On April 28, 2023, the Federal Reserve Board released a review of its supervision and regulation of Silicon Valley Bank, together with certain examination materials that shed further light on its supervisory activities for SVB in recent years. Based on that report, Vice Chair for Supervision Michael Barr has concluded that supervisors did not fully appreciate SVB’s vulnerabilities, did not take sufficient steps to ensure that SVB fixed those problems quickly enough and that statutorily mandated tailoring of regulation and a “shift in supervisory policy” that occurred in 2018-19 impeded effective supervision of SVB.
In an earlier blog post we described a range of relevant issues that were either placed out of the scope of the report, or were within the scope of the report but ignored. In this blog post, we turn to assessing what materials and information the Fed did provide. Specifically, we review here both the examination materials and the supervisory facts and timeline provided by the Federal Reserve and provide an assessment of mistakes and weaknesses in supervision that those materials expose.
In contrast to the Federal Reserve’s own assertion that its supervisory mistakes were primarily a function of insufficiently stringent supervision and regulation under prior leadership, we conclude that these materials tell a very different story – namely, one of:
- A misguided supervisory culture heavily focused on compliance processes and governance and not actual risk to safety and soundness;
- Reliance on an MRA apparatus that lacked prioritization or appropriate focus;
- A failure to enforce important prudential rules that were clearly applicable; and
- Use of supervisory rating frameworks that were, by design, grounded in little more than examiner judgment.
Taken together, these four supervisory failures point the way to clearly needed supervisory reforms that the report barely discusses, and that Vice Chair Barr’s “key takeaways” from the report do not even acknowledge.
1. The Federal Reserve’s supervisory approach to SVB was principally focused on nonfinancial risks and regulatory compliance matters, and not the fundamental weaknesses in SVB’s risk profile that led to its failure.
As the facts and timeline set forth in the Federal Reserve’s report make clear, the weaknesses that caused SVB’s demise were neither obscure nor complicated – SVB accumulated significant interest rate risk in its government securities portfolio that called into question its solvency, was reliant on large uninsured deposits collected from a single business sector for funding, and lacked an adequate liquidity strategy to survive a run on those deposits once questions about its solvency concerns became pronounced. These weaknesses were not merely SVB’s poor risk management practices, but rather were outcomes of those poor practices – namely, fundamental risks to SVB’s financial condition posed by the composition of its assets and liabilities.
In light of those risks, one would have expected that, particularly as SVB’s balance sheet rapidly expanded in ways that amplified them, Federal Reserve examiners would have both identified those risks and demanded management take steps to reduce interest rate risk, buttress liquidity and diversify funding sources. The examination materials and facts provided in the Fed’s report make clear that this did not occur. Rather, Fed examiners appear to have been largely focused on nonfinancial risks, governance structures and compliance processes and procedures that were only weakly and indirectly related to its actual financial condition and safety and soundness.
This misguided focus is quite evident in the composition of the 31 MRAs and MRIAs that remained open at the end of 2022, as detailed in Table 2 of the Federal Reserve’s report. Of these 31, only six directly concern management of liquidity risk, and only one concerns management of interest rate risk; the remainder concern informational technology and security (13), lending and credit risk management (3), broad programmatic concerns about governance, audit, and risk management (3), vendor management (2), BSA/AML (2) and trust and fiduciary risk management (1). Looking only at the 12 MRIAs open at that time, the story is similar – only two dealt with liquidity risk, and none addressed interest rate risk.
It is difficult to assess the precise scope and scale of supervisory and management attention that these other MRAs and MRIAs may have demanded, as the Federal Reserve has only made public those supervisory materials that purportedly are germane to the causes of SVB’s failure; thus, supervisory materials related to informational technology, vendor management, BSA/AML and other topics were not made available. That selective disclosure, whether deliberate or not, obscures any reader’s view of the overall supervisory picture and implies that examiners were wholly focused on the relevant issues; in fact Table 2’s list of MRAs and MRIAs suggests that they largely were not.
Nonetheless, the overall picture can be discerned from Table 2 alone: at the end of 2022, SVB management had a long list of supervisory criticisms they were expected to address, only a small portion of which were directly related to the significant financial risks that SVB had accumulated at that time and would lead to its failure a little over two months later. Put more simply, with the benefit of hindsight, the Federal Reserve’s supervisory scrutiny appears to have been mostly focused on the wrong things.
