CRO Outlook

SVB and Signature Bank Fallout: Why We Need a New Approach to Regional Bank Regulation and Risk Management

Regulators seem intent on once again increasing capital and liquidity requirements for banks of a certain size – but data shows that mid-sized financial institutions remain less risky than larger banks. What’s needed, instead, is a more proactive safety and soundness strategy that addresses the root causes of recent bank scandals: poor governance and ineffective risk management.

Friday, September 8, 2023

By Clifford Rossi


The rapid failures of several regional banks this spring continue to reverberate across the market, casting a pall over the riskiness of this segment of the banking industry. Despite an unusual admission by the Federal Reserve of lapses in regulatory oversight, bank regulators have pushed forward with a new set of proposed rules for banks with total assets of $100 billion or more.

But is this the smartest approach to forestall any recurrence of the springtime pileup of regional banks? A question on everyone’s minds these days is whether more regulation is the answer for this group.

The Silicon Valley Bank (SVB), Signature Bank and First Republic Bank meltdowns raised red flags about whether they were a sign of more widespread problems for a relatively small – but nonetheless important – segment of the industry.

Were these banks taking on too much risk or did they unravel as the result of a series of idiosyncratic issues? Do they really need stricter capital and liquidity requirements, or would it be more logical to attack head-on the problems that took them down? Lastly, if a different approach to regional bank regulation and risk management is needed, what should that entail?

Seeking answers to these important questions, I examined  the FDIC’s first quarter 2023 bank call report data, and compared 11 commonly-used ratios indicative of bank performance for three groups of banks: (1) those with assets under $100 billion (aka "$100B"); (2) those with assets between $100B-250B; and (3) those with assets at or above $250B. The ratios selected included components of the regulatory CAMELS bank ratings for capital, asset quality, management, earnings, liquidity and sensitivity to market risk. 

Proxies for each component were reflected by the performance and risk ratios used – such as risk-weighted assets to total assets, available-for-sale losses to total assets, and uninsured deposits to total deposits and commercial real estate concentrations. 

The deciles for each ratio were then computed for the sample, and a score was assigned to each bank for each calculated ratio. Summing up the weighted decile scores for the 11 ratios generated an overall bank financial risk score, ranging between 100 (high risk) and 1,000 (low risk). 

To maintain comparability, only banks reporting each of the 11 metrics were used in our analysis.

Bank Financial Risk Scores and Components


Bank Asset Category





Bank Financial Risk Score




Tier 1 Leverage Capital Ratio




Risk-Weighted Assets/Total Assets




Commercial Real Estate Lending/Total Assets




Net Charge-off Ratio




Liquid Assets/Total Assets




Uninsured Deposits/Total Deposits




Brokered Deposits/Total Deposits








Net Interest Margin




AFS Loss/Total Assets




Operating Efficiency Ratio




As depicted in the table above, the $100B-$250B banking segment score of 534 was very similar to that of <$100B segment – and 17% less risky than the score of the largest banks.

When looking more closely at the 11 ratios comprising the index, we see some notable ratios indicating better financial performance or lower risk for the $100B-$250B group compared with the largest banks. This includes the Tier 1 leverage ratio, net charge-offs, liquid assets, uninsured deposits, ROE, AFS loss and efficiency ratios. 

The results show that the $100B-$250B tier of banks, overall, are not posing higher risk than the largest banks. This would support the argument that directly addressing the outlier banks’ issues (the problems that fed a broader mini-contagion) would be a more surgical approach to mitigating risk to the banking sector than imposing higher capital and long-term debt requirements on the $100B-$250B tier of banks.

Indeed, regulators should strike at the heart of what sparked the bank runs in the first place: excessive risk-taking caused by poor risk management and governance. Certainly, higher capital and liquidity requirements reduce bank moral hazard associated with federal deposit insurance; however, they could also act as a destabilizing force on the financial system, via increasing costs to consumers.

Clifford RossiClifford Rossi

Rather than run toward their first inclination that bank capital levels need to be raised, regulators need to first address the archaic way they assess banks on the ground in the first place. CAMELS and the broader examination process used to assess bank safety and soundness are clearly not proactive solutions for addressing excessive risk-taking. 

Washington Mutual, the largest bank failure in U.S. history, received satisfactory CAMELS ratings right up to its failure in 2008. SVB, moreover, received similar passing marks in the months just before its demise.

These examples demonstrate that our supervisory system for banks is broken. So, how can we effect real, positive change? 

The exact metrics that should be used to determine a bank’s risk health must be hashed out, but regulators can start by routinely performing robust assessments of the effectiveness of banks’ culture, governance and risk management. More specifically, if we’re ever going to tackle recurring bank problems, the “M” component of CAMELS for management quality must be overhauled, with much greater weight placed on risk management and governance.

Similarly, while the FDIC has moved closer to risk-based deposit insurance premiums, that process should be reconfigured, with an emphasis on developing and incorporating a new bank risk management quality and culture score into the deposit fees process.

Parting Thoughts

Bank regulators’ perennial response to bank failures is to increase capital buffers and to add more regulation. Whether it’s 2008 or 2023, those blunt approaches have not worked well, and so we must look at the root cause of the problem. 

Imposing higher capital standards on an already solid capital foundation for the industry is analogous to increasing the size of airbags in cars. It helps when an accident occurs, but does nothing to prevent it. Similarly, handing out softball CAMELS ratings before a bank fails does not address the risk-taking problem any more than issuing warnings to speeders. 

Those types of cautions tend to be ineffective. A reckless driving charge, on the other hand, can ruin a speeder's day with penalties, potential loss of driving privileges and increased insurance premiums. 

Banking needs the corollary to a reckless driving charge. Regulators, in short, must hit banks where it hurts: the bottom line. Banks’ executive committees, for example, would think twice before taking excessive risks if banks were subject to damaging fines and penalties for ineffective risk management.


Clifford Rossi (PhD) is the Director of the Smith Enterprise Risk Consortium at the University of Maryland (UMD) and a Professor-of-the-Practice and Executive-in-Residence at UMD’s Robert H. Smith School of Business. Before joining academia, he spent 25-plus years in the financial sector, as both a C-level risk executive at several top financial institutions and a federal banking regulator. He is the former managing director and CRO of Citigroup’s Consumer Lending Group.


BylawsCode of ConductPrivacy NoticeTerms of Use © 2023 Global Association of Risk Professionals