Silicon Valley Bank

Post: Silicon Valley Bank’s Gambling with KPI’s Led to its Collapse

Silicon Valley Bank’s Gambling with KPI’s Led to its Collapse

The importance of change management and proper oversight

Everyone is analyzing the aftermath of the recent Silicon Valley Bank failure. The Feds are kicking themselves for not seeing the warning signs earlier. Investors are worried that other banks may follow. Congress is holding hearings so that they can understand better what exactly happened to cause the bank’s collapse.

An argument can be made that the root causes of SVB’s problems are faulty thinking and lax oversight. Both the Federal Reserve System and the bank’s internal management can be blamed for lax oversight. The faulty thinking is very similar to errors in logic that a gambler makes when estimating his risk and possible payoff. It’s psychological. It appears that SVB’s management may have been a victim of the same kind of thinking you might see at the roulette wheel.

A good illustration of that type of thinking was seen one night in 1863 at the Monte Carlo Casino, Monaco. The stories of fairy tale wins and catastrophic losses at Monte Carlo are legendary. Knowing when to walk away, one of the casino’s biggest winners took home over a million dollars playing roulette. Another gambler, Charles Wells, earned the nickname of “The man who broke the bank at Monte Carlo” when he did just that 6 times over 3 days in 1891, also at roulette.[1]

(“At the Roulette table in Monte Carlo” Edvard Munch, 1892 Source.)

Gamblers

August 18th, 1913 players at the roulette table were treated to an event rarer than winning the Powerball lottery. Often pointed to as an example of long odds, the white ball landed on black 26 times in a row. During that extraordinary run, gamblers were convinced that red was due. For example, after a run of 5 or 10 black, putting your money down on red is a sure thing. That is the gambler’s fallacy. Many francs were lost that day as they doubled down each bet, more and more sure with each spin that they were more likely to hit it big.

The odds for the roulette ball landing on black (or red) is a bit under 50%. (38 slots on the roulette wheel are divided into 16 red, 16 black, a green 0 and a green 00.) Each spin is independent. It is not influenced by the spin before it. So, every spin has exactly the same odds. Likely, across the casino floor at the Blackjack tables, the opposite thinking was in play. The player hit on 17 and turned up a 4. She stands on 15 and the dealer busts. She draws a 19 and beats the dealer’s 17. She’s got a hot hand. She can’t lose. Each bet she places is bigger. She’s on a streak. This is also the gambler’s fallacy.

The reality is that hot or cold, “Lady Luck” or “Miss Fortune”, the odds don’t change. The probability of flipping a coin and having it land on heads after tossing 5 tails is exactly the same as the first toss. Same with the roulette wheel. Same with the cards.

Investors

Apparently, investors think like gamblers. They need to be reminded at the end of every ad for financial services that “past performance is not an indicator or guarantee of future results.” A recent report confirmed that results are “consistent with the notion that historical performance is only randomly associated with a future performance.”

Other economists have validated this observation in investors who hold stocks that are losing value and sell stocks that are gaining. This behavior results in selling winners too early and holding losers too long. The faulty investor thinking is that whether the stock is doing well or poorly, the tide will turn. In other words, the stock price trend is not the only factor that should be determining your investment strategy.

Bankers

Bankers are not immune from faulty logic, either. Executives at Silicon Valley Bank played some financial sleight of hand. Executives at SVB employed a scheme whereby they consciously hid key risk metrics. One of the ways in which banks make money is by investing in longer-term assets like bonds, mortgages or loans. The bank earns money playing the spread of the interest rate earned on those assets and the interest rate paid on short–term liabilities. SVB made a big bet on long-term bonds.

Banks are subject to regulatory agencies like the Federal Deposit Insurance Corporation (FDIC) which monitor key risk metrics and limit the amount of money they can have in any particular area. Banks are expected to have robust risk management practices in place, including assessing and monitoring risks associated with their investments. They are required to conduct stress tests to evaluate the potential impact of adverse economic scenarios on their financial health. SVB’s predictive KPIs showed that there would be a significant financial impact on the spread they were playing if there was an increase in interest rates. In a technical loophole, the bank was not required to report on the “paper losses” of the debt portfolio because most of it was classified as “held to maturity.”

