Bank consolidation continues. For the acquirer (and regulator), much risk is faced. Yet, the source and amount of that risk are often not well understood, which increases the risk.
What risks categories are faced?
- Strategic – Strategic risk associated with the acquisition candidate is generally resolved at the candidate screening step. Thus, it is a relatively low risk in the actual deal.
- Market – This can be complex, but can be calculated – if done with appropriate methods and sensitivity analysis. Thus, it can be priced into the transaction, making it an average risk.
- Credit – This was the tinder for the global financial crisis; more sober judgment can more realistically evaluate the risk or structure the transaction to remove or appropriately price it (at least given the economic outlook). Again, an average risk at worst.
- Liquidity – A mix of risks. Visibility into liquidity is higher with lower operations risk.
- Operational risk (as a regulatory category) comprises mostly product and operations, including technology. This is the top risk, especially in acquisition integration and aligning to acquirer strategy. Dangerously, it is the most opaque to acquirers because regulatory accounting is compliance-driven. Thus, it misstates the actual risk to business performance objectives because it:
- Uses the wrong tool for the job, often wrongly using audit, insurance or market risk methods instead of drawing on proven product and operations management practices.
- Bases largely on proximate cause loss events, rather than actionable root causes.
- Usually uses ill-defined controls rather than more efficient refinements in oversight, management and core business process.
- Lacks meaningful evaluations of risk-critical management processes such as organisation change, product management and business-IT management.
To overcome this challenge to accuracy, a due diligence team recalculates compliance-basis operational risk on a strategic, business performance basis. This is similar to how any acquirer recalculates GAAP or IFRS earnings, as they are subject to interpretation. Real-world risk evaluation has three steps:
- Evaluate the environment and enterprise capabilities.
- Rigorously ask “What if?” with life-like scenario analysis.
- Based on scenarios, determine key warning signs and status.
Be alert for the three risk catalysts – change, complexity and human fatigue (including in the deal team).
As the acquirer usually restructures the bank, prioritise responses in the context of both risk evaluation and response options. Responses include shifts in the environment and strengthening capabilities in the combined bank. This provides revised risk-adjusted cash flows.
Bottom line: For ugly structural reasons, operational risk is the greatest risk to an acquisition. Recalculate and manage the risk before it turns your deal into a dud.
Brian Barnier is the author of The Operational Risk Handbook for Financial Companies: A guide to the new world of performance-oriented operational risk and a principal at ValueBridge Advisors in the New York City area.