Navigating regulatory approval for bank mergers

The role of risk, compliance, and legal leaders

The US banking regulators are evaluating the implications of large bank mergers on financial stability. In this report, we explore how banks seeking regulatory approval for mergers and acquisitions (M&A) activities can leverage their second line of defense, led by the chief risk officer and chief compliance officer to enable and support the approval process.

Increased M&A activity

Over the past decade, there has been a considerable increase in M&A activity in the US banking and capital markets industries. There were 208 bank M&A deals with aggregate deal value of more than $77 billion in 2021 alone, which is a 15-year high for the sector. To manage risks that may arise from this M&A activity, the banking regulators are evaluating merger approvals, especially those involving large banks, with increasing expectations that proper risk and compliance functions are in place from legal day one (LD1) onward.

The second line of defense

The regulators’ heightened focus on financial stability means the second line of defense, led by the chief risk officer (CRO) and chief compliance officer (CCO), plays a critical role in the assessment of risk and compliance. Navigating the M&A lifecycle the CRO and CCO must assess the potential transaction within the context of organic growth, new activities, business processes, change management, and strategic and business planning, while also keeping in mind broader systemic risk implications.

What’s changing in the regulatory landscape?

Bank consolidation, largely driven by M&A, has transformed the composition of the banking sector—contributing to substantial growth of the number of large banks, especially those with total assets of $100 billion or more. The consideration of risk posed to the stability of the US banking or financial system in M&A proposals was a post-crisis development and remains top of mind for regulators. While regulators continue to review M&A guidelines, the federal policy development process will likely not result in substantial changes to the factors used to assess bank mergers in the near term. In the meantime, regulators are maintaining their focus on existing requirements.

The following are some of the main factor’s regulators consider when reviewing a bank merger application:

LD1 considerations

The business drivers of any merger will be top-of-mind for bank executives when working from deal announcement to deal close. But more than ever before, risk management and compliance need to be near the top of that list as well. Some of our LD1 considerations in terms of impact and expectations of the CRO and CCO, along with legal and regulatory management, include the following:

  • Understand the risks of the target and combined entity
    • Follow an institution’s new activities, business policies, and governance processes through the transaction timeline, as well as processes that are utilized to mitigate change management
    • Develop an early view of the target and/or combined risk (regardless of merger, acquisition, etc. approach) and compliance strategy grounded in a material risk assessment of the target entity and any additional subject-matter-specific assessments depending on what’s identified in the material risk assessment (e.g., counterparty credit concentration risks, gaps in operational risk capabilities); this early view should be updated over time and leading into LD1 and beyond
  • Proactive regulatory communication and management
    • Consider submitting a “pre-filing” to the relevant banking regulators, for transactions subject to the Federal Reserve (FRB) and other approvals, to obtain the agency’s preliminary reaction to a potential proposal in advance of submitting finalized application materials
    • Develop clear approaches for resolving any existing regulatory issues impacted at both financial institutions, including the resources and plans to address those issues
  • Pro forma risk capital, liquidity, estimates, and reporting
    • Present conservative pro forma to demonstrate adequacy of capital and liquidity, and other risk data impacting the return on investment (ROI) of the deal
    • Assess the extent to which the resultant entity would be subject to new or additional regulatory reports based on a change in size or complexity, and communicate preparedness to adhere to applicable reporting requirements
  • Bring together an effective LD1 integration plan
    • Establish clear governance structures to facilitate active board management or risk at the newly acquired entity on LD1, or as a fast follower, including the adoption of key top-of-house risk and compliance frameworks and policies
    • Have a clear plan in place to align legal entity structure, board participation and responsibilities, governance processes, and core risk and regulatory reporting (across the three lines)

Executing on priorities

We expect that the role of second-line leadership will continue to be important for attaining regulatory approval in a timely manner and closing the deal without significant delay. As the regulatory scrutiny increases, no one will be in a better position to understand and execute on these priorities than the CRO and CCO. What’s more, regulators expect risk and compliance leaders to have experienced managers throughout the deal and integration process. Download our report to learn more.

Get in touch

Richard Rosenthal
Principal | Deloitte & Touche LLP

Colin Campbell
Senior Manager | Deloitte & Touche LLP

Alex Motsiopoulos
Manager | Deloitte & Touche LLP

Jordan Crump
Senior Consultant | Deloitte & Touche LLP

Marie Morales
Consultant | Deloitte & Touche LLP

Derek Isaac
Analyst | Deloitte & Touche LLP

Deloitte Center for Regulatory Strategy

Irena Gecas-McCarthy
Principal | Deloitte & Touche LLP

Michele Jones
Senior Manager | Deloitte Services LP

Kyle Cooke
Senior Regulatory Analyst | Deloitte
Services LP

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?