Part 1: Where was KPMG while Silicon Valley Bank, and the rest, were teetering?
KPMG was the long time auditor of three banks that failed in rapid succession. The firm had an inside, full access view of regulatory issues, management and financials. Why didn't KPMG warn investors?
When Silicon Valley Bank was teetering — in March 2023 the very large "regional" bank was obliterated after a massive deposit run in the space of a week — I thought about writing about how its external auditor, KPMG, is the #1 auditor to banks. I waited instead and was rewarded with not one, not two, but three banks audited by KPMG that went under in short order and another PacWest, that is still going but too much in the news for wrong reasons.
Three more you say? But aren't we just talking about Signature Bank and First Republic? I include, and also see KPMG's fingerprints all over, the Credit Suisse forced acquisition by UBS, for reasons I will explain much later. (The first regional bank to voluntarily close shop, not file bankruptcy, was Silvergate, notorious for its crypto client base and audited by regional firm Crowe LLP. It’s not mentioned in same breath as the subsequent failures, or much at all right now.)
Here's a timeline of the first three KPMG failures from the WSJ that focuses on Silicon Valley Bank, Signature Bank, and then First Republic but weaves in the pressure on Credit Suisse over in Switzerland and ends with the looming issues at PacWest, another KPMG audit client:
March 8: Silicon Valley Bank announces it would book a $1.8 billion loss after selling some of its investments to cover increasing withdrawals. The bank says client cash burn has remained elevated. It says it plans to raise $2.25 billion by selling a mix of common and preferred stock.
Moody’s downgrades parent company SVB Financial a few hours later.
March 9: SVB Financial’s stock crashes when the market opens. Shares of the four biggest U.S. banks slide amid fears other banks could be forced to take losses to raise cash. The declines wipe out a combined $52 billion in the market value of JPMorgan Chase, Bank of America, Wells Fargo and Citigroup.
As the panic spreads through texts and social media, venture-capital firms begin pulling their money out of Silicon Valley Bank and urge their portfolio companies to do the same. By the time Silicon Valley Bank closes for business, depositors have attempted to withdraw $42 billion.
March 10: Shares of SVB are halted Friday morning after a premarket selloff. Soon after, federal regulators announce they have taken control of the bank. It is the second-biggest bank failure in U.S. history, after Washington Mutual’s collapse during the height of the 2008 financial crisis.
The FDIC says customers’ insured deposits would be available Monday. It doesn’t say when uninsured depositors will get their money back.
March 11-12: Over the weekend, tech startups scramble to line up funding for payroll and other day-to-day operations with their deposits locked up in the failed bank.
March 12: As worries of bank runs spread, federal regulators on Sunday unveil emergency measures to stem the fallout. They announce they have taken control of a second bank, Signature Bank, making it the third-largest bank failure in U.S. history. Regulators say customers of both banks will get all their money back. They also announce a new lending program for banks.
March 13: In a televised address, President Biden seeks to restore confidence in the financial system and stresses that the banking system is safe. Shares of First Republic and other regional bank stocks continue to slide.
March 14: The Justice Department and Securities and Exchange Commission are investigating Silicon Valley Bank’s collapse in separate probes, The Wall Street Journal reports. The Federal Reserve, meanwhile, is rethinking a number of its rules related to midsize banks.
March 15: Credit Suisse sees its shares hit a new low as worries about the financial system spread across the Atlantic. Other European bank stocks take hits, including France’s Société Générale and BNP Paribas and Germany’s Deutsche Bank.
U.S. regional bank shares slide again. S&P Global Ratings downgrades First Republic’s credit rating to junk status, citing its elevated risk of deposit outflows and profitability pressures.
Later that evening, Credit Suisse says it will borrow up to 50 billion Swiss francs, equivalent to $53.7 billion, from the Swiss central bank to shore up its liquidity.March 16: Shares of Credit Suisse jump, snapping an eight-session losing streak, after the bank’s loan announcement. First Republic shares also turn positive after the Journal reports that the biggest banks in the U.S. are discussing a joint rescue to shore up the lender’s liquidity. Federal regulators later announce that 11 banks have deposited $30 billion in First Republic.
