By Nathan Stovall, S&P Global Market Intelligence staff writer
Compliance with Bank Secrecy Act and anti-money laundering provisions continues to trip up even some of the most-experienced bank acquirers, and the regulatory focus seems unlikely to ease up soon.
Several seasoned acquirers such as Investors Bancorp Inc., BB&T Corp., and Ameris Bancorp have recently received enforcement actions over weaknesses in their BSA/AML programs, prompting delays and terminations in deals while pushing would-be buyers to the sidelines.
Explicit costs and costs of lost opportunities
Running into roadblocks over BSA/AML compliance is not new. Banks faced a crush of BSA/AML-related enforcement actions just a few years ago, with past missteps often attributed to institutions taking their focus away from operational risk during the credit crisis.
Many banks devoted resources to improving their BSA programs, but regulatory expectations have increased. Banks are finding that compliance can be a moving target, particularly if they have expanded into new geographies, introduced new products or added significant customers through acquisitions.
Falling short of BSA/AML compliance can be costly. Crowe Horwath LLP found that there at least 21 significant enforcement actions in 2016, resulting in more than $637 million in fines or penalties.
The actions have also forced institutions to change their acquisition plans. For instance, Investors Bancorp recently said in late January that an informal BSA agreement with regulators caused it to terminate its pending purchase of Bank of Princeton. The termination came five months after Investors announced the enforcement action, and Sandler O'Neill analyst Mark Fitzgibbon noted in a late January report that it typically takes 18 to 24 months to satisfy such regulatory orders.
Capital One Financial Corp. has found itself in a similar position, albeit over a credit card acquisition. Capital One said in late January that it did not expect to receive regulatory approval for the purchase of Cabela's credit card portfolio prior to the deal's termination date. The bank said it would not be in a position to refile the application until satisfying the conditions laid out in a July 2015 consent order it received over deficiencies in its AML program.
A month earlier, BB&T, one of the few larger banks to participate in bank M&A, received a consent order over deficiencies in its BSA/AML compliance program. Analysts believe the order effectively prohibited the institution from pursuing whole bank deals, jibing with comments BB&T management made in spring 2016, when they reiterated their step away from M&A.
A few days before the BB&T order, the banking unit of Ameris Bancorp, one of the most acquisitive banks in the country, received a consent order relating to weaknesses in its BSA program. Analysts noted at the time that the order would put acquisitions of more than 5% of the company on hold but Ameris expressed confidence in resolving the issue by the middle of 2017.
Expanding rules adds to compliance burden
Given the strategic implications, banks and their advisers not surprisingly have been frustrated over the expansion in the types of activities and actors the compliance regimes seek out.
A significant expansion came in May 2016, when regulators issued a fifth pillar of an adequate BSA/AML program. The fifth pillar required banks to identify and verify the identity of customers and beneficial owners of legal entity customers, and identify and report suspicious transactions. The rule also required banks to understand the nature and purpose of customer relationships, and conduct ongoing monitoring to maintain and update customer information.
That rule came a month after the leak of the Panama Papers, which detailed a law firm's work in helping establish shell companies to conceal the movement of money.
Bank advisers say the fifth pillar put a finer point on BSA/AML compliance. One of the most common shortcomings in BSA compliance last year related to not having updated, accurate and verified information to conduct annual risk assessments required under the provision, according to Crowe Horwath.
Advisers also say the fifth pillar came at a time when law enforcement has increasingly relied on banks' suspicious activity reports, or SARs, in criminal, tax, and regulatory investigations, and more recently, in the fight against terrorists. SARs filed by banks have even prompted military action and led to bombing raids of stockpiles of ISIS-held cash, advisers said.
Law enforcement has paid even closer attention to smaller transactions in the wake of attacks like the mass shooting at San Bernardino in December 2015. The San Bernardino attackers took out a $30,000 loan, which federal officials believe might have helped them pay for ammunition and practice at local gun ranges.
Emphasis expected to continue
It seems unlikely that the focus on BSA/AML compliance will dissipate soon. The New York Department of Financial Services just recently stressed the importance of the regulations in late January and nearly fired a warning shot across the industry when levying a $425 million fine against Deutsche Bank for a Russian mirror-trading scheme.
Even though the banking industry is hoping for some level of regulatory relief coming from the Trump administration, the spotlight likely will remain on BSA compliance.
Any opinions expressed in this piece are those of the author and do not necessarily represent the views of S&P Global Market Intelligence.
This article originally appeared on S&P Global Market Intelligence’s website under the title, "BSA remains large stumbling block in bank M&A"