Silicon Valley Bank was among the 20 largest banks in the United States when it failed in 2023—the country’s first bank run since the 2008 financial crisis. Two other banks followed that year.
These bank failures raised concerns, but research coauthored by Harvard Business School Professor Suraj Srinivasan suggests that most bank boards have significantly improved their risk management. The research compared 95 large US banks with 1,452 publicly traded companies in other sectors, analyzing changes in the banks’ structures, rules, procedures, and board members’ financial expertise from 2000 to 2015.
The findings provide some assurance even as the specter of the global financial crisis continues to loom over the industry. While major banks have been reporting strong earnings and offering promising outlooks, they continue to wrestle with mixed economic signals and shifting regulations.
The study “What Board-Level Control Mechanisms Changed in Banks Following the 2008 Financial Crisis? A Descriptive Study”, was published in the journal Accounting, Organizations, and Society in June. Coauthors include Shelley Xin Li, an assistant professor at the University of Southern California; Shivaram Rajgopal, a professor at Columbia Business School; and Yu Ting Forester Wong, an assistant professor at the City University of Hong Kong.
Why are these structural changes key? Consider the case of New Century Financial, one of the nation’s largest subprime lenders when it declared bankruptcy in 2007. The bank lacked a chief risk officer or a separate risk committee. About a quarter of the loans reviewed had underwriting errors, yet the board was unaware of them, the article notes. The bank’s management took on more risk, leading to the firm’s downfall.
Not just the structure, but how it works
Having a separate risk committee or a chief risk officer isn’t sufficient if they lack authority. The paper emphasizes that companies need rules and procedures to manage risk effectively.
The research team manually examined banks’ charters, the government-issued licenses that set parameters for the services institutions can offer. Researchers found that charters became more detailed after the financial crisis, increasing the number of words by 44% to 1,158.
The researchers point out that even controlling for salary and influence, chief risk officers gained real power within the company.
The human factor
After 2008, the Financial Stability Board, an international nonprofit that monitors the global financial system, concluded that many bank directors lacked the necessary expertise to evaluate the risks of the products their institutions were creating. Srinivasan, who's also the Philip J. Stomberg Professor of Business Administration, and his team assessed whether board members’ knowledge had improved after the crisis. Did they have a better understanding of risk management?
The authors also analyzed the percentage of risk-related language used in the annual report by measuring the presence of words like “risk,” “risky,” and “uncertain.” They found that banks were more aware of risks after the 2008 crisis than nonbank firms.
Having board members with different opinions who are willing to challenge the groupthink mentality can also reduce risk. To measure this, the team used several proxies, such as board turnover and cultural diversity. They found mixed progress.
Additionally, the team examined how much time directors spent overseeing the bank by counting the other boards they served on. They found that 36% of banks’ chairs were also members of different boards before the crisis, and this percentage did not change significantly afterward.
As part of their research, the team compared the conditions at recent failed banks—Silicon Valley Bank, First Republic Bank, and Signature Bank—to their sample of banks. “None of the failed banks appointed a CRO or established a dedicated committee to oversee reputation risk (Reputation Management)” in the year leading up to their failure.
“In contrast, for the other banks (that did not fail in 2022) in our sample, almost all of them had a CRO and over half of them had a dedicated committee to oversee reputation risk in 2022,” the researchers write.
“Furthermore, while each of the failed banks had established a separate risk management committee, those committees convened only half as frequently as their counterparts in 2022. Such inadequacies permitted the banks’ management to engage in overly risky, and ultimately fatal, behaviors.”
What board-level control mechanisms changed in banks following the 2008 financial crisis?
Li, Shelly, Shivram Rajgopal, Suraj Srinivasan, and Yu Ting Forester Wong. "What Board-level Control Mechanisms Changed in Banks Following the 2008 Financial Crisis? A Descriptive Study." Accounting, Organizations and Society 114, June 2025.
