April 7, 2023

Bank Officer and Director Enforcement Exposures In the Wake of Silicon Valley Bank

The recent and sudden failures of Silicon Valley Bank and Signature Bank, and the threat of other bank failures, have led to intense public focus on what caused these banks to run into trouble, who is to blame, and what should be done about it. Public officials have been quick to call for individual accountability for the banks’ failures, and plaintiffs’ lawyers have filed the first private lawsuits naming bank officers. Silicon Valley Bank’s primary regulator has referred to it as “a textbook case of mismanagement.”

At least for now, no one appears to be claiming that managers (or boards of directors) engaged in any deliberate wrongdoing. Rather, public officials and the press point to unsuccessful, and arguably inadequate, risk management – the failure to identify and manage interest rate risk and liquidity risk and overexposure to certain industry sectors in the face of sharply rising interest rates. According to these views, at worst, management and perhaps the banks’ boards of directors did not ensure that the risk management models fully accounted for certain risk factors.

Even absent intentional misconduct, enforcement agencies could take an aggressive enforcement posture against individuals, raising tremendous financial and reputational risk for bank officers and directors. Available regulatory sanctions include cease and desist orders, removal and prohibition orders, and civil money penalties. The regulators may also bring enforcement actions against individuals for violations of laws or regulations, any “unsafe or unsound” practice, or the breach by an individual of their fiduciary duties.

Whether a manager or director acted with reasonable care in the area of risk management is, of course, highly judgmental and fact-specific. In the aftermath of a bank failure or other problem that harms (or even puts at risk) a bank’s depositors or shareholders, enforcement lawyers will look closely (and with 20-20 hindsight) at whether its managers and directors actively and thoughtfully monitored all relevant risks. The first consideration for enforcement lawyers is likely to be how the bank responded to past examination findings – i.e., the risks that the regulator previously identified for corrective action. For example, did management truly focus on and solve those identified risk issues? Did they ensure that compliance and risk functions at the bank had appropriate staffing levels and brought in outside expertise where needed? Were the identified problems quickly remedied, or did they linger? Did management focus more on “growing the business” than on remedying identified concerns?

In Silicon Valley Bank’s case, early reports indicate both that there were repeated examination findings that the bank failed to address fully and that it operated without a Chief Risk Officer for much of 2022. Both of those apparent gaps may be explainable, but enforcement lawyers will now be evaluating those and any similar shortcomings – again, with 20/20 hindsight. Bank management may well be able to explain why an identified problem was not immediately fixed. They will at least need to be able to demonstrate that they ensured that prompt responsive action was taken, and the issue was prioritized, if they are to satisfy skeptical enforcement lawyers.

Bank regulators have less frequently brought actions against directors, and typically only where a board failed to ensure compliance over a period of time with a past cease and desist order. However, they could become more aggressive, and directors will want to be able to demonstrate through board minutes, materials, and other communications that they focused on regulators’ concerns, ensured that appropriate resources were brought to bear, and closely oversaw management’s response program. Simply relying on management or outside experts is not sufficient; directors must ask hard questions of management, require results, and sanction (not reward) inaction. In particular, regulators take a negative view toward boards that approve increased executive compensation while compliance concerns persist.

Beyond concerns that bank examiners have surfaced – i.e. reactive risk management -- bank officers and directors will want to be able to show that they proactively ensured that their risk and compliance functions had appropriate leadership, staffing, and stature within the bank to enable them to identify the bank’s own risk areas and ensure appropriate responses, without relying on regulators to point the way. In the event of a problem, it will not be enough to say that the government failed to identify the issue for us, or that regulators audited or had access to information that later surfaces as relevant to a violation or failure.

Directors and officers should understand fully the quality of their directors and officers (D&O) liability insurance coverage. For example, they should be aware of whether their current D&O coverage provides so-called “Side A” coverage, which provides direct coverage to individuals in instances where the bank is unwilling or unable to indemnify for defense costs, settlement, or judgments. Side A coverage is not subject to deductibles and thus an individual should receive coverage from “dollar one” in the event of a claim. They also should understand how their coverage applies in the context of government inquiries: whether it applies to preliminary government inquiries or is only triggered once an agency issues subpoenas or takes other formal enforcement steps, and whether there are any exclusions that present significant gaps in coverage.

Directors and officers should consider consulting their own counsel on the adequacy of coverage, to ensure they are able to defend any enforcement or litigation matter from the outset with counsel focused solely on their interests. Similarly, this is a good time to review the institution’s by-laws and charter documents as well as personal employment or director indemnification agreements. Directors and officers should fully understand their rights to the costs of defense of government investigations and civil litigation, as well as to indemnification for judgements or settlements. Once a crisis happens or a claim hits, it’s too late to decide coverage is inadequate.

It is still unclear whether the recent events in the banking sector will remain confined to a few banks or will threaten others. Bank officers and directors should take the opportunity to make sure that they are establishing a robust record showing their active focus on risk management practices as a central priority of their institution and that they are protected should the worst happen.