The S&L Crisis to SVB: How Concentration Blindness Repeats Every 15 Years

Silicon Valley Bank had concentration risk on its risk register. It had been there for years. The bank had an Asset Liability Management committee, interest rate models, and regular reporting to senior management. In its 2022 10-K filing, SVB disclosed a $91 billion held-to-maturity securities portfolio and $15.2 billion in unrealised losses — more than its entire equity base.[1]

It still failed. Not because the risk was invisible, but because the identification process never asked the follow-up question: are the controls and assumptions we built around this risk still adequate given what has changed in the external environment? The risk was on the register. The register was out of date. And $209 billion in assets evaporated in 48 hours.

SVB is not an outlier. It is the latest chapter in a pattern that has repeated across four decades, six continents, and at least $2.3 trillion in aggregate losses. Concentration blindness — excessive exposure to a single counterparty, sector, geography, or funding source that the risk identification process either fails to detect or detects but classifies as acceptable — is the single most destructive failure mode in the Industry Loss Database of 179 bank failures I have built over twenty years of practice.[2] It appears in every decade, every jurisdiction, and across every risk type. The asset class changes. The mechanism does not.

Era 1: The S&L Crisis (1980s)

The Savings & Loan crisis destroyed 1,043 thrift institutions in the United States at a cost to taxpayers exceeding $124 billion.[3] The concentration was commercial real estate. After the Garn-St. Germain Act of 1982 deregulated permissible activities, S&Ls shifted aggressively from residential mortgages into commercial real estate and speculative securities. Commercial real estate loans nearly quadrupled between 1980 and 1990.

The risk identification failure was treating deregulation as an opportunity without recognising that interest rate liberalisation had fundamentally altered the asset-liability risk profile. American Savings, seized in 1988 at a cost of $5.4 billion, epitomised the pattern: aggressive high-risk mortgage origination funded by volatile deposits in a rising-rate environment. The concentration was not hidden. It was celebrated as strategy.

Congress responded with FIRREA (1989) and FDICIA (1991). Sensible reforms. But they addressed the specific mechanism of the S&L crisis — not the broader phenomenon of concentration building undetected during periods of stability.

Era 2: The Global Financial Crisis (2007–2009)

The GFC was concentration blindness at industrial scale, manifesting simultaneously across every major financial centre in a different disguise at each institution.

Countrywide Financial became America's largest mortgage originator through aggressive subprime and Alt-A expansion. The stated business model was that securitisation transferred risk to investors. It did not. Retained tranches, warehouse lines, and representations-and-warranties obligations meant the securitisation transferred the asset but not the risk. Bank of America's $4 billion acquisition ultimately cost over $40 billion in settlements — a 10:1 ratio demonstrating how badly residual exposure was underestimated.[4]

Northern Rock chose wholesale-funded rapid growth as its competitive model. The board approved it. The regulator was aware. Seventy-five percent wholesale funding dependence. No systematic assessment connected rising US subprime delinquencies and widening wholesale funding spreads to Northern Rock's specific business model. The business model itself was the unidentified risk. Nationalised in February 2008.[5]

Lehman Brothers held $85 billion in residential mortgage-backed securities within a $111 billion real estate portfolio, leveraged over 30:1. The risk function assessed each risk individually, in its own silo, using its own models, reported to its own committee. No one mapped the causal chains between them. Repo 105 transactions temporarily removed $50 billion from the balance sheet at quarter-end, masking the true leverage. The interaction between credit, market, liquidity, and operational risk — amplification, feedback loops, cascade — was invisible because the methodology did not look for it.[6] The largest bankruptcy in American history: $639 billion in assets.

Anglo Irish Bank ran a monoline lending model with 80-90% of its loan book concentrated in commercial property.[7] Loans surged from EUR 23.7 billion to EUR 72.2 billion in four years. The concentration was visible in the financial statements — analysts commented on it publicly. But the internal environment made identification impossible: a culture of deference to chairman Sean FitzPatrick, where growth equated with success and the share price reinforced the narrative that concentration was competitive advantage, not risk. The Nyberg Commission later found widespread herding between institutions and groupthink within them. Cost to Irish taxpayers: EUR 29.3 billion. Nationalised 2009, liquidated 2013.

Era 3: The Eurozone Sovereign Debt Crisis (2010–2013)

The Eurozone crisis introduced the most insidious form of concentration blindness: concentration that regulatory frameworks actively disguise.

