New regulatory risks originating from the financial services sector can cause a significant influence on the value of fintech mergers and acquisitions. Bearing this in mind, on June 6, U.S federal banking regulators put forth their final guidance on managing risks associated with third-party relationships.
The issued interagency guidance gives supervised banking organizations a broad range of risk-based principles to detect, assess, track, and manage risks related to the life cycle of third-party relationships. The aim is ensuring smooth operation in accordance with laws and legal regulations.
The guidance points out the increasing risks for banks in relation to their novel partnerships with fintech companies and new deal structures. Although the guidance isn’t legally binding, banks are implicitly encouraged to adopt the principles it provides. Essentially, its authority extends not only to traditional banking institutions, but also to fintech firms providing goods or services to these institutions.
The guidance might have a significant effect on the contractual framework and therefore on the valuation of the deal if the target company in a transaction already has a third-party relationship with a bank. Legal professionals specializing in such transactions should be informed about the guidance and its potential implications on their agreements to ensure that contractual risks are allocated effectively.
The guidance underscores that a bank’s obligation to ensure sound third-party risk management practices is an ongoing effort that requires a careful assessment of relationships. Tailoring practices based on a bank’s size, complexity, and risk profile is crucial, especially when the nature of the third-party relationship involves higher-risk activities and thus demands more comprehensive management and oversight.
Lawyers involved in the deals need to understand the nuances of each arrangement between a target and a bank to thoroughly assess potential risks throughout the relationship life cycle. It’s imperative they advise their clients on how potential risks could affect the deal’s value.
Risks involved in deals that could impact a target company’s performance include potential divestment from the target company to mitigate risks, modifications to contractual agreements in line with the bank’s continuous risk assessment policies, increased costs to maintain the relationship, restrictions on subcontractor relationships, and minimizing operational flexibility to maintain relationships with banks.
To address these risks, certain measures can be taken such as creating an inventory of all third-party relationships the target company has with a banking organization, determining high-risk activities, identifying arrangements granting target access to banking systems and customer data, and creating a risk metric that gauges the value at risk from the relationships with banks.
Deal lawyers have numerous tools at their disposal to alleviate these risks and turn them into value-creating opportunities. A profound understanding of regulatory risks is key when structuring fintech deals.
The new guidance introduces additional layers of potential risks that might lead to banks reconsidering their third-party risk management practices. Consequently, companies with substantial third-party relationships with banks might face risks that could impact their overall performance.
To manage these risks, deal lawyers need to adopt meticulous strategies during the diligence process. Applying tools such as representations and warranties, closing conditions, and earnout provisions can aid in risk distribution between parties.
The complex and evolving regulatory landscape brings along uncertainty in fintech deals. However, this also creates a chance for transactional lawyers to use foresight, judgment, and creativity to engineer innovative deal structures that mitigate risks and maximize value for their clients.