LESSONS FROM 2023’S BANK FAILURES: FOCUS ON RISK MANAGEMENT 

Lessons from 2023’s bank failures : Focus on risk management

  • Peter Dugas, Kit Spicer and Ben Harding
  • Published: 17 April 2024

 

It has been one year since the failure of Silicon Valley Bank, Signature Bank, and First Republic Bank, and UBS Group’s  rescue of Credit Suisse. The impact of these events is still being felt today as regulators across the globe step up their supervision and examination activities. In this article we summarize the examination and supervision priorities as a result of these failures, how banks should prepare for heightened scrutiny, and actions bank boards of directors and senior management should take to address outstanding supervisory feedback. 
In the wake of last year’s bank failures, regulators have implemented measures to strengthen the banking system and prevent future crises. Areas of particular focus include governance and controls, capital planning, and liquidity risk management. 

While the main objective is to reinforce the resiliency of the US banking system, many supervision and examination priorities target the specific risks that brought down the failed banks. For example, boards of directors, senior management, and independent risk management functions must ensure that sufficient liquidity buffers are in place and can be operationalized in a crisis.

US regulators have also turned their attention to previously issued supervisory findings to ensure that institutions are taking prompt corrective actions. This includes encouraging bank senior management and boards of directors to accelerate the remediation of aged Matters Requiring Attention (MRA) and Matters Requiring Immediate Attention (MRIA). When Silicon Valley Bank failed, it had a large volume of outstanding supervisory findings, some of which were significantly aged. As a result, regulators are now stepping up efforts to enforce shorter remediation timeframes. 

Supervisors are also widening their scrutiny of risk management practices. This requires banks to take immediate steps, on a priority basis, for issues that relate to risk governance, liquidity risk, interest rate risk, and investment portfolio oversight. The focus is even sharper for banks that have experienced rapid growth over the past several years. These banks must demonstrate that they have sufficiently robust risk management processes to identify, assess, manage, and report the risks in their growth portfolios. 

Recent stresses in commercial real estate (CRE) have further highlighted the need to manage fundamental banking financial risk exposures. At a recent hearing before the US Senate Committee on Banking, Housing, and Urban Affairs, Federal Reserve Chairman Powell highlighted CRE-related concerns for community banks and regional banks warning: “There will be bank failures”.1



Supervisory Priorities Stemming from the Bank Failures


We have closely examined bank failure post-mortems, public comments from various banking regulators, and supervision plans published by the Federal Reserve, Office of the Comptroller of the Currency (OCC), and Federal Deposit Insurance Corporation (FDIC). Capco’s Center for Regulatory Intelligence has organized these data points into a detailed issue set. From this set, we have identified three major themes: 

Governance and Controls. US regulators have focused much of their effort over the past few years on strengthening internal controls rather than prioritizing larger reforms such as Basel III Endgame. This presents banks with an opportunity to establish clear and consistent practices for ALM-focused control, policies, and procedures, and KRIs. Banks with between $50bn and $250bn in assets will probably require net new capabilities and documentation. Larger institutions will need to update stale policies and procedures while manual controls should be automated to support a more proactive posture. 

Liquidity Risk. In July 2023, the agencies updated their guidance on liquidity risk and contingency planning, emphasizing the need for greater operational preparedness. In the wake of the bank failures, supervisors conducted liquidity examinations of several banks during the second half of 2023 covering intraday liquidity management, liquidity stress test assumptions, and contingency funding plans. The examination agenda for 2024 continues to focus on liquidity, including available funding sources and liquidity risk limits. Other focus areas include depositor behavior, independent reviews by Internal Audit, and progress on remediations of open findings. 

Interest Rate Risk. In response to the bank failures, supervisors also conducted horizontal examinations at large banks to assess interest rate risk management practices. The FRB noted an increase in supervisory findings for interest rate risk, in part due to the effect of higher rates on securities portfolios. As a result, we believe examiners will put greater emphasis on policies and practices relating to asset and liability management. This includes risk appetite and policy limits, and their consistency with asset valuations, deposit stability, Earnings and Risk (EaR), Net Interest Income at Risk (NII), and Economic Value of Equity (EVE). Examiners are also turning their attention to interest rate stress tests, assumptions on stability of the deposit franchise, and interest rate risk reporting to senior management and the Board of Directors. 


Preparing for Future Examinations


To prioritize decision-making and prepare for future examinations, banks should map the issues and themes identified in the regulators’ supervision priorities to their Governance, Risk, and Compliance (GRC) platforms. This mapping exercise will highlight gaps that need to be addressed, either as a standalone item or part of a broader change management initiative.

Banks may also benefit from a holistic review of the enterprise-wide risk management framework as those who rely on outdated or inaccurate frameworks may be exposed to operational, financial, and reputational issues. This is particularly noteworthy for banks that have experienced rapid growth over the past several years or those nearing the $100 billion ‘Large Financial Institution’ threshold. 

For ensuing change management programs, banks should take a systematic approach to governance, controls, and risk management. Programs should also be tailored to the bank’s business model and specific risk vulnerabilities.

Areas for emphasis include:

  • Understanding change – review supervision themes and focus areas to determine how these might impact the institution.
  • Assessing operational impact – seek input from business lines and support functions to assess how their processes may be affected.
  • Revising policies and procedures – based on updates and feedback from business-line personnel.
  • Testing – assess updated processes prior to implementation and on an ongoing basis.
  • Implementing change – apply the new governance and control framework or processes. Update policies and procedures to all applicable lines and functions.
  • Communicating and training – ensure staff are aware of changes and underlying requirements.

Responding to Supervisory Findings


A broad range of governance and risk management failures led to last year’s bank failures, and regulators are examining outstanding supervisory findings to determine whether these issues are thematically similar to those at the failed banks. 

As the volume of MRAs/MRIAs increases in the near term, banks must be prepared to scale operations and resources, redeploy subject matter experts, and/or make business model or financial profile changes until any deficiencies are resolved.

Regulators are especially focused on significant issues that require larger remediation programs and multiple workstreams to cover impacted business lines and functional support areas. Banks should consider upfront the full MRA/MRIA remediation lifecycle including scoping the initial requirements, line of business / functional execution, and communicating the bank’s supervisory response. 

When preparing for a remediation closure exam, a senior executive (often designated the remediation program sponsor) should ensure that the firm is coordinated across business lines and functional support areas. Exam participants should be prepared to demonstrate thorough knowledge of the issue and be able to articulate an extensive set of actions that demonstrate to regulators that the issue has been addressed. 

Closing thoughts


These issues and challenges impact institutions of all sizes, but they are especially arduous for banks seeking to grow to $100+ billion in assets. They will need to show that they can manage large, complex organizations that require advanced capital and liquidity planning, while meeting heightened expectations for governance and risk management.

Indeed, most banks must brace themselves for a prolonged period of regulatory turbulence. The good news is that the issues highlighted by the failures of 2023, alongside regulatory post-mortems indicate the direction of travel for the rest of 2024 and into 2025. Institutions should also take heart that where resourcing and time is of the essence, third-party providers can help drive remediation programs and provide surge resources that supplement internal change teams under pressure to deliver. 

________________________________________

References

1 https://finance.yahoo.com/news/bank-failures-fed-chief-tells-230748471.html?guccounter=1

 

 
© Capco 2024, A Wipro Company