M&A: Avoiding Compliance Sinkholes

With interest rates on loans at an all-time low and fee income significantly diminished as a result of a new focus on consumer protections, many banks, credit unions and other financial services companies are looking to acquisitions to supply needed growth in balance sheets and income sources. But along with acquisitions come many potential regulatory pitfalls, including consumer protection risks.

Without appropriate levels of due diligence, your bank could end up with a number of hidden compliance nightmares, such as violations of the Truth in Lending Act, Real Estate Settlement Procedures Act, or flood insurance rules that result in consumer restitution, fines or civil monetary penalty assessments from your banking regulator.

Here are a few key compliance considerations to keep in mind during your preliminary evaluation of an acquisition target. Think about these things well before seeking approval of the acquisition from regulators and shareholders.

Institutional History

Has the acquisition target historically had regulatory issues? Be sure to check for published enforcement actions regarding products, services or practices that may affect the combined institution’s compliance and reputational profile. Don’t forget to use simple Internet searches, including social media outlets, through readily available search engines. You might be surprised by the results of your searches.

Compliance Management

Does the acquisition target have a well-run compliance management system? Include an evaluation of key compliance management components in your due diligence. Always consider risk assessments, policies, monitoring schedules, training, and complaint-management practices. Is the institution’s program comprehensive? Is reporting to the board regarding program activities concise and detailed? Are issues reported and resolved in a timely manner?

Third-Party Service Providers

Does the acquisition target offer a large inventory of consumer products, and does it use third-party service providers to sell and deliver some or all of those products? With consumer products come a variety of laws, rules and regulatory expectations regarding consumer protection. Significant levels of risk may reside in third-party relationships the institution has developed to sell and service consumer products.

Evaluate management’s assessment of risks associated with service providers and the strength of the institution’s vendor management program as well as key provisions of contracts, including recourse related to noncompliance. Allocating time in this area could help prevent significant issues after a transaction has been completed.

Product Sets and Features

Does the target institution have multiple deposit and lending products with complex features? Conversion of products is a significant risk factor related to consumer compliance. The more complex features become, the more challenging converting accounts and providing accurate disclosures will be.

Stories of failed customer account conversions and public relations disasters are all too common. Address details regarding conversion of products as early as possible in acquisition planning. Include consideration of required timing of consumer disclosures and alternatives for accommodating customers when eliminating or adding key products and services.

Post-Conversion Compliance Activities

How will the acquisition affect your current compliance management activities? How will your institution ensure appropriate staffing is maintained in the compliance function after the merger is complete?

Compliance management activities change considerably in the months following an acquisition or merger. Besides the fact the merged institution will have an expanded customer and employee base, there are a number of factors that affect the personnel requirements after a merger, including heightened customer service activities, monitoring new employees and changes in procedures and processes.

Budget significant time for your compliance department to review consumer disclosures, particularly periodic statements, after conversion of the acquired institution’s accounts. For example, are interest accruals correct and in accordance with the contractual requirements of the loan or deposit account agreement? Are payments being applied as originally disclosed and properly allocated between interest and principal? Are Web sites and mobile applications functioning as planned and are consumer disclosures accurate?

Also plan an increased budget for compliance training. It should be tailored and conducted in person with new staff regarding key regulatory requirements and your institution’s procedures regarding handling of customer inquiries, complaints and other important aspects of your compliance program.

Conclusion

In the push for new revenue, it can be easy to see acquisitions as the path of least resistance, especially as other financial levers (fees and loan interest rates) cease to be as powerful as they once were. But clearly, for those who haven’t taken the time and care to evaluate the details well ahead of time, taking the plunge with another institution is fraught with risk. Only by performing sure-eyed due diligence can you hope to make the combination a happy marriage.