Banking Turmoil Highlights The Importance of Proactive Risk Management

• Diversify your bank network. Material concentration risk forced companies to scramble when rumors of a bank run emerged.
• Know your contracts. Banking agreements may not get the same level of attention as other legal contracts, but reviewing the details is critical. Pay particular attention to the flexibility of operating accounts with your banking institution.
• Establish a governance framework. The Board should receive an update on cash, FX, and debt exposure no less than quarterly. Finance leadership should review these items weekly.
• Consider an Investments program. Large companies have developed programs to mitigate counterparty risk and optimize cash returns. These programs are available to growth companies as well.

Financial Management

Conduct diligence on counterparty risk exposure across several parts of your business, including:

• Payroll: Confirm that your payroll provider has sufficiently diversified access to capital on the back end. Additionally, some payroll companies provide next-day payroll – check with yours to increase flexibility.
• Receivables: Receivables risk is significant for B2B companies. A best practice is to create an XY scatter plot of customers with a score based on some qualitative categorization along the X-axis (e.g., size relative to competitors, geographic/legal complexity, historical evidence of late payment, bad press) vs. trailing 12-month average A/R on the Y-axis.
• Vendor Liquidity: Communicate with your suppliers and vendors to ensure their liquidity as well as consistency of supply. Make your systems flexible by designing and developing third-party ETL’s in a format-agnostic manner to accommodate new counterparties and inflows.

Cybersecurity

Protect your brand using cybersecurity. In the wake of a bank’s collapse, malicious actors often promptly start to impersonate the bank to gain access to deposits as the impromptu transfer of customer funds expose an attractive entry point for fraud. Cybersecurity controls can reduce the impact or likelihood of exploitation along with protecting the company’s reputation.

• Fraudsters often take advantage of referral programs by creating fake accounts to defraud companies with minimal fraud controls or oversight built into the program.
• Malicious actors will leverage a strong brand and create imitation applications that are distributed via non-standard app stores. These applications are ladened with malware-dropping software and other malicious code that is difficult to detect. Regardless of the source of the application, the company represented by the application is the one that incurs the reputational damage.
• Cybersecurity services such as dark web scanning, social monitoring, and threat intelligence services can help you detect, protect, and reduce the impact of these types of attacks.
• Bad actors have been building fake bank websites to try and trick careless users into revealing their username and password. These credentials are harvested and a legitimate multifactor push is sent to the user’s phone. The user accepts the multifactor thinking they are logging into their bank, but in the background the attacker is in control of the session.

Insurance

Ensure your team is properly covered. The SEC and DOJ have already announced investigations into the recent cohort of bank failures and over the coming months and years, we expect additional parties such as shareholders to demand recompense for their leveled equity. As such, we encourage companies to evaluate their own current insurance coverage.

Communications

• Assemble your crisis team. Identify the core members that will prepare for and make decisions during an issue response. The main stakeholders are generally: Founders and c-level executives; head of people operations / HR; head of legal and compliance and/or outside counsel; head of customer relationships and head of communications/PR.
• Organize your communications for key audiences. Work with your crisis team to develop public messaging materials (e.g., holding statements, talking points, website updates, social media responses) in one, centralized place that can be referenced by multiple parties.
  • Share what you can – be accurate and as transparent as possible – while using clear and simple messaging (no jargon or buzzwords).
  • Take an inventory of your key audiences and stakeholders and confirm who on your crisis team is reaching out to which important people so you can develop tailored, messaging materials for them. Divide and conquer to get to everyone quickly.
• Don’t forget internal communications. It’s essential to build and actively maintain a culture where employees feel safe and encouraged to flag issues and risks when they observe them. When in a crisis, communicate with employees as soon as possible, and make sure they find out facts from your company directly.