Mergers & acquisitions in the financial sector: a financial crime focus

May 2023  |  SPECIAL REPORT: FINANCIAL SERVICES

Financier Worldwide Magazine

May 2023 Issue

Amid systemic nervousness and uncertainty in the banking sector, there has been significant focus on the future of financial services and how to guarantee their security going forward. In March we saw the second largest bank failure in US history with the collapse of Silicon Valley Bank, the 11th hour acquisition of SVB’s UK arm by HSBC, and a merger between Switzerland’s two largest banks, Credit Suisse and USB.

Swift action has been taken to prevent a re-enactment of the global banking crisis of 2008; however, there will now be eyes on both HSBC and UBS to observe the steps they take to integrate their acquisitions. Given the speed at which they had to act, they would not have had the time to undertake sufficient due diligence to gain a full understanding of their acquisition’s risk profile and potential exposure.

According to the Financial Times, “UBS was seeking concessions and protections from the government, particularly from any pending legal cases and regulatory investigations into Credit Suisse that could result in fines or losses”. While this may provide a form of security blanket for UBS, to avoid issues seen in other acquisitions, it will be incumbent on both banks to conduct a deep dive into SVB’s and Credit Suisse’s commercial book and regulatory control framework to identify compliance risks. Unearthing and tackling potential regulatory issues early on should be a priority to deliver positive outcomes for all parties involved.

The future of FinTech

The ripples that have spread across the financial market and the tech sector have generated continued speculation and uncertainty, particularly at a time when the global economic outlook remains downcast. The International Monetary Fund (IMF) predicted in January that a third of the world will be in recession this year, while the World Bank estimated that “global GDP growth will be at 1.7% in 2023, the slowest pace outside the 2009 and 2020 recessions since 1993”. This all before the recent events seen in the market.

The full impact that this disruption will have on financial services, and the FinTech sector more specifically, is yet to be seen. With the pace at which the markets are reacting, there could be more turmoil to come. Analysis by CB Insights has shown that in Q3 2022, global FinTech funding fell 38 percent, matching activity in late 2020 at the height of the coronavirus (COVID-19) pandemic. Merger and acquisition (M&A) activity fell 14 percent on Q2 2022, its lowest in the last two years.

Against this backdrop, we are likely to see increasing consolidation. M&A activity may be influenced in several ways across the financial sector, including competitive advantages, operational efficiencies or value creation driving activity to capture or defend market share, enhance capabilities, or access data or talent. At a time when market conditions in the digital banking and FinTech space are turbulent and competition is fierce, firms will be looking to understand where they can build a competitive advantage. With the FinTech growth boom stabilising but the push for innovation continuing, the tech-led nature of the industry should allow for easier collaboration and merging. Acquiring firms and combining business operations may be seen as a cost-effective alternative to investing in new geographies, products and platforms, without the need to build from scratch.

The FinTech sector has seen some interesting examples of growth through M&A over the past year. Through private equity investment we have seen UK challenger bank Tandem Bank acquire consumer lender Oplo to broaden its consumer offering and increase its neo-bank presence. At the other end of the banking spectrum, we saw UBS agree to acquire US automated investment provider Wealthfront (only for the deal to later collapse), with the aim of enhancing its digital offering for US-based private investors. Capitalising on a disjointed B2B e-commerce payments environment across Latin America, PayRetailers acquired two online payments platforms, Chile’s Paygol and Colombia’s Pago Digital, to simplify the offering in this space and grow its geographical presence.

Compliance lessons from the past

Ensuring that compliance due diligence is an integral part of M&A activity is essential to providing assurance that any potential move will not haunt a firm down the line. Uncovering regulatory and compliance issues post-merger can result in unwanted regulatory scrutiny, expensive remediation activity and reputational issues that could have been avoided if appropriate compliance due diligence was undertaken upfront.

Danske Bank has received much regulatory and media scrutiny after revelations of a money laundering scandal which saw over $200bn laundered through its Estonian branch from 2007 to 2015. This followed its 2006 acquisition of Finland’s Sampo Bank, including Sampo’s operations in the high-growth areas of Lithuania, Latvia, Estonia and Russia. A combination of a lack of upfront due diligence on Sampo’s high-risk activities, and the post-merger failure to integrate the Estonia branch’s platforms and a lack of oversight of anti-money laundering (AML) systems and controls, contributed materially to the position in which Danske Bank found itself.

