Much has been written about Silicon Valley Bank’s collapse. The conversations I’m having today with our banking clients are all focused on the same question – “Do we have the capabilities in place to assess and manage risk, before risk manages us?”

This question doesn’t solely apply to banks managing uninsured Treasuries in the face of rising interest rates. Companies manage all kinds of risk – from competitive threats to operational transformations, from product upgrades to customer attrition.

The companies I work with put structures in place to proactively manage threats to their business. Defining what risks are, and how to measure them. Putting processes and governance in place to monitor risks. Measuring the factors in the market that amplify the risk. And assigning people with responsibilities to manage and govern them.

It sounds like Silicon Valley Bank had a structure with safeguards in place to recognize both risk and consequence. So what was the difference?

The dust will take months to settle, and there certainly are a number of complicating factors. But from my conversations with multiple banking clients, my initial conclusion highlights a major difference. It comes down to culture.

What message is sent when an analyst raises a risk and isn’t taken seriously? Or when an executive brings forth a threat to the business, and is shut down for causing waves? Or when the Chief Risk Officer position is left vacant for much of the past year? All of the structure that’s put in place doesn’t matter when a culture doesn’t empower people to take appropriate actions.

Establishing processes, measurements, dashboards, governance, roles and responsibilities, etc. are not enough. Championing a culture that embraces healthy challenges and celebrates both the response and the team responding – that matters.