Silicon Valley Bank’s Gambling with KPI’s Led to its Collapse
The importance of change management and proper oversight
Everyone is analyzing the aftermath of the recent Silicon Valley Bank failure. The Feds are kicking themselves for not seeing the warning signs earlier. Investors are worried that other banks may follow. Congress is holding hearings so that they can understand better what exactly happened to cause the bank’s collapse.
An argument can be made that the root causes of SVB’s problems are faulty thinking and lax oversight. Both the Federal Reserve System and the bank’s internal management can be blamed for lax oversight. The faulty thinking is very similar to errors in logic that a gambler makes when estimating his risk and possible payoff. It’s psychological. It appears that SVB’s management may have been a victim of the same kind of thinking you might see at the roulette wheel.
A good illustration of that type of thinking was seen one night in 1863 at the Monte Carlo Casino, Monaco. The stories of fairy tale wins and catastrophic losses at Monte Carlo are legendary. Knowing when to walk away, one of the casino’s biggest winners took home over a million dollars playing roulette. Another gambler, Charles Wells, earned the nickname of “The man who broke the bank at Monte Carlo” when he did just that 6 times over 3 days in 1891, also at roulette.[1]
(“At the Roulette table in Monte Carlo” Edvard Munch, 1892 Source.)
Gamblers
August 18th, 1913 players at the roulette table were treated to an event rarer than winning the Powerball lottery. Often pointed to as an example of long odds, the white ball landed on black 26 times in a row. During that extraordinary run, gamblers were convinced that red was due. For example, after a run of 5 or 10 black, putting your money down on red is a sure thing. That is the gambler’s fallacy. Many francs were lost that day as they doubled down each bet, more and more sure with each spin that they were more likely to hit it big.
The odds for the roulette ball landing on black (or red) is a bit under 50%. (38 slots on the roulette wheel are divided into 16 red, 16 black, a green 0 and a green 00.) Each spin is independent. It is not influenced by the spin before it. So, every spin has exactly the same odds. Likely, across the casino floor at the Blackjack tables, the opposite thinking was in play. The player hit on 17 and turned up a 4. She stands on 15 and the dealer busts. She draws a 19 and beats the dealer’s 17. She’s got a hot hand. She can’t lose. Each bet she places is bigger. She’s on a streak. This is also the gambler’s fallacy.
The reality is that hot or cold, “Lady Luck” or “Miss Fortune”, the odds don’t change. The probability of flipping a coin and having it land on heads after tossing 5 tails is exactly the same as the first toss. Same with the roulette wheel. Same with the cards.
Investors
Apparently, investors think like gamblers. They need to be reminded at the end of every ad for financial services that “past performance is not an indicator or guarantee of future results.” A recent report confirmed that results are “consistent with the notion that historical performance is only randomly associated with a future performance.”
Other economists have validated this observation in investors who hold stocks that are losing value and sell stocks that are gaining. This behavior results in selling winners too early and holding losers too long. The faulty investor thinking is that whether the stock is doing well or poorly, the tide will turn. In other words, the stock price trend is not the only factor that should be determining your investment strategy.
Bankers
Bankers are not immune from faulty logic, either. Executives at Silicon Valley Bank played some financial sleight of hand. Executives at SVB employed a scheme whereby they consciously hid key risk metrics. One of the ways in which banks make money is by investing in longer-term assets like bonds, mortgages or loans. The bank earns money playing the spread of the interest rate earned on those assets and the interest rate paid on short–term liabilities. SVB made a big bet on long-term bonds.
Banks are subject to regulatory agencies like the Federal Deposit Insurance Corporation (FDIC) which monitor key risk metrics and limit the amount of money they can have in any particular area. Banks are expected to have robust risk management practices in place, including assessing and monitoring risks associated with their investments. They are required to conduct stress tests to evaluate the potential impact of adverse economic scenarios on their financial health. SVB’s predictive KPIs showed that there would be a significant financial impact on the spread they were playing if there was an increase in interest rates. In a technical loophole, the bank was not required to report on the “paper losses” of the debt portfolio because most of it was classified as “held to maturity.”
The right action to be taken was to reduce the bank’s risk related to interest rates and diversify by investing elsewhere, like foreign currency exchange services, hiking their credit card fees or stop giving away toasters.
