Good Governance: Where Was the Supervisory Committee at Silicon Valley Bank?

Recent bank failures in the United States have raised concerns with individuals and businesses alike. On March 10, 2023, Silicon Valley Bank failed after a bank run, marking it the third-largest bank failure in United States history and the largest since the 2007-2008 financial crisis. It was one of three U.S. bank failures in March.

A commercial bank founded in 1983 and headquartered in Santa Clara, California, SVB was, at its collapse, the 16th largest bank in the U.S. by total assets and heavily skewed toward serving companies and individuals from the technology industry. Numerous U.S. venture capital-backed healthcare and technology companies were financed by SVB. Companies such as Airbnb, Cisco, Fitbit, Pinterest and Block Inc. have been clients of the bank. 

In addition to financing venture-backed companies, SVB was well known as a source of private banking, personal credit lines and mortgages for tech entrepreneurs; it specialized in lending money to higher-risk newly formed companies. SVB required an exclusive relationship with those borrowing from the bank, meaning that SVB was the only bank these clients used, which increased the risk for the clients and the bank.

The review of the Board of Governors of the Federal Reserve System from April 28, 2023, states:

Silicon Valley Bank (SVB) failed because of a textbook case of mismanagement by the bank. Its senior leadership failed to manage basic interest rate and liquidity risk. Its board of directors failed to oversee senior leadership and hold them accountable. And Federal Reserve supervisors failed to take forceful enough action, as detailed in the report. 

Our banking system is sound and resilient, with strong capital and liquidity. And in some respects, SVB was an outlier because of the extent of its highly concentrated business model, interest rate risk, and high level of reliance on uninsured deposits; however, SVB’s failure demonstrates that there are weaknesses in regulation and supervision that must be addressed. Regulatory standards for SVB were too low, the supervision of SVB did not work with sufficient force and urgency, and contagion from the firm’s failure posed systemic consequences not contemplated by the Federal Reserve’s tailoring framework.

As credit unions, we might be asking, “Where was the supervisory committee in all of this?” Notably, because SVB is a bank, it did not have a supervisory committee, but it did have an audit committee. What’s the difference between the two?

Supervisory Committees

A credit union’s supervisory committee safeguards member assets by ensuring the institution is operating properly. It has broad oversight authority to hold a credit union’s board of directors and senior management accountable for fulfilling their responsibilities in the interests of the credit union’s members, and for operating according to sound business, ethical and regulatory standards.

The Federal Credit Union Act requires federal credit unions to have a supervisory committee comprised of three to five individuals appointed by the board of directors. To serve on the committee, the person must be a member of the credit union and bondable by the credit union’s surety bond company.

Individual state laws may have different composition and appointment requirements for federally insured state credit unions. For example, state law may require supervisory committee members to be elected by the membership or may designate an audit committee to fulfill the basic supervisory committee functions.

Federal credit union bylaws prohibit credit unions from including credit committee members, the chief financial officer or any credit union employees in a supervisory committee role. The FCUA permits one board member to serve on the supervisory committee so long as that board member is not a compensated officer. These prohibitions and limitations protect the supervisory committee’s independence.

Audit Committees

In contrast, the primary purpose of an institution’s audit committee is to provide oversight of the financial reporting process, the audit process, the company’s system of internal controls, and compliance with laws and regulations.

The audit committee reviews significant accounting and reporting issues and recent professional and regulatory pronouncements to understand the potential impact on financial statements. An understanding of how management develops internal interim financial information is necessary to assess whether reports are complete and accurate.

The committee reviews the results of an audit with management and external auditors, including matters required to be communicated to the committee under generally accepted auditing standards. Controls over financial reporting, information technology security and operational matters normally fall under the purview of the committee. The audit committee is responsible for the appointment, compensation and oversight of the work of the auditor, who reports directly to the audit committee, not management.

Audit committees meet separately with external auditors to discuss matters that the committee or auditors believe should be discussed in camera. The committee also reviews proposed audit approaches and handles the coordination of the audit effort with internal audit staff. When an internal audit function exists, the committee will review and approve the audit plan, review staffing and organization of the function, and meet with internal auditors and management periodically to discuss matters of concern that may arise.

Audit committees must have authority over their own budgets and external auditors. It is through these protections that investors will come to trust the financial reports released by companies. While boards should seek members who can provide a diverse range of competent perspectives based on their experience and expertise, it is nevertheless imperative that board members are knowledgeable and conversant in the language of finance and accounting. This need is particularly acute for the audit committee.

While federally chartered credit unions are still required to maintain a supervisory committee, many state regulators have allowed the credit unions they regulate to operate with an audit committee made up entirely of board members, and the number of states (and credit unions) moving in this direction is growing. Some federally chartered credit unions are converting to state charters, thereby opening the door to even more credit unions making the shift to an audit committee.

