perfect storm:
- Very high inflow of funds over a short period of time, driven by VC funds needing to park their excess liquidity somewhere.
- In banking fundamentals, these funds need to be invested somewhere, ideally in loans and assets that yield a higher return than the cost of deposits. This should result in a healthy net interest margin that’s adequate to provide a net profit for the bank. It requires, however, assets where the yield is higher than the cost of funds throughout the life of the deposit.
- This is where things unravel: there wasn’t enough demand for loans to use the cash, and so investment in treasury bonds and mortgage-backed securities were their selected choices. Sensible banking would ensure that the interest rate reset periods on the assets would be matched with those on the deposits so that when interest rates change, they change on both sides, keeping the margin intact – a simple hedged balance sheet.
- However, SVB’s investments had an average interest rate duration of around six years. This meant the bank was locked into low-yielding investments when interest rates started to rise. Negative interest margin soon developed.
- When interest rates rise by 1% with an average portfolio duration of six years, the bond value drops by around 6%. It doesn’t take long for the market value loss on the bonds to swallow the bank’s capital, rendering it insolvent.
- As concerns were raised in a viral panic spread on social media and chat groups, depositors wanted out. Since the deposits were concentrated in the VC sector with very large individual balances, the digital withdrawals were fast and big. In addition, to meet this cash outflow, bonds had to be sold, realising the mark to market loss.
We’ve seen over the last several months that amid interest rate hikes there have been shifts in the tech sector, including layoffs, and cheap capital has started to shift. This interest rate movement resulted in lower deposits in 2022 while existing customers continued to draw down their capital, simultaneously reducing the value of those long-term assets. With limited hedging in place, there doesn’t seem to have been any forward thinking on how rising interest rates would affect SVB on both sides of the balance sheet.
Now we come to the actual run on the bank itself, highlighting concentration risk. SVB was the go-to banking partner for tech-industry founders, entrepreneurs and investors in the start-up community. When the bank sold some of its assets at a US$1.8 billion loss in order to shore up liquidity, that community noticed. Fearing the bank was in trouble, investors and depositors kicked off a wave of withdrawals – until SVB ran out of money.
Could some of this have been foreseen?
On its face, the run on SVB looks like a failure in banking basics of managing interest rate risk and liquidity risk. Can we get more specific? Let’s look at additional elements that may have contributed to the bank’s failure.
Risk governance
Where was the governance around risk management? Were the Board, Risk Committee and Executive asking appropriate questions about the types of risks the bank was facing? Of interest in SVB’s 2023 proxy statement:
“In its ongoing effort to enhance its committee structure, the Board is also planning to discontinue and sunset its Finance Committee in April 2023.”
The statement next notes that one of the key oversight responsibilities for that committee was “financial and balance sheet strategies, and treasury management.” SVB’s most recent Risk Committee Charter includes liquidity and interest rate risk management as part of its scope, indicating this responsibility may have been absorbed into that committee.
- Is this a sign that some of the fundamental financial risks to the bank were not given sufficient attention?
- Were risk appetite, key risk indicators and related tolerances set around interest rate risk and liquidity?
- Did the committee or board challenge the activities of management? Only one of SVB’s directors had banking experience – who was not on the Risk Committee.
We’re also curious about other types of risk. If they weren’t getting Banking 101 financial risk management right, what did the bank’s operational risk and compliance risk management look like?
Lack of a CRO
The bank did not have a Chief Risk Officer (CRO) for eight months. Of course, that doesn’t mean zero risk management was being done, but it may hint at the risk culture and tone at the top. The bank’s proxy statements show that the risk committee met 18 times in 2022. Given the bank has failed, what happened in these meetings? Without a CRO, did these become a matter of process — “doing risk management” — rather than outcomes, actually managing risks?
Of course, those meetings may have been so frequent because it had become apparent that decisions to invest in long-term assets with insufficient hedging of interest rate risk were time bombs waiting to go off.
