Never let a good crisis go to waste – so how could you use recent events in California to take a fresh look at risks and risk management?

Many lessons will be learned from the failure of Silicon Valley Bank last weekend. The full story is unlikely to emerge for some time, but commentators have quickly reached a consensus on the likely causes. The central problem was a balance sheet mismatch from long-term investment securities funded by short-term deposits, coupled with a failure to hedge much of the interest rate risk. When interest rates rose, the value of the securities dropped, creating unrealised losses that eroded the bank’s capital base. The bank tried to raise capital to fill the hole, but, learning of the problems, depositors lost confidence and liquidity risk materialised dramatically - they withdrew $42 billion in a day, a quarter of the bank’s deposits - and the bank failed.

These are well-known, traditional risks in banking, which raises two questions - how could these familiar risks have been mismanaged by the bank and, for other firms, what might this mean for your own risk practices?

Let's start at the top with the role of the board and senior management. Does risk have a strong enough voice at the top table? An important lesson from the global financial crisis was to make sure that the voice of risk management was loud and clear in the way firms were run. The voice of the Chief Risk Officer is key, but all of the top team has a shared responsibility to manage risk. It’s part of the board agenda and a crucial topic for the management team.

Risk first comes into play in setting the strategy and choosing the business model. Are the risks associated with the strategy properly understood? Does the firm have a good grasp of its risk appetite – the risk boundaries within which it wants to operate? What’s management’s view on emerging risks (such as rising interest rates) and how does it want to respond to them?

Making the trade-off between risk, growth and return is one of the difficult decisions central to running a bank or a FinTech. These debates are often complex, balancing the interests of a variety of stakeholders - customers, investors, regulators, operational management, and so on. The conclusions shape the business and the culture of the firm. Often in the culture of a new firm, risk plays second fiddle to sales growth or even technology. Is the balance right in your firm? It's also a good chance to test the effectiveness of your risk function. Have you grown such that you need additional resources?

Whatever the business model, it’s essential to conduct effective stress testing – envisage bad things that might happen - and assess what the impact of a crystallizing risk might be on the firm’s financial and non-financial resources. In the case of a retail bank, this means stress, at a minimum, interest rate changes, credit risk and liquidity. Stress testing is now a core tool in all well-run financial firms and can vary from simple event scenarios to sophisticated risk models of the whole bank. Is your approach to stress testing fit for purpose and does it lead to action?

Across most risk areas, concentration risk crops up in different guises and can amplify impacts. Depositors may be concentrated (increasing liquidity risk), reliance for a critical process may be on a single outsource provider (increasing operational risk), customers may be concentrated in regions or industries (increasing credit risk) funds may be invested in particular types of securities (increasing market risk). Where are the firm’s risk concentrations and what can be done to monitor and mitigate the risk?

The Silicon Valley case also spotlights group risk and the need for UK subsidiaries to consider what happens if a parent in another jurisdiction should fail. What consequences follow for the UK entity and how robust are its contingency plans to protect the delivery of services to customers?

Firms may have different business models and risk profiles, but, as a result of the crisis, they also share a common opportunity. The board, senior management and risk teams have a great chance to engage afresh with colleagues and drive forward improvements in risk.