(Published in the Winter 2018 issue of The Bankers' Statement)
With the current uptick in M&A activity, it is timely to revisit the concept of "confidential supervisory information" (CSI) and its impact on M&A as well as other matters.
What exactly is CSI?
Defining CSI begins with the premise that virtually all regulatory communications with a regulated financial institution or holding company, regulated person, or institution-affiliated party, from the "one way" communications contained in reports of examination (ROEs) to "matters requiring board attention" (MRBAs) in those ROEs, CAMELS ratings, agency correspondence, and "informal" regulatory enforcement actions such as memoranda of understanding (MOUs), constitutes CSI unless it is specifically required by law to be disclosed publicly. This includes most everything having to do with the agency relationship and the examination process such as emails, letters, discussion in board minutes and anything constituting or reflecting a communication with the agencies. "Formal" agency actions such as consent agreements, enforcement orders and penalties are typically disclosed publicly by the agencies. When in doubt, it is best to contact the agency for a determination.
Agencies typically take the broadest possible view with regard to what constitutes CSI, and while they may grant waivers for disclosure those waivers are few, very limited and very specific. Reviewing the preamble or cover letter to ROEs can be educational in revealing the seriousness with which the agencies treat CSI, and the fact that the ROE itself (and CSI) is treated as property of the agency. Both civil and criminal penalties can apply for violating the confidentiality of CSI, and unfortunately confidentiality agreements with third parties (such as those typically included in the M&A process) do not provide a "safe harbor."
As an aside, agencies have specific agreements and protocols in place for purposes of sharing institutions’ CSI among the agencies. Those arrangements are strictly for agency use and do not provide access for private parties.
Addressing the Issue
Information contained in CSI is critical to both value determinations and safety and soundness concerns, pro forma and otherwise, in the M&A process. Given the lack of access to CSI and the enhanced use of "invisible" regulatory measures, which are protected from disclosure as CSI, more and more initial indications of interest and definitive agreements require representations and warranties regarding regulatory contact by the parties and the lack of knowledge of any regulatory issues that could delay or impede a proposed transaction. While this method of "disclosure" itself may generate CSI concerns if used improperly, it not only provides some level of assurance from a due diligence perspective but also should result in the proposed parties to a transaction making direct contact with their respective regulators to discuss whether they should in fact have any concerns regarding their ability to participate. It may well be that a party is unaware that a recent examination has triggered a regulatory concern, or the agencies may be able to "signal" that engaging in a transaction at the present time will not be well-received. Regardless, it is further evidence of the advisability of involving regulators early and often if an institution plans to be active in the M&A market as either a seller or a buyer.
This treatment of CSI poses a unique dilemma for parties considering a strategic transaction. It denies access to critical information to both parties in the initial discussion phase, and can serve to mask "invisible" problems that could have a material adverse impact on the ability of an unaware party to receive regulatory approvals for a proposed transaction.
Outstanding CRA and consumer issues as well as UDAP concerns – which can be years in the making – can result in a hidden obstacle that can hinder, slow or even disqualify parties from conducting a transaction. These issues can exist prior to negotiations, or can arise during the pendency of a transaction. They are especially problematic when parties have already announced a deal, and they often cannot be disclosed by the target to the other party even though the transaction is already in process.
Both parties considering a strategic transaction are well-advised to have discussions early and often with their respective regulators to ascertain whether there are any known reasons why they should not proceed. Hidden issues that are unable to be disclosed because they constitute CSI can delay or derail a transaction entirely and it is always better to know of these issues before proceeding. And of course the party with the problems cannot disclose the reason for not proceeding if it is based on CSI. This is a real conundrum that can be embarrassing and can lead to unfortunate (and often inaccurate) assumptions and innuendo for the other party. Again, it is better to know up front than have to publicly backtrack on an announced transaction.
Depending on the nature of the CSI, it may reflect an issue that is material to the business and prospects of the subject institution, resulting in a number of shareholder and market disclosure issues. The regulatory agencies understand these concerns and can be very helpful in discussing how best to address disclosure issues that can arise from otherwise undisclosed regulatory concerns, but care must be taken to avoid doing something that will exacerbate the situation with the agencies. Securities laws and the nature of CSI are inherently inconsistent, and can present significant challenges.
Likewise, the possession of CSI can place insiders on notice of issues and trigger the need to close "trading windows" and otherwise restrict or prohibit trading in shares of impacted institutions. Confidentiality remains critical, and a conservative approach here is always the best approach. Reviewing trades that took place while insiders were in possession of CSI that is or may be material to the business of the institution always take place with 20-20 hindsight, and can themselves generate serious liability issues.
Litigation is another area impacted by CSI. Short of receiving prior regulatory approval for disclosure, which again is unusual and typically very limited if received, responding to discovery requests and/or court orders can involve CSI. Even providing minutes of board meetings to requesting shareholders can involve a risk of inadvertently disclosing CSI discussions in those minutes. If materials containing CSI are requested in litigation or by a shareholder, or are the subject of a court or administrative order, and attempts to limit the request, order or demand are contested, the target institution may wish to invoke the assistance of the regulatory agency in responding and even becoming a party to the matter.
No Safe Harbor
Unfortunately, despite decades of dealing with CSI in a variety of areas, there remains no "safe harbor" for disclosure. And no really comfortably clear definition of what in fact constitutes CSI.
Hopefully someday a protocol will be devised to enable institutions to share what presently constitutes CSI in a careful and limited fashion and in specifically and narrowly defined circumstances, with appropriate oversight. However, attempts to define CSI that may be eligible for disclosure, and limit its post-disclosure distribution, is a significant challenge.
As a result, institutions are well advised to assume that agencies will define CSI in the broadest possible terms for the foreseeable future, and act accordingly.