In the nearly six months since the failure of Silicon Valley Bank (SVB), three others have gone belly-up, the most recent of which was just last month. While many have focused on the risk-related causes of SVB’s failure and the lessons one could draw from it, Riskonnect CEO Jim Wetekamp shines a light on a less-discussed angle: business continuity.
The Silicon Valley Bank (SVB) collapse and its aftermath exposed several glaring risk management failures. But there’s one important lesson the companies directly affected and those watching from the sidelines should take away from the downfall: Don’t underestimate the value of business continuity.
SVB’s demise was precipitated by a number of events:
- The chief risk officer role was vacant for eight months.
- A relentless pursuit of profit took precedence over sound risk management and led executives to change risk model assumptions that didn’t fit their desired narrative.
- Their CEO’s shortsighted transparency on the bank’s financial troubles sparked panic.
- Executives overlooked the threat of social media, which caused the internet-fueled bank run.
Each of these risk management issues played a critical role in the bank’s collapse — but the magnitude of the problem was overlooked because executives weren’t thinking enough about business continuity.
The purpose of business continuity is to be prepared for anything that could disrupt operations. Think ahead about potential risk events and the impacts, no matter how unlikely or unpredictable they may seem. If you don’t have a clear and effective plan and response strategy in place beforehand, you’re dead in the water when a crisis hits.
The vital role of business continuity management
Business continuity strategies ensure that a company maintains its ability to operate, even under disruptive conditions. Silicon Valley Bank understood its risk profile and the negative impact of the events that could arise. In fact, the bank’s 2020 and 2021 annual reports both listed market and liquidity risks, including:
- The possibility that its interest-rate spread could decline in the future. The bank cited that any material reduction in the spread could have a material adverse effect on the business, results of operations or financial conditions.
- Liquidity risk could impair the bank’s ability to fund operations and jeopardize its financial condition.
A strong business continuity management program would have raised the alarm and possibly prevented catastrophic effects even with the manifestation of these risks. Setting and monitoring key controls to warn of disruption is critical, especially for organizations similar to SVB that have a high risk appetite. With advance notice and planning, you can respond swiftly and communicate effectively when a crisis hits so that the impact is minimized, and the business stays up and running.
When all is said and done, it’s likely that Silicon Valley Bank’s failure will be traced back to one serious flaw — shoddy risk management. Supply Wisdom’s Atul Vashistha shares the lessons that all companies should take away from this fiasco, even if they weren’t directly affected.Read more
3 things business continuity planning offers
There are several important capabilities your business continuity team brings to the table. Here are three of the most critical:
Understanding vulnerabilities to maintaining operations
Business continuity practitioners are responsible for helping the organization understand its vulnerability to disruption and making it more resilient. While their focus is on disruption caused by a loss of process capability and dependent resources, these professionals engage with functions across the organization. As such, they are well-positioned to identify areas in which controls are missing or failing so you can fill the gaps.
Gaining organization-wide visibility
Given business continuity managers’ regular engagement across departments, these professionals can help bring different risk disciplines together. These risk teams can collaborate to identify important business services that, if disrupted, could lead to business failures. This includes insolvency and plausible scenarios where customers cause the disruption, as in the case of SVB.
Controls related to financial risk models and liquidity risk, and monitoring market and customer behaviors, were in place at SVB. However, the bank looked at controls individually and failed to draw connections. If SVB had exhibited integrated risk management thinking, its leaders might have understood the magnitude of the problem, how key controls were failing and which key risks were materializing. They could have effectively brought the team together to reassure markets, investors and customers.
Crisis management isn’t just for responding to a natural disaster or cyberattack. It’s used to manage the impact of any type of incident and speed the organization’s return to normal business operations. Crisis communications is an important part of crisis management. Business continuity professionals often partner with the marketing and communications teams in advance to understand all the audiences that need engagement throughout a crisis, how best to reach them, and what to say depending on the scenario.
SVB’s response highlights the importance of effective crisis communication. The bank issued a technical response in the form of a PDF on its website, which expressed the need to raise capital.
There were two main issues with this response. While transparent, the document included language that labeled the viability of planned response strategies with caveats such as “potentially” and “probably,” which didn’t inspire confidence. There was also little coordinated communication on social media from SVB despite widespread stakeholder discussion and debate regarding the impending crisis on these platforms.
Continuity planning-minded communication would have ensured that each audience was engaged in a way that best resonates — through social media, email, the company website, or another channel — with a clear, appropriate, and timely message.