The Global Financial Crisis (GFC) of 2008 led to extensive reforms in the regulatory, governance and administrative framework for the banks and financial institutions in the US and globally. In particular, these included stringent regulatory capital and supervision requirements, strengthened risk management practices, systemic risks and risks associated with the entities considered too-big-to-fail or fall.
The fall of the Silicon Valley Bank (SVB) has again raised concerns over the failure of regulatory oversight and of the governance system at the board and organisational level in these banks. The call for fresh reforms included the recall of a 2018 regulatory dilution of the Dodd-Frank Act of 2010 for banks with assets up to $250 billion. Ironically, the SVB leadership lobbied hard to make that happen terming those as burdensome and with a high cost of compliance.
Is the SVB collapse a failure of regulation or of governance within the bank? The answer is possibly both but not to the extent and of the intensity that caused the GFC. As the situation stands today, it does not have a contagion effect of that magnitude though its effect may be more pronounced in some countries. The alacrity with which the institutional setup that was created post-GFC acted has saved depositors or at least minimised their likely losses.
Failure of the Business Model
Has the business model of SVB failed? Indeed, it has and for the second time. Its original business model to take deposits from very liquid technology companies, and then lend money to commercial real estate barely survived the real estate crisis of the early 1990s. Lending by SVB to real estate carried the highest risk. SVB changed its business model to focus on the innovation economy or startups, and institutional investors which were attracted by potential high returns. SVB became the fastest-growing bank, booming with economic upturn and technological advances.
In the process, it became a monoline banker with a monoline loan portfolio and monoline depositors’ portfolio. It was, as its annual reports would suggest, aware of portfolio risks – a fundamental alert for a banker – it was exposed to. It however ignored and chose to leverage risk for high growth and high profits. It believed and made others believe that it had grown strong enough to weather any storm. Ironically, the regulator, investors, credit rating agencies and auditors failed to see the hazardous side of adventurous banking.
Like in the early nineties, SVB faltered again. Interest rates in the US and across the world had been rising and thus decreasing bond valuations for almost a year and rapidly in recent months. The resultant loss in the value of its investment and the panic that was created amongst depositors exposed the risk hidden in SVB’s business model causing its fall.
Did the auditor, KPMG, falter in not red-flagging the eventual fall of SVB 14 days after the issuance of a clean report? As is usual after every corporate collapse, there is a demand for an investigation into the auditor’s role and the auditor has defended his report. It is difficult to say, based on the available reports, whether the auditor exercised adequate due diligence in satisfying himself about the validity of the going concern assumptions underlying the preparation of financial statements.
The assumption requires the auditor to evaluate whether there is substantial doubt about the entity's ability to continue as a going concern for one year beyond the date of his report. If the auditor believes that there is substantial doubt, then he should obtain information about management's plans that are intended to mitigate the doubts. Based on that information, he should assess the likelihood that such plans can be effectively implemented.
Did the bank or the auditor in this case see inherent risk in the business model? Did the risk assessment by the chief risk officer or the audit committee highlight the asset-liability mismatch, likely liquidity problems and the risk of a likely run on its deposits? If not, then the auditors ought to have raised concerns and sought management’s response.
The answer to these questions lies in facts and details of the case not yet known. It however appears that there was a failure of risk management systems and internal financial controls in the bank, judged from fundamental principles of risk management and that warranted appropriate disclosures. if it is proved that substantial doubts existed then the auditor had the responsibility to inform those charged with the governance in management and make appropriate disclosure in his report on the validity of the going concern assumption.
Ashok Haldia is a Chartered Accountant. Views are personal, and do not represent the stand of this publication.