The right action to be taken was to reduce the bank’s risk related to interest rates and diversify by investing elsewhere, like foreign currency exchange services, hiking their credit card fees or stop giving away toasters.

Instead, key decision makers thought the bank’s early success would continue. Again, the gambler’s fallacy. Executives at Silicon Valley Bank changed the formula for the KPIs. So, they took a red light that would indicate risk and a change in strategy and they painted it green. When they got to the intersection with the painted green traffic signal when interest rates inevitably started to rise there was nothing they could do but to start selling off assets – at a loss! The bank’s sell-off of its security holdings to raise cash led to a $1.8 billion short term loss. This panicked the bank’s depositors. Noone thought their money was safe. Customers withdrew $42 billion in a single day. Boom! Overnight the Feds stepped in and took control.

“Silicon Valley Bank managed interest rate risks with a focus on short-run profits and protection from potential rate decreases, and removed interest rate hedges, rather than managing long-run risks and the risk of rising rates. In both cases, the bank changed its own risk-management assumptions to reduce how these risks were measured rather than fully addressing the underlying risks.”

Review of the Federal Reserve’s Supervision and Regulation of Silicon Valley Bank

April 2023

(Source)

They bet the bank (literally) on the assumption that they had a hot hand and the next spin of the roulette wheel would come up black again.

Analysis

The post mortem revealed that over half of its assets were tied up in long-term securities. That and rapid growth tied to the Silicon Valley tech and health startups led to substantial exposure. As far as following their own advice regarding diversification, the bank held only 4% of its assets in non-interest bearing accounts while they paid significantly more than other banks on interest bearing deposits.

Solution

The solution to keeping additional banks following in the footsteps of Silicon Valley Bank is twofold.

  1. Awareness. Bankers, like investors and gamblers, need to be aware of the errors in logic that our brains can play on us. Understanding and accepting that you have a problem is the first step in solving the problem.
  2. Safeguards. Technology can play an important role to keep failures like this from happening. Sarbanes-Oxley Act of 2002 was enacted, in part, to protect the public from fiscal irresponsibility. Financial institutions are audited on their internal controls. Internal controls are policies and procedures to “ensure the integrity of financial and accounting information, promote accountability and prevent fraud.”

Banks should establish strong internal control systems to ensure the accuracy and reliability of financial reporting. This can include implementing automated controls, segregating duties, and establishing an independent audit function to identify weaknesses and ensure compliance. Technology can’t replace solid internal controls, but it can help enforce them. As a tool, technology can assure that checks and balances are being followed.

Technology should be at the heart of monitoring governance and control and should be part of every risk-management program. In the Federal Reserve Bank’s assessment, this was a key weakness which contributed to SVB’s demise. Systems which provide information about changes to data are critical to, not only governance, but to the ability to do a forensic analysis after-the-fact.

Change management is the process of planning, implementing, and controlling changes to software systems in a structured and systematic way. Like we’ve pointed out elsewhere about industries that are subject to Sarbanes-Oxley,

“One of the key requirements for compliance with the Sarbanes-Oxley Act is to define the controls in place and how changes in data or applications should be systematically recorded. In other words, the discipline of Change Management. Security, data and software access need to be monitored, as well as, whether IT systems are not functioning properly. Compliance depends on not just defining the policies and processes to safeguard the environment, but also to actually do it and ultimately be able to prove that it has been done. Just like police evidence chain of custody, compliance with Sarbanes-Oxley is only as strong as its weakest link.“

The same can be said of banking regulations, but even more so.

Controls must be in place to protect from any single bad actor. Changes must be auditable. Inside auditors, as well as external auditors and regulators, must be able to reconstruct the chain of events and validate that appropriate processes have been followed. By implementing these recommendations for internal controls and change management, banks can reduce risk, ensure compliance with regulatory requirements, and ultimately prevent failure. (Image: Bad actor.)

