Mergers and Acquisitions: A Compliance Officer’s Perspective

The below article is the Special Focus section of the December 2019 Compliance Journal. The full issue may be viewed by clicking here.

In early 2019, I served as the Compliance Officer of a small-community bank that was in the early stages of an acquisition. While both institutions performed necessary due-diligence, including review of the Compliance Management System I managed, certain compliance and regulatory aspects began to emerge that never previously hit my radar. After all, M&A activity is not an area of focus for the typical Compliance Officer. What I came to realize is that emerging trends in our industry are beginning to change the dynamics of where our responsibilities lie, while prevention of consumer harm rises to a new level.

So, what is a Compliance Officer to do? First, I turned toward my regulator for guidance. The Summer 2013 edition of Supervisory Highlights from the FDIC was a great starting point. The article, Mergers and Acquisitions: A Compliance Perspective, written by Matthew Z. Zamora, Senior Compliance Examiner, Division of Depositor and Consumer Protection, reminded me of the importance of maintaining a good Compliance Management System (CMS) during and after the merger. It helped me recognize that the ability of the surviving institution to establish and maintain its CMS would be subject to regulatory scrutiny and non-compliance could lead to punitive damages. 

Equipped with this new-found knowledge, I confronted the next challenge of putting it to practical use. To further complicate matters, areas and issues not addressed when merger discussions first began started to crop-up. For example, if management decided to merge any products, services, and software, it would undoubtedly create a vacuum of new disclosures, changed processes, enhanced procedures, and potentially limit resources. 

So, what is a compliance officer to do?

First, I analyzed which regulations brought the most risk, including reputational and regulatory. I identified several regulations that presented potential punitive damages for non-compliance which, if not addressed early, could result in negative consequences to shareholder value. To tackle this, I created a chart of the regulations applicable to both institutions, along with potential civil monetary penalties. What I found was staggering.

Next, I created a checklist. I know, I know, Compliance Officers live by these. But a well-documented checklist of which regulations needed to be considered, which tasks needed to be performed, and who was be responsible for performing them helped me to keep this aspect of M&A in the forefront. I then communicated this information with management of both institutions so that proper resources could be allocated.

Then, much like the first steps in introducing a new product or service, I engaged my experiences as a Compliance Officer. For instance, in the case of mapping loan and deposit accounts, a Compliance Officer should perform a side-by-side comparison of account related disclosures, including Truth in Savings, TRID and contracts, looking for commonality in terms and fees to help find the right products that bring synergy. By applying this method I found that, in some cases, it made more sense to build a new product on the acquirer’s system to mirror the product of the merged institution. The key was to find as much commonality as possible to avoid additional disclosures and customer confusion. As I worked with the merger and acquisition team, we found differences and tracked them in a table format so we could use this information when it came time to inform our customers well in advance of the actual merger. 

Next, I worked with management to determine what the departments would look like following the formal merger of both institutions. I found that because of how the merged institution serviced its mortgage loans, a simple name change triggered RESPA requirements on providing Notice of Servicing Rights to all mortgage customers, even though payments, address and phone number remained the same. Once the merger was announced and a legal closing date was determined, I worked with our mortgage processing department to properly disclose the likelihood that servicing would be transferred to the new bank and prepared a mass mailing for existing customers. 

And what about that thing they call HMDA? This can be disastrous for an institution if done wrong, so the team began by analyzing if one or both institutions were required to file. If one institution did not file, we knew it would be a major change for the other institution, especially for collecting necessary information. We started by asking questions about Pre-approval and Pre-qualification programs and if ether institution reported HELOC’s, knowing that how these are defined and reported could be different for each bank and might lead to missed applications. Until the end of the year, we found that keeping and filing separate HMDA LAR’s could be advantageous, but not efficient. Referencing A Guide to HMDA Reporting Getting It Right! was my greatest tool as a compliance officer. I also found that a conversation with our reporting vendor about license fees and implementation helped prepare for another calendar year of reporting. Planning a new collection, reporting, and review process before the next calendar year helped put both banks on the right path.

Finally, as one who handled multiple responsibilities, I didn’t forget to dust off my CRA Officer hat and update our public file. I had to redraw our CRA assessment area, update our list of products and services for the combined institution, and re-post the corresponding lobby notice. I also prepared for the possibility of customer complaints that might follow after the merger.


While these are just a few examples of what I encountered during a merger and acquisition, through them I found that the role of the Compliance Officer is a critical component, before, during, and after the merge. Keeping abreast of these challenges introduced a new dynamic in managing the newly formed CMS program. To prepare your bank for these or other types of challenges, please contact Jeffery Schmid, Director of Compliance and Management Services through FIPCO at to see how our experience can assist your bank.

By, Ally Bates