Failure of Risk Management: Learning from Silicon Valley Bank

In his article entitled “Risky Business: Important Lessons From SVB’s Demise” 1 , writer Atul Vashistha describes SVB’s collapse being as a result of “shoddy Risk Management”. Was the SVB collapse the beginning of a banking crises, or was the SVB collapse a lesson in failed enterprise risk management practices which all companies can learn from?

Banks are seeing the largest deposit outflows in 50 years says Jim Bianco, Bianco Research.2 “Deposit flight has been happening for weeks, and it did not start with SVB failure around March 8, it culminated with that”. “Deposits outflow began to accelerate in January, months before the first bank failed” says Bianco. “To borrow a crypto term, the public is yield farming, and the banks are not offering anything to farm”. So, there is either a flight to safety with big US banks, or, smaller banks are using other approaches to retain customers.

What do banks need to do to survive

But can small banks respond? According to Bianco, some 70% of loans in the US are to small employers, noting that companies with less than 100 employees employ most of the US workforce. “These (small) companies have local and specialized needs. Regional banks are equipped to understand them and give them credit. Megabank branches are not. But the small banks are not responding and, per Bianco “are losing deposits by the buckets, and they don’t get it as they continue to advertise 0%!”. If deposits continue to leave small/regionals, lending will dry up. “Bankers appear slow to understand grabbing phones and switching to higher-yielding alternatives while they promote 0% savings accounts”.

Was SVB swept up by a macro crisis, or did it fail in Risk Management?

Organizations with proper risk management continually assess emerging risks and respond with risk assessments and they pivot immediately to implement mitigation plans when necessary.

To understand SVB’s failure, the following is list of some of the basic principals in sound risk management which SVB breached.

  1. Maintain qualified risk management resources. Per Atul Vashistha “Silicon Valley Bank had no official CRO (Chief Risk Officer) for eight months. Read that again — it’s 2023, and a major bank operated without a chief risk leader. That shortcoming, in and of itself, could be considered risk management malpractice”. Savy organizations, particularly large ones, know that failing to properly staff their risk management departments with professionals is perilous. Large companies need “all- hands-on-deck”, i.e. 100% dedicated resources to manage all facets of risk;


  1. Identify and mitigate emerging risks: risks change regularly, and an effective risk management function would have identified risks on the horizon and acted accordingly. Major capital outflows started in January 2023, and it appears SVB did little to anticipate the impact on its capital shortcomings. “As far back as 2021, the Fed was aware the bank’s liquidity risk management was insufficient” says Vashistha. When the company ran into deep trouble, it tried to sell itself, but acted too late;


  1. Avoid big bets, adhere to Risk Appetite: Well run organizations do not gamble the farm on “company killer bets”, but establish “Risk Appetite” ceilings on how much risk they are prepared to take- that lesson in banking was established years ago by Barings Bank rogue trader Nick Leeson.4 According to the Economist, “By loading up on long-term bonds, SVB had taken an enormous unhedged bet on interest rates staying low. That bet went wrong, leaving the bank insolvent (or near enough). The fact that shareholders have been wiped out and bondholders will take big losses is not a failure of the financial system. A bad business has been allowed to go bust”.3 This became SVB’s biggest headache. Although it didn’t have to recognize value losses on its HTM (hold to maturity) bonds, investors could see how big those losses were and how badly SVB would be hurt if it had to sell them. Unlike most other banks, SVB was damaged by bad accounting decisions; 5


  1. Robust Board and Management Risk Oversight: It appears that risk management was not sufficiently prioritized at SVB bank.1 A savvy board and leadership team would demand regular risk management reporting with prioritization on critical issues, acting early upon knowledge of impending emerging risks such as serious looming capital outflows, and would have funded accordingly. At a time when deposit holders were using their phones to easily move to better yields for their deposits, SVB failed to offer attractive incentives for deposit holders to stay with the bank;


  1. Avoid Concentration Risk: SVB sat at the heart of innovation in Silicon Valley, with more 50% of all US venture-backed tech and life science companies and more than 2,500 funds as customers.6 A simple analysis of concentration risk would have prompted SVB to diversify to protect against a tech sector meltdown;


  1. Benchmark your Data: Business data analyst Sukirt Singh suggests SVB and other troubled banks could learn a thing or two from the data-sharing model embraced by several Dutch banks.1 Sharing customer data with its peers likely would not have saved the bank, but in combination with other risk management measures, may have provided much needed information to avert their demise;

Fallout for Tech Companies- Lack of Monitoring/ Lack of use of Key Risk Indicators

The SVB collapse has impacted supply chains across the USA, particularly for tech companies. Organizations with continuous monitoring were immediately aware of which of their contractor/sub-parties were exposed to the SVB failure. Those with proper monitoring intervened days before others who did not have proper risk monitoring. “For this early warning, it’s critical to continuously monitor suppliers and suppliers’ suppliers for the earliest risk indicators”.1


So, was the SVB failure a function of macro forces beyond its control, or shoddy risk management? There is no question that SVB bank’s troubles stemmed partially from several bigger macro concerns: a run on deposits which started earlier in 2023 affecting all smaller banks; banking regulations which were watered down under the Trump administration in 2019-2020. But while its too simple to answer definitively, one thing is clear: smaller banks which are properly tooled with best practices in banking risk management are surviving the current crisis (for now). Others that lack proper risk management, like as SVB, are increasingly vulnerable to capital outflows to the better capitalized bigger institutions which are perceived to be “too big to fail”, or, to institutions which are offering more attractive yield rewards.  Continuous changes in the risk environment requires continuous risk identification, assessment, controls, monitoring and reporting. It appears these practices were largely absent at SVB.



  1. Corporate Compliance Insights: “Risky Business: Important Lessons From SVB’s Demise”
  2. Twitter, Jim Bianco, Bianco Research
  3. The Economist, “What Really Went Wrong at SVB Bank”
  4. Investopedia, “How Did Nick Leeson Contribute to the Fall of Barings Bank?”
  5. Bloomberg, “Silicon Valley Bank’s Fall and the Way Forward for US Banking”
  6. Silicon Valley Bank Web Site,
Share this