TD Bank was hit with a record $3 billion fine from U.S. regulators for significant anti-money laundering (AML) failings and violations of the Bank Secrecy Act (BSA). The total fine is made up of a $1.3 billion penalty imposed by the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and a $1.8 billion fine issued by the US Justice Department. The fine is part of a broader regulatory crackdown on banks failing to meet AML standards.
Historic Fine and Growth Restrictions
The fine was the largest-ever penalty imposed by FinCEN against a depository institution. The bank was also placed under a four-year independent monitorship, requiring it to remediate its AML program and conduct a historical transaction review. The Office of the Comptroller and Currency (OCC) issued growth restrictions on the bank in the U.S.
Attorney General Merrick B. Garland commented, “TD Bank created an environment that allowed financial crime to flourish. By making its services convenient to criminals, it became one.” He added, “TD Bank chose profits over compliance in order to keep its costs down. That decision is now costing the Bank billions of dollars.”
Meanwhile, Deputy Treasury Secretary Wally Adeyemo stated, “Time and again, unlike its peers, TD Bank prioritized growth and profit over complying with the law. The bank enabled drug trafficking.”
Key Failures of TD Bank
AML Failures
TD Bank failed to maintain a compliant AML program. It did not monitor or report suspicious transactions adequately, allowing high-risk activities such as narcotics trafficking, human trafficking, and funnel account activity involving shell companies. The lack of timely reporting of Suspicious Activity Reports (SARs) deprived law enforcement of critical information and the bank failed to file Suspicious Activity Reports (SARs) on over $1.5 billion worth of suspicious transactions. TD Bank's failures were considered more severe as the volume of unmonitored transactions far exceeded breaches seen at other institutions.
Inadequate Compliance Culture
TD Bank's internal culture reportedly prioritised growth and revenue over compliance and risk management. Employees faced high pressure to achieve sales targets, which led to corners being cut, particularly with AML controls and ethical sales behaviour. Employees openly joked about the lax compliance controls, with one stating that the bank was living up to its slogan as “America’s Most Convenient Bank” and another commenting that it was an “easy target for bad guys”.
Lax Oversight
The bank’s leadership failed to maintain strict oversight and ensure that controls were in place to prevent unethical behaviour and to monitor suspicious transactions. There was insufficient investment in training and resources for employees tasked with AML compliance, which contributed to lapses in the identification and reporting of suspicious activities.
Lax Internal Controls
The bank also failed to address internal risks, including activity by its own employees, some of whom were involved in laundering money for criminal organisations, through receiving bribes in the form of gift cards. TD Bank allowed billions in unmonitored transactions and delayed Currency Transaction Reports (CTRs) on large cash transactions. One example involved a criminal network depositing millions of dollars in cash, which went unreported.
Structural and Operational Issues
The U.S. branch of TD Bank faced specific operational weaknesses, including outdated systems that struggled to keep up with evolving regulatory requirements and complex AML responsibilities. TD Bank’s AML program was deemed under-resourced and inadequately designed to meet the scale of risks, leading to widespread control gaps over several years. The bank’s AML systems were outdated and static for nearly a decade. Executives made decisions to maintain flat budgets year-on-year despite regulatory risks.
From 2014 to 2022, the bank did not update or improve its transaction monitoring systems, which failed to monitor critical areas such as domestic ACH transactions, high-risk countries and new peer-to-pay payments products like Zelle. As a result, trillions of dollars in transactions went unmonitored.
Key Lessons for Finance Industry
1. Robust AML Systems are Essential
Financial institutions must invest in comprehensive, scalable AML programs. Regular audits, data governance, and transaction monitoring are essential to protect the financial system from illicit activity. Emerging technologies such as AI and machine learning can help to detect suspicious activity more efficiently.
2. Prompt Reporting is Critical
Timely filing of SARs and CTRs is non-negotiable. Delayed or misleading reports hinder law enforcement efforts, risking financial and reputational damage. Institutions must invest in real-time reporting systems and reduce manual processes, which can improve the speed and accuracy of reporting.
3. Internal Control and Accountability
Lapses in monitoring employee activities or high-risk transactions can lead to severe consequences. Ensuring accountability at every level, from employees to executives, is critical for compliance. High-risk activity must also be monitored internally, as the case of TD Bank highlights the need to control insider risks. Developing a culture of compliance with a sufficient whistleblower mechanism can mitigate the risks of employees participating in illegal activities.
4. Adequate Resources and Oversight
Institutions must allocate sufficient resources, technology, and staff to maintain compliance, especially when managing complex cross-border or high-volume operations. Internal governance structures should be reviewed and strengthened regularly to identify potential weaknesses. Regular independent reviews, stress tests and scenario planning should be done to ensure that the AML programme can adapt to evolving risks and new technologies. Increasing budgets is not enough, there must be a strategic allocation of resources to areas of high-risk and to streamline compliance operations without losing assurance.
5. Prompt Reporting is Critical
Financial institutions need to stay proactive in addressing known high-risk areas, such as funnel accounts or peer-to-peer transactions (e.g., Venmo, Zelle), that may be exploited for illicit purposes.
6. Internal Controls and Accountability
Banks in particular need to ensure that all relevant KYC/CDD data is up to date and customers have appropriately nominated risk profiles. Updating customer profiles should not be seen as a one-time effort but rather a continuous process, as risk profiles can change quickly. Ongoing customer due diligence should be implemented to ensure that any changes in risk are quickly flagged. Many of these processes can be automated through the use of RegTech solutions.
Closing Thoughts
TD Bank’s substantial fine and the imposition of an independent monitor reflect the increasing scrutiny of AML programs in the financial industry. This case underscores the critical need for institutions to prioritise compliance, ensure strong governance, and continuously improve monitoring systems to safeguard against criminal activity. It sends a clear message to financial institutions that non-compliance will not be tolerated and that regulatory bodies are willing to impose heavy fines and even growth restrictions to ensure that obligations are taken seriously.
Remediation can be a complex and resource-intensive task for financial institutions, especially when faced with tight deadlines from regulators and a large customer base. KYC360 streamlines this process allowing you to automate manual processes and freeing up your team to focus on commercial objectives. Our remediation solution is scalable and fully implemented in our CLM solution, which means it can be easily adapted and reused for new challenges. Whether you need assistance with people, process or technology, our trusted partner ecosystem means we can support you across all areas of remediation.
Our Customer Lifecycle Management SaaS Platform takes care of all aspects, from creating the right first impression with rapid risk-based onboarding, through to award winning screening and KYC refresh that enable your business to:
- Realise massive operational efficiencies
- Achieve rapid ROI through the speedy deployment of our no code solutions
- Master complexity with solutions that evolve as regulations change
All at the same time as delivering even higher levels of compliance assurance.