Instead, key decision makers thought the bank’s early success would continue. Again, the gambler’s fallacy. Executives at Silicon Valley Bank changed the formula for the KPIs. So, they took a red light that would indicate risk and a change in strategy and they painted it green. When they got to the intersection with the painted green traffic signal when interest rates inevitably started to rise there was nothing they could do but to start selling off assets – at a loss! The bank’s sell-off of its security holdings to raise cash led to a $1.8 billion short term loss. This panicked the bank’s depositors. Noone thought their money was safe. Customers withdrew $42 billion in a single day. Boom! Overnight the Feds stepped in and took control.
“Silicon Valley Bank managed interest rate risks with a focus on short-run profits and protection from potential rate decreases, and removed interest rate hedges, rather than managing long-run risks and the risk of rising rates. In both cases, the bank changed its own risk-management assumptions to reduce how these risks were measured rather than fully addressing the underlying risks.”
Review of the Federal Reserve’s Supervision and Regulation of Silicon Valley Bank April 2023 (Source) |
---|
They bet the bank (literally) on the assumption that they had a hot hand and the next spin of the roulette wheel would come up black again.
Analysis
The post mortem revealed that over half of its assets were tied up in long-term securities. That and rapid growth tied to the Silicon Valley tech and health startups led to substantial exposure. As far as following their own advice regarding diversification, the bank held only 4% of its assets in non-interest bearing accounts while they paid significantly more than other banks on interest bearing deposits.
Solution
The solution to keeping additional banks following in the footsteps of Silicon Valley Bank is twofold.
- Awareness. Bankers, like investors and gamblers, need to be aware of the errors in logic that our brains can play on us. Understanding and accepting that you have a problem is the first step in solving the problem.
- Safeguards. Technology can play an important role to keep failures like this from happening. Sarbanes-Oxley Act of 2002 was enacted, in part, to protect the public from fiscal irresponsibility. Financial institutions are audited on their internal controls. Internal controls are policies and procedures to “ensure the integrity of financial and accounting information, promote accountability and prevent fraud.”
Banks should establish strong internal control systems to ensure the accuracy and reliability of financial reporting. This can include implementing automated controls, segregating duties, and establishing an independent audit function to identify weaknesses and ensure compliance. Technology can’t replace solid internal controls, but it can help enforce them. As a tool, technology can assure that checks and balances are being followed.
Technology should be at the heart of monitoring governance and control and should be part of every risk-management program. In the Federal Reserve Bank’s assessment, this was a key weakness which contributed to SVB’s demise. Systems which provide information about changes to data are critical to, not only governance, but to the ability to do a forensic analysis after-the-fact.
Change management is the process of planning, implementing, and controlling changes to software systems in a structured and systematic way. Like we’ve pointed out elsewhere about industries that are subject to Sarbanes-Oxley,
“One of the key requirements for compliance with the Sarbanes-Oxley Act is to define the controls in place and how changes in data or applications should be systematically recorded. In other words, the discipline of Change Management. Security, data and software access need to be monitored, as well as, whether IT systems are not functioning properly. Compliance depends on not just defining the policies and processes to safeguard the environment, but also to actually do it and ultimately be able to prove that it has been done. Just like police evidence chain of custody, compliance with Sarbanes-Oxley is only as strong as its weakest link.“
The same can be said of banking regulations, but even more so.
Controls must be in place to protect from any single bad actor. Changes must be auditable. Inside auditors, as well as external auditors and regulators, must be able to reconstruct the chain of events and validate that appropriate processes have been followed. By implementing these recommendations for internal controls and change management, banks can reduce risk, ensure compliance with regulatory requirements, and ultimately prevent failure. (Image: Bad actor.)
With proper version control and change control technology in place to monitor changes to metrics like KPIs, and procedures in place to approve and sign-off on changes, the catastrophic failure of SVB is less likely to be repeated at other banks. In short, accountability can be enforced. Changes to key metrics must follow the process. Who made the change? What was the change? And when was the change made? With these data elements recorded automatically, there might be less temptation to try to bypass internal controls.
References
- Silicon Valley Bank’s risk model flashed red. So its executives changed it, Washington Post
- Why do we think a random event is more or less likely to occur if it happened several times in the past? The Decision Lab
- Fed autopsy on SVB faults bank’s management — and its own oversight, CNN
- Review of the Federal Reserve’s Supervision and Regulation of Silicon Valley Bank, Federal Reserve System
- The Silicon Valley Bank Collapse And The Polycrisis, Forbes
- Study Proves Past Results Don’t Predict Future Results, Forbes
- Unknown facts about Monaco: Casino de Monte-Carlo, Hello Monaco
- Internal Controls: Definition, Types, and Importance, Investopedia
- Wells died a pauper in 1926. ↑