Silicon Valley Bank: Key Takeaways and Questions for Board Risk Oversight

One of the earliest lessons my father taught me was that a smart man learns from his own mistakes, a wise man learns from the mistakes of others, and a fool never learns. In pursuit of wisdom, we can gain valuable insights and lessons from corporate governance and risk management failures.

As a former chief risk officer (CRO) and early advocate of enterprise risk management (ERM) who has served on public and private company boards, I am disappointed and saddened by what happened at Silicon Valley Bank (SVB). The collapse of SVB wiped out more than $40 billion in shareholder value, disrupted the venture capital and banking industries, and forced unprecedented government and private sector interventions. The underlying problems and sequence of events that led to SVB’s collapse have been well documented in the press.

What can we learn from the SVB failure? For banks and non-banks alike, there are key takeaways and questions for the full board and for each committee.

Board of Directors

SVB’s business model was singularly focused on the venture capital community, providing banking services to technology companies, their investors, and their employees. While this focus represented a competitive advantage—half of all US venture capital-backed start-ups were customers—it also created strategic risk concentrations (e.g., deposit concentration) that seeded SVB’s downfall.

The board of directors is ultimately responsible for the overall performance and risk management of a company. Key takeaways and questions for the full board include the following:

• Strategy and ERM must be aligned to consider the upside opportunities and downside risks associated with the company’s business model and strategy. Is our ERM program aligned with strategy so that strategic risk and return trade-offs can be evaluated on an integrated basis?
• Reputational risk management is critical during a crisis and the board should closely monitor stakeholder communications (SVB has been widely criticized in this area). Do we have an effective crisis communication plan that is stress-tested for the digital age?

Risk Committee

SVB’s high risk profile was hidden in plain sight. In addition to strategic risk concentrations, the bank’s financial risk exposures were clear. For example, at the end of 2021 SVB’s 10-K report showed that for a 200-basis-point rise in rates, the bank would suffer a $5.7 billion decline in the economic value of equity. When the US Federal Reserve increased rates by 425 basis points in 2022, SVB’s economic losses wiped out its $15 billion in tangible equity.

The risk committee is responsible for providing oversight of ERM. Key takeaways and questions for the risk committee include the following:

• The role of a CRO is essential in implementing ERM and supporting board risk oversight. SVB didn’t have a CRO for 8 months in 2022. Do we have a strong and independent CRO?
• Risk concentrations are existential during economic downturns. Do we understand—through scenario analysis and stress testing—the critical risk concentrations and correlations in our business?
• Prudent risk appetite and quantitative limits provide safeguards to ensure that risk exposures don’t become excessive. Have we implemented clear risk escalation, risk appetite statement, and risk acceptance policies?

(Of note: The 2022 NACD Public Company Board Practices and Oversight Survey found that nearly 24 percent of companies had a permanent risk committee. This was up from 16 percent in a similar survey three years earlier.)

Audit Committee

As a public company, SVB had an obligation to provide risk disclosures. For interest rate risk, the key section is Item 7A in the annual 10-K report, which provides information on how rate changes would impact net interest income and economic value of equity. In SVB’s 2021 10-K report, Item 7A showed that rising rates would benefit earnings but damage equity (i.e., short-term gain, long-term pain). Astonishingly, in the 2022 10-K report the bank only showed that rising rates would benefit earnings. The quantitative analysis of how rates would impact equity was omitted.

The audit committee is responsible for providing oversight of financial statements, internal controls, and risk disclosures. Key takeaways and questions for the audit committee include the following:

• Fair value accounting can obscure economic reality in financial statements. The Financial Accounting Standards Board’s accounting rules for held-to-maturity securities have been criticized for not clearly showing SVB’s investment losses. Should we monitor our financial conditions on a mark-to-market basis?
• Stakeholders expect risk transparency in financial statements. No one likes surprises. How should we consider reporting issues—such as critical audit matters and quantitative risk disclosures—to build and maintain trust with our stakeholders?

Governance Committee

The SVB board had six committees, but its risk committee was the only one without a chair in 2022. Moreover, none of the risk committee members had direct risk management experience. (This is the same criticism of JP Morgan Chase & Co. with the London Whale incident.) Banks with more than $50 billion in total assets are required by regulators to have a CRO that reports to the board risk committee. SVB had more than $200 billion in assets. But this governance structure doesn’t work without effective leaders at the board and executive levels.

The governance committee is responsible for overseeing corporate governance practices and ensuring that qualified directors serve on the board and its committees. Key takeaways and questions for the governance committee include the following:

• Risk oversight responsibilities should be clearly defined for the board and committees. Do we have a risk oversight matrix that defines the board risk governance structure, and considers qualified experts for each committee?
• Board and committee effectiveness should be tracked at the director, committee, and board level. Is our board fit for purpose given our strategy and overall risk profile?

Compensation Committee

Inexplicably, SVB decided to accept bet-the-bank financial risks to earn an extra half of a percent in investment yield. They invested in long-term treasuries and mortgage-backed securities to boost earnings, but that created a significant duration and liquidity mismatch with the bank’s deposits.

The compensation committee is responsible for overseeing executive compensation, human capital management, and succession planning. Key takeaways and questions for the compensation committee include the following:

• Incentives should not encourage excessive risk taking or prioritize short-term profits over long-term value. Is our compensation system aligned with our purpose, values, and long-term strategy? At the end of the year, do we pay for risk-adjusted performance (not just pay for performance)?
• Succession planning should be in place to minimize key person risks. Do we have clear succession plans, including a strong pipeline of candidates, for critical board and executive leadership positions?

The SVB failure is a disaster that could have been avoided. We will get more information as the investigations unfold. However, we already know enough to derive important lessons and ask critical questions on board risk oversight.

James C. Lam, NACD.DC, is president of James Lam & Associates, a risk management consulting firm; a board director; and an NACD Directorship 100 honoree.