The postmortem regulatory reports on the failures of $209 billion Silicon Valley Bank and $110 billion Signature Bank are an emphatic reminder of the consequences of poor risk management.
Among the specific circumstances that contributed to their closures in spring 2023 is how their boards and management teams failed to effectively manage several core banking risks, including interest rate, liquidity and growth, according to reports from the Federal Reserve and the Federal Deposit Insurance Corp. The official reports confirm recent media reporting that indicated surprisingly lax risk management practices at the banks, both of which were some of the largest in the country. Community banks that may see themselves as having little in common with these large institutions can still glean insights from the reports — and perhaps, avoid their fates.
Santa Clara, California-based Silicon Valley Bank’s “rapid failure can be linked directly to its governance, liquidity, and interest rate risk-management deficiencies,” the Fed wrote. And the FDIC found that New York-based Signature Bank had weaknesses in “liquidity contingency planning, liquidity stress testing, and internal controls” that figured “prominently” in its failure.
Interest Rate Risk
“While interest rate risk is a core risk of banking that is not new to banks …, SVB did not appropriately manage its interest rate risk,” the Fed wrote.
The bank’s interest rate risk (IRR) policy — which detailed how the bank would manage and measure interest rate risk — was vague. It didn’t specify which scenarios to run, how to analyze assumptions, how to conduct sensitivity analysis and it didn’t define back-testing requirements. The bank used “the most basic” IRR measurement available, despite its size.
Still, its models indicated the bank had a structural mismatch between repricing assets and deposit liabilities; as early as 2017, it identified breaches in its long-term IRR limits, the Fed wrote. But instead of addressing the “structural mismatch” between longer duration bonds and demand deposits, the bank adjusted its model to get better results.
“I lose count of the number of cognitive biases that got activated in their process — from confirmation bias and optimism bias to so much else,” says Peter Conti-Brown, an associate professor of financial regulation at The Wharton School at the University of Pennsylvania. “It is the most common story ever told: When you make big goals, you then try to rough up the ref so that you can get the outcomes you’re seeking. The ref in this case is basic bank accounting.”
Additionally, Silicon Valley executives also removed interest rate hedges that would’ve protected it from rising rates, a move the Fed attributes to maintaining short-term profits instead of managing the balance sheet.
“That’s more casino behavior than it is prudential behavior,” says Joe Brusuelas, chief economist at RSM US LLP. “It’s throwing the dice at a casino.”
Both banks had an unusually large percentage of accounts that were over the $250,000 deposit insurance threshold, the withdrawals of which acutely contributed to their failures.
“Uninsured deposits are considered higher risk as they are more prone to rapid runoff during reputational or financial stress than insured deposits,” the FDIC wrote. But Signature’s management didn’t develop a funds management policy or a contingency plan, in part because they didn’t believe those customer deposits would become volatile.
“[Signature’s p]resident rejected examiner concerns about the stability of uninsured deposits as late as noon EST on March 10, 2023,” the FDIC wrote. New York regulators closed the bank on March 12. “[M]anagement’s lack of a well-documented and thoroughly tested liquidity contingency plan and its lack of preparedness for an unanticipated liquidity event were the root cause of the bank’s failure.”
Both management teams had assumptions around their deposit base that “just weren’t true” Brusuelas says. He adds that bank management teams now should reexamine their analytical framework around their liquidity risk management and strengthen governance policies and limits around their deposit mix.
The FDIC wrote that funds management practices should lay out how a bank will maintain sufficient liquidity levels, how it will manage unplanned or unanticipated changes in funding sources — like a number of large accounts withdrawing and how it will react and withstand changes in market conditions. The practices should also incorporate the costs of the backup liquidity or source of the liquidity, both of which may change under market stress.
Backup liquidity is crucial in times of stress. Silicon Valley Bank didn’t test its capacity to borrow at the Federal Reserve’s discount window in 2022; when the run started, it didn’t have appropriate collateral and operational arrangements in place to meet its obligations.
“The fundamental risk of too much growth too fast is a failure of diversification,” Conti-Brown says. “Rapid growth comes [from] a sudden influx of funding … that goes into a small number of asset classes.”
Both reports discuss how already-weak risk management was further exacerbated when the banks experienced rapid growth; risk management and control policies failed to increase in sophistication as deposits and assets grew. And neither bank seemed to revisit the appropriateness of risk management, governance and internal audit policies nor whether their boards had experience levels commensurate with the institutions’ new sizes as they grew.
Silicon Valley Bank’s growth “far outpaced the abilities of its board of directors and senior management,” the Fed wrote. “They failed to establish a risk-management and control infrastructure suitable for the size and complexity of [the bank] when it was a $50 billion firm, let alone when it grew to be a $200 billion firm.”
The reports make a compelling argument that active and constant risk management plays an important role in the long-term financial solvency, success and continued operations of banks. Boards and executives at institutions of all sizes can learn from the risk management failures at these banks and revisit the appropriateness of their risk management principals, policies and models as the economy continues to shift.
“The goal of risk management is not to eliminate risk,” the Fed wrote. “but to understand risks and to control them within well-defined and appropriate risk tolerances and risk appetites.”
Risk issues like these will be covered during Bank Director’s Bank Audit & Risk Conference in Chicago June 12-14, 2023.