As anyone who has ever been involved in a company merger or acquisition can attest, a lot of work goes into the due diligence process leading up to the transaction’s closing date. Of course, there’s a significant amount of work to be done after mergers and acquisitions are final, too.
From a regulatory compliance standpoint, companies involved in mergers and acquisitions can find themselves struggling to manage disparate processes and systems, not to mention the staffing challenges that are almost inevitable when companies combine.
Even two companies of the same relative size offering the same types of products and services to the same types of clients can have significant differences in the ways they approach compliance. When a merger involves companies of different sizes, in different geographies, or with different backgrounds, combining compliance efforts can be an even bigger undertaking.
Compliance Program Considerations
A merger or acquisition provides an opportunity to assess everything with fresh eyes, whether you ultimately decide to:
- merge two compliance programs into one with one firm dictating the compliance requirements for the combined organization
- maintain separate compliance programs
- or create a new enterprise compliance program
Where do you start with evaluating and implementing your compliance program after a merger or acquisition? We suggest following the five steps outlined below:
1. Evaluate Risk
Mergers and acquisitions can mean changes for your firm’s products and services, as well as changes to the way it conducts business. Conduct a thorough risk assessment to identify potential issues. Give yourself credit for the controls you already have in place, then determine what controls you still need to implement and make a plan for doing so.
2. Review and Update Policies and Procedures
There’s a tendency in any merger or acquisition to resist change and to want to hold onto the status quo. Fight that tendency. Don’t assume your former company’s policies and procedures are better (or simply more applicable) than those of the other company. Take the time to review everything carefully and objectively. Policy manuals will likely need to be updated to reflect the changed risk landscape and process differences.
3. Assess Systems Compatibility
Next, turn your eyes toward your compliance systems, and those used by the other organization. Are they compatible? If so, to what extent? Should you adopt and implement systems used by the other organization, or expand your existing systems to address the new combined organization’s compliance needs? In some limited cases, it may make sense to continue maintaining separate systems after a merger. However, when doing so, it’s critical that those systems be able to “talk” to each other.
When it comes to systems used to monitor employees’ compliance with personal trading policies, gifts and gratuities, and policy compliance, companies generally find that it is not cost-effective or efficient to rely on multiple technology platforms.
4. Ensure Data Integrity
Another potential concern is data quality for systems and information your company is acquiring. If there is any indication that data feeds or historical records are not reliable, it’s time to change course. Continued use of a system with suspect data or incomplete data could open your organization up to regulatory scrutiny and liability.
5. Deliver Company-Wide Reporting
Finally, it’s important to ensure your compliance technology capabilities allow for reporting across the organization. Compiling reports that are formatted differently and which may capture and calculate information separately can lead to inaccuracies and confusion when those reports are ultimately reviewed. It can also leave you open to regulatory risk.
Consider investing in a compliance technology solution that allows real-time reporting at the company level and at each individual division or department level. With this capability, compliance leaders and company supervisors can be confident they’re comparing apples to apples and are seeing the complete compliance picture.
Mergers and acquisitions create exciting opportunities for financial services firms and their clients, but they also create challenges the compliance department must address. Approaching a merger thoughtfully, by considering and evaluating risks, policies, and systems can help protect the new combined organization by limiting regulatory exposure and reputational risk.