Corporate Governance
Lessons for Directors From Recent Bank Failures
July/August 2023
Download This Article (.pdf)This article gives an overview of recent bank collapses and offers practical guidance for advising corporate directors about banking risks and fiduciary duties.
The recent collapse of Silicon Valley Bank (SVB), Signature Bank, and First Republic Bank (First Republic), and the near calamitous fallout on the financial sector and many companies, should be a wake-up call. There are lessons in failure. Many companies may benefit from a closer examination of existing board governance structures to determine whether increased oversight of management and operations is necessary. This article provides an overview of fiduciary duties and offers practical guidance for reviewing and improving management practices.
Overview of the Bank Failures
In less than 48 hours, one of the largest banks in the United States collapsed. SVB, a 40-year-old respected financial institution, was a go-to lender for many technology companies and venture firms. The lender was struggling over the last year as market factors impacted liquidity and its investments in securities came under severe pressure due to rising interest rates. Overnight, SVB found itself confronting a classic run on the bank fueled by the split-second speed of technology, with depositors attempting to withdraw billions of dollars.1
On March 10, 2023, the regulators closed SVB and appointed the Federal Deposit Insurance Corporation (FDIC) as receiver. Within two days of SVB’s collapse, New York-based Signature Bank fell victim to a similar fate and was shut down. All accounts at both banks were frozen. Thousands of companies were instantly deprived of access to cash on deposit, and credit facilities critical to operations were inaccessible. As a result, many companies found themselves suddenly unable to access funds necessary for payroll and other operating expenses and were scrambling to obtain capital. A substantial risk of additional (and permanent) loss to customers was presented by the fact that about 97% of all deposit accounts at SVB by value were not covered by FDIC insurance, which limits coverage to $250,000.2 Signature Bank lost 20% of its total deposits in a matter of hours on the same day SVB failed.
The federal government acted swiftly and took extraordinary measures that permitted the FDIC and the Treasury Department to guarantee both insured and uninsured deposits maintained at SVB and Signature Bank. Additionally, government action allowed depositors full access to their accounts within days of the banks’ shutdown. Scores of companies averted their own financial disaster due to the federal rescue.
The Board of Governors of the Federal Reserve System3 and the FDIC4 each issued reports in the aftermath detailing underlying causes of the bank failures. The reports cite regulatory failures but also blame weak corporate governance practices and failures by management as problems. In the case of Signature Bank, the FDIC reported that bank management chased growth “without developing and maintaining adequate risk management practices and controls appropriate for the size, complexity and risk profile of the institution.”5
On May 1, 2023, San Francisco-headquartered bank First Republic became the second-largest bank in American history to fail. The FDIC announced the closure of the bank and the sale of most of its deposits and assets to JPMorgan Chase on the same day. The failures of all three financial institutions can be, at least in part, attributed to their management’s failure to adequately prepare for the impact of market changes on liquidity. SVB, Signature Bank, and First Republic suffered from an inability to cope with a rising interest rate environment dictated by the Federal Reserve Bank and the related increases in the costs of doing business.6 Boards of directors across all industry sectors, not just those in banking and technology, need to consider their fiduciary duties as well as additional steps that can be taken to identify and mitigate risks.
Duties of Directors and Officers
Corporate directors and officers owe fiduciary duties to the corporation and its shareholders that include the duty of loyalty and the duty of care.7 A breach of those duties can result in liability that may not be exculpated by the organization’s charter documents.8 Creditors can become beneficiaries of these duties in some jurisdictions when a corporation is insolvent.9
The duty of loyalty requires fiduciaries to act in good faith for the benefit of the corporation. The duty of care requires directors and officers to use the same amount of care that an ordinarily prudent person would use and make informed decisions when exercising judgment.10
Fiduciary Duties Include Duty of Oversight
Corporate law charges the board of directors with managing the affairs of a company, with officers managing the day-to-day business operations. The duty of care requires directors and officers to manage business risks, which includes the duty of oversight. This duty imposes an obligation to implement effective “reporting or information systems or controls”11 and to monitor them such that the board can exercise oversight and address “red flags” signaling potential issues.12
Directors are entitled to the benefit of the “business judgment rule” in discharging their oversight obligations such that bad—even dumb—business decisions do not in and of themselves give rise to liability.13 The business judgment rule is codified by statute for Colorado corporations and associations.14 The rule establishes a presumption that directors, in making business decisions, acted in good faith and on an informed basis.15 Failing to implement any reporting or information system or controls or, having implemented such system or controls, consciously failing to monitor or oversee operations may result in liability for breach of fiduciary duty.16 Directors cannot simply sit back and assume all is well and claim to have discharged their duty of oversight.17
Within just two days after SVB’s closure, shareholders commenced a class action suit against SVB’s parent holding company and two of its top executives, citing securities violations attributable to failures to make adequate disclosures of interest rate risks and negligence with respect to internal controls and financial reporting.18 Whether a director or executive acted with reasonable care with respect to risk management and fulfilled their fiduciary duty is highly fact-specific and viewed by litigants with 20/20 hindsight.