March 17: The previous day’s gains are short-lived and First Republic shares plunge again to end their worst week on record, reflecting investors’ worries that the bank’s problems haven’t been fully addressed. Credit Suisse shares also fall, despite the lifeline from the Swiss central bank.
Silicon Valley Bank’s parent company files for chapter 11 bankruptcy protection.March 18: UBS Group nears a deal take over Credit Suisse, part of an urgent effort by Swiss and global authorities to restore trust in the banking system. UBS is Switzerland’s biggest bank and had long been seen as part of any state-backed solution for Credit Suisse, the country’s second-largest bank.
March 19: UBS agrees to take over rival Credit Suisse for more than $3 billion in a deal engineered by Swiss regulators. The megamerger represents a new global dimension in the banking turmoil.
March 20: JPMorgan Chase CEO Jamie Dimon is leading discussions with the chief executives of other big banks about a new effort to stabilize First Republic, the Journal reports. Shares of First Republic continue their slide, closing down 47%.
March 21: Treasury Secretary Janet Yellen says the federal government could step in to protect depositors at additional banks if regulators see a risk of a run on the banking system. Shares of First Republic jump nearly 30%, leading a rally in regional bank shares.
March 27: The Federal Deposit Insurance Corp. announces that First Citizens BancShares will acquire the bulk of Silicon Valley Bank’s assets.
April 7: First Republic says it will suspend payments of quarterly cash dividends on its preferred stock. Its shares have fallen about 90% since the beginning of March.
April 24: First Republic discloses that customers pulled about $100 billion in deposits in March. The bank says it is “pursuing strategic options” and its shares suffer steep declines in the following days.
April 28: The Federal Reserve releases a postmortem on Silicon Valley Bank’s failure that says banking supervisors failed to take forceful action to address the lender’s problems. The FDIC issues a separate report on Signature Bank’s failure that says it was slow to escalate issues it identified.
Shares of First Republic continue plunging and close down at around $3.50 a share. Hours later that Friday night, the Journal reports that a seizure and sale of the bank could come as soon as the weekend.May 1: Federal regulators announce they have seized First Republic and struck a deal to sell the bulk of its operations to JPMorgan Chase. First Republic becomes the second-largest bank to fail in U.S. history.
May 4: Shares of PacWest, which has been among the hardest-hit regional banks since SVB’s collapse, plunge after a report that it is considering selling itself. Other regional-bank stocks tumble despite assurances from the Federal Reserve that the banking system is on solid footing.
I did write on March 12 on Twitter — which remains, despite its downhill trajectory in traffic and timeline quality, a very good distribution channel for me — that the question of KPMG's role and potential liability was a big one after Silicon Valley Bank and then Signature bank, both audited by the firm, failed in same week. We were barely a week into the crisis.
I know a lot about what happened the last time KPMG was under the microscope. I wrote about it extensively at MarketWatch and I co-wrote a teaching case about it that won an award and will be published in the next edition of Issues in Accounting Education.
I have continued to write and comment on the aftermath of the KPMG/PCAOB scandal, in particular the eventual fines on the firm itself that came after a bigger and more insidious scandal was uncovered during the SEC investigation of the first. That revelation has had serious repercussions for more Big 4 audit firms.
By waiting to write, the evidence that there is something wrong — dare I say still something wrong at KPMG in particular with its audits of banks — has become overwhelming. We have now seen many more articles about KPMG's role, a few of which have quoted me. These early reports focused on the absence of "going concern" warnings and citations of "critical audit matters" by KPMG.
I had a comment on that, and will say more about why these discussion were red herrings, distracting from the appropriate focus on what KPMG should have provided to investors and markets, as well as what they should have read, seen, and heard about regulator concerns going back years.