Recently, a proposed merger between US-based Blue Ridge Bankshares, Inc. and FVCBankcorp, Inc. was called off two months after the Office of the Comptroller of the Currency (OCC) identified certain regulatory concerns with Blue Ridge that could impact the application process and timing of the merger. Blue Ridge executed an agreement with the OCC to enhance its AML programme and improve its oversight of FinTech partners. This incident demonstrates that regulators are paying close attention to partnerships and mergers within the FinTech space. For any firms looking to grow through M&A activity, thorough due diligence should be conducted to fully understand the target firm’s anti-financial crime control frameworks in advance of any transaction.

Focusing on financial crime risks

For firms considering an acquisition or merger in the financial services sector, effective compliance due diligence should be a key part of the process, particularly across financial crime. Too often, the focus weighs heavily on the commercials and business operations, and financial crime due diligence is limited to regulatory permissions and licensing.

Financial crime compliance is a critical risk area in any financial services equity transaction, considering the significant regulatory, reputational and financial risks that can be incurred. Conducting bespoke compliance reviews is thus a critical element of a strong due diligence process. Tailored assessments of the target’s anti-financial crime framework should be undertaken to form a view on compliance with global regulatory requirements and operational effectiveness against current operations and future business targets.

When assessing financial crime compliance risk, there are several key areas that the acquiring firm may wish to consider, including: (i) an overview of the target company’s AML and terrorist financing, financial sanctions, bribery and corruption, fraud and tax crimes control framework; (ii) a qualitative assessment of the maturity of the target company’s controls in mitigating the bespoke risks it faces; and (iii) a clear understanding of critical and material financial crime risk exposure, to support informed decisions on the health of a potential transaction

When undertaking financial crime due diligence there are some core areas that should be addressed. Companies must review the target’s book of customers from a financial crime perspective, not just a commercial one. They should consider the risks the client base poses, identifying factors like concentration in high-risk industries or jurisdictions, and if this aligns with their own risk appetite. The new business may have its own risk profile; if the purpose of the move is growth, will the new areas of operation or volumes pose new risks? And finally, acquirers must look at the target’s anti-financial crime programme. Does the target have a robust and comprehensive programme that adequately manages its risks, and will there be costs associated with integrating or developing anti-financial crime controls?

Where the scale of M&A activity warrants it, firms may wish to undertake specific due diligence activities to understand in detail how the target firm manages its financial crime risks. Partnering with an independent firm to conduct assurance reviews is one way to do so. This may include: (i) assessing policies and procedures, personnel and governance models through a combination of document reviews, interviews and site visits; (ii) technical systems testing and calibration; (iii) sample testing of know your customer (KYC) files, screening hits, transaction monitoring alert and suspicious activity reports; and (iv) reviewing third-party vendors and system providers and assessing outsourced controls.

Best practice post-acquisition

Post-transaction activity can be just as crucial as the due diligence conducted prior to an acquisition. As we saw in the Danske Bank case, failure to merge governance, systems and processes correctly can result in significant consequences.

A full financial crime audit should be undertaken shortly after acquisition, alongside a comprehensive business risk assessment, to identify issues and opportunities. This should be conducted with integration in mind and will help shape next steps. Dedicating the right attention and resources to delivering a properly thought-out harmonisation project will address issues not highlighted pre-merger and ensure the successful integration of what are often complex systems and processes.

With the expedited acquisitions of SVB and Credit Suisse, it will be a busy time for the teams within HSBC and UBS. While there will be many priority areas, and with external market events continuing to divert attention, it is vital that one key area of focus is regulatory compliance – pre-empting any potential issues before they present bigger problems down the line.

 

Ciara Aitchison is a director at FINTRAIL.  She can be contacted by email: ciara.aitchison@fintrail.com.

© Financier Worldwide

BY

Ciara Aitchison

FINTRAIL

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.