KPMG’s Work for Silicon Valley Bank Exposes Audit Limits (1)

KPMG LLP considered 64 risks that could signal Silicon Valley Bank was in jeopardy of going out of business in early 2023. None applied to the regional lender, the auditor initially determined.

Two weeks later, the bank collapsed after customers tried to withdraw $140 billion over the span of two days.

KPMG has since come under fire for failing to raise red flags prior to the bank’s rapid collapse, and the criticism continued last week with the release of a new congressional report detailing the Big Four firm’s work for SVB as well as two other regional banks. But the report also illustrates the mismatch between the expectations auditors face and the narrow scope of their work as outlined by regulators.

Investors have long sought earlier warnings from auditors when a company is at risk of failing. Auditors say, however, that many potential threats to their clients’ viability—whether market dynamics or even internal governance risks—don’t have a direct impact on the financial statements they’re hired to vet.

“There are limits to what the auditor is responsible for,” said Dan Goelzer, a former member of the Public Company Accounting Oversight Board, the US audit regulator. “You can’t interpret an audit opinion on the financial statements as necessarily meaning that the company is stable and fine and isn’t going to encounter any turbulence in its future.”

KPMG issued clean audit reports before Silicon Valley Bank, Signature Bank, and First Republic Bank collapsed as rising interest rates curbed the value of long-term assets the lenders had on hand to back customer withdrawals. The Big Four firm dismissed a range of risks facing the lenders before the banks failed, the report from Democrats on a Senate Homeland Security and Governmental Affairs subcommittee found.

KPMG declined to comment, but previously said that it stands by its audits and complied with US standards. The firm told lawmakers their job wasn’t to evaluate the risky strategies of its clients, according to the report.

The firm’s auditors didn’t consider changing dynamics as it weighed Silicon Valley Bank’s ability to continue operating—including a $15 billion drop in value for certain long-term assets, the report said.

KPMG contests that assessment, including the impact of a long-term asset class known as “held-to-maturity.” The firm told committee staff that the temporary drop in unrealized value of those securities would reverse over time and that the decline did not impact cash flows.

The firm should have noted in its workpapers the steep drop in the bank’s stock price through 2022 as part of its going concern review, calling it a “documentation error,” it told the subcommittee.

Auditors’ Role

The Democrats’ report didn’t opine on whether KPMG met US audit standards in its audits of the three banks.

The PCAOB pressed bank auditors on their response to shifting market conditions and found that some didn’t reconsider risk evaluations or going concerning assessments, the regulator said in its own a review following the bank failures. The report released in September 2024 didn’t specify which firms were included in the review.

In the case of Silicon Valley Bank, the institution detailed its risks in its annual filing with regulators, said Kris Bennatti, CEO of investment research platform Hudson Labs.

The role of auditors is to ensure that corporate accounting is reliable, she said, pointing to the requirements that auditors ensure reports detailing revenue and assets are free of significant misstatements because of an error or fraud.

“The Senate report reflects a misunderstanding of how capital markets work and what financial statements and audit reports are designed to do,” Bennatti said.

‘Going Concern’ Dilemma

Annual assessments to determine whether a company is likely to stay in business over the coming year underpin US corporate accounting rules. But “going concern” warnings from auditors that a company might not meet its obligations can serve as a death knell for a shaky business as customers and suppliers flee.

Investors have long sought improvements to the rules governing auditors’ going concern reviews. Bank regulators have also called on the PCAOB to update its rules in the aftermath of the regional bank crisis.

“History has repeatedly demonstrated that this is one of the areas and in fact it probably is the major area where accountants show the total lack of a spine,” said Jim Cox, a Duke University corporate law professor. “If it’s gone, it’s gone. It’s not going.”

But efforts to update going concern rules have floundered in the past decade. Accounting rules in effect since 2017 require corporate managers to review quarterly their own ability to stay in business—an effective backstop to auditors’ annual assessments.

The PCAOB declined to comment. The audit regulator remains in limbo as it waits for a slate of new leaders and what is expected to be a new agenda.

Auditors historically issue going concern warnings for a narrow set of circumstances. For financial institutions, the warnings could spark a run by customers seeking to withdraw their deposits.

Audit regulators could consider strengthening boiler-plate statements about a company’s ability to survive the coming year to address the mismatch in risks and the scope of the audit, Cox said.

Auditors, for example, could list factors that support their finding that the business is viable along with any vulnerabilities that could undermine that assessment, he said.

“The debates always come up in hindsight,” said Goelzer, who is also a former general counsel for the Securities and Exchange Commission. “In every audit you conduct you have to think about sort of where this line is drawn between business risk and financial statement reporting risk.”