Financial Services M&A: Regulatory Approvals and Compliance Due Diligence

Financial services M&A is the acquisition of businesses subject to prudential financial regulation, including banks, broker-dealers, insurance companies, investment advisers, and specialty finance companies. It is unique among M&A practice areas because every material transaction requires affirmative regulatory approval before closing. Unlike most industries where the parties control the closing timeline, financial services deals close when the regulators say they close.

Bank Acquisition Regulatory Framework

Federal Banking Regulators

Bank acquisitions require approval from the target bank's primary federal regulator. The applicable regulator depends on the target's charter type:

• Office of the Comptroller of the Currency (OCC): National banks and federal savings associations
• Federal Deposit Insurance Corporation (FDIC): State-chartered banks that are not members of the Federal Reserve System
• Federal Reserve Board: State-chartered member banks, bank holding companies, and savings and loan holding companies

Each regulator evaluates the same core factors but applies different procedural requirements and timelines:

Competitive effects. Regulators assess whether the acquisition would substantially lessen competition in relevant banking markets. The Department of Justice also reviews bank mergers under the antitrust laws and can challenge transactions that exceed concentration thresholds.

Financial and managerial resources. The acquirer must demonstrate adequate capital, competent management, and sound financial condition. Regulators evaluate pro forma capital ratios, earnings projections, and management team qualifications.

Community Reinvestment Act performance. The CRA records of both the acquirer and the target are evaluated. Poor CRA ratings, unresolved CRA protests, or inadequate lending in low-and moderate-income communities can delay or block approval.

Financial stability. For larger transactions, regulators assess the acquisition's impact on the stability of the U.S. banking system.

State Banking Regulators

In addition to federal approval, most bank acquisitions require approval from the state banking department where the target is chartered. State regulators evaluate similar factors but may impose additional conditions specific to state law.

For interstate acquisitions, state age and deposit cap restrictions may apply. Each state has its own requirements governing the acquisition of banks chartered in that state by out-of-state acquirers.

Application Timeline Management

The regulatory approval process is the longest item on most bank deal timelines. Effective deal teams:

• File applications promptly after signing to start the regulatory clock as early as possible
• Pre-file with regulators to identify potential issues before formal submission
• Coordinate federal and state filings to run concurrently rather than sequentially
• Monitor public comment periods and respond proactively to any protests
• Maintain open communication with assigned regulatory examiners throughout the review

Compliance Due Diligence

Financial services compliance diligence goes beyond standard contract review because regulators evaluate the target's compliance posture as part of the approval process. Compliance deficiencies discovered by the regulator can delay or deny approval.

Bank Secrecy Act and Anti-Money Laundering

BSA/AML compliance is a threshold regulatory concern. Review the target's:

• BSA/AML compliance program structure, including designated BSA officer, policies, procedures, and training
• Suspicious Activity Report (SAR) filing history and trending
• Currency Transaction Report (CTR) filing accuracy and timeliness
• Customer identification and due diligence procedures (CIP, CDD, enhanced due diligence)
• OFAC screening procedures and any matches or false positive handling
• Regulatory examination history for BSA/AML findings, matters requiring attention, or enforcement actions
• Independent BSA/AML audit results and management's response to findings

A target with unresolved BSA/AML deficiencies or a consent order related to BSA compliance will face heightened regulatory scrutiny that can delay approval by months.

Fair Lending

Regulators review fair lending compliance as part of the approval process. Assess the target's:

• Fair lending compliance program and designated fair lending officer
• HMDA data analysis for disparities in lending patterns
• Pricing exception tracking and justification documentation
• Regulatory examination findings related to fair lending
• Complaint history related to discrimination allegations

Examination History and Enforcement Actions

Obtain and review the target's recent regulatory examination reports (typically the last two examination cycles):

• CAMELS ratings (composite and component ratings for banks)
• Matters requiring attention (MRAs) and management's response
• Consent orders, cease and desist orders, or civil money penalties
• Memoranda of understanding (MOUs) with regulators
• Status of remediation for any outstanding issues

Unresolved examination findings and open enforcement actions are the most common source of regulatory delay in bank M&A.

Broker-Dealer Acquisitions

FINRA Continuing Membership Application

Any change of ownership or control of a FINRA member broker-dealer requires FINRA approval through the continuing membership application (CMA) process under FINRA Rule 1017.

The CMA requires detailed disclosure of:

• The proposed new owners' backgrounds, including Form U4 history
• The firm's proposed supervisory structure and compliance systems
• Financial projections and net capital adequacy
• Anticipated changes to the firm's business model
• Any disciplinary history of the proposed new ownership

FINRA's review period is 180 days from filing a complete application. The application is reviewed by FINRA's Member Regulation department, and the firm may receive requests for additional information that effectively extend the timeline.

SEC and State Registration

Depending on the deal structure, the broker-dealer may need to:

• Amend its Form BD with the SEC to reflect the change of ownership
• Update registrations in states where it is registered
• Obtain new state approvals if the change of ownership triggers re-registration requirements

Customer Account Transfer

Broker-dealer acquisitions often involve the transfer of customer accounts. The ACATS (Automated Customer Account Transfer System) process and FINRA rules governing customer account transfers must be followed. Customer notification and consent requirements apply.

Insurance Company Acquisitions

Insurance company acquisitions require approval from the state insurance department where the target is domiciled, plus potential approvals from states where the target holds licenses.

Form A Filing

The standard state insurance regulatory filing is the Form A, which requires disclosure of:

• The acquirer's identity, background, and financial condition
• The source and structure of acquisition financing
• Plans for the target's future operations
• Pro forma financial projections for the target
• Any proposed changes to management, board composition, or reinsurance arrangements

Holding Company Act Compliance

If the target is part of an insurance holding company system, the state's insurance holding company act may impose additional approval requirements and ongoing reporting obligations.

Contract Portfolio Analysis

Beyond regulatory compliance, financial services targets have contract portfolios with unique provisions.

Loan Documentation

For bank acquisitions, review a sample of the loan portfolio for:

• Credit agreement terms, covenants, and default provisions
• Collateral documentation completeness
• Loan modification and workout history
• Participation and syndication arrangements

Deposit Agreements and Customer Contracts

Review the target's standard form agreements for:

• Assignment and change-of-control provisions
• Rate and fee structures
• Arbitration provisions and class action waivers
• Privacy notices and data sharing terms

Vendor and Service Provider Agreements

Financial services companies often rely on third-party vendors for core functions. Review vendor agreements for:

• Change-of-control provisions that could allow the vendor to terminate
• Service level agreements and business continuity provisions
• Data security and privacy compliance requirements
• Regulatory compliance obligations passed through to vendors

AI-powered contract extraction is particularly valuable for financial services diligence because the volume of loan documents, customer agreements, and vendor contracts can be overwhelming. Extracting change-of-control provisions, assignment restrictions, and key commercial terms across the portfolio gives the deal team a structured foundation for regulatory analysis.

Coordinating Diligence with Regulatory Strategy

The most important lesson in financial services M&A is that diligence and regulatory strategy are inseparable. Every compliance deficiency discovered during diligence has the potential to become a regulatory issue during the approval process. Every regulatory concern identified through pre-filing discussions should drive additional targeted diligence.

Deal teams that treat diligence and regulatory approval as parallel but connected workstreams, rather than sequential steps, execute financial services transactions more efficiently and with fewer surprises.

---