2.1. The Impact of Liquidity and Capital Requirements in the SVB Failure

As already mentioned, one of the most controversial issues in the SVB crisis concerned the waivers to the Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio (NSFR) requirements devised by the 2018 reform in favour of smaller U. S. banks. Indeed, the institutions with consolidated assets of less than $250 billion and wholesale weighted short-term funding of 942less than $50 billion were fully exempted from the application of these provisions.^[26]

Such amendments were highly criticized, because “bank insolvency is ... usually triggered by illiquidity”, often generated by the difficulty of coping with sudden asset depreciation and subsequent deposit withdrawal.^[27] This was true also for SVB failure. Indeed, according to official estimates, such exemption allowed SVB to drastically reduce its short-term liquidity requirements (LCR) and set aside high-quality liquid assets (HQLA) of just 82.6 percent of the net cash flows needed to cope with adverse market conditions over a 30-day time horizon^[28]. In this regard – as assessed by other studies – to align with the average of the U. S. banking industry (i.e., 125%), SVB would have had to set aside HQLA for an additional $36 billion.^[29]

Most strikingly, also market dynamics proved to be incapable to correct such failure, spontaneously directing banks towards socially virtuous behaviour even without clear-cut rules.^[30] Indeed, the 2018 reform of LCR requirements has exempted banks from numerous disclosure obligations,^[31] making it more complex for depositors and investors to obtain the information needed to police management decision.^[32]

943As to capital requirements, some authors have also pointed out loopholes in the U. S. accounting and prudential regulations of non-trading book activities^[33]: i.e., those investments that a bank has decided, in the exercise of its managerial discretion,^[34] to keep in its portfolio until their natural maturity. Because of this peculiar feature, intermediaries can evaluate their ‘held-to-maturity assets’ without considering possible market price fluctuations and focusing only on credit risk and their amortized historical cost.^[35] Nonetheless, such investments are still exposed to changes in interest rates. This should prompt banks to arrange appropriate hedging strategies should it be necessary – despite the original expectations – to sell a substantial portion of these assets.^[36] However, in the absence of a specific regulation,^[37] such risks may not be adequately reflected in the regulatory capital and corporate accounting.^[38]

As of 31 December 2022, held-to-maturity assets represented 76% (i.e., $91,32 billion) of the SVB investment securities and half of its total assets,^[39] “nearly double” the average of the U. S. large institutions.^[40] Still, in the absence of an appropriate regulation, SVB was able to conceal in its balance-sheet potential losses of approximately $15.1 billion,^[41] finding itself unable to sell these assets to relieve the sudden liquidity shortfall safely. Indeed, had SVB sold part of its held-to-maturity investments, it would have been required to recognise the unrealized losses on a substantial portion of its portfolio.^[42]

944In conclusion, as the Federal Reserve expressly acknowledged, there is little doubt that the 2018 reform of the U. S. banking system created a “weaker regulatory framework”. Indeed, “in the absence of these changes”, SVB “would have been subject to enhanced liquidity risk management requirements, full standardized liquidity requirements,” and “enhanced capital requirements”, bolstering its resilience and possibly mitigating the systemic effects of its crisis.^[43]

2.2. Liquidity and Capital Requirements and the Scope of Proportionality. The European Framework

Liquidity and capital requirements represent the backbone of prudential regulation. Not only do they provide additional funds and high-quality assets in times of market distress, but they also restrict banks (ex-ante) from taking up excessive risks by adding ‘artificial’ regulatory costs: that is, by making banks ‘internalise’ the social costs of their activity.^[44] For this reason, as the crisis of SVB clearly shows, such requirements should not be incautiously relaxed, even for smaller banks.

In principle, the case for proportionality may appear weaker in relation to liquidity and capital requirements as such, while it may advocate for simpler regimes applicable to smaller institutions (for example, providing simplified calculation criteria and formulae). In general terms, the rationale for proportionality is to mitigate the fixed costs of regulation for smaller intermediaries, which do not possess adequate economies of scale. Capital requirements and liquidity provision, instead, represent variable costs (proportional ‘in nature’ and calibrated according to the actual risks taken by each institution): for this very reason, the level of coverage against such risks should be outside the scope of proportionality. Indeed, the choice to provide a milder regulatory capital regime for smaller institutions is likely to be a political one, aiming at promoting specific economic and industrial goals^[45] rather than implementing proportionality and creating a level playing field.

