Mergers and Acquisitions in Banking : A Framework for Effective IT Integration

This study aims to identify key issues in the information technology (IT) integration in mergers and acquisitions (M&A) in banking and propose an approach to increase the efficiency of such integration. The study produces a first cut IT integration framework based on the literature review into the key factors in IT integration in banking and selected popular IT governance models, such as Control Objectives for Information and related Technology (COBIT), and then refines it with the help of IT practitioners based on their involvement in a number of high-profile banking M&A cases. The proposed framework is thus underpinned by the latest theoretical thinking in the relevant subject field and builds on relevant practical experience. Senior level IT practitioners in banking organisations can employ the framework to inform and guide the execution and post-mortem review of their M&A integration projects.


Aims and Objectives
The study aims to expand the knowledge base on the IT integration best practices as applied to the M&A practice in banking. To achieve that, a number of large-scale high-profile banking M&A cases were investigated by interviewing key senior level technology officers directly involved in the delivery of those projects. Some of the results of the study were published in another work, Kovela and Skok (2012), which among other things confirmed that IT is a critical resource and enabler in the business model of modern banking and therefore a clear link between the business strategy driving the merger and the priority of the IT integration tasks which are key for the efficiency of M&A transactions. The current paper builds on and complements these findings by proposing a framework for those embarking on the process. The objectives here are:  To establish whether the adoption of an IT integration framework is necessary for efficient integration in M&A in banking.
 To survey the landscape of existing IT governance frameworks and identify those that could potentially be used as a basis for the above M&A IT integration framework.
 To create a M&A IT integration framework and then benchmark and adjust it against the practice-based summative profile of the banking M&A IT integration process.
Deloitte (2014) "(in 2014)… conditions improved versus the preceding two years-more deals were transacted at higher multiples" with "total deal value of $14.4 billion in 2013, up from $13 billion in 2012". That and the fact that the government and self-initiated restructuring that swept the banking industry after the crisis of 2008 (Deloitte, 2014) is still on-going will result in more M&A IT integration projects with their corresponding problems.
There are several IT integration-related factors to consider. Firstly, M&As fail to increase shareholder value in more than half of the cases (58.3% between 1992 and 2006 according to Cools et al, 2007) and in banking specifically that can often be directly attributed to the IT integration related problems (Williams, 2005;Williams et al, 2007;Kovela & Skok, 2012;Deloitte, 2014;The Mergermarket Group, 2014), e.g. the cases of Santander's takeover of Alliance and Leicester (Williams, 2010) and integration of the RBS Group's IT infrastructure (King, 2012 andBoyce, 2012). Secondly, no appropriate common-reference M&A IT integration framework for banking institutions exists in the public domain, which means banks at large will be "reinventing the wheel" every time an M&A IT integration is undertaken and often making the same mistakes. Finally, a number of empirical studies (Haspeslagh, 1991;Pliskin et al., 1993;Davis, 2000;King, et al. 2004;Carretta, Farina and Schwizer, 2007) suggest that despite the differences between individual IT integrations a degree of commonality still exists at an industry, business, or business function level, so useful generalisations could still be made with sufficient research data on hand.
Consequently the authors suggest that openly available M&A IT integration guidance for banking could help establish a common knowledge base and create preconditions for improving the success rates in such projects and thus benefit both individual businesses and the industry at large. The question therefore arises-is there any approach, framework or guidance, readily available for that purpose?

