Great advice from Ross Chaldecotte of Kinde - talking ways to manage risk for startups and tech companies looking to scale…..
Thankfully it looks like Silicon Valley Bank (SVB) customers will retain all of their funds. Kinde was never directly impacted as we bank in Australia with one of the big 4 banks and utilize Airwallex for our international transactions. It did, however, make us painfully aware of the risks of keeping all of our eggs in one basket (not just around banking).
Here are some of the approaches we’re applying to help distribute risk and protect our customers and team (most of these are already in place):
* Always have at least 2 bank accounts and distribute funds between them so that there is never a central point of failure. Make sure that banks used are truly different entities and are federally guaranteed. Ideally cap account limits to insured limits – but this seems an unlikely / impossible scenario with large amounts of funds.
* Make sure we have up to date records of balances and statements to prove balances should we need them.
* Make regular backups of our critical software systems so that if any one point fails we can roll to a secondary as fast as possible with minimal loss. We looked at the scenario where a third party like Xero or Stripe got taken down by SVB failure and realized the knock-on effects could be quite large.
* Build redundancy into everything that we develop. We build with a rule of 2. Which means that every integration we use should be deliberately built with a minimum of 2 vendors in mind. For example, if we use Stripe, we will also build for Adyen or Worldpay. This is better for our customers as they gain choice and can use their preferred vendor, but it’s also better for us, as it doesn’t lock us in and protects us from catastrophic failure.
* A complete AWS failure seems highly unlikely and if it occurs would be a catastrophic event far larger than Kinde. Most of the world would be reeling and the majority of customers we work with would also be hit directly. In the event that service here did not return, standard best practice would apply. Code is stored in both github and locally, and database backups are made regularly. We would be able to have Kinde back up and running fairly quickly on an alternative like Google Cloud. Assuming the zombies hadn’t eaten us all by then.
* To protect our own customers, we continue to have strongly defined business continuity plans and our software in escrow to ensure we are protecting our customers in the event of our own failure.
We’re still working through it and I’m sure there are other things we will encounter along the way.
It would be interesting to know what others are doing that I’ve missed. Feel free to post in the comments.
#svb #siliconvalleybank #riskmanagement #risk #redundancy #software #banks
No comments:
Post a Comment