The lack of appropriate supervisory focus also appears to have been exacerbated by an apparent lack of prioritization among SVB’s many open MRAs/MRIAs. Other than the differentiation between matters requiring immediate attention (and those not), the examination materials do not provide any indication that supervisors placed priority on remediation of any of these matters over any of the others. While there are different “due dates” assigned for remediation for some of these MRAs/MRIAs, these generally seem to have reflected the amount of remedial work likely to be involved, and not the importance of that remediation. It may be the case that prioritization was implicit in the age of each MRA; but in that case, SVB might have reasonably assumed that its very oldest MRAs – calling for improvements in information technology/security and vendor risk management– were most important at that time, when that certainly was not the case. That assumption is fully consistent with the common view — well-known to any bank manager or board member — that “aged” MRAs can be viewed as a serious management failure and lead to ratings downgrades or other serious repercussions.
This large, undifferentiated mass of supervisory criticisms may have also undermined the ability of examiners to quickly and credibly escalate specific, more serious issues and concerns for rapid supervisory action. Similarly, the sheer scope and scale of supervisory directives, unprioritized and largely relevant to compliance processes and nonfinancial risks, also seems likely to have distracted management and focused too much of its attention on matters of lesser importance at the very time that existential risks to SVB’s safety and soundness continued to accumulate.
2. To the extent that examiners did identify and convey concerns in the areas that directly contributed to SVB’s failure, examiners were far too focused on risk management processes and procedures, and not on actual risk.
As noted, there were several instances in which Federal Reserve examiners identified problems in SVB’s management of liquidity and interest rate risk. Specifically, the Federal Reserve issued a set of MRAs and MRIAs to SVB on Nov. 2, 2021 that called for a range of enhancements to its liquidity risk management processes, which followed a targeted liquidity planning exam conducted earlier that fall. A year later, the Fed also issued a single MRA calling for changes to SVB’s interest rate risk simulations and modeling, which appears to have been a product of its continuous monitoring work. While these supervisory actions focused on the most important issues – namely, SVB’s interest rate and liquidity risk profiles – their effectiveness likely suffered because they largely addressed the internal processes that SVB used to measure and manage these risks rather than the actual resulting risks themselves.
For example, in the context of the Fed’s 2021 targeted liquidity planning exam, the Federal Reserve identified “foundational shortcomings in … internal liquidity stress testing (ILST), … the liquidity limits framework, and … the contingency funding plan (CFP),” on the basis of which it issued six interrelated supervisory findings:
- An MRIA requiring SVB to “enhance their project plan for liquidity risk management” by year-end;
- An MRIA requiring SVB to “establish an effective process for reviewing and challenging liquidity risk management practices” by the end of Q1:2022;
- An MRA requiring SVB to “enhance its ILST scenario design” by the end of Q2:2022;
- An MRA requiring SVB to “to develop a comprehensive liquidity limit and monitoring framework commensurate with the liquidity risk profile of the institution” by the end of Q2:2022;
- An MRA requiring SVB to “enhance deposit segmentation [in its ILST] to reflect the risks associated with their deposits” by the end of Q2:2022; and
- An MRA requiring SVB to make targeted improvements to its contingency funding plan by the end of Q2:2022.
Again, while these supervisory directives are certainly relevant to the issues that led to SVB’s failure, the process-based focus on these MRAs and MRIAs is plainly evident on their face, as they largely address project plans, internal review processes, and scenario design and limit frameworks; only the last two of these MRAs (and none of the MRIAs) are directed at substantive shortcomings that played a role in its failure (i.e., a misunderstanding of its likely deposit outflows under stress because of limited deposit segmentation and a reliance on untested sources of contingent funding). As the report describes in detail, these supervisory criticisms appear to have largely motivated SVB to take a wide range of actions to revise its liquidity risk management processes, and not to actually reduce its liquidity risk, and one could reasonably wonder whether the process-oriented criticisms actually distracted rather than incentivized SVB from improving its actual liquidity risk profile. The Fed report appears to acknowledge this in a limited way, noting that “at times assessments relied on supervisory judgment that did not show elevated concerns for the actual liquidity position, only risk-management practices.”