M&A IT Integration in the Context of IT Governance
In 1996, Stylianou et al. (1996) made one of the first attempts to classify the factors playing a role in M&A information system (IS) integration and establish how important they were to the overall success of the transaction. A year later, Giacomazzi et al. (1997) proposed a model for IS integration, linking variables such as corporate objectives and setup of the parties merging with requirements for the target information system (IS) organisation and outlining a range of IS integration scenarios, i.e. total, partial, or no integration. Subsequently Wijnhoven et al. (2006) addressed the post-merger IT integration problem as one of IT alignment (Henderson & Venkatraman, 1992), whereby the strategy for integrating information technology would be inseparable from the overall business integration strategy and so should be handled with strict alignment to the business goals and objectives of the merger. A study by Baker and Niederman (2014) has recently developed the argument by proposing a framework for aligning business and IS strategies throughout the M&A execution cycle. Also, Alaranta and Mathiassen (2014) examined the risk management perspective of the post-merger IS integration and proposed a framework to "prepare for, analyse, and mitigate risks" in order to facilitate such transactions. Finally, and perhaps closest to our needs, in 2011 Maire and Collerette presented a more practical guidance for post-merger integration specifically in the financial services scenario (Maire & Collerette, 2011), although this too fell short of providing enough technology-level detail on the implementation of the integration process.
There is a clearly visible evolution of thought in the above studies, where the initial recognition of specific features and attributes impacting on the success of the IS integration process is followed by a gradual understanding that these often span beyond the IT function itself and are deeply ingrained in the organisational setup and strategy. Finally the conclusion is drawn that the IT function is as inseparable from the organisation as the IT integration process is inseparable from the overall post-merger integration of the business, and thus has to be treated within the broader context of the organisational and IT governance. Furthermore, there are indications that growing from the recognition of the ubiquity and critical importance of IT,there is a recent trend on the part of large firms to elevate control over IT performance to Board level. For instance, Tyco International, FedEx and JP Morgan Chase are among many Fortune 1000 firms to have recently established corporate-level IT governance councils (Symons, 2005).
The above leads one to assume some attempts would have been made to explicitly apply an IT governance approach to facilitate the M&A IT integration by now. Specifically, knowing from the outset that a robust IT governance framework that already had or could "adopt" an M&A IT integration component did exist would save time re-inventing it. Still, Alaranta (2005) notes that such works are sparse and inconclusive, which supports calls for the matter to be addressed in this study.

Identifying a Good IT Governance Framework for M&A IT Integration
The known IT governance frameworks can be broadly split into two categories -generic models and specialised  (2009)), but the task of choosing an IT governance framework for a particular set of processes is still far from trivial due to the peculiarities of one firm's organisational structure and strategy. In our attempts to identify a suitable candidate, we focused on those generic and broad enough to fulfil the IT governance needs of the enterprise, yet provide enough detail to allow for practical implementation of the IT integration process. Broadly speaking, from amongst the above, ISO/IEC 38500:2008 and COBIT come closest. Brief descriptions of the two follow below.

ISO/IEC 38500:2008
According to ISO/IEC (2008) ISO/IEC 38500:2008 is "a high level, principles based advisory standard". In addition to providing broad guidance on the role of a governing body, it encourages organisations to use appropriate standards to underpin their governance of IT and provides a framework of principles for directors to use when evaluating, directing and monitoring the use of IT in their organisations. The standard defines the following principles for "good governance" of IT:  Establish clearly understood responsibilities for IT;  Plan IT to best support the organisation;  Acquire IT validly;  Ensure that IT performs well;  Ensure IT conforms with formal rules;  Ensure IT respects human factors; Complying with the above principles would assist directors in balancing risks and encouraging opportunities arising from the use of IT, as well as assure conformance with legislation and contractual obligations (ITGI, 2009).

COBIT
COBIT is positioned as a high level framework, that is business requirements-driven, covers the full range of IT activities, and concentrates on "governing and managing enterprise IT" (ISACA, 2012). COBIT's main principles are:  Meeting Stakeholder Needs;  Covering the Enterprise End-to-end;  Applying a Single, Integrated Framework;  Enabling a Holistic Approach;  Separating Governance From Management.
Performance measurement goals and metrics are defined at the following levels:  Enterprise goals and metrics that define what the overall business goals are and how to measure them;  IT goals and metrics that define how IT would support the above enterprise goals and how to measure it;  Process goals and metrics that define what IT process must deliver to support the IT goals and how to measure it;  Activity goals and metrics that establish what needs to happen inside the process to achieve the required performance and how to measure it.
The framework has evolved significantly throughout the time this study was conducted, going from version 4.1 originally published in 2007 (ITGI, 2007) to version 5 in 2012 (ISACA, 2012). There have been a number of changes, the most relevant one being a change in the definition of the Domains of COBIT. Version 5 has separated goals and metrics from the planning and delivery process and widened the scope of the domains by www.ccsenet.org/ijbm International Journal of Business and Management Vol. 10, No. 3;2015 bringing stakeholders and good practices in the mix; this is reflected by the new name of Enabler Dimensions (see Table 1).