Under the Capital Requirements Regulation, eurozone sovereign debt carried zero risk weight. This regulatory treatment told risk identification processes there was nothing to identify. Alpha Bank in Greece did not flag domestic sovereign debt as a concentration risk because the regulatory framework explicitly stated it was not one. When Greek sovereign debt was restructured, Alpha Bank required approximately EUR 4 billion in recapitalisation through the Hellenic Financial Stability Fund — part of EUR 30.9 billion across all four Greek systemic banks.[8] Bank of Cyprus suffered the same blind spot: concentrated Greek sovereign exposure, zero risk weight, and uninsured depositors ultimately lost up to 47.5% in Europe's largest bail-in at that time.

Bankia was formed in 2010 from the merger of seven struggling Spanish savings banks. Each caja held massive property developer loan portfolios that were inadequately provisioned. The strategic rationale was that combining weak institutions would create a stronger one. No enterprise portfolio view assessed the aggregate property exposure. The merger aggregated concentrated exposures without recapitalisation. Listed through an IPO in 2011 that materially misrepresented financial health. Cost: EUR 22.4 billion — Spain's largest bank bailout. Former chairman Rodrigo Rato was convicted of fraud.[9]

Dexia failed twice — in 2008 from structured credit positions funded through short-term wholesale markets, and again in 2011 from sovereign debt concentration funded through the same short-term wholesale markets. After the first rescue, the bank reconstituted its risk framework and identified the risks that caused the near-failure. It documented the maturity mismatch, the wholesale funding dependency, the structured product concentration. But identification outputs were not integrated with capital planning with sufficient force to change behaviour. Three years later, the same institution walked back into the same trap with a different asset class.[10] Broken up entirely.

Era 4: The 2020s

Silicon Valley Bank failed on 10 March 2023 with $209 billion in assets. The concentration was dual: a $91 billion held-to-maturity securities portfolio on the asset side, and a deposit base where 94% was uninsured and heavily concentrated in the venture capital sector on the liability side.[1]

During the 2020-2021 tech boom, deposits nearly tripled to $189 billion. Management invested the surplus in long-duration mortgage-backed securities and Treasuries. As the Fed raised rates 500 basis points over eighteen months, unrealised losses exceeded $15 billion — more than total equity. The Chief Risk Officer departed in April 2022 and was not replaced until January 2023 — eight months vacant during the most consequential monetary policy shift in a generation. The risk was textbook interest rate risk in the banking book. A standard taxonomy entry every regulator expects banks to identify. The ongoing cycle had degraded to irrelevance.

Signature Bank failed two days later with $110 billion in assets — the third-largest bank failure in US history. It had built significant deposit concentration in the cryptocurrency sector. As the crypto market deteriorated through 2022 — TerraUSD collapse in May, Celsius bankruptcy in June, FTX collapse in November — each was an event-driven trigger that should have activated re-identification of concentration risk. Three separate warnings in six months. None were processed.[11]

Three Forms of Concentration

The case evidence reveals that concentration risk manifests in three distinct forms, each progressively harder to detect.

Single-name concentration is the most visible: excessive exposure to one counterparty, one sector, one geography. This is what the Basel Large Exposures framework (BCBS 283) targets, with its 25% of Tier 1 capital limit to a single counterparty.[12] But the framework addresses single-name exposure. SVB's problem was not excessive exposure to any single borrower. Anglo Irish's problem was not any single developer. The cajas' problem was not any single loan. The framework misses the concentrations that actually destroy institutions: sectoral, asset-class, and funding-side.

Structural concentration is less visible but more dangerous. This is concentration not in a single name but in a structural assumption — a funding model, a correlation assumption, a regulatory interpretation. Fortis led the consortium acquiring ABN AMRO for EUR 71 billion. The acquisition consumed the capital buffer at precisely the moment subprime losses demanded that capital. Two risks amplifying each other through a direct mechanism. Dexia's second failure was structural concentration in the assumption that sovereign debt was risk-free. Northern Rock's entire business model was a structural concentration in the assumption that wholesale funding markets remain open.

Systemic concentration extends beyond the institution to the system in which it operates. The Icelandic banking system grew to ten times the country's GDP through aggressive international expansion funded by wholesale markets. Each bank's risk assessment focused on its individual balance sheet. No individual bank's risk function identified the systemic concentration: the entire banking system had grown beyond the fiscal capacity of the sovereign to backstop. All three banks — Kaupthing, Landsbanki, Glitnir — failed within one week in October 2008.