945Accordingly, acknowledging the importance of liquidity requirements, the international financial standards of the Basel Committee on Banking Supervision^[46] refrained from introducing any waiver on the LCR, even for small and non-complex institutions.^[47] Similar conclusions – with minimal exemptions – also hold for LCR reporting requirements.^[48] As a single exception, subject to supervisory approval, small and non-complex institutions can benefit from a simplified methodology for calculating NSFR requirements (art. 428ai CRR).

Overall, there is no doubt that this regulatory framework contributed to the development of a resilient banking system. Indeed – against a minimum LCR requirement of 100% of net cash flows (art. 412 CRR) – European banks have, on average, HQLA equal to 160% and “more than half of the existing buffers ... are made up of cash and central bank reserves, which sensibly mitigates the risk of mark-to-market losses when liquidity needs arise”.^[49]

As to the interest rate risk (one of the major drivers of SVB’s crisis),^[50] the European regulatory capital regimes are also shaped according to these principles. Banks, in particular, must set aside adequate regulatory capital even for their non-trading books assets,^[51] while supervisors retain a discretionary power to impose additional Pillar-2 capital requirements against this risk. In this context – specifically addressing one of the most dramatic issues that 946brought to the collapse of SVB – European intermediaries are also required to “take into account ... the potential for actual losses to be incurred under stressed conditions, or as a result of secular changes in the market environment” (e. g., “where it might become necessary to liquidate positions that are intended as a long-term investment to stabilise earnings”).^[52]

At the same time, European institutions must implement appropriate governance arrangements to “identify, measure, monitor and control” all the risks arising from changes in interest rates (the so-called interest rate risk arising from the banking book, or IRRBB).^[53] In particular, the management body is expected to implement a proper IRRBB strategy, identifying stringent limits to the bank’s exposure to these risks.^[54] This strategy must be fully aligned with the bank’s overall risk appetite framework,^[55] and it must consider “the extent to which the business model relies on generating net interest income by ‘riding the yield curve’” (i.e., “funding assets with a comparatively long repricing period with liabilities with a comparatively short repricing period”). Notably, should the bank rely heavily on this source of earnings, (as SVB did^[56]) the management body must specifically address how the institution “plans to survive periods of flat or inverse yield curves”.^[57] Against this background, it is also expressly stated that accounting principles “should not drive” the bank’s “risk management approach” (still, directors should always “be aware of the effects of accounting policies”).^[58]

Once again, small and non-complex institutions are subject to the same discipline, although they can apply these rules “in a proportionate manner, depending on the level, complexity and riskiness” of their overall portfolio.^[59]

3.1. The European Framework on Corporate Governance

It is broadly acknowledged that the establishment of organisational, administrative, and accounting arrangements is essential to ensure a credit institution’s sound and prudent management.^[64] For this reason – with few exceptions (e. g., theappointment of a risk committee inside the board;^[65] the possibility to combine risk management and compliance functions;^[66] or the assignment of the outsourcing function to a board’s member^[67]) – all European banks are required to comply with the same set of rules, especially with reference to risk management and internal controls. In this framework, proportionality is very limited 948in scope and only represents a simple criterion to ‘shape’ the general application of uniform rules according to “the nature, scale, and complexity of the risks inherent in the business model and the institution’s activities” (art. 74(2) CRD IV).^[68]

More so, similar conclusions hold for the regulatory provisions on management remuneration, the variable part of which should always “reflect a sustainable and risk-adjusted performance” (art. 92(2)(g)(ii) CRD IV). According to this, the “variable remuneration components” – which should not generally exceed the amount of the total compensation fixed part (art. 94(1)(g)(i) CRD IV) – must be adjusted “for all types of current and future risks” and must take also “into account the cost of the capital and the liquidity required” (art. 94(1)(j) CRD IV). Although smaller banks may benefit from some minor exemptions (art. 94(3)(a) CRD IV),^[69] these latter do not undermine the effectiveness of the overall regulatory framework.

Once again, the European framework already provides a detailed regulatory solution to all the major concerns raised by the failure of SVB, although – it has been argued – “rules on corporate governance could be further enhanced at least in relation to remuneration and risk management”.^[70]

3.2. The Quest for Proportionality After SVB

Still, perhaps surprisingly, the analysis of the SVB crisis may suggest a partially different approach. Despite the startling deficiencies in SVB risk management and internal controls functions, the bank’s crisis had partly been caused by the materialisation of risks overlooked or underestimated even by the supervisor.^[71] To be sure, correctly identifying and evaluating all the risks to which a bank is currently exposed may be very challenging: new unaccounted risks can suddenly materialise, while supposed negligible risks may easily turn into a significant problem for a bank’s sound and prudent management.^[72]

949At the same time, predicting how a future banking crisis might unfold may be difficult, too,^[73] and cognitive biases can undermine managers’ ability to make informed decisions. As it often happens, for example, people tend to “assess the likelihood of risks by asking how readily examples come to mind” (availability heuristic),^[74] and even managers – although professionals – are prone to such biases. Banks’ directors “spent the past decade worrying about credit and liquidity risks”, while interest rates grabbed far less attention.^[75] According to behavioural economics, this cognitive background could easily drive managers toward incorrect assumptions, “influencing” how they “prepare for and respond to crisis” and make “business choices”.^[76] Such considerations may explain – at least in part – why SVB managers (and supervisors) were so blind to the risks arising from changes in interest rates.