A securities fraud case filed April 7 in the federal court in San Francisco has included KPMG, the auditor for failed Silicon Valley Bank, as a defendant along with directors and officers of the bank and its underwriters Goldman Sachs, Bank of America, and Morgan Stanley. The case against KPMG focuses on its failure to provide a going concern opinion and CAMS. Perhaps this newsletter will provide them some new material to use to amend that complaint so it will be more effective.
My regular contributor Jim Peterson elaborated on these issue in a guest post for The Dig on April 19. With regard to the expectation that KPMG would issue going concern opinions if it thought the banks were in trouble, well, that was never going to happen.
One place to look for an answer is the hindsight perspective of the critics. Pinning it on the expectation of a “going concern” warning is futile. Good guidance for practitioners has been an intractably elusive challenge for standard-setters for decades. Such an opinion qualification is a “nuclear option” that auditors are passionate to avoid because the company may immediately be in breach of loan covenants. Or worse, for lack of a plan to recover, the qualified opinion becomes a self-fulfilling prophecy.
In fact, you already knew that that was never going to happen if you had watched what happened during the great financial crisis. No going concern opinions were issued by any of the Big 4 for all the banks that were forcibly acquired, failed or, essentially nationalized in the UK or the US. The US audit regulator the PCAOB even quoted me when its Investor Advisory Group tried to autopsy the auditor response in 2011 and came up empty.
I was surprised twice by a report presented by the IAG at last week’s meeting. First surprise: Doty was right. Good people are looking at the issue of auditor effectiveness, especially during the crisis.
Second surprise: The report quoted me.
They got my cards! They got my letters!
The Watchdog that Didn’t Bark … Again
Presentation of the Working Group on Lessons Learned from the Financial Crisis
The recent financial crisis presented auditors and, by extension, the Sarbanes-Oxley Act audit reforms, with their first big test since these reforms were put into place. By any objective measure, they failed that test.
· Dozens of the world’s leading financial institutions failed, were sold in fire sales, or were prevented from failing only through a massive government intervention – all without a hint of advance warning on their financial statements that anything might be amiss.
· Investors suffered devastating losses. Millions of Americans lost their homes or their jobs, and $11 trillion in household wealth has vanished, according to the Financial Crisis Inquiry Commission.
· As a result, serious questions have been raised both about the quality of these financial institutions’ financial reporting practices and about the quality of audits that permitted those reporting practices to go unchecked.
You could have taken these directly from this site and my Forbes column.
And then they did:
The Expectations Gap
In the wake of the crisis, investors and independent commentators have been highly critical of the auditors for these failures and of regulators for failing to hold them accountable.
“The public accounting firms and their hundreds of thousands of auditors should be an investor’s first line of independent defense. But these firms turned a blind eye to the excesses, mismanagement, and fraud of executives managing their client firms. The public accounting firms issued clean financial opinions for all of the firms that eventually, most less than a year later, failed, were taken over, or nationalized. And the regulators slept.”
Francine McKenna, blogger
Chairman Doty reiterated these strong statements by the IAG but then – and this is the catch – said that any changes or insight into auditors’ actions during the crisis will take a long time to materialize.
The PCAOB inspected the audits of many of the issuers that later failed or received federal bail-out funds. In several cases — including audits involving substantial financial institutions — PCAOB inspection teams identified what they determined to be audit failures of such significance that, in the inspectors’ view, the firm had failed to support its opinion.
Some of these audits are now also the subject of pending PCAOB investigations and may lead to disciplinary actions against firms or individuals. Under the Sarbanes-Oxley Act, our disciplinary actions must remain non-public, unless the respondent consents, until both our proceeding and any SEC appeal are finished. This will take a long time.
So, in spite of mainstream media focus on these issues – gratifying and encouraging – we see the possibility of the same old, same old result when it comes to transparency and reform.
Auditors In The Doghouse, Barrons, March 19, 2011
Sherlock Holmses at the Public Company Accounting Oversight Board are puzzling over the auditing watchdogs that never barked in 2008, as the country’s largest financial institutions were about to be deluged by a tidal wave of red ink.