The process-over-substance focus of supervision that is evident from this list of supervisory directives is underscored by the events that followed, which plainly revealed that SVB had an actual liquidity risk problem, and not merely poor processes and controls. SVB responded by implementing an updated ILST, which promptly revealed SVB to be out of compliance with Regulation YY’s requirement that they hold a sufficient liquidity buffer based on ILST results over a 30-day horizon. Yet, for reasons the Fed report does not explain, no supervisory action was ever taken on this regulatory violation. Instead, and even as late as August 2022, examiners continued to express a favorable view of SVB’s actual liquidity risk profile, stating that “actual and post-stress liquidity positions reflect a sufficient buffer.” SVB’s supervisory ratings reflect a similarly positive view; notwithstanding the six MRAs and MRIAs issued on the basis of the 2021 targeted liquidity exam, SVBFG’s was assigned an LFI rating for liquidity planning and positions of “Conditionally Meets Expectations,” and the CAMELS liquidity rating of SVB remained a “1” (Strong) until November 2022 – when it was downgraded only to a “2” (Satisfactory).
When it came to supervising another crucial cause of SVB’s failure, interest rate risk, the story is similar. The lone MRA issued to SVB on interest rate risk in November 2022 was not focused on SVB’s actual level of interest rate risk, but rather on the simulations and models it used to measure and manage that risk, which supervisors found “unreliable” because they “gave a false sense of safety in a rising rate environment and masked the need to take actions earlier in the rate cycle.” This process-rather-than substance focus is evident in the language of the MRA, which required SVB to:
Backtest IRR simulations against actual results and compare against latest forecasts to determine driver(s) of inconsistency and reasonableness of assumptions;
Correct deficiencies identified through the backtest;
Perform an analysis of deposit mix shifts and run-offs across different rate and VC funding scenarios; [and]
Incorporate deposit mix shifts and run-offs into IRR simulations, either directly or as part of sensitivity analysis.
It is not clear from the public materials whether and when this MRA was remediated, but it’s worth noting that even had it been instantly addressed, improved interest rate risk modeling by SVB would have simply shown what SVB’s own securities filings had highlighted for some time — that SVB was significantly and dangerously exposed to rising interest rates.
Moreover, the stated basis of this MRA – the fact that prior interest rate risk models had proved to be unreliable – also strongly suggests that SVB’s examiners did not have any independent view of SVB’s interest rate risk, but instead were wholly reliant on the accuracy (or not) of SVB’s own estimates. Again, as late as August 2022, Fed examiners were expressing a favorable view of SVB’s interest rate risk position, issuing a CAMELS component rating for sensitivity to market risk of “2” (Satisfactory) and observing that “[s]ensitivity to [m]arket [r]isk is adequately controlled with moderate potential that earnings performance or capital positions will be adversely affected.”
The Fed report states that, on Nov. 1, 2022 (just three months later), Fed supervisors had “planned” to downgrade this rating to a “3” (Less-than-Satisfactory), but this downgrade was not finalized because “SVB failed before the letter was sent to the firm.” (The report does not nor substantiate the purported “plan” to lower this rating, nor does it explain why a period of four months was insufficient to vet and communicate this new rating to the bank.)
Finally, we note that another key way that one might assess whether supervisors were appropriately focused on actual risk (and not just risk processes) is to evaluate what views the Federal Reserve expressed to SVB about its effort to remediate the Fed’s supervisory findings – that is, SVB’s responses to the Fed’s MRAs and MRIAs. This material would illuminate whether supervisors were focused on ensuring that SVB was actually mitigating underlying risks as it improved its processes, as opposed to simply ensuring that SVB was checking the relevant compliance boxes that examiners had established. Unfortunately, the Federal Reserve has made none of that material publicly available, nor does the report describe it in even general terms. Fortunately, these materials were made available to the GAO, and the GAO’s own report suggests that examiners were focused on the latter, not the former. Specifically, the GAO notes that “[w]hile SVB management failed to take adequate and timely steps to mitigate risks, FRBSF staff generally accepted SVB’s planned actions to correct deficiencies. Our review of examination staff’s acknowledgment of SVB management responses found the staff generally agreed that SVB’s planned actions were reasonably designed to remediate the underlying supervisory issues.” This strongly suggests, again, that supervisors were focused on supervisory and regulatory compliance (in this case, with the procedural actions required under the MRAs and MRIAs), and not on reduction of the underlying risks.
3. While supervisors issued numerous MRAs and MRIAs based on general supervisory expectations, regulators failed to enforce several key requirements of Regulation YY, including those requiring SVB to have a CRO and to hold a sufficient liquidity buffer as per its ILST results.
