Why banks fail

Identifying and overcoming vulnerabilities in your risk and resolution management framework

In March 2023, a series of bank failures sent shockwaves through the global financial system. Three regional US banks – Silicon Valley Bank, First Republic Bank, and Signature Bank – fell in swift succession, marking some of the biggest bank failures in the country’s history. Meanwhile, in Europe, Credit Suisse was dealt with an unmanageable crisis, ultimately leading to its acquisition.

After a decade of relative calm in the banking industry, these sharp and sudden failures hit especially hard. They’ve prompted many post-mortem analyses, discussions, and regulatory recommendations. But are other institutions really taking the lessons learned to heart? In our view, many banks’ risk and resolution management practices still aren’t robust enough to withstand future shocks – and it’s leaving them vulnerable to failure.

A complex web of vulnerabilities

It’s not just one blind spot that causes banks to fail, but a buildup of vulnerabilities. There are eight key areas where we currently see banks falling short:

1. Liquidity (access and actual position). Many banks struggle with uninterrupted access to liquidity and may even lack visibility of actual liquidity sat within their accounts. This disconnect can hinder effective crisis management. Linking access to liquidity with clear actions as part of business as usual is crucial.
2. Measurement and modelling. An inability to properly measure and model the true financial resilience linked to the management of risks can lead to inaccurate assessments and poor decision-making.
3. Culture. A lack of formal and/or informal management accountability, governance structures, and risk management can compound failures.
4. Crisis timeline and communication. Some banks lack a proper communication playbook for crises, making it challenging to manage consumer sentiment and media and market response effectively.
5. Data availability and accuracy. Many rely on assumed information that is often days (if not weeks) old. Data needs to be as close to real time as possible to identify and manage risks as they happen.
6. Finance capability. A lack of a robust and empowered finance function with inconsistency of information and timing across product control, accounting, management information and linking to liquidity (above and beyond regulatory requirements) can undermine a bank’s stability.
7. Portfolio diversification. Over-exposure to a few sectors can make a bank more susceptible to nuance and wider market fluctuations, economic uncertainty, or increased regulation.
8. Trust. An unfavourable market view, either through perception or reality of a bank’s profitability, management credibility, and/or balance sheet validation can erode trust and exacerbate crises.

Closing the gaps

A common thread running through these vulnerabilities is disconnection – whether it’s between different banking functions or between planned scenarios and reality.

For example, one bank met all regulatory capital and liquidity requirements on paper. However, when things started unravelling, and the bank re-assessed its cash positions, its actual reserves were orders of magnitude lower than what had been measured. It turned out that many customers – including large institutional ones – failed to meet payment obligations because they were concerned about the bank’s viability. This highlights a fundamental challenge with risk management – when people don’t behave as predicted or expected, that disconnect can be lethal.

Risks can also lay hidden in organisational silos. Having consistent, up-to-date data is key to accurately judging risk and responding in a crisis. However, this information often lies trapped within individual functions – limiting banks’ ability to understand and respond to risk holistically.

The same approach often extends to scenario planning, where banks look at individual categories of risk – liquidity, credit, capital, etc. – in isolation. But this isn’t how a crisis plays out in reality, where intersecting risks and chains of events can coalesce to bring down banks.

Compounding the problem is that regulators haven’t established a mandate for having an integrated risk management capability, but only reporting. Many banks will naturally do the bare minimum needed to comply, which in this case, means creating a series of reports. It leaves many without the truly joined-up capability that they rely on day-to-day to better manage risk. To be able to respond rapidly and effectively in a crisis, risk management and resolution frameworks must be embedded in business as usual, rather than being left on the shelf as a regulatory tick box.  

Three ways to improve resilience and recovery

It’s clear that banks still have a way to go in strengthening their capabilities around resilience, recovery, and resolution. But how can organisations develop a truly comprehensive and coherent strategy? To start, we’ve outlined three areas for action:

1. Improve oversight and challenge. A strong risk culture is essential to managing evolving risks. All teams must be clear on the banks’ risk and resolution framework, and individuals should understand their role in delivering on it. It’s also important to cultivate a climate where people feel empowered to speak up, raise concerns, and challenge executives where necessary, rather than blindly following along with decisions from the top.  
2. Test scenarios thoroughly and often. Accurate modelling of stressed scenarios is essential to robust recovery and resolution. Banks should make sure their models include potential legal entity structures and booking models. They should also develop simulations that account for the interconnectedness of events and associated risks. This will make it easier to identify blind spots and weaknesses and take faster action when real risk events happen.
3. Get connected. Embedding resolvability into business-as-usual will require modifying risk management, contingency planning, operational policies, procedures, and governance. The interconnectivity of these frameworks requires an enterprise-wide approach, requiring banks to be broader with their assumptions and views.

Banks will understandably want to put the failures of 2023 behind them – but they ignore the issues raised by these events at their own peril. Institutions that continue to pay lip service to regulatory recommendations and put risk and resolution management on the back burner are playing a dangerous game. With threats only getting more complex and interconnected, any bank that doesn’t act now could well be the next domino to fall. 

If you’re looking to reassess your approach to risk and resolution management, get in touch – we’re here to help.