SILICON VALLEY BANK COLLAPSE: Lessons for Boards: Board members with risk management experience are important--but a company also needs a chief risk officer.

• Author: Meyer, Keith

With the collapse of Silicon Valley Bank (SVB) dominating the headlines and the impacts reverberating through the banking industry, the incident has brought to the forefront several key ways in which the company's board fell short of managing risk, ultimately precipitating the crisis at hand. Moving forward, there are important governance lessons that boards--both in the banking industry and more broadly--should take away from recent events and steps they should take to proactively manage their exposure to risk.

LESSONS TO LEARN

First and foremost, board members cannot serve as a substitute for key executives. Case in point: The chief risk officer (CRO) position at SVB was left unoccupied for the better part of the past year, a period when board risk committee meetings more than doubled to 18, according to company records. CROs play a crucial role in the well-being of a financial institution and are the key operational resource for the risk committee. By failing to fill such a critical role in the management of enterprise risks, SVB left itself vulnerable to a situation exactly like the one that ultimately unfolded.

The chain of command for risk approval, management, mitigation and oversight needs to be prioritized. The management at each step must have more experience in these core risks than those seeking approval--a very simple best practice. Once the issue reaches the board's risk committee, these risks should be prioritized based on the most significant threats to the organization. For SVB, this fundamental process broke down at the CRO level and was exacerbated by the lack of risk experience on the risk committee.

Additionally, boards must bear in mind that risk committees should be led by at least one individual who is a seasoned risk management professional. This professional must have prior experience identifying, assessing and managing risks inherent in a company's business across the full economic cycle. Supplementally, this demonstrates a need for a breadth and depth of risk management experience in the boardroom.

Large banks with $50 billion or more in consolidated assets are required by law to maintain a risk committee that reports directly to the bank holding company's board. After the financial crisis, an amended version of the Dodd-Frank Wall Street Reform and Consumer Protection Act was passed, stating that risk committees must include at least one member with experience in "identifying, assessing and managing" risk...