The failure of Silicon Valley Bank, the near-collapse of Credit Suisse, and other recent troubles in the banking sector are, in part, a consequence of actions taken by U.S. Federal Reserve and other central banks to combat rising inflation, they are also partly the result of mistakes made by the banks themselves – including a failure to anticipate the impact those Fed policy decisions would have on their depositors and on their balance sheets.
One way that this could have been avoided was through greater critical, contrarian analysis – the sort of critical, contrarian analysis that decision-support red teaming provides.
For those unfamiliar with the concept, decision-support red teaming was created by the military and intelligence community to help them navigate today’s complex operating environment and make better decisions in situations that are fraught with ambiguity and uncertainty. These are the exact sort of situations that banks find themselves in today.
Over the past six years, my colleagues and I have worked with a number of big banks – as well as the Federal Reserve itself – to share red teaming tools and techniques and help them understand how to use this approach to manage risk and uncertainty while also strengthening compliance efforts.
Red teaming can help banks navigate risk is by identifying potential operational threats, such as those that arise from inadequate or failed internal processes, systems, human errors, or external events (like, say, rapidly rising interest rates). These risks can lead to significant financial losses, legal or regulatory sanctions, and reputational damage. By using red teaming, banks can identify these operational risks and develop measures to mitigate them.
For example, I helped one of the big Wall Street banks red team a $1 trillion strategy a few years ago. That exercise led to the discovery of a potentially disastrous flaw in the plan that could have cost the bank billions. But because it was discovered before the plan was executed, the company was able to delay the rollout of this new financial product and address this issue proactively.
Red teaming can also help banks navigate risk by identifying potential compliance issues.
Compliance risks arise from the bank’s failure to comply with regulatory requirements or internal policies and procedures. These risks can lead to significant legal and regulatory sanctions, reputational damage, and financial losses. Here, too, red teaming can help banks identify potential compliance risks and put in place measures to mitigate them. This can help the bank to improve its compliance monitoring and reporting systems to avoid regulatory sanctions.
Any bank worth its vault already uses cybersecurity red teams to ensure that its computer networks are safe from hackers and other threats. They need to begin plying a similar level of critical analysis to other aspects of their business as well.