Differences Between Supervisory and Audit Committees

The difference between supervisory committees and audit committees can at times be significant, and those differences often come down to two key factors:

1. who is appointed or elected to the committee; and
2. the scope of authority granted to such committees.

Traditional supervisory committees (both federally and state-chartered) that follow the federal credit union model are almost exclusively composed of members of the credit union who are not board members. The exception to this is that federal credit unions may have one board member appointed as a member of a supervisory committee, which is not particularly common. In contrast, audit committee rosters are almost always composed of board members. This is often seen as efficient, more collegial and certainly much simpler. However, objectivity and independence may be sacrificed for efficiency gains. Effective supervisory committees play a vital role in the overall governance of the credit union and an adequate degree of independence must be a cornerstone of their design. 

According to the National Credit Union Administration’s Supervisory Committee Guide for Federal Credit Unions, supervisory committees at federally chartered credit unions can exercise certain types of authority over credit union’s leadership, with the following being two key actions they can take:

1. Suspending by unanimous vote any board member, executive officer or credit committee member.
2. Calling “a special meeting (by a majority vote) to consider any violation of the: a) FCU Act; b) Rules and Regulations; c) Charter; d) Bylaws; e) Any practice considered unsafe or unauthorized.” This can result in a board member officer or credit committee member being removed.

However, very few supervisory committees take either of these actions, primarily due to a lack of training and leadership. The power to suspend or initiate a process to remove “any board member, executive officer or credit committee member” is a rarely used but still meaningful check on credit union leaders from engaging in acts that are unauthorized, unsafe or contrary to established laws and regulations, and can help save a credit union and its members from disastrous events. 

Some states give audit committees the same authority to oversee board activities as a federal supervisory committee has, but some don’t. This unique authority in the credit union realm to oversee the board may not, however, be the essential differentiator between the two types of committees. The real difference may lie in their composition.

Another Option: Enterprise Risk Management Committees

Some boards are forming enterprise risk management committees to assure themselves that the board understands the major risks the credit union faces. The ERM committee can work with management to examine the risk factors and identify where risks may be concentrated or compounded. Furthermore, the team can identify the early warning signals, so management can develop a plan to mitigate these risks.

The process of managing identified risks can take one of four directions: eliminate the risk, mitigate the risk, accept the risk (and hopefully get paid a premium for it) or transfer the risk. Some risks can be eliminated or mitigated by declining certain contracts or making a strategic shift, such as developing new products to diversify the customer base. Still other risks must simply be accepted. By thinking through contingencies in advance, however, the board and management can be quicker in recognizing that the events are coming to pass.

While the ERM committee can take the lead and make recommendations, the whole board should involve itself with risk assessment in at least one board meeting a year. The full board must understand the most dangerous and likely risks and help management think through the implications. The ERM committee can be standalone or added to the terms of reference of the audit committee.

Six Key Governance Takeaways

1. Effective oversight. Supervisory committees should ensure diligent oversight of the credit union’s operations, including risk management, internal controls and compliance. Learning from bank failures, they should remain vigilant in monitoring the institution’s financial health and identify potential weaknesses or irregularities.
2. Independent auditing. Establishing an independent audit function is crucial for credit unions. Supervisory committees should ensure that audits are conducted regularly by qualified professionals to assess the credit union’s financial statements, internal controls and compliance with applicable regulations.
3. Risk management. Supervisory committees should prioritize risk management practices within the credit union. This includes identifying, assessing and mitigating various risks, such as credit risk, liquidity risk, operational risk and cybersecurity threats. By learning from bank failures, committees can enhance risk management protocols to safeguard the credit union’s stability.
4. Board education. Supervisory committee members need to stay informed about the evolving regulatory landscape, industry trends and best practices. Regular board education and training programs can help committee members acquire the knowledge and skills necessary for effective oversight and decision-making.
5. Collaboration with management. Supervisory committees should foster a collaborative relationship with the credit union’s management team. Effective communication and information sharing are critical to ensure the committee receives timely and accurate information, allowing them to fulfill their oversight responsibilities effectively.
6. Continuous improvement. Supervisory committees should embrace a culture of continuous improvement. They should regularly assess their own performance, evaluate the effectiveness of existing policies and procedures and implement necessary enhancements to adapt to changing circumstances and lessons learned from bank failures.

It is important to note that specific lessons and best practices can vary based on the unique characteristics and regulatory environment of each credit union. Therefore, credit union supervisory committees should also stay updated on industry-specific resources, guidelines and regulatory requirements to further enhance their governance practices.

Taras Nohas, CMC, IC.D., CCD, is principal and senior consultant at TN Governance and Strategy. He can help put together a purposeful and strategic approach to ensure directors get on board and bring more to the table. For more information, contact CUES at p&S@cues.org.