With proper version control and change control technology in place to monitor changes to metrics like KPIs, and procedures in place to approve and sign-off on changes, the catastrophic failure of SVB is less likely to be repeated at other banks. In short, accountability can be enforced. Changes to key metrics must follow the process. Who made the change? What was the change? And when was the change made? With these data elements recorded automatically, there might be less temptation to try to bypass internal controls.

References

  1. Silicon Valley Bank’s risk model flashed red. So its executives changed it, Washington Post
  2. Why do we think a random event is more or less likely to occur if it happened several times in the past? The Decision Lab
  3. Fed autopsy on SVB faults bank’s management — and its own oversight, CNN
  4. Review of the Federal Reserve’s Supervision and Regulation of Silicon Valley Bank, Federal Reserve System
  5. The Silicon Valley Bank Collapse And The Polycrisis, Forbes
  6. Study Proves Past Results Don’t Predict Future Results, Forbes
  7. Unknown facts about Monaco: Casino de Monte-Carlo, Hello Monaco
  8. Internal Controls: Definition, Types, and Importance, Investopedia
  1. Wells died a pauper in 1926.
Scroll to Top
As the BI space evolves, organizations must take into account the bottom line of amassing analytics assets.
The more assets you have, the greater the cost to your business. There are the hard costs of keeping redundant assets, i.e., cloud or server capacity. Accumulating multiple versions of the same visualization not only takes up space, but BI vendors are moving to capacity pricing. Companies now pay more if you have more dashboards, apps, and reports. Earlier, we spoke about dependencies. Keeping redundant assets increases the number of dependencies and therefore the complexity. This comes with a price tag.
The implications of asset failures differ, and the business’s repercussions can be minimal or drastic.
Different industries have distinct regulatory requirements to meet. The impact may be minimal if a report for an end-of-year close has a mislabeled column that the sales or marketing department uses, On the other hand, if a healthcare or financial report does not meet the needs of a HIPPA or SOX compliance report, the company and its C-level suite may face severe penalties and reputational damage. Another example is a report that is shared externally. During an update of the report specs, the low-level security was incorrectly applied, which caused people to have access to personal information.
The complexity of assets influences their likelihood of encountering issues.
The last thing a business wants is for a report or app to fail at a crucial moment. If you know the report is complex and has a lot of dependencies, then the probability of failure caused by IT changes is high. That means a change request should be taken into account. Dependency graphs become important. If it is a straightforward sales report that tells notes by salesperson by account, any changes made do not have the same impact on the report, even if it fails. BI operations should treat these reports differently during change.
Not all reports and dashboards fail the same; some reports may lag, definitions might change, or data accuracy and relevance could wane. Understanding these variations aids in better risk anticipation.

Marketing uses several reports for its campaigns – standard analytic assets often delivered through marketing tools. Finance has very complex reports converted from Excel to BI tools while incorporating different consolidation rules. The marketing reports have a different failure mode than the financial reports. They, therefore, need to be managed differently.

It’s time for the company’s monthly business review. The marketing department proceeds to report on leads acquired per salesperson. Unfortunately, half the team has left the organization, and the data fails to load accurately. While this is an inconvenience for the marketing group, it isn’t detrimental to the business. However, a failure in financial reporting for a human resource consulting firm with 1000s contractors that contains critical and complex calculations about sickness, fees, hours, etc, has major implications and needs to be managed differently.

Acknowledging that assets transition through distinct phases allows for effective management decisions at each stage. As new visualizations are released, the information leads to broad use and adoption.
Think back to the start of the pandemic. COVID dashboards were quickly put together and released to the business, showing pertinent information: how the virus spreads, demographics affected the business and risks, etc. At the time, it was relevant and served its purpose. As we moved past the pandemic, COVID-specific information became obsolete, and reporting is integrated into regular HR reporting.
Reports and dashboards are crafted to deliver valuable insights for stakeholders. Over time, though, the worth of assets changes.
When a company opens its first store in a certain area, there are many elements it needs to understand – other stores in the area, traffic patterns, pricing of products, what products to sell, etc. Once the store is operational for some time, specifics are not as important, and it can adopt the standard reporting. The tailor-made analytic assets become irrelevant and no longer add value to the store manager.