M & A Generals,
Be Sure to Attend to Your Rear Guard
(Part 2)
 |
| Photo by Sgt. 1st Class Kevin Bell |
In Part 1, we discussed how Community Reinvestment Act (CRA) performance may impact bank merger and acquisition applications. Let's move to the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) aspect, and then end with a discussion of compliance management issues generally.
Whether one philosophically agrees with it or not, the USA PATRIOT Act
deputized the U.S. banking system in the war on financial crime and
terrorist finance. Section 327 of the Act requires bank regulatory agencies to
evaluate an institution's AML record when considering bank mergers,
acquisitions, and other applications for business combinations. Generally, the regulatory agency
reviews examination results and other existing supervisory records. It also considers comments received during the public notice period, including comments from other regulators and public officials.
Since BSA/AML is reviewed at each full-scope examination of a bank, the issue of potentially stale examination results doesn't really apply, as in our earlier discussion of CRA performance. Nevertheless, the office processing the merger or acquisition application may request a quick “refresh” of the last examination results if there were violations of law or regulation cited and/or BSA/AML-related Matters Requiring Attention (MRAs). An MRA is not closed out until the corrective actions are verified as effective by a subsequent onsite examination or visit.
Since BSA/AML is reviewed at each full-scope examination of a bank, the issue of potentially stale examination results doesn't really apply, as in our earlier discussion of CRA performance. Nevertheless, the office processing the merger or acquisition application may request a quick “refresh” of the last examination results if there were violations of law or regulation cited and/or BSA/AML-related Matters Requiring Attention (MRAs). An MRA is not closed out until the corrective actions are verified as effective by a subsequent onsite examination or visit.
Unlike
CRA examinations, where CRA Performance Evaluations are publicly
available. BSA/AML examination results are confidential (as are all
parts of an examination report) and are technically not available for due
diligence review (see footnote below). However, based on the bank M&A literature I've read and
anecdotal feedback, this provision may sometimes be honored in the breach, as a review of the examination reports and regulatory correspondence
of the target bank is a typical step in the due diligence checklists used by many professional services firms.
Even knowing previous BSA/AML examination results, it is imperative that the due diligence review of BSA/AML be exhaustive for banks with high risk customers, high risk products, or that do business in high risk geographies (or have customers that do). I understand the trade-off between doing a deep-dive, transaction testing BSA/AML review and the short window of time allowed for typical due diligence. And sure, the target bank may have a BSA audit. But unless you are going to review the BSA/AML audit work-papers intimately, you won't know if it is an adequate audit. To cut corners here would be a false economy and a risky move. Where the acquiring or target banks do not present high BSA/AML risk, make sure you have recent BSA/AML risk assessments and current BSA/AML audits prior to filing the merger or acquisition application.
Even knowing previous BSA/AML examination results, it is imperative that the due diligence review of BSA/AML be exhaustive for banks with high risk customers, high risk products, or that do business in high risk geographies (or have customers that do). I understand the trade-off between doing a deep-dive, transaction testing BSA/AML review and the short window of time allowed for typical due diligence. And sure, the target bank may have a BSA audit. But unless you are going to review the BSA/AML audit work-papers intimately, you won't know if it is an adequate audit. To cut corners here would be a false economy and a risky move. Where the acquiring or target banks do not present high BSA/AML risk, make sure you have recent BSA/AML risk assessments and current BSA/AML audits prior to filing the merger or acquisition application.
Last, we come to compliance
management generally. Solid drill-down and limited transaction testing into major compliance responsibilities is critical. The banks involved in the transaction need to
have robust and effective compliance management processes. While not
a statutory requirement for approval of a merger or acquisition application,
remember, as the acquirer, you will inherit original sin when
it comes to compliance issues. This includes FDIC-assisted acquisitions. The Flood Disaster Protection Act is one area that I've seen come back to bite. Another is the area of UDAP (Unfair or Deceptive Acts or Practices). Compliance land mines can be a major post-transaction headache, just
ask Bank of America about their acquisition of Countrywide!
While some may claim that you could
lawyer away of some the risks with warranties, representations, and
indemnification clauses, those clauses are way easier to write than
they are to enforce. It is amazing how the medical condition
called Sudden Onset Senility (SOS) spreads like a virus during the pursuit of subsequent legal claims.
Again, the science of the deal and the numbers are important, but acquirers also need to attend to the
strategic risks embedded in the Bank Merger Act regulatory approval
process.
****************
(1) The issue of examination report confidentiality for national banks and federal thrifts, for example, is outlined in 12 CFR 4.37(b)(2) which states: “When necessary or appropriate for bank business purposes, a national bank or holding company, or any director, officer, or employee thereof, may disclose nonpublic OCC information, including information contained in, or related to, OCC reports of examination, to a person or organization officially connected with the bank as officer, director, employee, attorney, auditor, or independent auditor. A national bank or holding company or a director, officer, or employee thereof may also release non-public OCC information to a consultant under this paragraph if the consultant is under a written contract to provide services to the bank and the consultant has a written agreement with the bank in which the consultant: (i) States its awareness of, and agreement to abide by, the prohibition on the dissemination of non-public OCC information contained in paragraph (b)(1) of this section; and (ii) Agrees not to use the non-public OCC information for any purpose other than as provided under its contract to provide services to the bank.”
****************
(1) The issue of examination report confidentiality for national banks and federal thrifts, for example, is outlined in 12 CFR 4.37(b)(2) which states: “When necessary or appropriate for bank business purposes, a national bank or holding company, or any director, officer, or employee thereof, may disclose nonpublic OCC information, including information contained in, or related to, OCC reports of examination, to a person or organization officially connected with the bank as officer, director, employee, attorney, auditor, or independent auditor. A national bank or holding company or a director, officer, or employee thereof may also release non-public OCC information to a consultant under this paragraph if the consultant is under a written contract to provide services to the bank and the consultant has a written agreement with the bank in which the consultant: (i) States its awareness of, and agreement to abide by, the prohibition on the dissemination of non-public OCC information contained in paragraph (b)(1) of this section; and (ii) Agrees not to use the non-public OCC information for any purpose other than as provided under its contract to provide services to the bank.”
