While several factors contributed to the recent failures of Silicon Valley Bank (SVB) and Credit Suisse, shortcomings in risk management have been cited as key causes in both cases. Experts in the field believe that some of the high-profile errors committed by these banks could change how businesses in both financial services and the wider economy manage risk.
“People are going to pay more attention to risk management, especially because Credit Suisse and SVB are still in the news,” says Damian Handzy, MD of analytics at software developer Confluence and former global head of risk at StatPro.
SVB, whose UK arm was acquired at the 11th hour by HSBC for £1, had raised eyebrows at the US Federal Reserve as long ago as 2021, when the regulator expressed concerns about deficiencies in its risk management practices. Moreover, the bank seemingly went without an official chief risk officer for eight months last year.
Similarly, Credit Suisse – which was taken over by Swiss rival UBS – had long maintained a cavalier attitude to risk. In March, Switzerland’s financial services watchdog concluded that the bank had “seriously breached” its risk management obligations during the collapse of Greensill Capital in 2021.
“When people are making money, everything is overlooked, including risk. Risk management isn’t in the back seat, it’s in the boot,” Handzy says. “When times are tougher and you really have to sharpen your pencil to meet budgets, people look at it much more carefully.”
It wasn’t until mid-March, after reporting its biggest losses since the global financial crisis of 2007-08, that Credit Suisse admitted its “failure to design and maintain an effective risk assessment process”.
Joel Lange, general manager at Dow Jones Risk & Compliance, says: “Times like these really highlight to corporations, as well as banks, that they need proper mitigation measures in place.”
In Lange’s view, the downfall of SVB and Credit Suisse, and previous scandals at FTX and Wirecard, highlight the need for effective corporate governance.
“Setting the right tone from the top in relation to board-level accountability for risk management is important in both the good times and the bad,” he stresses.
Olga Collins, CEO of the Worldwide Broker Network and a former risk manager at courier giant UPS, agrees that the recent crises should encourage “all industries to review their risk management processes and be proactive before anything similar occurs”.
Businesses spread their banking risk
One of the more immediate corporate responses to the latest banking collapses has been for firms’ treasury committees to re-evaluate whom they are banking with.
SVB was particularly popular with technology startups. It’s been estimated that one-third of British startups used SVB’s UK arm as their only provider of banking services. This left them particularly vulnerable when customers scrambled to recover their money, with $42bn (£34bn) withdrawn in the 24 hours before the Federal Deposit Insurance Corporation seized control of the business. Because they had no other bank, many firms were left scrambling to process their payrolls and honour their debts to key suppliers.
This has prompted other companies to open accounts with multiple providers and/or seek out longer-established, better-capitalised banks. One startup that was caught up in the turmoil has moved most of its funds from SVB to a larger institution in the US, for instance, while Lange reports that several venture capital firms are advising investees to diversify their banking relationships.
“Keeping all your money in one bank, as a global corporation, wasn’t deemed a high-risk practice before, but this development changes the calculus in terms of treasury management,” he says. “As a result, there will be more diversification from corporate treasurers in terms of where they keep their firms’ money.”
Lange adds that the impact that SVB’s sudden collapse had on its clients‘ ability to execute basic business processes will also have served as a wake-up call.
“Companies always expect their payroll to be there. When it isn’t, it’s an eye-opener,” he says, predicting that many organisations will be stung into doing more to mitigate risk. Such work could include “wargaming various scenarios” throughout the value chain.
It’s not only startups and SMEs that are reviewing their approach to risk. The Credit Suisse affair has also spooked larger companies, partly because it happened so quickly.
Lange has heard from CEOs who told him that they’d had to cram for an “overnight MBA” in treasury management.
“In these times, senior executives must learn about areas of their business that they may not have nurtured before,” he says. “I hope that those lessons will become ingrained in their memories.”
Will chief risk officers be heeded at last?
The banking crises could mark another turning point in the ever-changing role of the CRO. Before the Covid crisis, the risk management function was widely undervalued and didn’t have a presence on board-level committees, according to Collins, who says: “Risk management got rolled into a compliance-driven, transactional, cost-centre function.”
But she adds that risk management specialists have been “elevated again and moved towards a more consultative, front-line enterprise role” since the pandemic struck and problems such as supply-chain disruption and energy cost inflation have made life harder for businesses.
Despite this improvement in their status, CROs clearly haven’t always been heeded in every boardroom, according to Handzy.
“Very few banks gave teeth to their risk departments, as they didn’t want them to jeopardise return generation,” he notes.
Susan Divers is director of thought leadership and best practices at LRN, a consultancy specialising in ethics and regulatory compliance. She notes that the lack of consideration for risk at SVB and Credit Suisse indicates that CROs were neither “empowered to make a meaningful impact nor given a real seat at the table” in those organisations.
Remedying this situation requires a change of culture at all levels of the organisation, Divers argues.
“When the board prioritises a culture of ethics and compliance, it helps people at all levels of the company to see the risks and speak up,” she says. “Risk officers can’t be everywhere, which is why an ethical workplace culture is essential.”
Similarly, as the risks businesses face become more complex, the approaches to mitigating them must adapt accordingly. This is where having a more holistic and collaborative approach to risk management is crucial, according to Collins.
“It’s important to align at all levels to open up the many silos that have existed,” she says. “There will be more focus on the team surrounding the CRO, which should comprise people from various backgrounds to deliver diversity of thought.”
Handzy foresees the risk management landscape developing in one of two ways. “This crisis has the potential to refocus people on good practice,” he says. “Or it may already be over – and they will simply carry on with business as usual, grateful that they didn’t get bitten.”
Although CEOs will pay more attention to their risk specialists in the short term, lasting change is unlikely to happen unless customers demand it or new regulations enforce it, Handzy predicts.
“We tend to suffer from a short-term memory-loss problem,” he says. “As soon as the money starts flowing again, people quickly forget the lessons they’ve just learnt and return to old habits.”