In March 2023, $42 billion fled Silicon Valley Bank in a single day.1 Within 48 hours, panic had engulfed Signature Bank and First Republic. The government had to intervene to prevent a 2008-style meltdown.
The irony is Silicon Valley Bank died with perfect documentation.
Thirty-one regulatory findings. Hundreds of remediation plans. Millions in consultant and lawyer fees. The bank's risk managers clearly understood the liquidity dangers, interest-rate exposure, and deposit concentration risks months before collapse. But instead of acting, they translated urgent threats into bureaucratic filings and documentation. By the time the narrative was airtight, the window for action had slammed shut.
This is how modern banks fail: paralyzed by the very systems meant to protect them.
Over the past two years at McKinsey, I've observed this paralysis repeatedly. When regulators issue a Matter Requiring Attention (MRA),2 risk teams immediately switch from managing risk to decoding regulatory expectations. Consultants and lawyers bill millions dissecting 300-page rulebooks. Months later, exhaustive documentation exists - but no mitigation, and fresh risks go unaddressed.
Mid-size banks now spend 15% of operating expenses on compliance, an industry-wide burden approaching $250 billion annually.3 The brightest minds in finance have become documentary filmmakers, crafting narratives about risk instead of mitigating it.
Regulators admit the irony too. The Fed's SVB post-mortem confessed that examiners spotted vulnerabilities but "did not take sufficient steps to ensure that Silicon Valley Bank fixed those problems quickly enough."4 By the time everyone agreed on the proper language, the building had burned down.
I don't want to imply incompetence. This is about being overwhelmed. Banks use sophisticated tools and evolve constantly. Regulators employ PhDs who deeply understand the landscape. Yet both are drowning in complexity that exceeds human bandwidth.
For the first time in the history of banking, AI can truly reason - not merely pattern-match or predict statistically, but logically deduce from premise to conclusion, with transparent, auditable chains of thought.5
We can further improve reliability in these reasoning engines using reinforcement learning from human feedback, and measure their efficacy with realistic evals.6 Products built with this approach will move beyond just flagging issues - they explain them, with explicit citations, referencing rulings, peer findings, and risk frameworks - all within the same stream of logic.
Imagine AI holding the full Fed examination manual, every regulatory bulletin since 2008, and a bank's entire risk framework in memory. When deposit concentration rises, it immediately cites SR Letter 10-6,7 compares with peers, and proposes a practical remediation path aligned to both regulator expectations and business realities.
At Olito Labs, this is what we're building. A bridge between regulators and banks, translating fluently, accurately, and in real time.
I'm excited about the future. I think there is a real possibility here to solve the inefficiencies of banking supervision for the first time in its 250-year history. I see a 3-phase evolution:
We start with the pain point: regulatory remediation. Today, banks spend months translating MRAs, MRIAs, MOUs, and enforcement actions into actionable plans. Well-built AI systems can do this in hours - gap assessments, remediation strategies, fluent "regulator" language, real-time progress tracking. Our pilot data shows a 70-90% cost reduction and a 10x acceleration in remediation pace. But more importantly than saving money, AI-driven workflows can free teams to manage actual risks.
Our immediate focus will be on this first phase at Olito Labs. Not because this is the end goal, but because it's the necessary first step. Trust is earned incrementally.
Regulators face their own overwhelming reality: roughly 4,000 commercial banks, hundreds of examiners, and millions of pages to review annually.8 The math doesn't work. Each examiner effectively has a finite time per bank per year.
Now consider AI systems custom built for regulators, ingesting every Call Report,9 finding, and enforcement action. An examiner's preparation could look like this:
Suddenly, examiners arrive knowing exactly where to look. What took weeks of preparation happens in hours. More importantly, patterns invisible to humans—subtle correlations across thousands of institutions—become obvious. The same examiner can now meaningfully review more banks with better outcomes.