In conclusion, it is undisputed that effective management of risks and conflicts of interest should be a primary goal of corporate governance arrangements, clearly advising against an incautious loosening of these regulatory standards. At the same time, a generalized tightening of corporate governance rules may also be counterproductive. Indeed, the need to provide more robust risk management does not necessarily require stricter limits in the banking activity and more burdensome and meticulous procedures: the European regulatory framework already addresses all the major issues the SVB crisis brought to light, and more stringent rules will only further limit the scope of proportionality affecting mostly the smallest banks. Instead, it may be helpful to rethink the global architecture of governance structures, in order to provide innovative solutions to better cope with cognitive limitations of individuals in the banking 950sector (e. g., group thinking, heard effect, or – as shown by SVB – availability heuristic).

At the same time, it should be noted that even introducing a more detailed, punctual, and overarching set of rules on risk management and internal controls does not necessarily result in a more efficient and reliable outcome^[77] (whereas it certainly increases compliance costs, especially for smaller institutions). Indeed, the current corporate governance regime relies upon pervasive networks of internal procedures and arrangements intermediaries must adopt according to the supervisory guidelines. However, “to operate successfully”, every bureaucracy “must attain a high degree of reliability of behavior” and “an unusual degree of conformity with prescribed patterns of action”, often perceived by the bank staff as an authentic ‘liturgy’. Such “ritualism ensues with an unchallenged insistence upon punctilious adherence to formalized procedure”, and it “may be exaggerated to the point where primary concern with conformity to the rules interferes with the achievement of the purposes” of the procedure itself.^[78] This structure, though, “interferes with ready adaptation under special conditions not clearly envisaged” by the management.^[79] On the other hand, highly detailed procedures and behavioral patterns also tend to ‘encapsulate’ people thinking in predefined clusters and prevent banking personnel from adapting their activity to the ever-changing economic contest, spotting the appearance of new risks, and exacerbating the problems posed by path dependencies and cognitive biases.

4.1. The Federal Reserve’s Supervisory Activity in the SVB Case

At a closer look, the SVB crisis cannot be attributed to a limited frequency of checks or a reduced intensity of investigation by the supervisory authority due to the little power conferred on it. On the contrary, supervisory interventions relating to SVB have not been lacking in recent years,^[87] even if a simplified regime has been introduced with reference to banks considered to be small.

Specifically, the Federal Reserve made some significant interventions. For example, in January 2019, the authority underlined the concern about risk management by the SVB through the Matter Requiring Attention. Towards the end of 2021, deficiencies in the bank’s liquidity risk management were found. Further findings were highlighted in May 2022. In summer 2022, the bank’s management rating was downgraded, thus activating the bank’s growth restrictions envisaged by law (Sec. 4(m) Bank Holding Company Act). In October 2022, there was the meeting with the bank’s senior management to express new concerns regarding the risk profile relating to the intermediary’s interest rate. The Federal Reserve transmitted a supervisory finding on the management of this risk in November 2022. Finally, in February 2023, there was an analysis of a report on the impact that rising interest rates could have on the financial condition of some banks in general, and with specific reference to SVB.^[88]

953In the light of this evidence, the words of the Federal Reserve chairman were not implausible when he claimed that, in relation to SVB, “supervisors did get in there and they were, as you know obviously, they were on this issue, but nonetheless, this still happened”.^[89] Even more clearly, it was recognized that “SVB’s foundational problems were widespread and well-known, yet core issues were not resolved, and stronger oversight was not put in place”.^[90]

4.2. The Main Explanations for the Supervisory Failure in the SVB Case

Given the activities undertaken by the Federal Reserve just mentioned in the previous subparagraph, the authority could not avert the SVB crisis. Therefore, as the same authority has asked,^[91] one is expected to wonder what went wrong: in other words, why the supervisory authority was unable to prevent the SVB crisis. On this point, it should be noted that the Federal Reserve has identified the main risks; instead, the problem must be underestimating these risks’ impact. In this regard, the primary explanations for this result are the following.^[92]

