I’d like to share with you ideas on how the banking crisis of 2008/2009 is different from the crisis of 2022/2023 and why I believe that the differences in priorities for compliance and risk management may have played a huge role in these developments.

Andrew Ross Sorkin, a financial journalist and the author of “Too Big to Fail” wrote extensively about it. The 2008 crisis was caused by the subprime mortgage crisis, when banks were lending money to people with poor credit histories, re-packaging these loans into complex derivative products, and re-selling them across the financial system. Once the borrowers were unable to repay their loans, the pyramid collapsed. Funnily enough, the vast majority of the senior managers at the top banks kept their roles and in some cases even their bonuses.

Andrew Ross Sorkin suggests that in 2023, unlike during 2008-2009, there have been many more “toxic” assets and potentially insolvent borrowers within the banking system: empty office spaces and commercial real estate, manufacturing companies that became unprofitable and over-leveraged due to higher energy prices and disrupted supply chains, small businesses and startups created during the era of cheap VC money… as well as VIP clients of banks.

Let’s look at Credit Suisse, as an example. Some of the main losses by Credit Suisse were caused by their VIP clients such as Archegos and Greensill. If I understand the stories correctly, the main reasons why it happened was that during the era of low-interest rates, the bank was desperate to find higher-return investments, these clients were viewed as VIP clients with decent track records, the risk management function escalated the decision to the senior management and various board committees, and the diluted responsibility of collective decisions prevailed.

The banks often explain away their deficiencies and risk management failures through the complexity of operations, legacy systems, low motivation of their personnel, or even lack of resources. Part of it could be true, but I personally would like to argue that there is one main reason why compliance and risk functions at big banks (with infinitely more resources dedicated to compliance and risk than any startup company) have been so dysfunctional, and this is the conflict of interest (defined as the inability to act in the interests of your company).

Almost all post-2008 regulations about risk and compliance have forced decision-making responsibilities on senior management and boards. Compliance has been viewed as a data-gathering and information-providing function. These outdated theories assign the responsibility for risk and compliance to the “tone at the top”, and suggest that compliance can only be blamed or found guilty if they did not detect risks or irregularities or did not report or escalate issues.

As a result, every single time we read a story about how a high-profile bank was fined for AML breaches or excessive risk-taking, the standard operating procedure is exactly the same: compliance and risk functions identify and escalate potential issues well in advance and repeatedly, but these risks were blended and mixed into 100+ other potentially high-risk issues, the situation was discussed by the Board or various Board committees, and the collective decision was taken to go ahead or otherwise allow transactions to occur.

In some ways, the crisis of 2023 is worse than 2008, because during 2008 banks did not directly collude with the homeowners, but the stories of SVB, Silvergate, Signature, and Credit Suisse indicate that the riskiest loans and most favorable terms were offered by these banks to their VIP clients.

Why is this a classic conflict of interest? If you define the responsibilities of risk and compliance as “assess and escalate issues” (as opposed to making the best decisions for the company), these functions will protect their own career and reputational interests and will have all the incentives in the world to “stay on the safe side” as opposed to defending decisions that are ultimately best for the company. Assigning responsibilities to the top and insulating risk and compliance from ultimate business decisions does not produce better compliance or better outcomes. if you look at the situation from the opposite end, the reason why compliance and risk functions often feel unappreciated for their insights or often excluded from important discussions is because they are not viewed as peers who have skin in the game.

What’s your take on the root cause of the recent banking failures?

Enjoy listening to podcasts instead of reading? – Tune in to this episode here!

P.S. Join and complete a comprehensive FinTech Startup Compliance Pro Certification as a part of the FinTech Starter Package guiding you on how to launch and manage the most efficient and robust compliance program within your FinTech or Crypto startup on a budget. Check it out!