Is COBIT Sufficient as a Practical M&A IT Integration Framework for Banking?
Considering the robustness of COBIT and the proliferation of M&As in regulated and IT-dominant environments such as banking, it would seem natural to see COBIT being actively applied. Surprisingly, there is little evidence of the framework being applied either in pre-merger planning or post-merger integration. Alaranta (2005)  ). The question, therefore, is whether this is caused by general inertia in new theoretical concepts achieving traction in the "real world" or is this due to some limitations in the theoretical approach itself.
There are several considerations regarding the "inertia element". Firstly, since the banking industry is so dependent on IT, relying on proven methods rather than pioneering cutting-edge yet potentially imperfect approaches, seems totally justified. Secondly, there is a plethora of IT governance and project management frameworks around (ITIL, CMMI, PRINCE2, etc.) that perhaps lack all-round coverage, but are well known and are thus cheaper to use. Thirdly, the real incentive for exploring the benefits of COBIT only came about in 2002 with the introduction of the Sarbanes-Oxley Act, at which point regulatory compliance and transparency became imperative. Thus it is only recently that COBIT has been showing signs of becoming a de facto regulatory-compliant IT governance framework standard.
Considerations regarding the "theory limitations" part are two-fold. On the one hand, COBIT is a well-thought through integrated collection of controls spanning all the project planning and delivery phases in the traditional project management sense, but on the other hand the framework does not address the key technology-implementation level issues in the M&A IT integration process, i.e. the consolidation of multiple IT infrastructures into a single one and the types of documents that should accompany the process. COBIT on its own therefore cannot serve as a one-stop solution for our task; to accomplish that it needs some form of implementation-level IT platform integration plan attached to it. It is also worth noting that version 4.1 Domains of COBIT would be the authors' preferred option to be used in constructing such a plan, as the definitions used there are both robust enough for our IT integration process structuring needs and are quite straightforward to use, whilst the version 5 COBIT Generic Enablers have wider scope and are therefore more difficult to apply whilst adding no extra value to addressing the issue at hand. Therefore, to produce a first cut M&A IT integration framework it would be feasible to use COBIT as an overarching enterprise IT management and governance framework with version 4.1 Domains as a basis for structuring the M&A IT integration process, and complement it with the detailed implementation-level banking IT platform integration plan.

Method and Techniques
The authors adopt grounded theory as the study method. In line with the definition of "systematic generation of theory from data that contains both inductive and deductive thinking… deriving conceptual profile of the phenomena by employing a systematic set of procedures" (Glaser and Strauss, 1999), we employ techniques such as literature review, interviews, and subsequent analysis with the aim to produce a new process model in the form of an IT integration framework for banking institutions engaging in M&A IT integration projects.

Data Collection, Selection and Analysis Methods
The secondary research data collection covered over sixty peer-reviewed journal publications and a similar number of industry publications (e.g. white papers, company reports, etc.). This allowed a theory-based version of the M&A IT integration framework to be constructed (see Appendix A). The principles guiding the design of the prospective framework were: -Firm alignment between the business and IT goals -IT strategic and tactical plans; programme, project, and service portfolios, Four Domains of COBIT (ITGI, 2007) as the initial model for defining the integration delivery areas; -Aggressive exploitation of technology consolidation-related savings -business processes, applications, infrastructure, data, vendor contracts, software licensing; -Synergy through application rationalisation -consolidated application platform and data repository, optimal functionality range, support for the new business model; -Synergy through process consolidation -software procurement, service desk operation, security policies; -Synergy through common organisation culture and staff retention -clear staff communications strategy, staff retention incentives aligned with integration needs, cultural integration as a management team priority; The primary research exercise was in the form of semi-structured two hour-long interviews (see Appendix B) with four senior-executive-rank officials who personally oversaw eight large-scale post-merger IT integration projects from their London headquarters between 1995 and 2010. The banking institutions involved in the above projects were Royal Bank of Scotland, Lloyds, Citigroup, UBS, Nomura, and Deutsche Bank. Major limitations of the approach were recognised to be: -Imperfect sample reducing the ability to generalise the findings; -Imperfect interview structure / questions failing to address the complexity of the subject in its entirety; -Personal bias of the respondents due to their role on the acquiring / acquired side.
To address the above issues the following measures were taken: -The case selection process strived to produce a sample which was balanced and diverse enough to serve as a fair representation of the IT integration practices in contemporary banking M&As. Table 2 below summarises the case selection aims and criteria; -Prior to conducting the interviews the question list was critically reviewed by one of the would-be respondents and adjusted according to the corrections proposed. Professional advice was taken to eliminate possible bias of the interviewer and balance the focus evenly between the aspects of the study; -To ensure the unbiased view of the relevant issues and success an even "acquirer / acquired" split in the interviewees' roles was sought. In three of the eight cases studied, the interviewees were the acquirers, whilst in the other five, the interviewees were on the acquired side.  The interview analysis that followed was a cross-case analysis of four interviews covering eight M&A cases using the constant comparison method (Patton, 1990) to group answers to the questions below: -Is the IT integration framework a "must have" or a "nice to have" in a banking M&A?
-What are the issues and workarounds in employing such a framework?
-Is the proposed theory-based framework applicable and usable immediately?
-If changes to the framework proposed are required, what are they?