Once banks trust AI systems with basic compliance, the obvious question emerges: if my AI speaks regulator and their AI understands my reality, why play telephone through PDFs? Instead, a proactive, real-time dialogue could occur:
No raw data is shared. No forms are filed. Just a specific question getting actionable intelligence based on system-wide pattern recognition using privacy-preserving protocols.11 A pilot within a regulatory sandbox could prove the concept: five banks, one Fed office, privacy-preserving protocols.12 When banks prevent problems instead of documenting them, when regulators spot patterns weeks not quarters later, the old way becomes indefensible. The technology exists today; it's just waiting for someone to go first.
Artificial intelligence in banking supervision is inevitable and essential. What inspires me most about this future is bringing down the human cost of future bank failure.
When Silicon Valley Bank collapsed, thousands of startups had to worry about making payroll.13 First Republic's failure erased billions in market value and ended in a government-brokered rescue sale.14 Behind each statistic: employees, families, communities.
The current system didn't prevent these tragedies. It documented them. We have the opportunity to build something better.
If you're a risk officer at a financial instituion, a regulator, a credit union leader, or an engineer interested in banking regulation and supervision - please reach out. I'm actively hiring and looking for collaborators. I'd immensely value hearing about your real challenges, or working with you to build this future thoughtfully and responsibly: tanush@olitolabs.com
1. Federal Reserve Board, "Review of the Federal Reserve's Supervision and Regulation of Silicon Valley Bank" (April 2023). Link
This is the Fed's official post-mortem—a remarkably candid 118-page analysis of its own failures. The document confirms the staggering $42 billion deposit outflow on March 9, 2023. Most damningly, it details how SVB's own internal liquidity reports and the Fed's examiners correctly identified the core interest rate risks long before the collapse. Everyone saw the iceberg coming, but the ship's course never changed. The tragedy of modern supervision is laid bare in a single government report.
2. Office of the Comptroller of the Currency, "Bank Supervision Process" Handbook (March 2022). Link
An MRA sounds innocuous—"Matter Requiring Attention." As this OCC handbook outlines (see page 56), it's a formal, escalating supervisory action. In reality, it triggers an avalanche of board meetings, consultant engagements, and remediation plans. I've seen banks spend millions responding to a single MRA for a risk that would have cost a fraction of that to simply fix. The process becomes a performance, and the original goal—mitigating risk—gets lost in the shuffle.
3. Deloitte, "Cost of compliance: A bold approach to reducing non-financial risk management costs" (2024). Link
While the Thomson Reuters report has been a staple, this 2024 analysis from Deloitte captures the modern reality: compliance, risk, and control costs now represent 15-20% of the cost base for many banks. They diagnose the problem perfectly, calling it a "proliferation of roles... performing similar and overlapping activities." The result is a massive, duplicative, and expensive apparatus that generates more reports than results, confirming the $250 billion industry-wide estimate is likely conservative.
4. Federal Reserve Board, SVB Review, Page 2 (April 28, 2023). Link
Read this quote twice from the Fed's own report: "supervisors did not take sufficient steps to ensure that Silicon Valley Bank fixed those problems quickly enough." The Fed's own review admits they saw SVB's problems coming and failed to compel action. In any other industry, this would be a major scandal. In banking supervision, it's accepted as a flaw in the system. The examiners aren't incompetent—they're trapped in a process that prioritizes procedure over outcomes.
5. Wei et al., "Chain-of-Thought Prompting Elicits Reasoning in Large Language Models" (NeurIPS 2022). Link
This 2022 paper from Google researchers changed everything. Before "chain-of-thought," AI was a black box—it gave you answers but couldn't explain its logic. By teaching models to "show their work" step-by-step, their reasoning abilities improved dramatically. For banking and regulation, where every decision requires a clear and defensible audit trail, this isn't just an improvement—it's the technology that makes AI a viable tool instead of a dangerous toy.
6. Bai et al., "Constitutional AI: Harmlessness from AI Feedback" (December 15, 2022). Link
Anthropic's Constitutional AI is a brilliant conceptual leap. Instead of just training AI on human feedback (which can be biased or inconsistent), you give the AI a "constitution"—a set of explicit principles it must follow. Imagine a constitution for a banking AI built from foundational texts: the Federal Reserve Act, SR 10-6 on liquidity risk, OCC guidance on model risk management. The AI doesn't just learn what sounds right; it learns what the law requires.