The supervisory materials and Federal Reserve report indicate that, at the same time that examiners were focused on compelling SVB to modify its governance and risk management processes to bring them into compliance with examiners’ expectations, it took no action whatsoever on two clear violations of Regulation YY (the Fed’s enhanced prudential standards rules) pertaining to liquidity risk and risk management.
First, as noted above, the report indicates that SVB’s internal liquidity stress tests routinely showed that, beginning in 2022, SVB was in violation of Regulation YY’s requirement that it hold a sufficient buffer of liquid assets to survive a 30-day period of liquidity stress. The report offers no explanation for why this aspect of Regulation YY was not enforced, and indeed, the supervisory materials released provided by the Federal Reserve make no reference at all to the fact that SVB as in violation of Regulation YY’s liquidity rules. This absence is particularly difficult to understand given that, as the report observes, “the ILST has become the industry and supervisory standard for measuring an individual firm’s liquidity risk profile and determining required levels of liquidity. Yet as the report notes, and notwithstanding what SVB’s ILST revealed, the supervisors’ “concerns were focused on the 2021 Liquidity examination issues,” and “the 2022 LFI and CAMELS ratings letter assessed the liquidity position as adequate.”
Second, and equally problematic, the report notes that SVB failed to have a chief risk officer for much of 2022; this represented a violation of a separate Regulation YY requirement that it maintain one at all times. Again, no action was taken. As a result, for a period of seven months in 2022, risk management at SVB was run by a committee of senior risk officers, many of whom were new and still completing “baseline assessments.” In SVB’s case, it seems safe to presume that the absence of a CRO during that critical time period had precisely the type of negative impact to safety and soundness that motivated the Fed to enact that aspect of Regulation YY in the first place. By way of explanation, the report notes that “[i]n consultation with Board staff, supervisors decided not to issue the violation since the firm was actively searching for a CRO with appropriate skills and experience.” An alternative explanation of supervisors’ forbearance on this matter—perhaps more plausible—is the fact that, as the GAO report (but not the Fed report) notes, it was the Federal Reserve’s supervisory actions that “compelled” SVB to terminate its CRO in the spring of 2022.
Taken together, supervisors’ failure to enforce these two clear violations of Regulation YY reinforces the core conclusions above – namely, that supervisors were overwhelmingly focused on processes and procedures, many of them only weakly related (if at all) to SVB’s safety and soundness, while failing to act on critical safety and soundness problems that should have been readily apparent. This failure would also appear to undermine one of the core “takeaways” of the Fed report, which is that had SVB been subject to the enhanced prudential standards that predated the Board’s 2019 tailoring rules, it may have better managed its liquidity and capital position and maintained a different balance sheet. Any suggestion that the application of additional Regulation YY standards would have been beneficial is difficult to understand, given supervisors‘ decision not to enforce those aspects of Regulation YY that not only did apply, but directly addressed the risks that ultimately contributed to SVB’s failure. Put simply, since examiners failed to enforce those enhanced prudential standards that were applicable, having even more of them apply to SVB would have only served to multiply examiners’ errors, not correct them.
The rapid shift in SVB’s supervisory ratings and the Fed’s acknowledgment that other ratings may have been warranted suggest that those ratings frameworks are highly subjective, lack clear standards, and are not focused on actual risks and financial condition.
As described in the report and supervisory materials, SVB was frequently assigned supervisory ratings that appear difficult to reconcile with the risks inherent in SVB’s assets and liabilities. For example:
- SVB’s liquidity rating under CAMELS remained a “1” (Strong) for the period 2017-2022, and was a “2” (Satisfactory) from late 2022 through failure;
- SVB’s sensitivity to market risk rating under CAMELS remained a “2” (Satisfactory) from 2017 through failure; and
- SVBFG’s liquidity rating under the RFI framework was “Strong-1” during the relevant period (2017 to 2022), and its liquidity planning and positions rating under the LFI framework was “Conditionally Meets Expectations” during the relevant period (2022 to failure).
Similarly, the Fed report highlights numerous cases where the relevant ratings systems’ inherent subjectivity and reliance on examiner judgment appear to have frustrated or complicated supervisory efforts. For example, in assigning SVBFG’s 2021 LFI ratings, the supervisory team “considered rating Governance and Controls “Deficient-1” but decided, in consultation with Board staff, that they “had not yet established the necessary support for such a downgrade given that only a few months had passed since the previous supervisory team had rated SVBFG as ‘Satisfactory-2’ on a composite basis.” As a result, supervisors chose to conduct a targeted exam of risk management and governance – begun over four months later – before issuing a Governance and Controls rating of “Deficient-1” nearly a year later. While the report concludes that this sequence of events was the result of recent changes in Fed supervisory policy and “due process considerations that had been articulated by policymakers for several years,” it seems much more likely to reflect that (i) both the earlier and later ratings were highly subjective exercises and (ii) relied on examiner judgments that varied substantially as between the earlier and later examination teams.
