Anti-money laundering (AML) risk is no longer a peripheral concern in M&A – it’s a central deal issue. As enforcement ramps up across Europe, fuelled by a wave of new regulation and increasingly assertive supervisory practices, AML considerations are becoming more complex and consequential, demanding sharper focus from both buyers and sellers. With multi-million-euro fines becoming commonplace – even for relatively minor breaches – AML risks can derail deals, damage reputations, and undermine business models. This blog explores how those risks are evolving under the EU’s new AML package and what dealmakers can do to manage them.
Recent legislative developments, such as the entry into force of the EU AML Regulation and the publication of European Banking Authority’s (EBA) draft Regulatory Technical Standard on pecuniary sanctions, administrative measures and periodic penalty payments further underscore that AML has become a key priority for financial regulators in Europe.
It’s therefore no surprise that AML risks play an increasingly important role in M&A transactions in the financial sector and beyond. Today, virtually every transaction has to deal with AML risks which may, if not adequately managed, become real deal breakers. This blogpost provides an overview of the various ways in which AML risks may appear in M&A transactions and how these risks can be managed.
Understanding AML risk types in M&A
A key risk associated with AML non-compliance is the risk of fines. The number and amounts of AML-related fines have increased significantly across the world in recent years. This trend is likely to continue under the new EU AML Regulation, which will provide for fines of up to €10m or 10 per cent of the total turnover (calculated at group level), whichever is higher.
The classification metrics for breaches proposed by the EBA is likely to contribute to an increase in breaches that are deemed to be serious, thereby triggering higher fines.
However, the economic significance of AML risks goes far beyond fines. AML incompliance can have an actual impact on the business model of a financial institution, which may be restricted from carrying on business in certain markets or taking on new clients as a result of AML deficiencies.
Another key area of concern, especially for strategic investors, is the reputational risk associated with AML deficiencies. Strategic investors value their market reputation and regulatory relationships, and acquiring a business with severe AML risks could jeopardise both.
Spotting AML red flags during due diligence
AML risks exist throughout the financial sector, irrespective of whether it is a bank, insurer, payment services provider or asset manager. It will be difficult to find a target in the financial sector that is fully compliant at alle times with all regulatory requirements and expectations in this respect. AML risks are therefore one of the key focus areas during legal due diligence. The level of scrutiny will be informed by the risk of the (potential) buyer. The lower the risk tolerance the lower the materiality thresholds and the longer the look-back periods in the due diligence, and the greater threat to the transaction if AML risks are identified.
While technically not part of a traditional due diligence phase, a key concern for strategic majority investors is often the identification of gaps between their own and the target’s AML practices, as the target will need to be integrated into the buyer’s group-wide AML policies, controls and procedures after closing of the transaction.
Mitigating AML risks through SPA clauses
There is a variety of mechanisms to deal with identified AML risks in Sales and Purchase Agreements (SPA). Which of these mechanisms is most suitable in a specific case mainly depends on the following aspects:
- Possibility to remedy the AML risk.
- Likelihood of the risk to materialise.
- Ability to quantify the loss if the risk materialises.
If the AML risks can be remedied, the buyer will most likely ask for an obligation of the seller to resolve the risk before closing. This way, the seller will, in theory, deliver the target free from AML risks, and the parties do not need to negotiate complicated risk allocation mechanisms.
The required remedy actions, together with a timeline for their implementation, may be set out in a remediation plan as a schedule to the SPA. If the seller fails to comply with its obligations, the buyer can claim damages. However, financial compensation in the form of damages may not always satisfy the buyer’s needs. If the buyer wants to be certain that the AML risk has been resolved by the seller, the completion of the remediation plan may be stipulated as a condition precedent (CP).
If remediation is not possible, for example because a sanction procedure for a past violation is ongoing, the remaining AML risk will have to be further handled by the parties by providing some form of risk allocation in the SPA. For those AML risks that have a high likelihood to materialise and for which the loss, if it materialises, can be quantified, the buyer may ask for a fixed amount to be deducted from the purchase price. This saves the parties from agreeing on complex risk compensation mechanisms.
However, each party faces the risk of having struck a bad deal once the AML risk materialises after the effective date: the buyer if the actual loss exceeds the deduction, the seller if the loss is lower than the deduction. That said, given the constantly changing regulatory landscape and the often unpredictable nature of regulatory practice, it is rare for parties to have a clear view of the likelihood and quantum of AML risks.
If an upfront deduction from the purchase price is not suitable, the parties need to develop contractual mechanisms that lead to a compensation as and when the AML risk materialises. The conventional tool in such a scenario is an indemnity. Under an indemnity, the seller undertakes to compensate the buyer once actual losses have been incurred. For example, a fine has been imposed and needs to be paid. To avoid a carte blanche liability, the seller will, however, ask to limit the indemnity in terms of time, scope, and amount, and request conduct rights ensuring that the case is handled well once the target is under the buyer’s control.
All of these elements are typically subject to intense negotiations between the parties. For example, a strategic buyer may not be prepared to give strong conduct rights (such as a right to request that a fine is litigated), if this may put the buyer’s relationship with the regulator at risk. In cases where the parties expect a significant fine to be imposed in the future, the buyer may ask for collateral since it has paid the full purchase price upfront and would later need to enforce the indemnity against the seller.
Finally, even where no specific risks have been identified in the due diligence process, the buyer may still ask for protection in the form of warranties. These are used to cover unknown and abstract risks. As such, they are typically subject to broader limitations, for example, knowledge-qualifiers, materiality thresholds, limitation to the signing and/or closing date, overall de minimis-rules, and caps.
In Warranty and Indemnity (W&I) deals where warranties are covered by an insurer instead of the seller, the buyer typically faces exclusions for AML risks in the insurance policy. If this is not acceptable for the buyer, the buyer may ask the seller to step in as a fallback and give certain AML warranties outside the W&I regime. This, however, will not be easy to negotiate because the seller, who is trying to achieve a clean exit by requesting a W&I solution, will try to avoid taking on any liability outside the W&I regime.
In any event, even where the parties manage to find solutions for the compensation of monetary losses, reputational risks remain. These can turn out to be severe in the AML context and are typically hard to assess, quantify, and eliminate. Once an AML fine has been imposed and publicly communicated, the buyer will inevitably suffer a reputational damage – even though the underlying incompliance still occurred under the seller’s control.
In these situations, the SPA may at least stipulate that the buyer shall be entitled to publicly state that the fine relates to an incompliance that occurred before closing, i.e. at time when the target was still under the ownership of the seller.
Summary
AML risks have become increasingly important in M&A. This trend will continue under the new EU AML package. AML risks will therefore remain a key item on the due diligence list for every buyer. The good news is that the parties have well-established SPA mechanics at hand to tackle these issues and make sure they do not put the transaction at risk.
This blogpost has been prepared by our Frankfurt-based FIG M&A team which specializes in M&A transactions in the German and European financial services sector:
- Patrick Cichy, Partner
- Alexander Glos, Partner
- Jan Biermann, Principal Associate
- Jan Struckmann, Principal Associate
- Sara Dietz, Principal Associate
