When all is said and done, it’s likely that Silicon Valley Bank’s failure will be traced back to one serious flaw — shoddy risk management. Supply Wisdom’s Atul Vashistha shares the lessons that all companies should take away from this fiasco, even if they weren’t directly affected.
The collapse of Silicon Valley Bank is the biggest bank failure since 2008’s global financial crisis. Even if your enterprise didn’t bank with SVB, with relationships to more than 50% of all venture-backed companies in the United States, there’s a good chance you have a third or fourth party that did.
President John F. Kennedy once said, “when written in Chinese, the word ‘crisis’ is composed of two characters. One represents danger, and the other represents opportunity.” Regardless of your enterprise’s direct or indirect relationships with SVB, the cascading effects across our financial and banking system put us all in danger, but let’s consider the opportunity.
What lessons can we take away from this crisis that could improve future outcomes? Because let’s face it — a dynamic risk environment is the new normal. No one knows what the next crisis will be, but if we see this as an opportunity to learn and change, we can be more resilient in the face of whatever comes next.
With federal investigations pending, the autopsy of Silicon Valley Bank and resulting cascade of bank failures is only just beginning. Experts have suggested a faulty risk model is partially to blame, and while sharing customer data with its peers likely would not have saved the bank, business data analyst Sukirt Singh suggests SVB and other troubled banks could learn a thing or two from the data-sharing model embraced by several Dutch banks.Read more
Risk management requires board prioritization
Silicon Valley Bank had no official CRO for eight months. Read that again — it’s 2023, and a major bank operated without a chief risk leader. That shortcoming, in and of itself, could be considered risk management malpractice.
Businesses have hundreds of competing priorities in their quest to achieve strategic objectives. Those with executive leadership and board-level support are moved up and funded. Unfortunately, in the case of SVB, it appears that risk management was not sufficiently prioritized. A savvy board and leadership team would demand risk management prioritization — and fund it accordingly.
Continuous risk requires continuous monitoring
Risk doesn’t take a break. New risks are continuously arising and rapidly evolving. Without continuous monitoring, enterprises don’t just have blind spots; they have black holes in their risk exposure visibility. As far back as 2021, the Fed was aware the bank’s liquidity risk management was insufficient, but it’s unlikely that anyone outside of SVB could have prevented this crisis. Still, an early warning, via robust internal controls and risk mitigation, could have enabled agile intervention. The sooner you act to mitigate risk, the better. A quick pivot before your competitors can save you money while minimizing fallout to your organization.
Although accurate and reliable continuous monitoring solutions have been a reality for years, risk management teams have slowly incorporated this capability into their risk programs. The drive to accelerate adoption must come from the top. Boards and executive leaders must recognize that without continuous monitoring, they could unknowingly assume risk above acceptable risk thresholds.
Cascading failures can be prevented
The SVB collapse cascaded into failures across the supply chain. The impact was severe. With many technology companies that manage critical business functions and processes at risk, business continuity was threatened whether an organization banked with SVB or not.
Organizations with the right risk management solutions and continuous monitoring were immediately aware of which of their sub-tier parties (Nth parties) were vulnerable to the SVB failure and how the event could disrupt their business. This early warning enabled them to intervene to mitigate the risks days before those who could not see where they were exposed.
For this early warning, it’s critical to continuously monitor suppliers and suppliers’ suppliers for the earliest risk indicators. Radical transparency into your network’s critical vendor interdependencies and vulnerabilities is essential.
Increased regulatory scrutiny a likely upshot
Financial experts, lawmakers and other officials are rightfully kicking up a storm about the apparent lack of oversight that led to SVB’s downfall. As a result, we should expect an increase in regulatory scrutiny in the years to come. Compliance failure could result in hefty fines, reputational damage and more.
Old regulations may resurface. For instance, requirements loosened for regional banks in 2019 may be reversed to conform with standards set for the larger banks. The 2018 legislation that watered down Dodd-Frank, the landmark regulatory reform act, enacted initially following the 2008 global financial crisis — might be revisited.
And it’s not just the financial industry that should expect changes. From the German Supply Chain Due Diligence Act to the U.S. National Cybersecurity Strategy and more, new regulations pose significant risks to businesses with complex networks unaware of changing regulations and compliance. Businesses should strive for proactive vigilance through a risk management program that monitors and ensures third-party compliance.
The collapse of SVB serves as a reminder of the dynamic nature of today’s risk landscape. Understanding the health and risks of partners and sub-tier providers within an organization’s supply chain is vital. Effective risk management requires three disciplines in this environment: radical transparency, proactive vigilance and agile intervention. If your risk management program doesn’t adopt all three, let these lessons serve as your wake-up call to drive change.