A similar example is the Federal Reserve’s rating of SVB’s interest rate risk. As noted above, as late as August 2022, Fed examiners issued a CAMELS component rating for sensitivity to market risk of “2” (Satisfactory), observing that “Sensitivity to Market Risk is adequately controlled with moderate potential that earnings performance or capital positions will be adversely affected.” Yet a mere three months later, the report notes that Fed supervisors planned to downgrade this rating to a “3” (Less-than-Satisfactory) after SVB’s models and actual financial performance began showing declining net income due to interest rate effects. This sudden shift in supervisory ratings assessments again suggests that the relevant ratings framework was unduly subjective and overly reliant on examiner (mis)judgment.
Finally, in a similar vein, the report highlights numerous instances where ratings different than those actually assigned “could” have been warranted. For example, the report notes that:
- “By early 2023, when SVBFG’s liquidity and interest rate risk profile had deteriorated, and risk management was not making sufficient impact, a Governance and Control rating of ‘Deficient-2’ should have been considered.”
- “Under the applicable ratings definition, the ratings for Risk Management and Management could have been downgraded to a ‘Less-than-Satisfactory-3’ (in 2021). Instead, supervisors maintained the ‘Satisfactory-2.’”
- “Based on the severity of the six findings from the 2021 liquidity examination, however, a more negative assessment (e.g., ‘Deficient-1’ for Liquidity) would have been supportable.”
- “[L]iquidity ratings for SVB and SVBFG were not appropriately updated in 2022 and 2023 to reflect the multiple data points that displayed fundamental weaknesses in the liquidity position and risk-management practices.”
While the report frequently explains these discrepancies by reference to the benefit of hindsight and/or a supervisory approach overly focused on “due process,” it fails to consider an alternative, more plausible explanation: the relevant ratings systems were too subjective and lacked clear standards, such that these ratings were frequently grounded in nothing more than examiner judgment. And to compound matters, as we describe in detail above, examiners appear to have lacked an informed, independent view of the risks that they were purportedly rating under this framework. Notably, this reflects a problem in Fed supervision that has been acknowledged for over a decade. For example, the Federal Reserve Bank of New York’s 2009 Report on Systemic Risk and Bank Supervision, which is noted in the Fed report, long ago suggested that that the Fed “[r]efocus [the Risk Management function within bank supervision at the Fed] away from studying banks’ systems and toward developing standardized approaches to assessing risk itself” and “[r]e-think risk-focused supervision to increase the emphasis on independent identification and examination of actual risks at banks compared to risk-control reviews.” In reviewing the Fed report and examination materials, it certainly appears that, had these suggestions been taken and applied to SVB, more effective supervision of SVB might have resulted.
As the above analysis makes clear, the facts and examination materials that the Fed has made public through the report tell a very different story than the one highlighted by report itself – namely, multiple supervisory failures driven by an approach that was principally directed at issues that had little to do with SVB’s core safety and soundness concerns, a consistent focus on process over substance, a failure to apply rules already on the books, and a reliance on supervisory ratings that depended on subjective judgments and not objective data. As a reader of the report will readily observe, this picture is quite different than then one painted by the Fed’s report, which instead highlights, as two of the report’s “key takeaways,” its conclusion that supervisors “did not take sufficient steps to ensure that [SVB] fixed [problems identified by examiners] quickly enough” and that “the Board’s tailoring approach [under EGRRCPA] and a shift in the stance of supervisory policy impeded effective supervision” of SVB. Put simply, and as detailed above, both seem to be crucial misdiagnoses of what actually went wrong.