7. Federal Reserve, "SR 10-6: Interagency Policy Statement on Funding and Liquidity Risk Management" (March 17, 2010). Link
SR 10-6 is the Bible of liquidity risk management—17 pages of dense but critical regulatory prose that every bank must follow. Written in 2010 in the wake of the financial crisis, it's actually quite sensible: know your cash flows, stress test them, have a backup plan. The problem? Translating its principles into concrete, auditable actions across dozens of business lines is where banks get bogged down in paperwork, often losing sight of the spirit of the law.
8. FDIC, "Quarterly Banking Profile" (Q1 2025). Link
As of the first quarter of 2025, there are 4,528 FDIC-insured commercial banks in the United States. The Federal Reserve, meanwhile, has a total staff of around 23,000—but only a fraction of those are bank examiners. The math is stark. The sheer scale of the industry overwhelms the human capacity for meaningful, in-depth oversight for every single institution.
9. FFIEC, "Central Data Repository's Public Data Distribution" (2025). Link
Want to see what drowning in data looks like? Visit this site. Every quarter, every bank files a "Call Report"—a dataset with thousands of fields covering everything from loan portfolios to off-balance-sheet exposures. Multiply that by ~4,500 banks, four times a year, and you have billions of data points. Humans can scan for obvious outliers, but spotting the subtle, cross-institutional patterns that predict the next crisis is nearly impossible without advanced computational tools.
10. Federal Reserve, "SR 07-1: Interagency Guidance on Concentrations in Commercial Real Estate Lending" (January 31, 2007). Link
Commercial Real Estate: the recurring nightmare for community banks. Regulators have known this for decades. This guidance from 2007 establishes the supervisory criteria for CRE concentration, including the well-known 300% of capital threshold. This number isn't arbitrary; it's based on painful experience from past banking crises. Yet banks constantly push this limit because CRE loans are profitable... right up until they aren't.
11. McMahan et al., "Communication-Efficient Learning of Deep Networks from Decentralized Data" (AISTATS 2017). Link
This is the seminal paper that introduced Federated Learning. It's Google's clever solution to training AI on sensitive data without ever seeing the data itself. The model trains locally where the data resides (e.g., inside a bank's firewall), and only the anonymous model updates are shared. The implications for banking are profound: every institution's private data could help train a systemic risk model without ever being exposed, preventing the next crisis while preserving confidentiality.
12. Office of the Comptroller of the Currency, "Innovation Pilot Program." Link
So-called "regulatory sandboxes" are no longer just theory. The OCC's Office of Financial Technology and Innovation provides a formal framework for banks to test new ideas under supervisory observation. It's the perfect venue for the kind of controlled experiment proposed here: a handful of banks, one regulatory agency, and a shared AI system built with privacy-preserving protocols, all operating within clear, pre-defined guardrails.
13. Garry Tan, Y Combinator, "Urgent message to all YC portfolio companies" (March 10, 2023). Link
This blog post is a primary historical document of the SVB panic. Garry Tan, the CEO of Y Combinator, issued a stark warning that a "significant percentage" of their startups would be unable to make payroll if their funds at SVB were lost. The terror was palpable. This wasn't about complex financial instruments; it was about thousands of businesses suddenly facing extinction because the bank holding their operating cash had failed.
14. FDIC, "JPMorgan Chase Bank, National Association, Columbus, Ohio Assumes All the Deposits of First Republic Bank, San Francisco, California" (May 1, 2023). Link
First Republic's death was a slow-motion bank run that lasted nearly two months after SVB's collapse. The FDIC press release marks the official end, with JPMorgan Chase acquiring the bank in a government-brokered deal. The day before the seizure, First Republic's market capitalization was just over $650 million—a catastrophic fall from its peak of over $40 billion just sixteen months earlier. The sale was a rescue, but it couldn't erase the immense value destruction.