The forces of change mean the financial services sector currently offers strong potential for corporate activity. Businesses that retrenched have strengthened their balance sheets and are looking acquisitive, emerging market businesses are seeking to globalise, fintech disruptors are making their mark and both private and alternative sources of capital are looking for exit opportunities.

However, the UK’s financial sector continues to feel the pressure from regulatory scrutiny and in 2014 alone the FCA fined regulated businesses £1.471 billion. Although there is some potential for moderation, the trends of tough enforcement and regulation look set to stay for now and making an acute assessment of a target’s compliance and risk control functions, and identifying where potential regulatory exposures and weaknesses lie, is crucial. Depending on their nature, regulatory breaches can lead to price adjustments, legacy exposure and could even kill an otherwise attractive prospect. These issues are real and fluid and present significant considerations during the lifecycle of an investment.

A change in focus for regulatory due diligence

How regulation applies will of course differ for each business according to the nature of its products and services however the line of critical thinking for due diligence should always follow a similar flow, covering the following four key aspects:

  1. Regulator’s impact on deal process
  2. Dealing with legacy issues
  3. Competence of current senior management and existing processes
  4. Anticipation of future change

1. Following regulatory processes

The UK regulators’ change in control procedure should be built into the transaction timetable. This process is about more than merely verifying that there are no black marks against new owners. A deal of any size which has the potential for market/ customer impact is likely to attract scrutiny from the regulator. They will want to be assured as to the resulting balance sheet and capital adequacy of the business, suitability of the management team and governance (possibly involving interviews) and the basis of ongoing resources and services for clients. Where a deal involves business integration, the FCA will want to see evidence that this has been well thought through with a view to minimising disruption to clients.

2. Getting to grips with legacy issues

Due to FCA thematic reviews, case history and publication of enforcement notices, those familiar with regulatory process will have a sense of where the ‘skeletons’ might lie across different business lines. If buyers are not trade buyers or don’t have prior experience of a sector, it is important to supplement the deal team with advisors who know that sector well – specialism is important to ensure the right questions are asked. Secondary factors also need to be checked – where a known issue exists, has the target notified its insurers and agreed the scope of cover?

In addition to focussing on known areas of interest, buyers need to be crystal clear about the actual or potential breach issues disclosed to them and how they are to be dealt with under the deal terms. While it may sit at the less progressive end of a deal ‘to do’ list, getting the strategy right in terms of seller and management warranties and contractual indemnities is crucial as it is highly likely that this element of the deal will be dusted off only to recolonise your desk 18 months later.

A buyer needs to look for absolute clarity on the scope of any post-transaction cover and this needs to be attuned to the particular way in which liabilities establish themselves in the regulatory sector. All too often we are asked to assist with disputes over contractual cover where the nub of the issue is that what was agreed does not fit well with regulatory obligations. If the business subsequently identifies the need for proactive redress, is this covered? Do the time limits on warranty claims match the time limits for customer complaints or the time it typically takes regulator driven redress schemes to be established? Do liability caps on total claims/individual claims work in a way that is sensitive to the reality of multiple root cause customer complaints? The recent Court of Appeal decision in the Andrew Wood case [2015]EWCA Civ 839 illustrates the lack of clarity which results where the deal settlement used is not appropriate to the regulatory issue(s) which it seeks to redress.

The target should have a record of all correspondence with the regulator, including reports filed and disclosures made. These, together with the outputs of any regulatory supervisory visits, should be reviewed to look for any control weaknesses or regulatory breaches. While these are not necessarily fatal in themselves, it is important to understand what measures the target has implemented to address and mitigate such failings.

3. Competence of current senior management and the effectiveness of internal processes?

Given the potential cost and time of correcting regulatory compliance (including possible redress), it is important that deal teams bring the right intensity to their due diligence. With more complex businesses or those that are retail focussed, it is questionable whether a desk-based DD report and target management presentation is sufficient. Buyers should consider identifying the key income streams or assets that they are interested in and specifically verifying that the sales process, and the regulatory risk and culture attaching to them, is sound.

Generic process documents in data rooms don’t always reflect practice on the ground and it is important to visit the relevant business on a day-to-day basis and speak with key personnel. While a ‘red flag’ data room report has value, a buyer also needs to put itself in a position where it can detect and read other signs: is there evidence of challenge within the business? Do senior staff have the right expertise and mind-set? What is the cultural environment within the firm? Is the firm proactively dealing with the FCA’s major issues of the day?

Finally, check that the target actually has the right licences to conduct its business, particularly where it operates on the perimeter of the financial services sector. The frequency with which issues around licences are revealed, gives us confidence that this is not too obvious a point to make.

4. What’s the bigger picture – market and the regulatory horizon?

While the target’s current business may be the primary focus of regulatory due diligence, this should extend to horizon scanning.

A business where the profit/business basis is almost too good to be true may be just that. One does not need to look far to find circumstances where the regulator has moved in when it finds that the cost/benefit of a service to the customer does not stack up. For example, the pay day loan market has attracted considerable regulatory heat and the FCA is currently calling for consumers that bought card security products to consider if they have a right to compensation.

Plans to expand the scope of regulation, or intensify current regulation, can have an impact on the cost profile of a business. As market consultation takes some time, it is generally possible to get a sense of pending regulatory change looking 2-3 years ahead and it is important to do so in order to put the business in the best possible position to adapt if and when required.