Tuesday, February 26, 2013

M & A Generals,
Be Sure to Attend to Your Rear Guard
(Part 2)

Photo by Sgt. 1st Class Kevin Bell

In Part 1, we discussed how Community Reinvestment Act (CRA) performance may impact bank merger and acquisition applications.  Let's move to the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) aspect, and then end with a discussion of compliance management issues generally.

Whether one philosophically agrees with it or not, the USA PATRIOT Act deputized the U.S. banking system in the war on financial crime and terrorist finance.  Section 327 of the Act requires bank regulatory agencies to evaluate an institution's AML record when considering bank mergers, acquisitions, and other applications for business combinations.  Generally, the regulatory agency reviews examination results and other existing supervisory records.  It also considers comments received during the public notice period, including comments from other regulators and public officials.

Since BSA/AML is reviewed at each full-scope examination of a bank, the issue of potentially stale examination results doesn't really apply, as in our earlier discussion of CRA performance.  Nevertheless, the office processing the merger or acquisition application may request a quick “refresh” of the last examination results if there were violations of law or regulation cited and/or BSA/AML-related Matters Requiring Attention (MRAs).  An MRA is not closed out until the corrective actions are verified as effective by a subsequent onsite examination or visit.  

Unlike CRA examinations, where CRA Performance Evaluations are publicly available.  BSA/AML examination results are confidential (as are all parts of an examination report) and are technically not available for due diligence review (see footnote below).  However, based on the bank M&A literature I've read and anecdotal feedback, this provision may sometimes be honored in the breach, as a review of the examination reports and regulatory correspondence of the target bank is a typical step in the due diligence checklists used by many professional services firms.

Even knowing previous BSA/AML examination results, it is imperative that the due diligence review of BSA/AML be exhaustive for banks with high risk customers, high risk products, or that do business in high risk geographies (or have customers that do).  I understand the trade-off between doing a deep-dive, transaction testing BSA/AML review and the short window of time allowed for typical due diligence.  And sure, the target bank may have a BSA audit.  But unless you are going to review the BSA/AML audit work-papers intimately, you won't know if it is an adequate audit.  To cut corners here would be a false economy and a risky move.  Where the acquiring or target banks do not present high BSA/AML risk, make sure you have recent BSA/AML risk assessments and current BSA/AML audits prior to filing the merger or acquisition application.  

Last, we come to compliance management generally.  Solid drill-down and limited transaction testing into major compliance responsibilities is critical. The banks involved in the transaction need to have robust and effective compliance management processes.  While not a statutory requirement for approval of a merger or acquisition application, remember, as the acquirer, you will inherit original sin when it comes to compliance issues. This includes FDIC-assisted acquisitions.  The Flood Disaster Protection Act is one area that I've seen come back to bite.  Another is the area of UDAP (Unfair or Deceptive Acts or Practices).  Compliance land mines can be a major post-transaction headache, just ask Bank of America about their acquisition of Countrywide! 

While some may claim that you could lawyer away of some the risks with warranties, representations, and indemnification clauses, those clauses are way easier to write than they are to enforce.  It is amazing how the medical condition called Sudden Onset Senility (SOS) spreads like a virus during the pursuit of subsequent legal claims.

Again, the science of the deal and the numbers are important, but acquirers also need to attend to the strategic risks embedded in the Bank Merger Act regulatory approval process.

(1)  The issue of examination report confidentiality for national banks and federal thrifts, for example, is outlined in 12 CFR 4.37(b)(2) which states: “When necessary or appropriate for bank business purposes, a national bank or holding company, or any director, officer, or employee thereof, may disclose nonpublic OCC information, including information contained in, or related to, OCC reports of examination, to a person or organization officially connected with the bank as officer, director, employee, attorney, auditor, or independent auditor.  A national bank or holding company or a director, officer, or employee thereof may also release non-public OCC information to a consultant under this paragraph if the consultant is under a written contract to provide services to the bank and the consultant has a written agreement with the bank in which the consultant: (i) States its awareness of, and agreement to abide by, the prohibition on the dissemination of non-public OCC information contained in paragraph (b)(1) of this section; and (ii) Agrees not to use the non-public OCC information for any purpose other than as provided under its contract to provide services to the bank. 

No comments:

Post a Comment