Notably, however, the Fed report does not entirely ignore the supervisory mistakes we highlight above. For those with the stamina to reach page 96 of the report, the Federal Reserve identifies a range of “issues for consideration” that are “relevant for how the Federal Reserve designs and implements its supervisory and regulatory program.” Two among these are consistent with the analysis we set forth above. First, this section of the report highlights better identification of risk by supervisors as a potential area for further Fed study, noting that “supervisors can also consider how to develop a more robust understanding of the risks banks face and how those might be evolving with the economic, financial, and technological environment.” Second, it also observes that the SVB experience “also suggests an opportunity to shift the culture of supervision toward a greater focus on inherent risk.” As we describe above, these certainly seem like important and desperately needed improvements in how the Fed conducts supervision. Thus, it is somewhat perplexing that such steps are wholly absent from the “key takeaways” emphasized by Vice Chair Barr in his cover letter to the report, and instead are only briefly mentioned at the end of the report as potential issues that the Federal Reserve might consider, with careful avoidance of any commitment to actually doing so.
 See Board of Governors of the Federal Reserve System, Review of the Federal Reserve’s Supervision and Regulation of Silicon Valley Bank (April 2023) [hereinafter the “Report”] at i-iii; Vice Chair of Supervision Michael Barr’s Cover Letter to the Report at 1.
 See Report at 28. As a footnote in a report notes, this excludes four consumer compliance issues that were open at the time, which presumably would further skew supervisors’ lack of appropriate focus.
 See id.
 For example, and as further discussed below, the sole MRA that was issued on the critically important topic of interest rate risk management in November 2022 provided SVB with 45 calendar days to provide a written response to the MRA, and nearly eight months to actually address the MRA. See SVB 2022 CAMELS Examination Supervisory Letter (Nov. 15, 2022) at 2-3.
 Indeed, more than half of the MRAs and MRIAs open at year-end 2022 had been outstanding longer than those pertaining to liquidity risk, and all were older than SVB’s lone MRA on interest rate risk. Id.
 See, e.g., Acting Comptroller of the Currency Michael J. Hsu, Detecting, Preventing, and Addressing Too Big To Manage (Jan. 17, 2023) at 6 (“[t]he accumulation and aging of MRAs is a signal that something is amiss.”)
 See SVBFG Liquidity Planning Target Supervisory Letter (Nov. 2, 2021).
 See SVB 2022 CAMELS Examination Supervisory Letter (Nov. 15, 2022).
 See SVBFG Liquidity Planning Target Supervisory Letter (Nov. 2, 2021).
 It is somewhat ironic that although the MRA calling from greater depositor segmentation in SVB’s assessment of funding stability hit the right issue, its motivation appears to have been misguided. It criticized SVB for assuming that all or most depositors would behave similarly – which is precisely what happened when customers began withdrawing deposits in March 2023.
 The Fed report concedes that management’s responses in this area were focused on “changing model assumptions, rather than improving the actual liquidity position.” Report at 58.
 Report at 55.
 SVBFG and SVB 2021 Supervisory Ratings Letter (Aug. 17, 2022) at 5.
 We note that, while the examination materials indicate that SVB’s CAMELS liquidity rating was downgraded in August 2022, the relevant document omits any discussion of that particular rating. This is especially curious given that the document contains a well-organized discussion of each SVB rating component, from which liquidity is glaringly absent. We are unable to ascertain whether this is simply an omission due to examiner error or otherwise explained by materials not made public.
 SVB 2022 CAMELS Examination Supervisory Letter (Nov. 15, 2022) at 4.
 See, e.g., Form 10-Q filed by SVB Financial Group for the Quarterly Period Ended March 31, 2022 at 88 (discussion of economic value of equity metrics).
 SVBFG and SVB 2021 Supervisory Ratings Letter (Aug. 17, 2022) at 8.
 Report at 64-65.
 Government Accountability Office, Bank Regulation: Preliminary Review of Agency Actions Related to March 2023 Bank Failures (GAO-23-106736) (April 28, 2023) [hereinafter “GAO Report”] at 22.
 See Report at 56.
 Report at 55.
 Report at 56.
 See Report at 49.
 Report at 49.
 GAO Report at 23.
 Report at 13.
 See Report at iii.
 Report at 42.
 SVBFG and SVB 2021 Supervisory Ratings Letter (Aug. 17, 2022) at 8.
 See Report at 64.
 Report at 47.
 Report at 55.
 Report at 60.
 See David Beim and Christopher McCurdy, Report on Systemic Risk and Bank Supervision (August 2009), available at https://fcic-static.law.stanford.edu/cdn_media/fcic-docs/2009-08-05%20FRBNY%20Report%20 on%20Systemic%20Risk%20and%20Supervision%20Draft.pdf.
 Report at ii-iii.