Leadership Corner: Discussion on Compliance & Risk
Leadership Corner on the Veloz Partners Blog is a series of posts that are nuanced discussions between Veloz Partners consultants and domain experts from the firm and friends of the firm.
Given the recent developments of the failure of Silicon Valley Bank and Signature Bank, followed by the decisive response of the US Treasury, Federal Reserve, and FDIC to support the banking system, many boards and executive teams are asking questions such as: Where do we go from here? What is relevant to my responsibility and function as a CEO or CFO? How will my industry be impacted in the coming weeks and quarters? And many other operationally important questions with strategic and financial implications.
In this edition of Leadership Corner, we interview Mr. Todd Greer, a senior Governance, Risk, & Compliance ("GRC") banking executive and a friend of the firm. By way of background, Todd has extensive international and domestic banking experience in GRC having held executive and leadership roles in regulatory relations, supervisory exam management, regulatory compliance, and risk governance at several global systemically important banks ("GSIBs"), where he interfaced with the Federal Reserve Board, Federal Reserve Banks, FDIC, OCC, CFPB, FINRA, New York Department of Financial Services, California Department of Financial Protection and Innovation, and other state regulators.
Below is the transcript of the discussion:
Veloz Partners:
The California regulator shut down SVB on Friday, in the hours since that happened...what are regulators doing as it pertains to giving depositors back access to their assets? Please discuss the regulator procedures as it pertains to resuming routine bank operations— and once those routine bank operations resume what, if anything, will be different now that the corporate governance has changed. In other words, what are the rules that would impact depositors?
Todd Greer, GRC expert:
I appreciate the opportunity to talk with you about this – the timing couldn’t be better and, as we have already seen, things have evolved at a rapid pace.
To that point, I will focus at the general level here rather than getting into details about SIVB and Signature Bank, which have been widely reported in the news.
Here, the California regulator (for SIVB) and New York regulator (for Signature Bank) are the regulatory authorities that issue (and revoke) charters to conduct banking operations in the state. When a bank fails or the regulator shuts down the bank, the bank is placed into receivership (here, with the FDIC) to resolve its assets and debts.
FDIC has a playbook that it follows to take over the bank (often over a weekend) and work on getting the bank sold, or dissolved and liquidated, in an orderly manner that assures depositors full and timely access to their funds. FDIC runs the daily operations with existing bank staff. From a customer experience, it is supposed to look and feel like “business as usual.”
On March 12, 2023, the Federal Reserve Board issued noteworthy statements designed to instill confidence in the U.S. banking system.
The first statement was a joint announcement from the US Treasury, FDIC, and Federal Reserve that depositors at SIVB and Signature Bank that they can expect access to their funds on Monday, March 13, assuring them that they will be made whole. This includes depositors whose balances exceed the $250,000 FDIC deposit insurance limit.
The second announcement was from the Fed and went further to say that additional funding will be made available to eligible banks to assure there is liquidity and that the banks will have the ability to meet the needs of all depositors.
Veloz Partners:
What can we expect to happen at an industry level? Because of the events of last week there are many companies that moved assets to other financial institutions. Given these conditions what could we expect the regulators to do with regards to returning to normalized industry operations? Or, given the severity of these bank closures, will it take time to digest and consequently have an impact on normal routine bank operations, for example: limitations on withdrawals of bank balances; ability to tap lines of credit— is it part of the regulator playbook to, at least for a limited time, implement some of those requirements?
Todd Greer, GRC expert:
I think we can expect federal and state regulators to continue to take a risk-based approach and quickly pivot as they evolve their supervisory programs and “playbooks” based on data and significant events.
It can take time for gears to move and put in place levers to push and pull. State and federal legislatures will pass laws. Regulators will adapt very rapidly within the confines of their supervisory authority, but may take some time to issue new regulations and examination rules.
I am certain that regulators have already been evaluating the systemic risk, market risk, and industry concentration of the firms they supervise, and in some cases reaching out for additional information and evaluate whether management has been staying on top of these risks at their firms.
We saw this during the 2008 crisis, the liquidity crunch early in the pandemic, when conflict in Ukraine first arose, and now here. Regulators exercise this under supervisory authority to conduct continuous monitoring.
Veloz Partners:
How will the Feds go about the acquisition process of bank assets? And what are the pros and cons of the options they are considering with regards to conducting the sale?
Todd Greer, GRC expert:
I’ll respond in general terms here since, at least at the time we’re talking, the resolution of SIVB and Signature Bank are still in the works.
Generally, the FDIC has two roles with a failed bank. First, it covers depositors up to the FDIC’s insurance limit. Second, the bank is put into receivership with the FDIC, which sells or collects the failed bank’s assets and settle its debts.
FDIC will attempt to sell the bank to a healthy bank or, failing that, run the bank’s day to day operations until its assets and debts are dispositioned.
To me, quicker is better – we sometimes see a bank closed on a Friday and by the end of the weekend it has already been sold to an acquiring bank. This helps quell uncertainty and concerns about access to funds, the ability to cover payroll and continue banking with “business as usual” – and we see the Fed’s announcement this weekend that clearly stated that SIVB customers will have full access on the first business day (Monday March 13) since closure on Friday.
Veloz Partners:
Can you talk, for a moment about how deposit insurance works from a regulatory standpoint? Meaning, and again going back to regulator and Federal agency procedures, how does the mechanics of federal deposit insurance work now given the scale of what the feds will be dealing with? I realize you’re not a regulator, but with regards to how a bank would have to be interacting with both regulators and federal agencies in these type of circumstances!