The Research Process
The literature review phase produced a sense of the importance of the IT integration framework for efficient M&A integration in banking and what the optimal theory-based version of such a framework should look like. The interviews, on the other hand, validated the above findings and supplied insight into the issues and workarounds associated with putting this theory into practice in a commercial environment. The validation was based on real-life practices that have been in place in the banking industry for the past two decades. The results of both exercises were combined to create an "optimal" banking M&A IT integration framework.

Summary of the Findings
For confidentiality purposes, interviewees are referred to as C, H, J and T respectively.
The section below presents the summary of findings divided into three areas: a) the perceived need for an M&A IT integration framework in banking, b) issues and workarounds in employing such a framework and c) the proposed revised framework.

An IT Integration Framework -a "Must
Have" or a "Nice to Have"? Table 3 lists the respondents' comments that show that despite the differences in perceptions of how an IT integration framework would apply to small and big projects and how formal it should be, everybody agrees that having one is necessary. The mergers we are talking about are big and you need a level of formality… everybody would see the need of using a framework" Respondent T -"We have got the policy; it is there… We've got a process for big projects, and a process for small projects… so even if it is small we've still got one… because of the standards, everything has to comply at some level" Respondent J -"Firms like us absolutely strive to put some governance in place… but in this industry, formal governance frameworks are worth nothing anyway, unless you're doing something massive… maybe if you're doing a two / three / four hundred million program to rationalise two enormous data centres between say Deutsche Bank and Banker's Trust with multi-hundreds of million dollar spends and potentially huge savings, you would need to invest in that sort of thing" Respondent C -"The size of the IT integration project does not affect the applicability of formal IT integration frameworks… It just means that the error (and the tolerance) in absolute pounds is obviously much larger. So it is more about the impact; you need the right governance" www.ccsenet.org/ijbm

Issues and Workarounds in Employing an IT Integration Framework
With regard to successfully employing an IT integration framework, the respondents have named two areas that tend to generate the majority of issues: -Imperfections of the framework in use (overly generic/prescriptive, contains gaps, etc.); -Overly loose interpretation and poor execution of the framework guidelines.
Our research indicates that the first of the above can be successfully addressed by gradually accumulating experience as key staff and organisations themselves engage in an increasing number of projects and use the knowledge acquired to improve the frameworks in use. The other area is more difficult to handle, since it must deal with elements such as motivation and the personal agendas of key staff involved. Positive results can still be achieved by employing organisational measures, such as structuring the enterprise governance so that the IT integration process is managed outside the IT function. As one of the respondents put it, "there was an independent judicial, which sat externally organisationally, but it was part of the overall program. So they had complete transparency, which is a pain in the back when you're trying to run something… but it was good". Also, proper enforcement of the guidelines in place would alleviate some of the issues too. Quoting another respondent, "when you are changing things… it is not the time to be making shortcuts, because we really need that company to be connected and that to happen and lets relax a few things -so the answer there is NO… go and do your due diligence!". Thus, one would conclude that putting the rules in place, sticking to them consistently and improving them over time as one does more work is the way forward.

Is the Proposed Theory-Based Framework Applicable and Usable Immediately?
All the respondents have agreed that the proposed IT integration framework was a good match for guiding the generic M&A IT integration process, but needed some minor adjustments. Some of the most notable comments were: -"One methodology never fits all anyway, but if I had this in my hand it would have been a very useful checklist or reference basis and the framework" (Respondent J); -"The point with this framework is that these aren't the specific issues but these give a general impression of things you'd have to look at… I would say maybe some sequencing of things, but you probably captured the essential items, you've used the words that people use for running the project, and every project is different and every deal is different, but logically there is a flow" (Respondent T); -"It needs a few minor adjustments, because the key thing to me is -you need absolute clarity on the customer impact" (Respondent C).
When asked whether the proposed framework was an immediate improvement over the company's existing IT integration process the respondents stated that: -"If you were starting from scratch, that is a very useful checklist to start with, if you were looking for something that is generalizable, small, and M&A" (Respondent C); -"It would potentially be an improvement, because it would be just a little bit more structure to the thought process… we did get blind-sided by a couple of things, and this checklist might have stopped that from happening" (Respondent J).
-"Every deal is different, so you'll not write The Perfect IT Integration Process for all cases. What you'll write is the things that people will need to consider and then depending on the deal, and then that the deal happens, then that will be appropriate… it is a fair one" (Respondent T).
All in all, the proposed framework was considered a "compact and structured generic reminder for M&A IT integration" -generally applicable, well organised, compact, and particularly useful for new M&A IT integration planning. However, some specific changes were deemed necessary.

Summary of the Changes Suggested
A number of suggestions were made to improve the framework proposed (see Appendix C). These revolved around several themes listed below: -Business strategy must come before everything else, as an inability to clearly state what business priorities and requirements are is guaranteed to stifle the IT integration process; -Putting an appropriate management team in place as early as possible is extremely important, as it will www.ccsenet.org/ijbm When asked about possible further enhancements to the framework the response was "needs adjustment for a particular case" (Respondent T) and "every deal is different and every project is different; so it lists all the vital items here but no one size fits all, so have to adjust accordingly every time" (Respondent H)". Based on the fact that the proposed M&A IT integration framework had already been revised to incorporate and properly sequence all the essential elements of the generic M&A IT integration process, the enhancements mentioned would likely bias the framework in favour of a particular (class of) M&A deal(s) and thus make it less universally applicable. We therefore conclude that the research has hereby reached its practical limit.

Conclusions
There has been a lot of M&A activity in the banking industry in the last decade and it continues to increase. Paired with the fact that modern banking is underpinned, enabled and facilitated by IT, this means that the efficiency of the M&A IT integration is one of the most serious challenges the industry is facing today. To help improve the efficiency of the IT integration in M&A in banking, the authors have created a framework that is generic and robust enough to cover all the aspects of consolidation of two IT platforms coming together, yet www.ccsenet.org/ijbm International Journal of Business and Management Vol. 10, No. 3;2015 detailed enough to allow practical implementation in a commercial setting.
Literature sources and empirical evidence indicate that since the IT function is deeply ingrained within the organisational setup in banking, IT integration should be addressed in the overall context of IT governance. Therefore a suitable IT governance framework should be used as a foundation of the M&A IT integration framework being created. The authors have surveyed the landscape of IT governance frameworks in use today and established that COBIT was currently best fit for the purpose, as it provided the overarching enterprise IT management and governance context for the IT integration process. Thus COBIT 4.1 Domains were used as a basis for structuring the overall IT integration process and a practice-based implementation-level IT integration plan was added to complement that structure. The banking M&A IT integration framework subsequently created was validated with a balanced selection of leading industry practitioners based on their involvement in a diverse selection of high-profile banking M&A projects. The framework would thus be particularly useful for those at a planning stage of a new banking M&A IT integration project or those conducting a post-mortem review. How did the above constraints affect the planning process? 8 Other interviewees have indicated that often the IT integration is actually a 2-project process: • 1 st project being a quick bolting together of systems of the two firms to provide business-critical functionality and basic connectivity; • 2 nd project being a much slower and thorough consolidation of the IT assets, which may take years after the merger has been officially declared a success.
Do you support this view? 9 Which of the following could be used to describe the degree of cooperation at the top management level in the IT integration process? a) CEO / CIO actively cooperating and using same performance assessment metrics b) CEO / CIO actively cooperating, but using different performance assessment metrics Appendix C. Correction suggested for the theory-based framework A résumé of the suggestions to the originally proposed framework is presented below: Respondent C -"It is very technically focused, and you need to make sure that you've got business, you need to somehow make the linkages to the business strategy and the business stakeholders, and ultimately it is traced through to the customer" Respondent J -"Before you even start -assess who the key players are and what would the management team look like. I would look into that before you advocate doing the deal and then how do you implement the organisational change, and that organisational change at the senior level needs to start from the top down" -"At some point you need to consciously take the decision as to your strategy for your implementation -"do we deliberately concentrate all our resources on delivering tactical fixes over the next year just to get the thing working, and then get strategic later on, or do we get strategic now?" -you've got to define the strategy… and then that strategy needs to be agreed at very senior level… And then you have to choose the operating model" -"What you haven't mentioned is the organisation -…if one bank is working with more integrated model and the other bank is quite segregated… the hierarchy, the logical reporting lines, and the accountability… if you want to get to a certain level of best practice in your target organisation, you've got a lot of educational and organisational change to do -you compare across organisations, how roles and responsibilities are segregated, and how they map out" -"You should add IPR in the due diligence / applications section" -"Common integrated solution / applications -the system selection can sometimes be influenced by the skills that you have and the amount of documentation and tacit knowledge in your team" -"Common integrated solution / infrastructure -data and IPR is big here, especially if data centre will be located in a different jurisdiction" Respondent T -"Clearly Stage 0 would be to know what your business strategy is for this target. What you have at Stage 0, without a doubt, is business -get your acquiring business to describe their strategy, because that will steer everything thereafter" www.ccsenet.org/ijbm International Journal of Business and Management Vol. 10, No. 3; 2015 -"Due diligence / infrastructure -add to that a "contingency infrastructure" in c). And I would also be asking about the issues they've got there" -Define the systems integration strategy -put that at the top, point 0.5 perhaps -it is about not making a mistake of diving into the detail without understanding whether it is important to the business" -"Define the information architecture of the combined unit -you might not be able to do that pre-deal. You might get it, you might not… let's say it is not all set in stone by that moment just yet. More realistically, you might just be able to sum up with a crude estimate of how much certain different configurations might cost" -"Choose operating model -again, you probably are not going to be able to choose the operating model pre-deal, it is not going to be decided by then" -"Common integrated solution -costs and budgets must always go first… staff should come straight after costs and budgets. In your cost and budget you've got your synergies… and a load of that synergy is going to be staff… You are also going to have some sort of a retention arrangement for some key staff…. implementing staffing and retention plans should follow that too" -"Common integrated solution / regulatory approval -if in regards to the IT side, you are unlikely to have an IT regulatory approval requirement; that is outside of IT" -"Common integrated solution / commercial and contractual elements -needs to come much earlier on, often you are supposed to have either obtained from the vendors or at least properly in the process of having asked for it before you define the information architecture... this should go before the new 1.3 "Define the information architecture" -"Establish basic connectivity and consolidate key aspects of infrastructure -put basic connectivity in the beginning, as discussed before" -"Assess and control integration risks -you need to write "Information security" alone. It is the new safe as far as a bank is concerned or like a lock on the door these days" Respondent H -"This (framework, ed.) is quite detailed, so what this basically says is that you should do this stuff, so that you're informed to do this, and the question is whether you do this or you actually do that or that you take a macro decision based on my picture (the vertical model diagram, ed.)" -"You don't really have anything here about cost, so you don't have anything that is informing your decision about the total cost of ownership (TCO, ed.) of the platform that you are going to choose… the integration budget… and your TCO of going forward. So I have always thought that you should have something here that actually informs that" -"The regulatory approval and client consents are important specifically in relation to the negotiation of contracts" -"Assess and control integration risks -Information security, access rights, all those things are painful… this must be included separately in the "1.14 Assess and control integration risks" section"

Copyrights
Copyright for this article is retained by the author(s), with first publication rights granted to the journal.
This is an open-access article distributed under the terms and conditions of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/).