All signs are pointing to a resurgence of mergers and acquisitions in the financial services industry this year. After a two-year lull, dealmaking is expected to ramp up among banks and fintechs seeking to buy, others looking to sell, and investment groups wanting to get in on the action.

But M&A is a risky proposition. And one type of exposure that can be most hazardous—while least evident during due diligence—is operational risk. Due diligence will be the order of the day all around:

  • Buyers need to go into this year’s round of dealmaking with their eyes open—not only to the strengths and weaknesses evident on their acquisition target’s balance sheet, but in also in its capacity to handle such operational essentials as process risk and control, third-party management, and portfolio diversification.
  • Sellers need to take a hard look at themselves, to improve their operations and command the highest sale price.
  • Both sides of the deal are facing mounting regulatory scrutiny of their operations from regulators who must approve bank M&A.

Operational risk has become a deciding factor—not only for the price of a deal or the speed and certainty of its regulatory approvals, but also for how well a buyer and seller will be able to merge their operations and perform into the future.

M&A Headwinds

Bank M&A slumped over the past two years, for a number of reasons: economic uncertainty, interest rate concerns, disruptive bank failures, spiking credit risk in areas like commercial real estate, and other bad news. This year, a variety of drivers is bringing dealmakers back to the table.

For buyers, reasons to pursue mergers include pent-up demand for growth through acquisition, a need to balance sources of income, a desire to acquire new technologies or business models, the availability of capital due to higher stock prices, and anticipation of lowering interest rates. For smaller banks, the strain of current market conditions and increasingly high cost of compliance are often among the reasons to sell. In addition to banks, private equity and other investment groups have become more active in financial services again.

Regulatory Tailwinds

Despite the growing interest in doing M&A in the financial services sector, these deals have not become any easier to close. From a regulatory perspective, the opposite is the case.

In 2021, the White House set a stricter tone by asking all federal regulators to update their policies for reviewing mergers and make them more robust. In an arguably related development, three bank mergers publicly fell through last year amid regulatory challenges and delays.

Going forward, banks are bracing to face an even tougher, slower regulatory approvals process under newly proposed guidance from the Office of the Comptroller of the Currency (OCC) and Federal Deposit Insurance Corp. (FDIC). Items to be scrutinized more closely are expected to include Community Reinvestment Act (CRA) data, compliance ratings, enforcement actions, third-party dependencies, and anti-money laundering investigations, as well as potential risks that could arise during the operational integration of the merger. The Federal Reserve and Department of Justice are expected to issue guidance as well, and presidential election year politics will keep the issue front and center.

Regulators are not unaware of the challenges banks face, as their urgency to hasten the completion of their mergers runs headlong into regulatory delays. “We should focus on ensuring that we can improve the speed and timeliness of regulatory decision-making,” Fed Governor Michelle Bowman said in a recent speech. “We must not foreclose bank merger activities that are permitted by law and that are necessary to maintain a healthy banking system.”

Financial and Non-Financial Deal Analysis

During a proposed merger, financial and non-financial considerations both need to be given as much attention as possible, even as dealmakers typically work with insufficient time for due diligence. Even earlier—when a bank might be considering a sale—these aspects must be deeply analyzed and addressed in order to secure the best sale price.

  • Financial Risk Considerations:Capital adequacy, liquidity, credit risk, and asset and loss management are all top-line risk considerations that sellers must showcase and buyers need to analyze in depth. Yet buyers can have a hard time delving below the surface, which usually entails looking more closely at operational and other non-financial risk considerations.
  • Non-Financial Risk Considerations:Regulatory compliance and operational risks such as technology, cybersecurity, and third-party risk exposures can be among the hardest for potential buyers to gauge while negotiating a merger. Yet these risks must be analyzed as highly significant to both the value of the standalone company and its successful integration into the combined company. Notably, calling this category of risks “non-financial” is also something of a misnomer, since each risk it covers could ultimately have a financial impact. An obvious example involves potential fines for regulatory noncompliance. In another instance, a financial analysis of balance sheet numbers regarding credit might not readily reveal operational risks such as over-exposure to stressed markets like commercial real estate—nor go to the next level of analyzing commercial loan types with varying risk such as office, apartment building, or mall.
Operational Risk

Financial services dealmakers need to delve more deeply into operational risk than ever before, as the forthcoming wave of M&A comes amid extraordinary operational pressures. The key question is this: Does the bank being bought or sold have its arms around the day-to-day risks its business faces at an operational level—risks that may not manifest themselves as quickly on the balance sheet?

Answering operational questions can take a lot longer during due diligence. For instance, the risks inherent in third-party management policies and procedures can be a lot harder to measure than a balance sheet analysis of deposit volume and volatility. But operational risks like these can determine profitability, regulatory compliance, brand reputation, and other critical business outcomes.

Dealmakers should look closely, as regulators are also showing a heightened interest in such issues. And while not all operational risks would provide cause to scuttle a deal, a buyer should at a minimum know what it is getting into and begin planning to improve operations during the merger integration.

Key questions to ask about operational risk during M&A negotiations include:

  • Are adequate risk management policies, procedures, systems, and people in place to highlight and address operational risks?
  • Are operational risks candidly discussed day to day and well understood at all levels, including the board of directors?
  • Is regulatory compliance taken as seriously as it should be?
  • Does the bank conduct periodic risk and control self-assessments?
  • Are the target bank’s technology, cybersecurity, and fraud prevention controls robust, and will its systems integrate relatively seamlessly into the combined bank?
  • And, a question specifically for sellers: How can operations be tightened, to present the bank to buyers in the best light and realize the desired returns?
The Takeaway

These are dynamic times in the financial services industry, and the resurgence of M&A activity will only make them more so. Establishing a better understanding of operational risks will serve financial executives well in capitalizing on new opportunities successfully —both day to day and in the heat of M&A activity.


Mike Schuchardt

Mike Schuchardt is Senior Managing Director, Risk Management, and a member of Treliant’s Executive Leadership Team. He is a senior financial services executive with a 30-year career as a risk management practitioner and also as a management consultant to Chief Risk Officers in the banking industry. Prior to joining Treliant,…

Mike Scarpa

Mike Scarpa is a Managing Director in Treliant’s Regulatory Compliance, Mortgage, and Operations Solutions practice. He helps set Treliant’s regulatory compliance/operations agenda, including key trends, solution offerings, and client pursuits. He also executes on regulatory compliance projects and serves as a subject matter expert.