Todd Greer, GRC expert:
Banks pay premiums to cover the cost of deposit insurance, which is available (and automatically provided) to holders of certain accounts at FDIC-insured banks – such as checking, savings, money market deposit, and certificate of deposit (“CD”) accounts. “Non-deposit investment products” at FDIC-insurance banks, such as accounts that hold stocks, bonds, mutual funds, crypto assets, etc., are not insured.
The standard insurance amount is $250,000 per depositor, per insured bank, for each account ownership category.
Amounts over $250,000 are uninsured, which has been a point of concern given SIVB’s unique customer base with wealthy customers in the tech industry.
As I said, the Fed’s March 12 joint statement said they are “enabling the FDIC to complete its resolution of Silicon Valley Bank … in a manner that fully protects all depositors” citing it as a “systemic risk exception.” They also said “it will make available additional funding to eligible depository institutions to help assure banks have the ability to meet the needs of all their depositors.”
Regardless of different policy views people may have about the role of the Fed, Treasury, and FDIC, to me this shows they are showing best efforts and an ability to adapt and evolve using the tools available to them.
Veloz Partners:
Given your extensive experience with both GSIBs and international banks and dealing with regulators as much as you have…how would you advise company management teams who have NOT been materially impacted by the bank shutdowns to expect with regards to their banking relationships, over the next few weeks and quarter or two ahead? This is important because it’s relevant not only to company management teams themselves, but also for leadership to understand what clients and suppliers may be going through as well. And the reason I ask this is because, after the great financial crisis, there was a pretty significant restructuring of the regulatory system and industry capitalization both domestically and on a global level. In some ways, it’s almost unbelievable that this could have happened to such large of an institution. On the other hand, it’s not like it’s rare that banks fail, my understanding is that it does happen every year. What are your thoughts?
Todd Greer, GRC expert:
You’re correct, banks do fail – just rarely at the size of SIVB and WM (Editor's note: "WM" refers to Washington Mutual which failed in the Credit Crisis of 2008).
Regulators expect the banks they supervise – whether at the state or federal level – to operate safely and soundly. This includes having a comprehensive Governance Risk & Compliance GRC framework in place, and regularly performing a risk assessment informed by all three lines of defense – business, independent risk and compliance, and independent audit.
Regulators also expect the management of supervised firms to respond to what’s happening in the market, which includes learning and taking lessons from the mistakes of other firms.
You can bet that regulators have reached out (or will be very soon) to all of the banks in their supervisory portfolios, requesting information about the firm’s exposure to the conditions that led to the closure of SIVB and Signature Bank – including systemic and industry risk. This could include the distribution of industries and the customer base, balance sheet holdings, looking for areas of risk concentration. This may also include looking at 3rd party, 4th party, and other relationships having a bearing on the firm’s risk profile.
Best practice, if your firm hasn’t yet started to do so, is to perform your own internal review – or hire a reliable firm to assist you – to perform an assessment of your risk exposures in your balance sheet, portfolio of holdings, interest rate risk, and market/customer base, for concentration of systemic and industry risk, along with risk mitigation currently in place.
If something similar to what prompted recent bank failures is present at your firm, it’s essential to develop a strategy to address and mitigate that risk, along with appropriate communications with regulators.
Veloz Partners:
Obviously because SVB was so big in the tech industry, the impact on tech companies are at the forefront of this crisis. But let’s talk about fintech companies.
The typical fintech company is not a licensed bank nor a financial company in the traditional sense. Certainly, depending on which fintech CEO I've talked to, some founders see themselves as a technology and much less as a financial services company! Please share from a compliance and risk standpoint how the typical fintech business model is looked at given that they typically will operate with a sponsor financial institution, which unto itself is not a bank but rather private credit.
Todd Greer, GRC expert:
This is a great topic. In my view, fintech firms are definitely subject to impact and risk here.
While regulators may not directly supervise fintech companies (in most cases), the fintech must satisfy the requirements of a sponsor bank or financial institution, which IS regulated by a state and/or federal regulator.
Regulators conduct supervisory activities like exams and continuous monitoring, which including looking at management and financial reporting, and submitting ad hoc requests during significant events, like these recent bank failures, the outbreak of war in Ukraine, and such.
As third parties, fintech firms can be in scope for regulatory supervision and oversight of the sponsor firms. If a fintech firm’s business model and the industry(ies) and customer base it focuses on fall into an area of regulatory concern, the fintech could be negatively impacted.
Regulators expect sponsor banks to manage and mitigate third party risk, so fintechs may experience a more proactive or stringent level of oversight, monitoring, and requirements to qualify for the sponsor bank’s programs. This may require the fintech to strengthen their own GRC programs and allocate additional resources such as headcount and technology in order to retain the relationship with the sponsor firm.
Veloz Partners:
Given those salient points, what type of impact would the typical fintech company have in the immediate term due to these bank failures beyond the impact of not having access to their funds to fund payroll, operations, etc?
Todd Greer, GRC expert:
To me, the first concern for a fintech firm would be the uncertainty from failure or regulator closure of a sponsor bank – which would be compounded if the fintech has only a single sponsor bank.
Also, as I said earlier, if the unique value proposition of the fintech falls into an identified area of concentrated system, interest rate, industry, etc. risk for the sponsor bank (or for the broader banking system akin to what we’re seeing with SIVB and Signature Bank), that spells uncertainty and risk for the fintech.
If you are company management, a founder team, investor, or board member and would like to learn more about how Veloz Partners can assist your company please email to inquiries@velozpartners.com.