Now more than ever, bankers need to focus on holistic risk management

ckybe - stock.adobe.com

The banking crisis took a back seat while Congress navigated the suspension of the country's debt ceiling until 2025. However, this crisis calls for more stringent government oversight of the financial sector following the March collapse of Silicon Valley Bank and Signature Bank.

Three of the four largest bank failures in the nation's history have occurred in the last six months. According to The Hill, the rescue of First Republic Bank by JPMorgan in April eclipsed the events of March. Pundits and the press have exhausted American ears with explanations of how we got here, but the truth is that in an already gloomy economy, customers remain concerned about the stability of the nation's financial system. Regulators may have resolved the stresses and lax lending standards that triggered the 2008 financial crisis, but no one was prepared for the ripple effects of inflation shock in the age of concentrated wealth and high-tech investment.

At the same time, a consensus has formed questioning the risk management practices of the banks themselves. Multiple red flags are said to have existed at all three banks; if so, how and why did these go ignored? From too-frequent withdrawals to unchecked low liquidity and high amounts of uninsured deposits, it's evident that gaps in reporting and a lack of visibility into risks, organization-wide, contributed to disaster.

Federal regulators are said to be considering a bump in capital requirements for big banks, to ensure the most powerful financial institutions have enough liquidity on hand to absorb unanticipated losses. While we await next steps toward increased oversight, the banking community — especially small- and medium-size banks — would be wise to examine their current risk management approach and make self-assessments of existing risks to determine if a more robust governance, risk and compliance (GRC) solution is necessary. The right GRC program can improve not just business outcomes but ensure business continuity in a time of crisis. This is operational resilience for modern times.

The 2023 banking crisis highlights cracks in the banking sector that still exist despite regulatory changes following the collapse of Washington Mutual in 2008. That event precipitated the Dodd-Frank Act of 2010, which strengthened reporting requirements and imposed more frequent stress tests on the country's largest banks. The previous administration rolled back many of these requirements in 2018, relaxing reporting standards and setting the stage for less oversight of risk exposures. Current regulations have very little impact on small and midsize banks, which have long operated under much less regulation than the megabanks.

As the 16th largest bank in the U.S., SVB was never subjected to the Federal Reserve's liquid coverage ratio (LCR) requirement — it was deemed too small. Still, the bank became known in recent years as the go-to lender for tech investment, with approximately 95% of SVB's customers concentrated in the industry. Not a month after the bank's collapse, The Washington Post reported that executives had used those tech earnings to pursue high-interest investments — ignoring in the process key warnings from an internal risk model that showed high interest rates could impact the bank's future earnings. To remain compliant with internal metrics and validate their business decisions, leadership manipulated the model's assumptions. The Federal Reserve has called it a "textbook case of mismanagement."

Regulation and compliance

Discover, bracing for FDIC penalty, adds ex-agency official to its board

The consumer lender's stock price has fallen more than 30% since its disclosure of a looming regulatory action, which was followed by the sudden departure of its CEO. To help meet its compliance challenges, the company's board added a former FDIC regional director.

By Polo Rocha

September 6

Unfortunately, such practices do exist in global finance — and it's costing organizations millions. Incidences of unethical behavior, failure to report financial information and failed assessments of risk and controls across various processes suggest a need for more dynamic and holistic GRC. The success of banks and financial services institutions depends on a modern operational risk management (ORM) program that can deliver a clear definition of risk taxonomy, better communication among internal stakeholders, centralized data for real-time controls adjustment and automated efficiency on the first line of defense. In addition, ORM should be embedded into other risk areas such as credit, liquidity and market risks. This will help banks in preventing and mitigating risks and losses related to these functions from an operational and compliance point of view.

Risk remains an inherent aspect of banking operations as this is how banks make profits. However, banks that take proactive measures to implement a strong operational risk management (ORM) framework will achieve holistic risk management, wherein risks are looked at from every angle. This transformative change is crucial for consolidating internal and external risk data, leading to enhanced risk visibility. Subsequently, organizations can establish effective governance practices, address unidentified gaps, prioritize key areas for risk assessment and develop tailored risk mitigation strategies that align with their specific business objectives.

With interest rates set to remain steady, the possibility remains for another significant bank failure before year-end — especially among small- and medium-size banks. These institutions face the greatest risk in the industry when it comes to managing cash flow during a credit crunch — including the ever-present threat of a bank run and the reputational fallout it can trigger. Few smaller-scale banks can survive a run: Once people start getting nervous about a bank's viability, word spreads like wildfire and suddenly everyone's withdrawing their deposits.

To demonstrate their resilience to regulators and the public, it is imperative for these banks to prevent worst-case simulations from becoming real-life scenarios. Only by establishing an integrated approach to risk management — by looking at risk from financial as well as nonfinancial angles — and embedding risk culture across the organization can banks restore confidence in the banking sector.