I have seen some unfortunate postings on social media and in the news. Self-appointed experts telling us what happened, why, and whose fault it was.

There’s a political battle going on as well, with people blaming federal government administrations, regulators, and so on.

I’m not going to get into that.

But I think it is important for governance, risk, and audit practitioners to understand the situation and its implications.

Here are some of the better pieces to read:

• Fortune: A risk management nightmare at Silicon Valley Bank
• Newswise: Op-ed: Silicon Valley Bank’s Failure in Risk Management
• com: Disastrous Risk Management Is Not the Fed’s Fault
• Forbes: Silicon Valley Bank Proxy Shows Board’s Secret Yearlong Risk Panic

Excerpts from Fortune:

“I think this is a colossal failure in asset-liability risk management,” Mark T. Williams, a former bank examiner for the Federal Reserve, tells me.

Williams is referring to actions that led to Silicon Valley Bank’s seizure by federal regulators on Friday following a bank run. It’s being deemed the largest institutional failure since the 2008 financial crisis. SVB is a major lender for the tech and venture capital sectors. But the bank didn’t have a chief risk officer for about eight months, Fortune reported.

SVB’s parent company, SVB Financial Group, disclosed on March 8 its big bet—it sold $21 billion of bonds, resulting in an after-tax loss of $1.8 billion for the quarter, Fortune reported. Many of those bonds were yielding an average 1.79%, far below the current 10-year Treasury yield of around 3.9%. SVB also disclosed it was conducting a stock sale worth $2.25 billion in an attempt to shore up its finances. But as my colleagues Anne Sraders, Jessica Matthews, and Kylie Robison write, this news caused panic among investors. On Thursday, investors and depositors tried to pull $42 billion from SVB.

“To prevent a crisis of confidence, SVB’s CEO and CFO should have relied more on an old-fashioned banking approach of diversification of its lending and deposit customers,” says Williams, a master lecturer in the finance department at Boston University’s Questrom School of Business. “Venture capital is a highly risky business. So not only did the bank expose its asset side of the balance sheet but also its liability side.”

“The CFO and, I would argue, the board failed to adequately protect shareholder value,” Williams says. “The board-appointed risk management committee, which works closely with the CFO, should have done adequate scenario analysis to examine the deposit withdrawal risk. That, in fact, was the bank’s downfall.”

Newswise:

SVB probably never imagined it could experience a run of $42 billion in a single day, accounting for about one-quarter of all deposits at the bank.

We now have a better glimpse inside as to what brought SVB down. Technically, the bank failed due to a liquidity crisis, i.e., a lack of sufficient cash inflows to sustain it during a period of significant cash outflows. Think about getting in your car to go to work and you hear a clunk, and the car just stops running. The mechanic tells you that you’ll have to replace the transmission for $5,000. Your heart sinks as you realize your checking account has $100 in it, your credit cards are maxed out and your family and friends won’t extend you any credit. That’s a personal liquidity crisis. Magnify that by billions and you get the idea of what SVB was dealing with when a good part of their depositor base evaporated.

One of the risks it seems SVB didn’t account for was the degree and speed by which its depositors would withdraw money from the bank upon hearing that SVB was experiencing a “cash burn” that required them to raise capital in an attempt to shore up losses from sales in investment securities that are held in the available-for-sale (AFS) part of the balance sheet. That announcement spooked investors and sent the stock spiraling down, precipitating the largest bank run of all time.

How did SVB get into this position? After all, it touted that it had solid risk management practices and effective controls in its financial disclosures. It turns out that things aren’t always what they seem on the surface. The company made several risk management blunders. The first was in placing large bets on interest rates. Bank balance sheets split assets into two groups, AFS, or those assets that firms expect to transact over some time and held-to-maturity (HTM) assets that are expected to be held for long-term investment purposes. HTM assets are held at book values while AFS assets are marked-to-market according to fair value accounting principles.

At the end of 2022, SVB reported $120 billion of investment securities, representing 55% of its assets, or more than double the average of all US banks. Further, three-quarters of their investment portfolio were in HTM securities, largely in U.S. Treasuries and mortgage-backed securities (MBS). While Treasuries and MBS are very safe investments from a credit risk perspective, they pose substantial interest rate risk. The weighted average duration of these investments was about six years, implying that if interest rates rose by 100 basis points (1%), the value of those securities would decline by 6%. In a low yield environment prior to the Fed’s rate hiking plan, the quest to ride the yield curve for income was very much in focus by banks including SVB.

The strategy was to invest a significant amount of deposits in the HTM portfolio where the investments would not have to be marked-to-market. However, the AFS side of the portfolio is subject to reporting unrealized gains or losses because of changes in the valuations of those assets that remain on the balance sheet. With interest rates rising quickly in 2022, the value of those assets declined (for bond portfolios, yields and prices move inversely) and SVB had to do something to stop the bleeding as those unrealized gains hit against the balance sheet, specifically equity in the form of accumulated other comprehensive income or loss (AOCI). It turns out that unrealized losses when reported under AOCI do not affect a bank’s regulatory capital but will affect their nonregulatory total common equity (TCE) ratio. SVB’s TCE ratio was severely dented by the steady unrealized losses it was sustaining and so was forced to sell AFS assets at a loss, thereby igniting the stampede to withdraw deposits once the word got out.

SVB maintained in its regulatory filings that it conducted regular and sophisticated market risk analysis and interest rate risk hedging activity. However, the amount of interest rate hedging was quite small in comparison with the AFS investments. Only $550 million in notional value of interest rate derivatives stipulated as interest rate hedges were reported at the end of 2022. And clearly their risk modeling didn’t anticipate the combination of interest rate and liquidity risk shocks it would face.

It seems apparent now that SVB’s liquidity risk management practices were deficient.  Best practice banks will employ a number of methods to understand the sensitivity of their liquidity risk profile to various shocks including contingency liquidity planning scenario exercises. The largest banks go further and are required to calculate the amount of high-quality liquid assets (HQLA) as a percent of stress net cash outflows over a 30-day horizon, referred to as the Liquidity Coverage Ratio (LCR). These banks also must calculate a similar ratio over a one-year horizon on the stability of their funding. But in the end, even if SVB had technically been compliant with LCR, (we’ll never know since they weren’t large enough to require LCR compliance) the size of the bank run would likely have resulted in the same outcome.

Poor risk oversight

Compounding SVB’s problems was an apparent lack of risk management oversight by the board and the risk team. SVB had a risk committee charter documenting all the components of risk management that should be in place to manage risk well. So clearly there was a disconnect between what they said on paper and their actions. SVB was without their senior most risk officer for about eight months in 2022 and only in January brought a new Chief Risk Officer on board. That leadership gap could have left the board and the risk management team in the dark on emerging risk in the portfolio and the poor strategy and practices put in place to manage their market and liquidity risks.

Another major issue that is pervasive across banking is the lack of risk expertise represented on bank boards. Most bank boards today are not equipped to challenge management on risks affecting the enterprise. Of the seven board members assigned to SVB’s Risk Committee, only one had any background remotely related to risk management and none, according to the information provided on SVB’s 2023 Proxy Statement ever held a senior risk management role such as CRO. This calls into mind how boards can ask the right questions of management regarding risks and mitigation strategies given the technical complexities of bank risks.

Forbes:

The repeated interest rate hikes over the past year have dented bond portfolio values. Many banks, including SVB, designate such investments as “hold-to-maturity” which allows them to avoid “mark-to-market” accounting and conceal unrealized losses.

Such background bookkeeping machinations only come to light when high growth ventures face tepid IPO markets and must draw on deposits. Their cash needs force poorly-capitalized banks to sell loss-laden holdings to generate sufficient liquidity.

Undoubtedly, such valuation woes may have placed SVB in momentary paper default positions throughout the year. The board and c-suite likely hoped, against market forces, for stabilization of their high-risk business model. The eventual March 2023 capital raise announcement ended the financial stagecraft and triggered the collapse. Simply put, SVB leadership failed its fundamental stewardship responsibilities.

The Investing.com piece is interesting, especially for the technical folk reading this. It describes how SVB didn’t hedge the interest rate risk enough. They said, quite bluntly:

SVB was not applying basic risk management practices and exposing its investors and depositors to a gigantic amount of risk.

Returning to the question in the title: was this a failure of risk management?

1. Clearly, there was a failure to understand and manage multiple risks. In hindsight, these are pretty obvious sources of risk.
2. There was a failure of management.
3. There was a failure of strategy setting.
4. There was a failure of board oversight.

Although I will wait for a full investigation to be completed by the regulators, my inclination is to blame:

100% the CEO. How can you be the CEO of a financial institution and not understand interest rate risk?

120% the CFO. This is basic stuff for a CFO.

80% the board, who are responsible not only for assessing the performance of the CEO and CFO, but in providing oversight of how they are running the bank.

I don’t know enough to allocate any portion of blame to others within the company, including the former CRO and the long-serving CAE, John Peters.

I am not sure that I would blame the external auditors. After all, the financial statements were probably correct, and we are not talking about a failure of the system of internal control over financial reporting. Francine McKenna (@retheauditors) will be commenting on this; I recommend watching for her analysis.

I’m tempted to put some of the blame at the feet of the analysts who monitored SVB.

You can call this a failure of risk management if you like.

Any corporate, even personal failure could be called that.

I think its more a failure to perform by the CEO and the rest. Poor decisions were made.

I don’t know any of the individuals involved, but I think questions must be asked as to whether they were the right people for the job.

What do you think?