Why It Keeps Happening: The Boiling Frog

Concentration does not arrive overnight. It builds incrementally, and at every stage it looks like growth. This is the boiling frog problem in risk identification.

The pattern is consistent across every era. Extended periods of low losses breed overconfidence. The absence of recent failures is interpreted as evidence that risks do not exist, rather than as a period during which risks are accumulating. Quarterly re-identification degrades into a roll-forward exercise. Event-driven triggers are not processed. New risks are not identified because old risks have not crystallised.

Hyman Minsky described the mechanism precisely: stability is destabilising. During stable periods, financial postures drift from hedge finance (cash flows cover all obligations) to speculative finance (must roll over debt) to Ponzi finance (dependent on asset appreciation). Concentration builds because the institution equates the absence of loss with the absence of risk.[13]

The Nyberg Commission documented the empirical mechanism in the Irish crisis: banks followed peer institutions in herding fashion, with executives fearing that deviating from the prevailing strategy would result in loss of customers, declining bank value, and potential takeover.[7] Every bank's concentration looked rational in the context of what every other bank was doing. No individual risk function stepped back to ask the system-level question.

Reinhart and Rogoff, studying eight centuries of financial data across 66 countries, concluded that this cycle of amnesia is not an accident but a structural feature of financial systems. Each post-crisis regulatory reform addresses the previous crisis's specific mechanism while leaving the broader phenomenon of concentration buildup fundamentally unaddressed.[14]

What Would Have Caught It

The methodology I have built over twenty years exists because this evidence demands it. Four specific components directly target concentration blindness.

Enterprise portfolio view. The risks that live between business units — aggregate concentrations, correlated exposures, systemic dependencies — are the risks that have caused the largest losses in banking history. Citigroup's SIV exposures were distributed across divisions, each individually within limits, collectively catastrophic. The enterprise portfolio view forces four assessments: common exposures, simultaneous crystallisation scenarios, aggregate position against appetite, and diversification assumptions under stress. One question would have surfaced the concentration: "What is our total exposure — direct, indirect, contingent — to a decline in US residential mortgage credit quality?"

PESTLE assessment mapped to specific vulnerabilities. External context changes do not announce themselves as risks. They must be systematically mapped to the institution's specific exposures. For SVB, each Fed rate increase should have appeared in a PESTLE update as a significant external environment change, directly mapped to the bank's $91 billion HTM portfolio. For Northern Rock, wholesale funding market stress was visible in LIBOR-OIS spreads throughout 2006-2007. No systematic process connected these external signals to the institution's specific business model.

Regulatory versus economic risk gap analysis. Alpha Bank's zero-risk-weight treatment of Greek sovereign debt was a regulatory input, not a risk assessment. A four-step gap analysis — comparing regulatory capital treatment against independent economic assessment for every material risk — would have shown the divergence immediately and required Board acknowledgement. A process that simply accepts zero risk weights for home-sovereign debt is not identifying risks. It is transcribing regulatory assumptions.

Quarterly re-identification with event-driven triggers. SVB's CRO was vacant for eight months during the fastest rate-hiking cycle in a generation. A process requiring active re-identification every quarter — not score updates, but the question "are there new risks we did not identify last quarter?" — would have flagged escalating interest rate risk from Q1 2022. Each Fed rate increase was an event-driven trigger requiring immediate reassessment.

What To Do Monday Morning

Map your top five exposures across all three forms of concentration. Not just single-name. Ask: what structural assumptions underpin our business model? What system-level concentrations is our institution embedded within? If you cannot answer these questions, your concentration analysis is incomplete.
Run a regulatory versus economic gap analysis on your largest exposures. For every material risk where the regulatory capital treatment assigns low or zero capital, ask: does our own economic assessment agree? Document the gaps. Present them to the Board Risk Committee. The gaps between regulatory treatment and economic reality are where concentration hides.
Test your diversification assumptions under stress. HSH Nordbank believed shipping finance and US subprime were diversified — different asset classes, different geographies. Both correlated to global economic activity. For every pair of exposures you consider diversified, ask: under what conditions do these move together? If your diversification assumption relies on historical correlations in normal markets, it has not been stress-tested.
Check when your ongoing cycle last identified a genuinely new risk. Not a re-scored existing risk. Not a renamed variant. A new risk that was not on the register twelve months ago. If you cannot point to one, the cycle has degraded. Rebuild it with active re-identification: PESTLE updates mapped to your specific exposures, SWIFT workshop prompts asking what has changed, and event-driven triggers that force immediate reassessment when circumstances demand it.
Ask the enterprise-level question no business unit can answer. "What is our total exposure — direct, indirect, contingent, on-balance-sheet and off — to [your largest sector]?" If no one in your institution can answer this within 24 hours, you have a concentration risk you cannot see.