954First, the business of correctly identifying and estimating the extent of risks present in the financial system is very complex: “even if the authorities successfully identify a lot of risk and areas where it is taken, there is an infinite scope for risk to emerge elsewhere”^[93] or that the relevance attributed to the risks identified is different from what occurs. Therefore, Barr’s point on this matter makes sense: “we must be humble about our ability—and that of bank managers—to predict how a future financial crisis might unfold, how losses might be incurred, and what the effect of a financial crisis might be on the financial system and our broader economy”.^[94]

Furthermore, as was mentioned earlier, an evaluation error may be influenced by cognitive biases. As graphically described, supervision is ‘trained to fight the last war’: in the past decade, the main risks have been credit and liquidity; interest rate risk, on the other hand, was not a significant threat before the SVB case. The influence of this cognitive bias may therefore have been an outcome-determinative factor.^[95]

In the light of these arguments, it is possible to draw an initial conclusion: an increase in supervisory activity does not solve the problems described above.

Other dynamics may have influenced a light supervisory approach. First, it was argued that the Federal Reserve had no incentive to raise the alarm about potential interest rate risk after it was the unintended but accepted consequence of its monetary policy decisions. Second, the fact that the Basel regulatory framework assigns a zero-risk weight to sovereign bonds could explain why the risk of assets invested in sovereign bonds has been underestimated^[96]. Overall, there may have been a temptation to reduce rules and controls to encourage investments of a technological nature^[97] or, more generally, due to the 955‘culture’ of decreasing administrative costs for banks and, conversely, increasing the burden of proof for vigilance.^[98] To this, it was pointed out that the CEO of SVB (the most important bank supervised by the San Francisco Federal Reserve) served on the board of directors of the San Francisco Federal Reserve itself until the day the bank went bankrupt,^[99] even if the supervisory authority itself maintained that “the report found no evidence of unethical behaviour on the part of supervisors”.^[100]

In conclusion, the risks borne by SVB appear to have been rather simple, and indeed have been identified by the supervisor. The critical issue was instead that of having underestimated the identified risks. Consequently, it is not correct to attribute a reduced frequency of checks and a superficial analysis to supervision. These explanations could help understand why, with specific reference to SVB, it was stated that “staff relayed that they were actively engaged with SVB but, as it turned out, the full extent of the bank’s vulnerability was not apparent until the unexpected bank run on March 9”^[101]. Therefore, more than the number of controls, their quality is relevant and, above all, the way the supervised entity respects the indications of the regulatory authority.956

4.3. The European Regime

In any case, the European rules have more significant safeguards than the U. S. ones.

First, due to its size, SVB would have been qualified as a category 1 or 2 bank (large institution), with the consequence that the evaluation of all the elements of the SREP would have had a frequency, respectively, of at least one year or two years.

From a different point of view, the three-year assessments are contemplated for category 3 and 4 banks, which, however, include intermediaries with significantly different characteristics from SVB: category 3 includes small-medium institutions which, among other things, are “operating domestically or with non-significant cross-border operations, and operating in a limited number of business lines”; category 4, on the other hand, includes small and non-complex entities. In the case of banks included in category 3 or 4, however, the addition of other defence mechanisms is envisaged, among which, for example, the duty of the supervisory authorities to monitor key indicators on a quarterly basis, to produce a documented summary of the overall SREP assessment at least annually, and, finally, to update the assessments of all individual SREP elements at least every 3 years, or sooner in light of material new information emerging on the risk posed.^[102]

Suppose we draw some lessons from the SVB case. In that case, we must therefore consider that the principle of proportionality is applied differently by the U. S. and the E.U. and that the regulatory system in which it operates has peculiar characteristics. Therefore, it is incorrect to deduce from the SVB incident a need to increase supervision in the European Union. Not only was the problem mainly qualitative, and not quantitative; but also, the rules on the supervision of banks already allow for more in-depth control in Europe, compared to the U. S. regime.

5.1. The SVB’s Business Model and Its Criticalities

More specifically, SVB’s business model featured several critical elements.

As regards balance sheet liabilities, for example, the dizzying growth of bank deposits (about $212 billion at the end of 2022, compared to only $115 billion in 2020) could lead to problems for a bank because “risk controls and buffers against potential losses often don’t grow in line with new risks being taken by fast-growing banks”.^[103] Similarly, the fact that a high percentage of deposits were not protected by the FDIC (about 96%) increases the risk of a bank run.^[104] The concentration of deposits and the consequent reduction in coordination costs between depositors (who communicate with each other easily) also explain the possible herd effect which facilitates the bank run.^[105] Finally, the fact that most depositors were tech start-ups entails a high concentration risk in a specific sector. This ultimately exposes a bank to a deposit outflow if these companies need to raise liquidity, not having access to further funding rounds.

