Merger and Acquisition (M&A) due diligence is historically rooted in evaluating the opportunities and risks associated with loans, deposits and regulatory compliance. While these components remain critical to evaluating potential opportunities, an evaluation of information technology (IT) is equally important. Technology serves as a critical function both in bank operations and how effective banks are at delivering products and services to their customers. IT due diligence considers many factors, including vendors, costs, security and customer impact. Overlooking any of these elements can have a significant impact on the success, or failure, of an acquisition.
Due to the challenges of post-merger IT integration and related cost implications, it is vital for bank leaders to conduct IT due diligence during transactions. Here are some actions to take related to IT during the M&A process.
Technology similarities can also improve synergy. If both banks use the same core banking platform, converting or migrating account databases will be fast and efficient. Similarly, if the two organizations use the same productivity tools, users in the acquired institution will be familiar with the tools used for daily operations.
IT integration is one of the most challenging tasks following a merger. It is a complex task that requires detailed planning, expertise and compliance with strict regulatory requirements.
If there are many disparities between the two banking platforms, IT integration can be lengthy and require excessive manual input. It is also expensive to migrate a considerable volume of data from one bank’s IT systems to another.
For these reasons, many banks leverage outside experts to manage IT integration, which can pay dividends in terms of execution and cost reduction.
Many bank systems charge by the number of accounts, transactions, or users and given the increase in all these categories during an acquisition, it is a great time to negotiate existing contracts to find cost savings given the new scale.
The increase in staff, customers, and locations can also place a burden on bank IT infrastructure. Proactively forecasting the need for additional licenses, bandwidth, and equipment is essential to maintaining costs and maintaining continuity during an acquisition.
According to IBM, the average time to identify and contain a cybersecurity breach is 280 days. In M&A, this means that the acquiring bank could be purchasing a bank that’s had a breach, without realizing their security has already been compromised. Since detection can often take months, performing a cybersecurity risk assessment and analysis of the new bank is a critical requirement in M&A IT due diligence. Apart from fines, legal fees, and other costs associated with a data breach, the reputational hit is often the biggest problem, as many customers may decide to close their accounts due to the breach.
To reduce the risk of resistance to change or culture shock:
Due to automation, integration, and overlapping functions, some job functions may become redundant in a merger situation. Where possible, plan for the redeployment of such employees by upgrading of their IT skills and capabilities.
Implementing an M&A process without paying adequate attention to IT issues like security and technology integration can lead to substantial financial losses. Working with an M&A and IT advisory firm with experience in this area will maximize opportunities for cost reduction and reduce the risk of failure by saving time and cost.
Hartman Executive Advisors offers independent IT advisory services for financial institutions that are planning a merger or acquisition. If you’re considering an acquisition, please call us at (410) 612-3011 for a no-cost consultation so we can discuss next steps for incorporating IT due diligence into your M&A process.