Buying a Bank? 10 Key Compliance Due Diligence Considerations

M&T Bank’s recent acquisition of Hudson City Bancorp, right on the heels of M&T’s exit from the Troubled Asset Relief Program, is a strong indication that bank consolidations and acquisitions are likely to continue in the near future.

Whether acquisitions help to shore up capital, expand markets, or serve other purposes, numerous financial institutions are pursuing these deals. But are they performing the due diligence necessary to protect themselves from the potential compliance downside of these transactions?

If you’re considering an acquisition or consolidation deal, you can’t afford to skimp on due diligence. The old adage of “one man’s trash is another man’s treasure” definitely does not apply in these situations—when you acquire an institution, its trash remains trash.

The transaction price should reflect the related risks. Higher risks and compliance issues can generate fines and penalties that should not be overlooked when negotiating, but you have to know about the risks before you can negotiate over them. And that’s where due diligence comes in.

Before acquiring or consolidating with another institution, you should consider certain questions about that institution. While the following list is not all-inclusive, answering these questions will have you headed in the right direction:

1.  Does the institution provide products to money-service business (MSB) customers (e.g. wire transfers, currency exchange)? If so, how many, and what types of controls are in place to minimize the risks associated with those customers?

2.  What are the volumes of its currency transaction reports (CTRs), suspicious activity reports (SARs), and wire transfers, both domestic and international?

3.  Does it use an automated system for transaction monitoring, and if so, has the system been validated recently? Did those validations identify any gaps?

4.  Which types of controls are in place to help confirm compliance with the Office of Foreign Assets Control (OFAC) requirements?

5.  Are the loan and deposit operations centralized or decentralized, and is any portion of its operations outsourced to a third party? The answers to these questions will determine the potential amount of risk being acquired.

6.  Which types of products does it offer its consumers? Does it offer any types of unusual products that generally are not available from other financial institutions?

7.  How many different types of loan or deposit processing systems does it currently maintain?

8.  Which types of quality control processes are in place for keeping lines of business up to date on regulatory changes? Are those changes validated once they are required and implemented?

9.  How often is compliance tested and reported to management?

10. What is the structure of the compliance management program, and how does the program define “compliance?”

You wouldn’t buy a car without looking under the hood for potential problems that could come back to bite you down the road. The same rationale should apply to bank transactions, where the potential costs stand to be much, much greater. Regulatory agencies are placing a higher emphasis on compliance. It is your responsibility to demonstrate that you did your due diligence if you acquire any potential regulatory issues. If you cannot show proof of due diligence, you could face regulatory penalties.