The financial statements of Lehman Brothers, AIG, Fannie Mae, Freddie Mac, Washington Mutual, Bear Stearns and Countrywide all were graced with unqualified opinions by their auditor a few months before each of them entered bankruptcy or had to be rescued.
The oversight board sees two possible explanations for the Hound-of-the Baskervilles behavior by auditing firms, including the Big Four (Ernst & Young, PricewaterhouseCoopers, KPMG and Deloitte). Either auditors covered up for the firms, or U.S. auditing standards are so lax that they let auditors suppress any urge to bark. The PCAOB is investigating the role of the auditors in the financial crisis, playing catch-up with regulators in Europe.
I'll take "auditors covered up for the firms" for $1000, Alex. Why? Because that's what happened in the UK and the leaders of the Big 4 audit firms admitted it to Parliament in 2010.
Leaders of the four largest global accounting firms – Ian Powell, chairman of PwC UK, John Connolly, Senior Partner and Chief Executive of Deloitte’s UK firm and Global MD of its international firm, John Griffith-Jones, Chairman of KPMG’s Europe, Middle East and Africa region and Chairman of KPMG UK, and Scott Halliday, UK & Ireland Managing Partner for Ernst & Young – appeared before the UK’s House of Lords Economic Affairs Committee yesterday to discuss competition and their role in the financial crisis...
The Lord’s Committee was more interested in questioning the auditors about the issue of “going concern” opinions and, in particular, why there were none for the banks that failed, were bailed out, or were nationalized [fm note: than in continuing a fruitless discussion of lack of competition].
The answer the Lords received was, in one word, “Astonishing!”
Accountancy Age, November 23, 2010: Debate focused on the use of “going concern” guidance, issued by auditors if they believe a company will survive the next year. Auditors said they did not change their going concern guidance because they were told the government would bail out the banks.
“Going concern [means] that a business can pay its debts as they fall due. You meant something thing quite different, you meant that the government would dip into its pockets and give the company money and then it can pay it debts and you gave an unqualified report on that basis,” Lipsey said.
Lord Lawson said there was a “threat to solvency” for UK banks which was not reflected in the auditors’ reports.
“I find that absolutely astonishing, absolutely astonishing. It seems to me that you are saying that you noticed they were on very thin ice but you were completely relaxed about it because you knew there would be support, in other words, the taxpayer would support them,” he said.
The leadership of the Big 4 audit firms in the UK has admitted that they did not issue “going concern” opinions because they were told by government officials, confidentially, that the banks would be bailed out.
The Herald of Scotland, November 24, 2010: John Connolly, chief executive of Deloitte auditor to Royal Bank of Scotland, said the UK’s big four accountancy firms initiated “detailed discussions” with then City minister Lord Paul Myners in late 2008 soon after the collapse of Lehman Brothers prompted money markets to gum up.
Ian Powell, chairman of PricewaterhouseCoopers, said there had been talks the previous year.
Debate centered on whether the banks’ accounts could be signed off as “going concerns”. All banks got a clean bill of health even though they ended up needing vast amounts of taxpayer support.
Mr. Connolly said: “In the circumstances we were in, it was recognised that the banks would only be ‘going concerns’ if there was support forthcoming.”
“The consequences of reaching the conclusion that a bank was actually going to go belly up were huge.” John Connolly, Deloitte
Connolly said that the firms held meetings in December 2008 and January 2009 with Lord Myners, a former director of NatWest who was appointed Financial Services Secretary to the Treasury in October 2008.
I’ve asked the question many times why there were no “going concern” opinions for the banks and other institutions that were bailed out, failed or essentially nationalized here in the US. I’ve never received a good answer until now. In fact, I had the impression the auditors were not there.
There has been no mention of their presence or their role in any accounts of the crisis. There has been no similar admission that meetings in took place between the auditors and the Federal Reserve or the Treasury leading to Lehman’s failure and afterwards. No one has asked them [in Congress or otherwise].
How could I been so naive?
If it happened in the UK, why not in the US?
