Regulatory Due Diligence: Is It Worth the Investment?

Financial due diligence is always core to any acquisition or investment, and investors typically engage specialist consultancies to perform this. However, regulatory due diligence is often equally important, but can sometimes be overlooked.

The consequences of poor regulatory due diligence

Failing to perform robust regulatory due diligence can have significant adverse consequences, including investors incurring significant financial loss, or reputational damage linked to legacy issues which were either not identified or not addressed in the sale agreement. 

Several high-profile firms have been subject to regulatory intervention due to their poor legacy practices in recent years. On the face of it, these firms were commercially successful, however, the way they have generated revenue has not been aligned to regulatory standards. In these cases, any required remediation must be undertaken (and costs met) by the current owners.

The costs of these remediation exercises, including compensating customers, can be significant, and, in many cases, firms do not survive. Recent high-profile cases have included payday lenders and rent-to-own goods providers.

Even where firms do have sufficient financial resources to fund a remediation programme, the adverse media which this attracts can be detrimental to future business as significant reputational damage is caused.

Where firms have previously seen commercial success through poor practices, their business models based on mis-selling or irresponsible lending fall down. Once they are required to uplift their processes to meet regulatory standards the commercial success seen previously disappears.

The evolving market

The last decade has seen rapid growth of market disruptors such as fintech companies seeking to challenge traditional financial service providers through use of digital technology. Their focus on low friction, all digital solutions to specific customer needs such as overseas payments, personal loans and investment solutions, combined with low fixed costs, presents an attractive proposition for investors where these firms experience rapid revenue growth.

Nonetheless, firms of this type can be highly exposed to regulatory risk and may not be fully meeting their obligations. This can stem from a lack focus on the development of the appropriate internal policies, procedures and controls around key requirements (e.g., timely handling of customer complaints). Regulatory issues in these firms can be exacerbated through frequent changes in senior leadership.

In addition to the reputational damage, which comes from regulatory action in these scenarios, Investors may be exposed to significant costs to remediate these issues, damaging commercial viability.

Therefore, there is a need to focus due diligence on ensuring that appropriate investments have been made in risk management, governance, and scalable controls to cope with high customer numbers.

Key considerations

Where investments or acquisitions on the face of it are appealing due to commercial success, key areas that need to be challenged as part of regulatory due diligence are:

• How is the money being made? Is this a result of poor business models, or practices which exploit customers?
• What products/services are generating the revenue? is there a risk - as with Payment Protection Insurance - that they could be deemed in future to have offered poor value to customers or have been mis-sold?
• Do the firm’s overheads suggest that it is under-resourced to manage its compliance obligations, and is the resourcing model sustainable?
• Do the firm’s costs suggest a lack of investment in robust infrastructure to ensure it can sustainably deliver its services to customers?
• Who is the client base? Is the firm making money by offering services to clients who would be outside of the risk appetite of mainstream institutions, and if so, is the firm managing the risks associated with its clients?
• Are there identified weaknesses in the firms controls which are likely to result in scrutiny or enforcement action by regulators? Is it likely that additional contingencies or expenditure will be required to pay fines and/or complete remedial work?
• Is there an effective, documented, and transparent governance structure and risk management process?
• How exposed is the firm to future regulation of its key products and services (and therefore additional overheads)?

New and emerging regulation

The new Consumer Duty rules increase the importance of regulatory due diligence. The Consumer Duty significantly enhances the conduct expectations of financial services firms to ensure their customers are protected. It enhances the FCA’s powers to hold firms to account and take enforcement action where they cannot evidence that their business models promote fair outcomes for customers.

Due diligence activities should also consider the possibility of future regulation of firms offering certain emerging technologies. This is exemplified by the European Union’s Artificial Intelligence (AI) Act and AI Liability Directive, which create a framework for the execution of civil actions against providers of AI-driven software. This legislation is likely to create potential future liabilities and costs for firms operating in this market.

The impact of Brexit & regulatory diversification

2023 has seen an increase in the pace of financial services regulatory implementation and review in the UK, following on from its withdrawal from the EU. Due diligence activities should focus on whether UK based firms operating in Europe have taken appropriate steps to comply with relevant European regulations. Consideration should be given to a firm’s exposure to UK – EU regulatory divergence. This is particularly important where firms have established EU based branches or subsidiaries as a direct result of Brexit to maintain access to European markets.

Increasingly regulators in Europe are raising concerns that some UK, and, to a lesser extent, US firms are not investing in the appropriate level of local expertise for their European operations. Due diligence activities should consider the appropriateness of local governance over intercompany outsourcing arrangements, levels of local expertise and the effectiveness of subsidiary governance and decision-making processes.

Looking Ahead

In the short to medium term the volume and diversity of regulatory obligations on firms will continue to increase, with a particular burden falling on those regulated in multiple jurisdictions and those experiencing rapid customer growth. These factors make comprehensive regulatory due diligence increasingly impactful on the overall success of any transaction.

Investors should consider specialist advice when conducting regulatory due diligence to ensure robust challenge of the factors driving the commercial appeal of any investment or acquisition, to thoroughly understand any regulatory exposure and avoid hidden costs post transaction.

**********

Catherine Brittain is Partner and David Dry is Associate Director at RSM UK

***

The views expressed in this article are those of the author and do not necessarily reflect the views of AlphaWeek or its publisher, The Sortino Group