Silicon Valley Bank: Lessons on governance, risk management, and controls
As the dust begins to settle on the Silicon Valley Bank (SVB) collapse, and as more information comes to light about the recent turmoil at SVB and other banks, it is becoming clearer that insufficient organizational governance, risk management, and internal controls were all part of the root cause. This moment should serve as a cautionary tale for all financial institutions – and for organizations across industries, for that matter.
While SVB may not have been subject to certain key regulations —because it was under the $250 billion threshold that triggers certain regulatory obligations — it is important to note that mere compliance with banking regulatory requirements does not go far enough to protect an institution from the risks they face in today’s economic environment. Good governance, risk management programs, and related internal controls are essential to long-term, sustainable growth.
Boards of directors and management at all organizations have a duty of care and oversight to make sure that an adequate governance structure is in place – and that sufficient and effective risk management processes and controls are in place and operating as intended. These expectations are made clear in various pieces of regulatory agency guidance, evaluative criteria, relevant case law, and other guiding frameworks. These include, for example, Department of Justice guidance, U.S. federal sentencing guidelines, In re Caremark, and the COSO framework, respectively.
As a result of the rapid failure of SVB and other banks, depositors are nervous, stakeholders are alarmed, and regulatory agencies are on high alert. All of this triggers a proactive need for organizations to begin the process of assessing the current design and health of their governance frameworks, and their organizational underpinnings related to process and controls.
When conducting these assessments, organizations should consider several areas of focus, including but not limited to:
- Board member independence, and the activities of non-independent advisors
- The activities of the audit committee and the committees reporting communications to the board
- The quality of both board and audit committee communications, including meeting minutes
- Board-level expertise related to risk management and the insight needed to effectively provide oversight
- Efforts of the board related to addressing communicated and ongoing regulatory concern
- The results of the annual risk assessment and the proposed audit program (Do they line up?)
- The technical audit skills required for stress-testing credit, market, and liquidity
- The alignment of current board and audit committee charters with committee activities
- The “G” component of the organization’s environmental, social, and governance (ESG) initiative, which should be driving business strategy and sound governance protocols
Contact our team for more information or for assistance with beginning your assessment or strengthening controls.