In his post for The Dig on April 19, Jim Peterson also discussed the futility of pointing to missing Critical Audit Matters or CAMs.
As for CAMs —and their analogs elsewhere in the world where “key” is substituted, thus KAMs — their availability and use have been gradually creeping into practice since introduced via the International Auditing Standards in 2016 and imposed by PCAOB requirements with application starting in 2019.
Wider use, however, has not made C[K]AMs more illuminating, reliable or demonstrably useful to information users. The limited available scholarship on their ability to signal future issues is no better than mixed, since there's no good research proving up the questionable hypothesis that investors actually pay attention to CAMs or make real-world decisions based on their inclusion in corporate disclosures. And there is at least anecdotal evidence that, in fact, they do not. That includes instances where fresh inclusion of a CAM or KAM was met with the typical indifference of investors and negligible effect on the reporting company’s share price.
An academic who has done considerable work looking at CAMS weighed in with me on the question of whether anyone was studying or listening to CAMs.
Professor Miguel Minutti-Meza, chairman of the accounting department at the University of Miami and an esteemed researcher on this and related topics, told me, “There is plenty of research about CAMs/KAMs showing that these disclosures provide investors little incremental information to make decisions. Although some research shows that there could be effects, the bulk of the evidence confirms scant attention and, therefore, little incremental information for investors or the market."
A WSJ report from April 10 says KPMG was not alone in not highlighting a lot that led to these bank failures and the ongoing concerns about similar banks. KPMG did not mention the risks as CAMs, and raised none of them to the level of material weaknesses in internal controls over financial reporting, even though they were cited as serious concerns in the Fed and CA DFPI reports and KPMG, and other auditors, have a legal obligation to ask for and gain access to regulatory reports.
Auditors’ apparent blind spot on the interplay of interest-rate and liquidity risks isn’t confined to Silicon Valley Bank.
Auditors for nine other U.S. banks most exposed to bond losses also didn’t flag this as an issue when they signed off on the financial statements for 2022, according to an analysis by The Wall Street Journal.
The Journal reviewed the audit opinions for the 10 small to midsize U.S. banks that last year reported the highest losses on held-to-maturity securities as a proportion of their shareholder equity, based on data from research-firm Calcbench. Silicon Valley Bank ranked second on the list.
None of the auditors included a critical audit matter related to the bank’s treatment of the bonds. Instead, nine of the 10 reported a critical audit matter for estimated losses from loans or other bad debts. That is the risk that brought down banks in the 2008 financial crisis. Auditors didn’t report any critical audit matter for one of the banks, the analysis found.
Eventually at least one journalist, at my urging, dropped the discussion of going concern opinions and CAMS and focused on the consequences for KPMG of having three bank audit clients fail in quick succession.
The trio of bank failures since March has cast a pall over KPMG’s lucrative business as the largest auditor of the US banking sector. Questions over the quality of its work and independence have mounted in recent days, following the release of a Federal Reserve report into the collapse of Silicon Valley Bank and the forced sale of First Republic. The Big Four accounting firm was auditor to both banks, as well as to Signature, which was seized by regulators in March. In all three cases, KPMG gave the banks’ financial statements a clean bill of health as recently as the end of February.
“It’s a three-fer,” said Francine McKenna, a former KPMG consultant who now lectures at the Wharton School of the University of Pennsylvania. “It’s a dubious achievement . . . and we need tough action to back up tough talk from regulators.”
The media discussion has now shifted to whether KPMG could have seen the deposit run on the banks coming, whether a revolving door between KPMG and some of the banks reduced the auditor's independence and objectivity, and whether some of the issues with regulators examinations and less than prompt action on issued identified work now being admitted by the Fed and California DFPI are also issues that should have been flagged by KPMG. Stephen Foley at the Financial Times wrote on May 3:
The Fed’s report last week revealed the extent of weaknesses in SVB’s risk management and internal audit functions, both of which need to be assessed by a company’s external auditors. Jeffrey Johanns, a former PwC partner who teaches auditing at the University of Texas at Austin, said that could raise a question of whether KPMG should have highlighted these failings to investors as material weaknesses that could affect the financial results. “If you have significant deficiencies in the risk function, how can the bank assert that it does not have a weakness in its internal controls?”
