Consumer Compliance Outlook: Second Issue 2022

Merger Lessons Learned

By Guye Pennington, Senior Examiner – Risk Specialist, Federal Reserve Bank of Cleveland; Meghan Clodius Karellas, Manager–Reserve Bank Oversight, Division of Consumer and Community Affairs (DCCA), Board of Governors of the Federal Reserve System; Caterina Petrucco-Littleton, Assistant Director, DCCA; with contributions from Westra Miller, Senior Counsel, Fair Lending Enforcement Section, DCCA

Mergers and acquisitions (M&A) are a crucial test of an institution’s compliance management system (CMS). Although M&A is common in the banking industry, it is rare that everything goes exactly to plan. Perfection is not expected: Even the most effective CMS and the most talented management team cannot foresee all consumer compliance risk in complex acquisitions. A critical aspect of an effective CMS is the ability to reasonably anticipate compliance risks, allocate resources to mitigate these issues, promptly identify compliance breakdowns, and provide timely restitution to any impacted customers.

This article is intended to assist compliance professionals and enhance consumer protection by providing a glimpse into compliance risks1   resulting from M&A activity. This brief horizontal perspective provides insight into real-world challenges, allowing readers to think through these situations in anticipation of their own future M&A activity.

Federal Reserve staff have identified five themes of consumer compliance risk in recent acquisitions. Each of these themes is broadly applicable to M&A activities, whether the reader is engaged with money center, regional, or community banks.

Geographic Considerations

Consumer compliance risk arises from the geographies in which the acquirer and acquiree have their trade area for operation and their assessment area for Community Reinvestment Act (CRA) purposes. An acquirer must understand this geography, such as considering if there will be significant increases in loans requiring flood insurance coverage. An acquirer should also meaningfully consider other ways geography may impact consumer compliance. Here are some examples of this risk:

Compliance Considerations

The disclosure of previously unknown regulatory issues by an acquiree on Legal Day One is not uncommon. By law, neither regulators nor acquiree banks can exchange confidential supervisory information with an acquirer until Legal Day One. The disclosure of nonpublic supervisory actions, such as Matters Requiring Immediate Attention (MRIAs), Matters Requiring Attention (MRAs), nonpublic consent orders, or other regulatory actions can strain acquirer resources. Additional compliance risk exists if an acquirer’s due diligence did not uncover nonsupervisory weaknesses at an acquiree bank, such as internal compliance findings in the lines of business, second line of defense, or internal audit. Here are some examples of this risk:

Operational Considerations

Significant consumer compliance risk often arises from integrating differing core systems. Despite modeling and testing performed prior to conversion, it is not uncommon for consumer harm to still occur. Here are some examples of this risk:

Staffing Considerations

M&A activity often results in the risk of knowledge gaps resulting from the transfer of duties and personnel, often at the acquiree bank. Regulators are seeing elevated compliance talent turnover in the post-COVID-19 return-to-office, and this instability can harm the CMS. Here are some examples of this risk:

Culture Considerations

Postacquisition compliance talent is often a blend of acquirer and acquiree employees. It can be difficult to preserve a compliance culture, or worse, to create a compliance culture that previously did not exist. Here are some examples of this risk:

A final theme, although not solely confined to consumer compliance risk, is termination risk. Not all M&A activity ultimately results in a transaction. Shareholder votes may fail, due diligence may reveal material adverse information, share prices may materially change, or myriad other circumstances may abruptly terminate a proposed acquisition. Occasionally, bankers will request informal guidance from the Federal Reserve on consumer compliance monitoring, testing, and audit efforts during a potential acquisition.

For example, a banker might ask a Reserve Bank if a planned mortgage servicing review should be postponed because of a pending acquisition of a large mortgage servicer. In this case, the Reserve Bank’s response may be to continue with all scheduled internal efforts until an acquisition clears all potential obstacles for approval.

Federal Reserve staff have shared this information to help bank compliance professionals avoid common M&A pitfalls that may impact consumers.

1  These hypothetical scenarios are inspired by supervisory work.