Takeaways for Sound Corporate Governance
There are sobering lessons to be learned from the collapse of SVB, Signature Bank, and First Republic that every organization should at least take notice of in the context of sound corporate governance and mitigating the prospect of oversight liability. The fallout from the collapse has broad implications and demonstrates the need for a thoughtful design and periodic review of governance protocols.
Below are recommendations for practitioners to consider when advising companies how to assess, educate, and improve their boards of directors.
Consider Board Composition
Board composition is important because, as the saying goes: The buck stops here. Directors should understand the business they oversee and should add value to the organization. Directors should be selected who understand their responsibilities and have broad backgrounds with relevant industry expertise in order to ensure connection, experience, and alignment with business strategy. A seasoned, board-level risk management professional with prior experience in identifying and managing risks can be indispensable to effective oversight.19
Understand the Relationship Between Depositor and Financial Institution
A deposit is an unsecured loan to a financial institution. It is that simple. As such, a depositor is a creditor that will only get its money back if the institution remains solvent (subject to the FDIC insurance protection that limits coverage to a maximum of $250,000).
Assess Governance and Risk Management Protocols
Each failure of SVB, Signature Bank, and First Republic was largely a result of the bank failing to properly assess and manage risk and the board’s failure to recognize the magnitude of exposure created by investment decisions during a period of rising interest rates. Protocols should be established and periodically reviewed to ensure that reporting responsibilities at all levels of the organization foster risk identification, transparency, communication, management, and decision-making.
Make Corporate Governance a (Renewed) Priority
A sound governance structure is essential to a business’s sustainability. According to the FDIC and the Federal Reserve, SVB and Signature Bank pursued rapid growth without developing or following commensurate risk management practices and controls: “Key decisions were often made by individuals or small informal groups of executive officers, without always following prescribed processes.”20 “SVB failed because of a textbook case of mismanagement by the bank.”21 A detailed review of the chain of command for risk approvals, management, and board or committee involvement should be prioritized.
Challenge Management Forecasts
The board should establish sound metrics and challenge management’s assumptions. In addition, directors need accurate and timely information regarding the organization’s performance against established metrics that account for various scenarios (including the worst case). Management at both SVB and Signature Bank switched to less conservative stress-testing assumptions (masking liquidity crises) after failing their own original liquidity stress tests and risk metrics.
Hold Management Accountable
In reviewing the causes of the banks’ collapse, regulators found that despite the existence of incentive plans, there was no motivation to manage risks. In fact, the board of directors at SVB “did not hold management accountable for effectively managing the firm’s risks” and therefore management “did not do so effectively.”22
Understand Concentration Risk
One of the factors that led to the collapse of SVB was its large customer concentration in one industry: technology. When tech companies began to experience economic pressure and liquidity from venture firms was not as readily available as in the past, they began drawing on deposits to meet operating demands. This left the bank vulnerable. Signature Bank was similarly concentrated in cryptocurrency. In any industry, it is prudent to understand the risks and potential business impacts of customer concentration and a lack of diversification.
Recognize the Impact of Technology
One of the primary contributing factors to the collapse of SVB, in particular, was the speed with which news of pending problems spread—social media was, for instance, instrumental—and the speed with which customers were able to withdraw their funds. No depression-era lines were winding outside the bank. Just a few keystrokes to move money is all it took. More than $42 billion was withdrawn from SVB in a single day. Companies need to consider how technology may narrow the time frame within which the board and management must receive and react to critical operational information. The importance of timely communication should be stressed at all levels.
Adjust Treasury Management Practices
The immediate liquidity problems and risk of substantial losses confronting thousands of SVB customers following the bank’s collapse require a careful examination of and potential adjustment to existing cash management practices and deposit strategies. Companies should evaluate sweep account services and insured cash sweep programs to increase protection for financial assets. Deposit placement arrangements that move money back and forth between deposit or checking accounts and investment accounts, often after they reach the $250,000 threshold protected by the FDIC, should be evaluated.
