• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact

Risk in the spotlight again: banking failures and lessons for risk committees

March 22, 2023

The collapse of SVB and Credit Suisse has resulted in a lot of questions about banking regulation and risk management on both sides of the Atlantic.  Have we seen the first victims of a new banking crisis or just witnessed an inevitable failure of vulnerable businesses in a toughening market?  Either way risk oversight by the board in each case was left wanting, so how could it be improved and what can risk committee learn from banking failures?

Firstly, it appears that foresight was missing: risk was seen in terms of compliance with reporting rules rather than a series of alternative outcomes in an unknowable future.  It seems that many banks had rather too much security in Held-to-Maturity (HTM) treasury bonds which actually decline in value with interest rate rises.  These are inflexible assets that cannot readily be converted to cover a spike in demand for liquidity.  Why did so few bankers fail to see that after 10 years of QE a rise in interest rates would be inevitable?

Foresight is an essential part of risk appreciation but appears to have been in short supply in many boardrooms.  Bankers expert in mathematical modelling and probability analysis can only work with the data they have and that is inevitably historical.  As King and Kay pointed out in Radical Uncertainty, the key is knowing how to distinguish between puzzles which can be solved and mysteries which can’t.  The future is always a mystery and there is no certainty in risk management because it deals with estimated future outcomes not historical facts.

It has been said by many within banking that HTM security risk is never hedged because the cost is too high and it would defeat the object of holding HTM bonds.  This is where investment banking strays into gambling is it not?  Surely the role of the risk committee is to question how else the risk might be hedged rather than just hunker down and hope things improve.  The risk committee should be looking at how to mitigate risk that bankers believe cannot be hedged.  This is why the SVB board ended up selling their own stock once they could not prevent the bank falling into insolvency.

Any competent risk committee should be aware of the textbook ‘Managing the Unexpected’ which identified five key attributes of a high reliable organisation (HRO).  In essence, you build in resilience to your business model so that risk anticipation is integral not peripheral.  The collapse of SVB and Credit Suisse remind us that banks rely heavily on customer trust and confidence in the system.  It follows that once confidence erodes then fear of loss becomes contagious and a bank run is hard to stop.  The risk committee has a role to play in reassurance to protect customer confidence.  For example, the latest US interest rate rise yesterday, by another quarter percent taking it to 4.75%, adds further pressure on the value of bond securities and forces risk committees in the financial services sector to think hard about mitigation. 

The post mortem on both SVB and Credit Suisse will reveal red flags that were missed by regulators and investors so the future will see improvements in signalling, but the most important learning point concerns the role of the risk committee: it is not the frequency of meetings that matter but how effective its decisions are in adjusting risk appetite when marketplace environment changes.

 Garry Honey is an advisor to boards on risk identification gwh@chiron-risk.com

Tags: Garry Honey
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson