Payments Law Tool Kit

Venable / 26 25 / Venable Structure the Deal to Minimize Risk In an asset acquisition, for example, the buyer will have more control over the liabilities it assumes. In contrast, when a buyer purchases control of the target by acquiring all or a majority of the target’s shares, or through a merger, the liabilities of the target pass to the buyer. This means, for example, that the buyer of a payments processor could be held responsible for the target’s prior processing activities (including in the event of a government investigation). Document the Deal to Protect Your Company In the payments industry, it is critical for the buyer to obtain detailed representations and warranties in such areas such as intellectual property, security, and regulatory compliance, so that the buyer is indemnified in the event of a breach or subsequent regulatory scrutiny. Protect Your Investment This principle is particularly important in the payments industry, where a company’s success is often determined by its technology, know-how, and customer relationships. Ensure Compliance Moving Forward Once the deal closes, long-term success requires a commitment to compliance. The starting point is a compliance management system (CMS) that addresses business operations and sets management’s expectations for compliance with applicable laws. Creating value for shareholders through acquisitions in the payment space is an important, time-tested strategy. In today’s ever-changing environment, combining regulatory insight with proven deal execution is essential if your acquisition is to have the intended results. The composition of the payments industry continues to evolve through mergers and acquisitions that provide strategic, operational, and financial benefits. But how do you make sure your transaction does not result in business disruption, increased regulatory risk, or financial loss? A few considerations might be helpful. Engage in Regulatory Due Diligence A good starting point for regulatory due diligence is a thorough review of the target’s policies and procedures governing anti-money laundering, merchant or customer underwriting, data security, and compliance with consumer protection laws and regulations. These policies should be spelled out in written documents that address how the company manages the myriad laws that impact its services and the industries in which it or its customers operate. Understand the Composition of the Target’s Merchant Portfolio In particular, for acquisitions involving payment processors or independent sales organizations (ISOs), it is critical for the buyer to review the target’s merchant portfolio to assess underlying risk and whether the target has implemented appropriate policies and procedures to manage that risk. A failure to have a clear picture of the policies and practices of the target can prove costly. Review Data Security A number of recent data breaches have brought renewed focus on data security across all industries — including payment processing. The Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) have broad mandates to pursue unfair or deceptive acts or practices, which both have interpreted to include data security. Mergers and Acquisitions