Managing financial crime risk through M&A and beyond

Tom Lazard, Tapan Shah, Ralph D. Wright
Managing financial crime risk through M&A and beyond

Originally featured on for Crowe BrandVoice

As part of the due diligence process within bank M&A, leaders need to build an integration strategy that mitigates financial crime risk.

When a merger or an acquisition occurs, executives need to recognize the complexity involved in integrating two financial crime programs. Critical questions to address include: Who will lead? Who should be retained? What elements of each legacy program should be brought into the combined financial crime program? And how can the program be streamlined?

Given the various components involved in integrating two financial crime programs, organizations must take steps for a smooth transition after a merger or acquisition to develop a program to support the combined bank. By taking an approach that involves people, process, and technology, organizations can address risks and integrate successfully.

Keep informed
Sign up to receive the latest insights on strengthening your financial crime program.

A structured approach

The time between the legal closing of merger and acquisition (M&A) activity and a complete convergence might take many months or years, which results in the challenge of banks managing two stand-alone Bank Secrecy Act and anti-money laundering programs in the short term, all while figuring out how to build the best combined program for the longer term. The programs must meet all regulatory requirements and mitigate financial crime risk in the interim period as well as in the eventual merged state.

A structured integration approach that considers people, process, and technology supports a successful implementation of financial crime programs both short- and longer-term:

  • People. A critical first consideration for companies is who the leaders of the combined program will be. From there, financial crime professionals at both organizations will have questions about their roles, responsibilities, and employment status at the merged organization. Strong communication and attention to culture can ease the transition.
  • Process. The merging banks will have different processes, policies, and procedures in some areas of the financial crime compliance program. These differences need to be addressed and reconciled in alignment with the combined risk profile of the new entity.
  • Technology. Combining two financial crime programs often requires integrating multiple technology platforms, including customer due diligence, transactions monitoring, sanctions screening, fraud detection, and case management. Executives will have to choose which technology solutions to keep, which to decommission, and which to run in parallel during the transition.

People: Creating a strong culture

The importance of culture cannot be overstated, both at the enterprise level and within the compliance function. Having the right culture of compliance enables the people, processes, and technology to operate as intended. A well-articulated integration process, based on a strong corporate culture, can also help to mitigate attrition of key talent, which is often a challenge while integrating two companies.

Perhaps the most important element is a strong communication plan to keep employees well informed as the integration activities progress. Executives need to establish a culture in which their teams are well supported and understand their career paths and leadership opportunities. Executives also need to evaluate the size of the team and whether departments are staffed with the right people who have the appropriate skills and to demonstrate that training opportunities are available for all personnel.

Process: Taking inventory

The merged bank will have many decisions to make about what components of the acquired and acquiring banks’ legacy financial crime processes will be retained – and what entirely new processes should be put in place. If the acquired bank is similar to the acquiring bank, it might be best to maintain legacy processes largely as is. But officials should take a holistic look at processes before deciding what the merged entity should look like.

The first step is to take inventory and understand all processes on both sides, such as the handling of suspicious activity report filings, currency transaction reports, and other regulatory reports. With all processes inventoried, officials should then compare processes and decide what to keep, what to enhance, and what to eliminate. This approach should include activities to highlight which manual processes or inefficiencies can be improved upon, which pieces of the program are strong as they exist today, what processes could use a light-touch refresh, and which processes need to be completely reinvented. The inventorying process can be a significant undertaking, but having well-defined processes helps with everything from establishing training materials to setting up the merged entity for future growth.

After taking inventory of processes, executives should define a target operating model for the combined bank and use that model to determine which processes to retain and which to eliminate. Finally, they should consider the impact on enabling technology, whether the existing financial crime programs can be used or new programs are needed to meet the needs of the target operating model.

Technology: Evaluating existing systems

As with the inventory of processes, following a merger of two banks, it will be necessary to evaluate decisions made for all go-forward technology solutions for the merged entity and understand how technology decisions will affect financial crime technology systems, including transaction monitoring, customer due diligence and risk rating, case management, and fraud detection. The systems’ go-forward decisions should consider the IT landscape of the combined bank, as taking an overarching view will support key decisions for what to keep, what to decommission, and what can be run in parallel during the transition.

There are several considerations in choosing the surviving technology solutions, including cost and licensing, what applications are approaching end of life, and how transitions to new technology solutions will be handled. Outside of financial crime systems, it is important to think about broader bank systems regarding deposits and loans, as these can affect the data that feeds into financial crime technology. Finally, the ability to support sustained growth through the calibration of models should be assessed, including customer risk models, transaction models, segmentation, and more. This assessment must be consistent with the risk profile of the combined bank.

The cost of various technology solutions can often drive the decision-making process when it comes to which systems to keep and which to drop, as choosing the acquired or the acquiring bank’s systems might result in significant cost savings. While technology considerations might garner the most attention in many mergers, in an ideal scenario, risk profile, process, and sustainability for the combined bank should come first, with technology framed as an enabler rather than a driver of other considerations.

Mitigating risks during integration

As banks merge, several risks can arise related to customer experience and regulatory responsibilities. Clear communication and planning support a positive customer experience and the smooth integration of banking data systems so customers don’t have to suddenly answer redundant questions or provide information they’ve already given. Gaps and uncontrolled risks can expose a bank to potential regulatory and reputational consequences, and new products, offerings, and customer segments can all create new risks, which, if not properly controlled can lead to suspended offerings or holds on accounts.

By taking the integration process step by step with structure and rigor, executives can increase the likelihood of a smooth and successful integration, resulting in a stronger combined bank at the conclusion of the merger.

Related articles: Crowe financial crime article series presented with Forbes

Need guidance for understanding financial crime? Find the latest insights from Crowe to strengthen your financial crime program.

Contact us

Tom Lazard
Tom Lazard
Principal, Financial Services Consulting
Tapan Shah
Principal, Financial Services Consulting
Ralph D. Wright
Principal, Financial Services Consulting