So much has been said, and continues to be said, about the Silicon Valley Bank collapse. Who is at fault? VCs? SVB themselves? Market dynamics? WhatsApp groups?
This article isn’t about delving into a post-mortem of those events.
Instead, the tech ecosystem needs to reflect on and prepare to avoid exposure to these types of events again in the future. The financial system is still reeling from the loss of confidence caused by SVB’s collapse, and the consequences could be far-reaching, so the next major event might not be too far in the future.
I’ll lay out my three bits of practical advice from the top: diversify your bank accounts, growth shouldn’t trump governance, and beware of scammers.
Let’s go into these in more detail.
1. Diversify your bank accounts
According to a survey by the UK Business Angels Association, a third of UK startups did not have access to any other financial account than SVB UK.
It doesn’t take a genius to realise that high street banks have notoriously clunky, slow moving KYC and account-opening processes that take up too much time for many founders to cope with, especially in the early days. This, alongside strong tech-investor relationships with SVB, mean it’s no real surprise that there has been an over-reliance on SVB – which made the consequences of its collapse all the more urgent.
So, the learning from this is to ensure your funds are spread across more than one bank account – and that you can access all of it.
It’s good practice to have one account for monthly operating expenses (including payroll), and at least one other account, at a different bank(s), for the rest of your funds and income. If you’re investing some of that capital, be sure to make wise investments into securities and be careful about what you’re investing in. Money market funds are understandably popular, but beware of the duration risk, and manage your liquidity properly. Treasury management is a job for an experienced CFO and perhaps not every founder.
Be careful not to create new risks whilst trying to maximise treasury returns. Investors will often have good relationships with banks and should be willing to introduce you.
2. Growth shouldn’t trump governance
Building profitable businesses requires a certain element of stability. This can be difficult to manage when utilising third parties (such as banks) but, where you can, ensure that due diligence is done on critical third parties, especially when it comes to financial and operational hygiene.
Some key areas to look into as part of this due diligence are:
General trading information
Through this, you can access fundamental items of information like articles of incorporation, proof of location(s), any trading name information (including dba, aka, or fka), and an overview of the organisation structure. From this, you can make judgments on the company’s legitimacy, whether they have all the correct licences to operate in your territory, etc.
It’s very hard to assess a third party’s solvency and liquidity without really looking under the hood. This should include insight into any major debt, assets and liabilities they carry.
Recently audited financials are a good starting point. Often this isn’t very practical as many startups work with other startups. Where this is the case, it might be helpful to get views and insights from the vendor’s other clients and the wider investment community.
Who are the directors and officers of the business you’re wanting to work with? Do they have good experience? Have any of them got a worrying past? What is the reputation of the business amongst your peers? All important aspects to check.
It’s vital that any business you work with has the correct insurance in place. Remember that their insurers will have also done their due diligence on them.
The types of insurance they have (and you should want them to have!) depends on what they’re doing for you. Regardless, professional indemnity (covering breach of contract, etc) and cyber insurance (if they’ll be touching any aspect of your systems or data) are must-haves.
Information security and technical review
Cyber insurance is important for any vendor, but so is their information security programme and processes. The more they are willing to show you, the better. Audit reports (internal and external) are a good place to start, alongside pen-testing and any history of ransomware issues or data breaches they might have had (and importantly, the steps they’ve taken since then to mitigate repetition).
If a vendor is processing or collecting data, it’s also worth ensuring that your expectations for their authority to collect/process data aligns with your expectations of what they need to be able to do and your own authority to handle data (especially important under the GDPR).
You should ask to see the vendor’s change management, data processing and privacy policies. If they don’t have these, or are unwilling to share them, this raises questions over whether they have the internal controls to protect your business’ data, cloud or hardware.
3. Beware of scammers
Scammers thrive in a crisis, so anyone controlling capital and payments should be on ultra high-alert. Do you have adequate sign-off procedures, multi-factor authentication and ID verification to ensure that you – and only you – have access to your hard-earned capital? Are you paying who you think you’re paying?
With a mad rush of account changes to new providers, there will be new account numbers, processes and contacts, changing of direct debits, and standing orders. All of this is confusing enough, but with SVB in the rearview mirror and pressures to get back to normal, it’s easy to value speed and cutting corners over being prudent.
I’m sure there will be awful stories of businesses being caught up in a scam. Don’t let it be you!
This content has been created for general information purposes and should not be taken as formal advice. Read our full disclaimer.