Banks Are Risky. Silicon Valley Bank’s Risk Officer Was AWOL. | Mint

Banks Are Risky. Silicon Valley Bank’s Risk Officer Was AWOL.

WSJ
WSJ

Summary

It might be the most thankless job in finance—and success means averting danger. Before SVB failed, the bank operated without a risk manager for eight months.

James Lam had just been hired by a new financial division of GE Capital when he walked into his boss’s office with a problem: He was ordering business cards and had no idea what to put on them. Since his position didn’t really exist, it also didn’t have a title, so he was given permission to invent one. He called himself a chief risk officer.

Thirty years later, as he followed the spectacular implosion of Silicon Valley Bank, there were few people more qualified than Mr. Lam to ask two simple questions.

Where was the chief risk officer?

Wait, the bank didn’t have a chief risk officer?

“Any strong chief risk officer could have and should have prevented what happened at Silicon Valley Bank," he said.

The chief risk officer plays one of the most important and least appreciated roles in American business. The people in these positions succeed if their companies avert failure. It’s not particularly glamorous. It is mostly anonymous, often taken for granted and won’t make anyone famous if they do it well. Only when they don’t will everyone pay attention.

This position that should be essential was something else at Silicon Valley Bank: vacant. It turns out the bank that failed this month had quietly operated without a chief risk officer for much of the past year.

Silicon Valley Bank’s lack of an executive in that role for eight critical months is a reminder thatrisk doesn’t have to be excessive or exotic to be existential. SVB’s alarming exposure to rising interest rates wasn’t hard to see coming and should have been easy to hedge against. It remains flabbergasting how a bank that served the most innovative corner of the economy could have been doomed by a basic mismatch of assets and liabilities. Buttech’s favorite bank failed because its risk management did first.

A day in the life of a chief risk officer involves translating the work of junior quants for senior executives, reviewing deals, vetting models, looking for anomalies, popping in and out of meetings up and down the firm—and, like any person in any job, complaining that the people in charge don’t value what they do.

If you want to understand why something has gone wrong in financial businesses, the risk-management department is typically the right place to start. The worse the situation, the better the chances you’ll find something fraught.

Before it had to be rescued by its rival UBS this week, Credit Suissegobbledrisk like it was raclette. At Silvergate Capital, which was burned by the crypto meltdown, the chief executive officer once tapped his son-in-law as the chief risk officer. At Signature Bank, which also crumbled amid depositor withdrawals, a senior KPMG auditor who had signed off on its clean bill of financial health was soon hired as its chief risk officer. All three banks failed, or nearly did, this month. And it wasn’t long ago that Sam Bankman-Friedtouted the risk management of crypto exchange FTX before he was charged with running one of the biggest frauds in financial history.

The chief risk officer is supposed to be the human safeguard againstcalamity, someone who handles a bank’s dull but vital compliance issuesand elevates concerns to the C-suite. But that’s only in theory. In reality, systems that capture risk only work if people have the skills and relationships to convey them.A risk officer should provide blunt feedback. An effective one can get the bosses to listen.

But the portrait that has emerged of Silicon Valley Bank’s culture from The Wall Street Journal’s reporting is one of aggressive executives ignoring what the overwhelmed, understaffed risk department had to say and forgetting the most elementary lesson in finance: There is no such thing as fabulous returns without potentially fatal risk.

Silicon Valley Bank’s risky mistakes

It didn’t help that there was a hole in the bank’s risk department at the exact moment when risk was flooding Silicon Valley.

Regulatory filings show that Laura Izurieta left the role of chief risk officer in April 2022 and wasn’t replaced by Kim Olson until December. Ms. Izurieta also sold more than $4 million of company stock in late 2021, right before SVB “initiated discussions" about her departure in early 2022, and she took home more than $2 million in exit pay. But not until earlier this month did the bank disclose how long the position had been open. Meanwhile, as interest rates climbed higher, Silicon Valley Bank’s business got riskier.

The bank and its executives did not respond to requests for comment.

A bank without a chief risk officer is a bit like a football team without a left tackle. It’s not the sexiest position on the field, and most fans couldn’t recognize him without a helmet, but what the left tackle does is crucial. He’s the guy protecting the quarterback’s blind side when a 250-poundpass rusher is trying to pulverize him.

Silicon Valley Bank not having a chief risk officer for a brutal year in tech was the equivalent of that left tackle walking off the field during a blitz.

Of course, the presence of a CRO isn’t necessary to know when the Federal Reserve hikes rates, and regulatory filings suggest SVB was aware of its vulnerabilities long before the run on the bank:The board’s risk committee met nearly as many times last year (18) as it did in the previous three years combined (19).

When risk officers are the risk

Still, there’s a reason that many banks are required to have chief risk officers. The proliferation of CROs began in the 2000s and accelerated following the downfall of Enron Corp., part of a revolution in corporate governance that changed the behavior of firms.

When sociologists analyzed the behavioral changes of large commercial banks before 2008, they discovered that the verypeople who were supposed to prevent a financial crisis may have inadvertently helped cause one.

“We trace the growth in bank risk taking to a surprising culprit: the rise of the chief risk officer," wrote Kim Pernell, Jiwook Jung and Frank Dobbin, who published their findings in a 2017 paper.

The existence of a chief risk officer created the appearance of proper oversight and satisfied regulators, but having someone to police risk meant the traders actually taking thoserisks might have felt they didn’t have to be so vigilant. The banks were emboldened to seek out different and ultimately more destructive credit risks, which led them to the complex derivatives and collateralized debt obligations that cratered the global economy. It’s a fascinating theory: CROs are partially to blame for synthetic CDOs.

“Even the most sophisticated risk-modeling techniques won’t keep banks out of trouble," the researchers wrote, “if CROs believe that their duty to maximize return trumps their duty to minimize catastrophe."

Finance is not the only industry with such hazards. Fact-checkers can make journalists lazier and quality-assurance teams can make software developers sloppier if they assume someone else will catch their errors and coding bugs. It’s a paradox of human psychology that more safety measures can result in people becoming less careful.

But this was also a case of powerful incentives having peculiar consequences.The researchers found evidence that CROs shifted their attention before the crisis from controlling risk to optimizing risk for the purpose of boosting profits. That was not entirely their fault. In fact, Dr. Pernell has sympathy for people in a thankless role. “It’s really hard to be a chief risk officer in the shareholder value era," she said.

What makes it harder is that the people ultimately accountable for the risks of an institution are not the chief risk officers. They are CEOs, like SVB’s Greg Becker, and board members—and how they missed the risks staring them in the face is one of many questions that demand answers.

It’s worth asking the person who basically invented the position of chief risk officer two more questions in the meantime.

The first is what Mr. Lam would change about the role.His answer: strengthening risk committees, requiring appropriate disclosures to investors and bolstering the independence of CROs. The second is what will change. His answer: probably not much.

“As time passes, people forget the value of risk management," he said, “and go back to business as usual."

Catch all the Industry News, Banking News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
more

MINT SPECIALS

Switch to the Mint app for fast and personalized news - Get App