The pattern is clear. The same failure mode — concentration blindness — has destroyed institutions in the 1980s, the 2000s, the 2010s, and the 2020s. The asset class changes every time. The mechanism does not. The institutions that survive the next cycle will be the ones whose identification processes are designed to find concentration before it becomes existential — not the ones that wait for the register to catch up with reality.

Sources & References

Federal Reserve, Review of the Federal Reserve's Supervision and Regulation of Silicon Valley Bank (April 2023). SVB 10-K FY2022: $91.3B HTM portfolio, $15.2B unrealised losses vs $16.0B equity. $209B total assets. federalreserve.gov
EON Risk Services Industry Loss Database: 179 events, $2.3 trillion aggregate losses, 30 countries, 6 decades. Methodology detailed in Risk Identification: A Practitioner's Methodology for Banks (Roberts, 2025), Chapter 16.
FDIC, History of the Eighties, Volume 1, Chapter 4: The Savings and Loan Crisis (1997). 1,043 thrift failures; taxpayer cost ~$124 billion. fdic.gov
FCIC Report, Chapter 11. Bank of America acquisition of Countrywide for $4B (announced 11 Jan 2008). Subsequent settlements include $16.65B DOJ National Mortgage Settlement (2014) and $8.5B private-label RMBS settlement (2011), among others exceeding $40B in total. govinfo.gov
House of Commons Treasury Committee, The Run on the Rock, Fifth Report of Session 2007-08, HC 56-I (January 2008). Northern Rock nationalised 22 February 2008 under Banking (Special Provisions) Act 2008. parliament.uk
Valukas Examiner's Report, Vol. 1, Section III.A.1. $85B RMBS within $111B real estate portfolio. Repo 105: $50B removed at quarter-end. Lehman Brothers Ch. 11 filing 15 Sep 2008, Case No. 08-13555.
Nyberg, P., Misjudging Risk: Causes of the Systemic Banking Crisis in Ireland, Commission of Investigation (March 2011). Anglo Irish Bank: loans grew from EUR 23.7B to EUR 72.2B (2004-2008); 80-90% property-related. Total Irish banking crisis cost: EUR 64B gross recapitalisation. gov.ie
HFSF Annual Report 2013; EC State Aid Decisions SA.34823, SA.34825, SA.34826, SA.34827 (2012-2013). EUR 30.9B across four Greek systemic banks. Central Bank of Cyprus bail-in decree, 29 March 2013: uninsured deposits above EUR 100,000 converted to equity at losses up to 47.5%.
BIS/FSI, The 2008-14 Banking Crisis in Spain, Crisis Management Series No. 4. Bankia: EUR 22.4B recapitalisation funded through ESM (EC State Aid Decision SA.35253). Audiencia Nacional, Criminal Chamber, 24 Feb 2017: Rato convicted. bis.org
EC State Aid Decision SA.33760 (2008/C): Dexia first rescue, EUR 6.4B capital injection + EUR 150B guarantees. EC State Aid Decision SA.33760 (2012/NN): Dexia breakup. Belgium acquired Dexia Bank Belgium (Belfius); France assumed Dexia Crédit Local.
FDIC PR-17-2023, 12 March 2023: NYDFS closed Signature Bank, $110B assets. TerraUSD lost peg 9 May 2022; Celsius Ch. 11 filed 13 July 2022; FTX Ch. 11 filed 11 November 2022.
Basel Committee on Banking Supervision, Supervisory Framework for Measuring and Controlling Large Exposures (BCBS 283, April 2014). 25% of Tier 1 capital limit; 15% between G-SIBs. Effective 1 January 2019. bis.org
Minsky, H.P., The Financial Instability Hypothesis, Levy Economics Institute Working Paper No. 74 (May 1992). levyinstitute.org
Reinhart, C.M. & Rogoff, K.S., This Time Is Different: Eight Centuries of Financial Folly (Princeton University Press, 2009). NBER Working Paper 13882. nber.org