Examine Banking Relationships
Recent events should compel a review of existing banking relationships as well as loan documents. There is no such thing as “too big to fail.” And even the largest banks can succumb to computer glitches and cyberattacks that can lead to a sudden unavailability of funds. Multiple relationships can provide not only investment diversification but a “plan B” for access to needed funds on deposit.
Develop and Review Financial Oversight and Contingency Plans
Management should consider developing financial oversight strategies for addressing expected cash inflows and outflows over a relevant period together with assessing available sources of funding. A contingency funding plan, whether through reserves or alternative capital sources, eases an unexpected liquidity crunch, mitigates risk, and is sound fiscal management. Management needs to be able to identify and address problems quickly. SVB “waited too long to address its problems, and ironically, the overdue actions it finally took to strengthen its balance sheet sparked the uninsured depositor run that led to the bank’s failure.”23 Similarly, Signature Bank’s contingency plans for additional capital lacked sufficient attention to detail that prevented their enactment.
Avoid Exclusivity
Companies should examine existing loan documents to determine if there are exclusivity clauses or limitations on their ability to set up bank and investment accounts at other financial institutions. In addition, the review should determine whether bank covenants with respect to access and payment obligations (such as commitment fees) are abated or if setoff rights exist if cash becomes unavailable. Companies should try to avoid exclusivity in new arrangements.
Mitigate Impacts of Lender Distress in Financings
An inability to access committed capital due to financial issues that emerge with one or more lenders in a credit facility can adversely impact the parties’ expectations with respect to the credit facility. Companies should ensure that syndicate management tools, such as market-based defaulting lender provisions, are included in documentation with deals involving a lender group.
Consider Enhanced Due Diligence on Banking Relationships in M&A Transactions
A detailed review of banking relationships of target companies or merger counterparties should be considered when undertaking transactions, including a protocol for the immediate transfer of funds and accounts to preferred institutions if necessary. This has not typically been a part of regular due diligence practices for many, and now should be.
Review Risk Factors and Other Disclosures
Annual and quarterly reports and other public disclosures should not be viewed as boilerplate communications. These filings should be carefully reviewed by directors and officers to ensure that the filings adequately disclose the company’s material risks, including those relating to liquidity and access to cash, and do not overstate the security of the corporation’s investment or depository strategy.
Revisit Investment Policies
Consider revising existing investment policies to determine whether they should be updated to diversify account requirements and other measures intended to secure the financial condition of the company and ensure continuity in the event an institution fails. Adjustments should be made to ensure the protection for accounts and cash equivalents from credit risk attributable to a depository institution.
Review D&O Protections
Directors and officers should fully understand the scope of existing directors’ and officers’ insurance liability coverage. Additionally, a review of the organization’s charter documents should be undertaken to ensure adequate indemnification and other protections are in place.
Conclusion
The collapses of Silicon Valley Bank, Signature Bank, and First Republic Bank represent perhaps the most significant financial disasters of the 21st century—proving the principle that even the unthinkable can happen. The collateral impact of the banks’ failures on the financial sector and business community underscores the need for vigilance in managing risk. While a number of topics and takeaways discussed in this article may not be on the agenda for every board, effective oversight by directors may now require a more critical examination of certain matters traditionally left to management. This is particularly true, as discovered by many after the collapses, when a company’s cash management system threatens to pose a significant risk to the enterprise. Effective oversight requires an informed and thoughtful board.
Related Topics
Notes
1. See https://hollandhart.com/silicon-valley-bank-collapse-navigating-risk-and-implications for a description of the history and issues arising from the collapse of SVB.
2. It was common for SVB to require borrowers to maintain deposit accounts exclusively at the bank as part of credit arrangements.
3. Review of FDIC’s Supervision and Regulation of Silicon Valley Bank, Federal Reserve (Apr. 28, 2023), www.federalreserve.gov/publications/files/svb-review-20230428.pdf.
4. FDIC’s Supervision of Signature Bank, FDIC (Apr. 28, 2023), www.fdic.gov/news/press-releases/2023/pr23033a.pdf.
5. Id. at 2.
6. Saul, “First Republic Bank Failure: A Timeline of What Led to the Second-Largest Bank Collapse in U.S. History,” Forbes (May 1, 2023), https://www.forbes.com/sites/dereksaul/2023/05/01/first-republic-bank-failure-a-timeline-of-what-led-to-the-second-largest-bank-collapse-in-us-history/?sh=6203b22067b7 (Paul Christopher of Wells Fargo stated that “[t]he balance sheets of the three failed banks shared a vulnerability to rising rates that exceeds that of most other regional banks.”).
