Not an Account Holder, But Wondering How You Are Impacted by SVB and Signature Bank Failures? Here’s What to Consider.

By Nina Kelleher and Jack Paladino

Right about now you may be thinking, “Phew I’m in the clear,” if you or your organization do not have accounts with Silicon Valley Bank (“SVB”) or Signature Bank -- or you may be wondering about the implications that are applicable to your organization. This article explores what you should keep in mind.  

By now we have heard how regulators including the California Department of Financial Protection and Innovation (DFPI) have shut down SVB, turning control over to the Federal Deposit Insurance Corporation (FDIC). As the “go-to” lender for technology companies with a focus in the venture capital market, the collapse of SVB now represents the second largest bank failure in U.S. history, behind only the collapse of Washington Mutual during the 2008 global financial crisis. Following the seizure of SVB, and in an apparent effort to prevent bank run contagion among other institutions, regulators have also shut down New York-based Signature Bank.^[1]

For SVB and/or Signature Bank account holders, the concerns were immediate and obvious.  Non-account holders, after the initial relief of not having an account with an impacted institution, should examine how they may be impacted and evaluate whether proper controls are in place to mitigate those risks. For instance, your organization may have vendors and service providers impacted by the recent events. 

Your vendors that bank with SVB and Signature Bank may reach out to update their bank routing information for payments. This creates an opportunity for bad actors to effectuate a phishing campaign. How can your organization be responsive to their vendors legitimate requests to update ACH or wire routing information while remaining diligent about identifying phishing schemes? Proper internal controls around the disbursement process, including segregation of duties and user access, are key.

If your organization does not have formal procedures in place to review and act upon requests for changes to vendor payment information, now is the appropriate time to act.

In the event that your organization receives an email from a vendor indicating updates have been made to their ACH or wire instructions as a result of closures of SVB or Signature Bank, or your business receives an updated invoice with new payment instructions, you should consider the following protocols.

Your organization should not rely solely on this email communication. Adopting vendor call back procedures, to a telephone number obtained independently of the email requesting the change, may be an effective preventative measure to avoid falling victim to a phishing scheme by verifying the accuracy of the payment information update.

Other measures include incorporating secondary approvals in the process and being aware of common red flags in fraudulent emails such as:

• Incorrect vendor email address;
• Unfamiliar vendor personnel requesting the change;
• Spelling or grammar mistakes within the email requesting the change; and
• Urgent requests for payment following a requested change to payment information.

Your organization should not alter or circumvent their existing controls in order to accommodate requests to process the change more quickly.

Additionally, organizations may want to undertake a risk assessment to identify which service providers are impacted by these recent events and how the events may affect your overall business operations and business continuity.

[1] “Signature Bank becomes next casualty of banking turmoil after SVB” https://www.reuters.com/business/finance/new-york-state-regulators-close-signature-bank-2023-03-12/.