Wash, Rinse, Repeat: Banking Crisis Again

While there are a number of “hot topics” in banking currently (as mentioned), this is nothing new in the industry. Financial institutions have continually juggled multiple focal points at the same time while managing the day-to-day business of banking. Looking back at new initiatives such as SOX, AML/BSA, the mortgage crisis, fair lending practices, Basel I-IV, etc. illustrates how banking is ever-changing and evolving. This has been the established path and represents regularly executed practices for bankers. However, internal auditors are uniquely positioned to confirm appropriate attention is given to areas of risk within their organization (old or new) and are obligated to challenge the organization when attention is misplaced.

Proper execution of the three lines methodology is, and would have been, critical for appropriate Asset Liability Management (ALM). The management of the ALM strategy and the execution of the strategy would fall on the first line. The second line would ensure appropriate risk management techniques are employed in the strategy and provide monitoring of execution to confirm adherence to the rules established. Internal audit would then provide effective challenge to the strategies at play while validating the appropriateness of ALM and risk management engagement. Effectiveness of strategies, timeliness and appropriateness of stress testing scenarios and review, comparison to historical results, and participation by knowledgeable team members would all be subject to internal audit review. Gaps in execution of the responsibilities of any of the three lines could result in inadequate ALM and an improper structure in the portfolio exceeding the risk appetite of the organization. There is more to learn about what caused these bank failures, but the implementation of the three lines model in all financial institutions relating to ALM should be subject to enhanced review.

The most impactful external factor was the rapid growth of inflation and the Federal Reserve’s reaction to it. The Fed is responsible for monetary policy with a primary directive of managing inflation to around a 2% level. The Fed’s reaction to high inflation is to raise interest rates to cool the economy. Now, all banks should have seen this coming as inflation spiked and stressed this scenario in their models. Regardless, this action led to deposit declines at Silicon Valley Bank (SVB) of approximately $25 billion. To cover the withdrawals driven by the increasing rates, SVB sold most of their available-for-sale securities, much of which were US Treasury bonds. Due to the rates paid on these bonds versus what was available in the current market, SVB had to sell them at a discount resulting in a $1.8 billion loss. This then drove public fear of potentially additional losses to come resulting in additional deposit withdrawals that became unmanageable.

Public opinion driven by social media played a significant role in the crisis merely through the quick advancement of opinions and fear among depositors. Reaction to this fear led to a bank run and the withdrawal of $46 billion in deposits during a single day at SVB. This rapid advancement of public opinion is a risk area that all financial institutions need to consider in their risk management framework and stress testing scenarios. Rapid expansion of fear needs to be met with the equally rapid expansion of confidence and firm, decisive action by each organization to counter this fear. Effective stress testing defining possible scenarios and reactions can contribute a great deal to this goal.

The Federal Deposit Insurance Corporation (FDIC) was formed in 1933 to insure deposits under $2,500 during the Great Depression to restore public confidence in banks. Limits have increased throughout the years with current coverage at $250,000 per depositor, per FDIC-insured bank, per ownership category. However, if a bank’s failure poses a systemic risk (one bank’s failure could threaten the entire financial system’s stability) regulators can go beyond the $250K cap – which was determined to be the case here. As was discussed in the webinar, the FDIC is funded by premiums that banks and savings associations pay.

There was some confusion suggested around what constitutes a “deposit” and is, therefore, covered by the FDIC. These products include checking accounts, savings accounts, money market deposit accounts (MMDAs), and certificates of deposit (CDs). Investment products are not deposits and are not covered by the FDIC. These include mutual funds, annuities, life insurance policies, stocks, and bonds.

As mentioned in the webinar, banks are risk-taking organizations, so the thought of a bank effectively functioning with no risk is not possible. The key for internal auditors is to confirm that their organization is functioning within a manageable level of risk. This includes proper reviews of liquidity and capital adequacy through ALM and the Asset Liability Committee (ALCO). In addition, it should be noted that some of the more challenging audit topics must be addressed in the financial services space to validate proper mitigation of risk. These include the audits of strategy, culture, and governance which direct all organizations forward. Concentration risk, investment strategies, duration risk, communication strategies, timeliness in addressing concerns, compensation practices, and senior management’s reactions to difficult scenarios all can fall under these auditable areas. Internal audit must have the courage to raise concerns to the highest level of the organization as they present themselves in these key areas.