7. Corporate officers—not just directors—owe a fiduciary duty of oversight that applies to matters within their area of responsibility. In re McDonald’s Corp. Stockholder Deriv. Litig. (MacDonald’s Fairhurst), No. 2021-0324, 2023 WL 387292 at *2, *18 (Del.Ch. Jan. 25, 2023). Accord Gantler v. Stephens, 965 A.2d 695, 709 (Del. 2009) (“the fiduciary duties of officers are the same as those of directors”).
8. The Delaware General Corporation Law authorizes a corporation to include in its certificate of incorporation “[a] provision eliminating or limiting the personal liability of a director or officer to the corporation or its stockholders for monetary damages for breach of fiduciary duty as a director or officer . . . .” 8 Del. C. § 102(b)(7). An exculpation provision cannot, however, extend to claims for a breach of loyalty, intentional misconduct, bad faith, knowing violations of the law or transactions for which an improper personal benefit is derived. Id. In Colorado, the director’s standard of care may also be modified in the articles of incorporation. See CRS § 7-108-402(1)(c).
9. Contra CRS § 7-108-401 (providing that no fiduciary duty of a director or officer is owed to a creditor when it arises “only from the status as a creditor, whether the corporation is solvent or insolvent”).
10. See CRS § 7-128-401(1) (Nonprofit Corporation Act) and CRS § 7-108-401(b).
11. Stone ex rel. AmSouth Bancorporation v. Ritter, 911 A.2d 362, 370 (Del. 2006).
12. See CRS §§ 7-108-401(1) and -402(1)(d). See also In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959, 967 (Del.Ch. 1996); Marchand v. Barnhill, 212 A.3d 805, 821 (Del. 2019) (indicating that directors “must make a good faith effort to implement an oversight system and then monitor it”).
13. The boardroom, rather than the courtroom, is the appropriate forum for addressing purely business questions and the substitution of someone else’s business judgment for that of the directors “‘is no business for any court to follow.’” Kamin v. American Express Co., 383 N.Y.S.2d 807, 811 (Sup.Ct. 1976) (quoting Holmes v. Saint Joseph Lead Co., 84 Misc. 278, 283 (1914) (Cardozo, J.)). “It is not enough to allege . . . that the directors made an imprudent decision . . . . More than imprudence or mistaken judgment must be shown. ‘Questions of policy of management, expediency of contracts or action, adequacy of consideration, lawful appropriate of corporate funds to advance corporate interests, are left solely to [the board’s] honest and unselfish decision, for their powers therein are without limitation and free from restraint, and the exercise of them for the common and general interests of the corporation may not be questioned, although the results show that what they did was unwise or inexpedient.’” Id. (quoting Pollitz v. Wabash R.R. Co., 100 N.E. 721, 724 (N.Y. 1912)).
14. CRS § 7-128-401.
15. Ajay Sports, Inc. v. Casazza, 1 P.3d 267, 275 (Colo.App. 2000).
16. Stone v. Ritter, 911 A.2d 362, 369 (Del. 2006). A director is liable for money damages if the person asserting liability can establish that there is a “sustained or systematic failure by the director to exercise oversight” with respect to the business and affairs of the corporation. CRS § 7-108-402(1)(e).
17. Loewenstein, “The Corporate Director’s Duty of Oversight,” 27 Colo. Law. 33, 35 (May 1998).
18. See Chapman, Associated Press, “Class Action Lawsuit Filed Against Silicon Valley Bank Parent Company,” PBS News Hour (Mar. 14, 2023), https://www.pbs.org/newshour/economy/class-action-lawsuit-filed-against-silicon-valley-bank-parent-company.
19. SVB did not have a chief risk officer for the last eight months of 2022 and navigated through investment decisions, rising interest rates, and a slowing economy until it filled that role within only a few months before the collapse.
20. FDIC, supra note 4 at 9 (“[Signature] bank’s organizational structure lacked clear decision-making processes, transparency as to who made decisions, and documentation as to approval and escalation protocols.” There were also instances of “concentrated authority without adequate safeguards.” Id.
21. Federal Reserve, supra note 3, at 1.
22. Id at i, 4.
23. Testimony of Barr, vice chair for supervision, before the US Senate Committee on Banking, Housing, and Urban Affairs, Washington, D.C. (Mar. 28, 2023), https://www.federalreserve.gov/newsevents/testimony/barr20230328a.htm.