The FT and Professor Johanns are alluding to quick turnarounds by the Federal Reserve Bank and the California Department of Financial Protection and Innovation of investigations of their individual, and joint, regulatory lapses related to Silicon Valley Bank. On May 4 Bloomberg reported that Senators are now asking KPMG questions.
Two senators are looking into KPMG’s relationship with three recently failed banks, asking the firm for a wide range of documents for their initial inquiry.
Sens. Richard Blumenthal (D-Conn.) and Ron Johnson (R-Wis.) sent a letter to KPMG CEO Paul Knopp Wednesday asking for “all communications,” records “referring or relating to” the firm’s audits and advisory work, and a “complete list of all advisory work” between KPMG and Silicon Valley Bank, Signature Bank, and First Republic Bank.
I am not optimistic about any meaningful response.
My discussion will go now to the point raised by Professor Johanns: The question of whether KPMG should have highlighted these failings to investors as material weaknesses that could affect the financial results.
The two reports from the Fed and CA DFPI provide a huge head start in identifying the scope, changes, and lapses in the regulatory examination processes, and correspond/align closely with the expected work of the external auditor at the banks. As such they provide an excellent framework for me to review the standards that apply to bank audits of all sizes and to assess how well KPMG fulfilled its role and obligations under generally Accepted Auditing Standards at these failed banks, in particular Silicon Valley Bank.
I hope we'll see similar reports for Signature, First Republic and, lest we forget, Silvergate, too.
How would KPMG have known what the Fed and California DFPI were telling SVB about weaknesses in its risk management and internal audit functions, among many other operational and management weaknesses?
I explained that almost ten years to the day of this current crisis, on March 13, 2013 for Forbes after the JPM "Whale" trades debacle.
Between July and December 2012, the OCC issued six Supervisory Letters covering the problems detected as a result of the "Whale" trade losses. The Supervisory Letters include 20 Matters Requiring Attention (MRAs) which the bank must address with corrective action.
The Federal Deposit Insurance Act Section 36(h) requires each bank and savings institution to provide its independent auditor with copies of the institution's most recent call report and examination report. Banks “must also provide the auditors with any MOU or other written agreement between the institution and any federal (or state) banking agency, and any report of any action initiated or taken by any federal (or state) banking agency.”
PwC should have received all OCC reports on the bank and been fully aware of all of the OCC’s concerns about JPMorgan, not just related to the “Whale” trades, and especially during 2012.
We'll talk more about this example, and one other that involves KPMG, that point directly to what can happen at a systemically important bank if internal audit is ineffective and if executives are not paying attention, in particular to internal audit.
In Part 1 today I will cover the following issues identified by the Fed and California DFPI and match them to the PCAOB's auditing standards or GAAS.
Corporate Governance/Risk Management - Control Environment/Tone at the Top
Internal Audit
Planning the Audit: Awareness of the Company's Economic, Regulatory and Business Environments
In Part 2 I will tie these standards to the PCAOB's previous inspections of KPMG to see how auditors are expected to address these issues in their reports and whether KPMG had trouble doing that in the past. I will discuss the obstacles to doing the right thing and doing their public duty to inform investors and the market of serious issues at its audit clients that auditors face.
4. Why don't auditors enthusiastically report material weaknesses on a timely basis?
5. How did possible KPMG auditor independence issues and conflicts as a result of the revolving door between the firm and the banks affect its objectivity and willingness to act to warn investors and the market of issues?
6. What is KPMG's history with the PCAOB and SEC regarding bank audit quality control and does KPMG operate with impunity after two near-deaths but diminishing accountability since 2005?
So let’s begin looking at the key issues identified by the regulatory reports and see how well they match up with PCAOB auditing standards, or GAAS.