Scenario testing
SVB was not classified as a systemically important bank and did not need to participate in mandatory stress testing. That doesn’t prevent risk managers from running scenario testing or sensitivity analysis as a best practice. It’s hard to believe that those things weren’t being done at the bank – but if they were, then surely, they would have identified that purchasing long-term bonds was an extremely risky position if interest rates rose? If internal tests were being done, what happened to the results and what actions were taken?
For a bank with such a concentrated customer base as SVB had – this also seems like a scenario where you would consider running a stress test on your liquidity.
But perhaps they didn’t see the value. The CEO lobbied to relax Dodd-Frank provisions on regional lenders in 2015, which occurred in 2018, keeping SVB under the threshold. Dodd-Frank originally subjected banks with more than US$50 billion in assets to enhanced supervision by the Fed; that threshold was raised to US$250 billion, “effectively deregulating 25 of the 38 biggest U.S. banks,” a former Fed lawyer noted. SVB lobbyists also spent the months leading up to the collapse pushing back on a proposal that would require financial institutions to increase payments to the FDIC’s Deposit Insurance Fund.
Incentives and insights
SVB executives sold over US$84 million worth of stock over the past two years. The CEO sold US$3.6 million worth of shares on 27 February, less than two weeks before the bank collapsed. Company executives are now facing a class action lawsuit.
The next key question: What did the board and executives know, and when did they know it? They may not have predicted failure, but were these sales borne from insider awareness on the likely outcomes on the bank’s valuation?
Regulation failure, management failure, or both?
Questions are being raised about whether this is a failure on the regulator’s part. Ask some, and they will say the regulator was asleep at the wheel and should have prevented this failure. Others will say that the regulator has no obligation to prevent the failure of the bank – only to protect the depositor through resolution if the bank fails.
The FDIC guarantees deposits up to US$250,000. With their customer base being start-ups with large capital bases, a large portion of SVB’s customers (at one point 93%) held more than this limit. This had the start-up sector fretting over whether their businesses might also collapse amid major losses.
The Federal Reserve, the Treasury and the Federal Deposit Insurance Corp (FDIC) issued a joint statement that depositors would have access to the entirety of their funds on 13 March – which might set a precedent that will be hard for the regulators to unwind. Of course, if they hadn’t, it may have had massive ramifications on the venture capital markets.
Learnings for risk managers
In the week following SVB’s collapse, we’re hearing how the resulting cashflow disruption impacted the bank’s customers and their ability to do business (or pay employees). Our suggestion for risk managers – make sure your operational resilience program includes the impact of cashflow or banking partners where appropriate. Not just for spectacular bank failures like this one that come once in a blue moon, but for everyday operational disruptions.
In reality, banks fail, just not necessarily as spectacularly as SVB did. New York-based Signature Bank also failed on the same day as SVB. In the US, an average of seven banks fail each year. However, these events do provide some prompts that risk managers can take away to ensure it never happens to you. These include:
- Don’t forget your risk fundamentals
- Ensure appropriate governance of risk
- Don’t do scenario testing or sensitivity analysis because it is a regulatory requirement; do it because it’s good risk management (and ultimately outcome management)
- Operationalise your risk appetite and set key risk indicators and tolerances for all of your key risks; this can help you not only identify when action needs to be taken, but also when decisions are likely to breach them
- Consider how concentration risks might affect your organisation – particularly during good times so you can hedge your bets
- Ensure your board and executive have the requisite skills to challenge decisions and risk management practices
Next steps for your organisation
Risk is risk is risk. All risk is, in principle, the same. That is the core of Enterprise Risk Management (ERM). We should view, analyse, and manage all risks in a consistent way while recognising any nuances for specific risk types.
Download our free Enterprise Risk Management eBook to get a comprehensive view of what true ERM is and to learn how it addresses the inherent problems in the traditional, siloed risk management approaches.