The Economic Growth, Regulatory Relief and Consumer Protection Act (EGRRCPA) was signed into law on May 24, 2018, removing compliance barriers for many banks in the $10 billion to $250 billion asset range. The law has been touted as a way to buoy capital for economic growth by providing regulatory relief to smaller and less complex banks that don’t meet the government’s definition of “too big to fail.”
This regulatory easing, along with the recent federal tax overhaul, is pushing banks’ risk appetites to unforeseen levels and fueling merger and acquisition (M&A) activity in the financial industry. However, many of the smaller financial institutions benefiting from the EGRRCPA are also novices at acquiring peer banks that often have inferior processes and infrastructures.
Digital transformation is increasing the risk appetites of financial institutions as well. Many banks are accelerating their path to digital by funding innovation labs, and CEOs and boards are approving acquisitions of digital-native fintechs to force executive leadership teams out of their comfort zones. In short, traditional financial institutions are now more open to deals that allow for learning by failing. And they are competing and partnering with fintechs that are often indifferent to compliance rules – including in emerging areas such as cryptocurrencies, initial coin offerings and artificial intelligence.
Reducing M&A Risk – Five Quick-Hit Considerations
Absent greater discipline and maturity in end-to-end processes for M&A, the perennial 70-to-90 percent M&A failure rates may rise in the financial industry. “Banks are taking on more risk in an already problematic arena,” says Kimberly Dickerson, a managing director at Protiviti. Another Protiviti colleague, Shelley Metz-Galloway, cautions banks of all sizes to maintain a healthy attitude toward risk even as their regulatory burden eases.
To improve their M&A risk posture at little cost, financial institutions can consider taking the following five actions, drawn from Protiviti’s M&A Playbook:
- Conduct an M&A process review – Create a 90-day quick-hit plan to uplift policies, standard operating procedures and playbooks.
- Cross-train key stakeholders on deal drivers – Ensure that the key leaders have an understanding of the implications of the deal-making drivers on lines of business and functions, including interdependencies.
- Perform periodic dry runs of different deal scenarios – Different types of deals require different levels of readiness that can be pressure-tested. Gaps in acquisition, divestiture and joint venture deal types can often be identified and corrected in a matter of days.
- Leverage the innovation lab Center of Excellence discipline – M&A practices may benefit by adapting controls and tollgates similar to those that innovation Centers of Excellence use so effectively to reduce risk and increase positive outcomes.
- Expect more from operational risk and internal audit teams – Operational risk and internal audit teams want to add value to transformational events, so allow them to do that by leveraging their insights related to defining risk appetite and risk thresholds and controls, supporting business requirement gathering, conducting testing and remediation activities, and capturing lessons learned.
M&A transactions add stress to existing organizational systems and amplify risks. These deals are tough under the best of circumstances but even riskier when an organization is venturing into untested digital space. In such an environment, the boards and senior management of financial institutions should remain vigilant and enforce their own M&A prudential standards – even if those standards are no longer required for reporting purposes under the EGRRCPA.