On the other hand, concerning the balance sheet assets, the purchase – during the period of explosive growth 2019-2021 – of more than $100 billion of mortgage-backed securities issued at low-interest rates, without having adequate hedges to protect their value in the event of an increase in interest rates, exposed SVB to high risk.^[106]

An inadequate business model adopted by a bank can compromise its solvency and, in the event of bank failure, the stability of the entire financial system. Therefore, to avoid this undesirable outcome, the power should be conferred upon supervisory authorities to intervene to correct a bank’s business model.

5.2. The Powers and Limits of Intervention of the Supervisory Authority on the Business Model of a Bank in the European Union

Within the European regulatory framework, the above considerations justify the powers conferred on the supervisory authority to “require the reinforcement of the arrangements, processes, mechanisms, and strategies implemented”, as well as to “restrict or limit the business, operations or network of in958stitutions or to request the divestment of activities that pose excessive risks to the soundness of an institution” (art. 104(1)(b) and (e) CRD IV; see also art. 16(2)(b) and (e) SSMR).

At the same time, the intervention of the supervisory authority with regard the business model of banks contrasts with a decision previously taken by the directors and therefore involves a constriction of the freedom to conduct a business (protected by art. 16 of the Charter of Fundamental Rights of the European Union and by the European Convention for the Protection of Human Rights and Fundamental Freedoms).^[107] Therefore, although the SREP assessment contemplates it, is a delicate aspect.

Still, the freedom to conduct business is not absolute. Protecting a specific constitutional freedom could prejudice another freedom or general interest. Therefore, it is possible to restrict the freedom to conduct a business to pursue another interest (such as stability), provided that an adequate balance between potentially conflicting interests is guaranteed. From this perspective, “it likewise seems legitimate that these rights should, if necessary, be subject to certain limits justified by the overall objectives pursued by the Community, on condition that the substance of these rights is left untouched”.^[108]

959Regarding the matter under analysis, therefore, it is necessary to limit any excessive discretion of the supervisory authority in reviewing the business model of a bank. As has been pointed out, supervisors can identify what is not working to banks, but they cannot tell them which business areas to focus on.^[109]

Specifically, the problem also emerges from reading the EBA Guidelines on the SREP: if, on the one hand, “competent authorities may require the institution to make adjustments to risk management and control arrangements, or to governance arrangements, to match the desired business model or strategy” and, at the same time, “may require the institution to make changes to the business model or strategy”;^[110] on the other hand, “competent authorities should conduct regular business model analysis (BMA) to assess business and strategic risks”, but “without undermining the responsibility of the institution’s management body for running and organising the business, or indicating preferences for specific business models”.^[111]

What are the limits to the discretion of the supervisory authority? In addition to a constraint about the content of its intervention, the supervisory authority must verify the existence of the conditions for its intervention. It can intervene in the business model or strategy of a bank if: “a. they are not supported by appropriate organisational, governance or risk control and management arrangements; b. they are not supported by capital and operational plans, including allocation of appropriate financial, human and technological (IT) resources; and/or c. there are significant concerns about the sustainability of the business model”.^[112]

To be compliant with the indications of the Court of Justice mentioned above, of the three conditions, the third deserves further study. When exactly do “significant concerns about the sustainability of the business model” arise? This sentence is vague and lends itself to multiple interpretations. To avoid possible abusive use of this condition, it seems correct to consider this condition satisfied only when it emerges, from a stress test, that a bank cannot contain the risks assumed within its risk appetite. Indeed, internally, “the outputs of stress tests (quantitative and qualitative) should be used as inputs to the process of establishing an institution’s risk appetite and limits”.^[113] In establishing its risk appetite, a bank has then to identify a risk threshold within the risk capacity, taking into account a “forward-looking and, where applicable, subject to sce960nario and stress testing to ensure that the financial institution understands what events might push the financial institution outside its ... risk capacity”.^[114]

In conclusion, if a bank, even under conditions of stress, satisfies its risk appetite, the supervisory authority cannot intervene on the bank’s business model. Conversely, the supervisory authority would violate the criteria identified by the Court of Justice. Rather, the supervisory authority can intervene ‘indirectly’ by identifying the stress scenarios that limit the choices of banks in setting the risk appetite.^[115]