US authorities found deficiencies in TD Bank’s AML programme, including failures in updating its transactions monitoring system and identifying suspicious activity. What lessons can banks take from the historic settlement?
Shutterstock.com/CineCam
On 10 October, Canada’s TD Bank agreed to pay more than US$3 billion in penalties to four US agencies for violations of the Bank Secrecy Act of 1970 (BSA) and failure to prevent money laundering.
TD Bank’s US branch, the tenth largest bank in the country, pleaded guilty to conspiring to fail to maintain an anti-money laundering (AML) programme that complied with the BSA.
As part of the enforcement action, the US Department of Justice (DOJ) and Financial Crimes Enforcement Network (FinCEN) have imposed a three-year and four-year independent monitorship to oversee the bank’s remediation to its AML programme.
TD Bank will pay a US$1.3 billion penalty to FinCEN, US$1.8 billion to the DOJ and US$123.5 million to the Federal Reserve Board as part of the settlement. Additionally, the Office of the Comptroller of the Currency (OCC) imposed a US$434 billion asset cap on TD Bank’s US operations and assessed a US$450 million civil money penalty on the bank.
On 22 August 2024, the bank announced in its quarterly financial report that it had set aside US$2.6 billion, adding to an earlier US$450 million provision, to finance penalties set to arise from probes into its AML programme.
The landmark settlement marks the first time a US bank has pleaded guilty to conspiracy to commit money laundering, and makes TD Bank the largest lender in US history to plead guilty to failures under the BSA.
Lexology PRO explores the failures in TD Bank’s AML programme and key lessons banks and other businesses can apply to implement effective compliance within the organisation.
TD Bank “chose profits over compliance”
According to a filing by the DOJ on 10 October 2024, between January 2014 and October 2023, TD Bank failed to appropriately fund its AML compliance programme due to its “flat cost paradigm,” maintaining the same budget despite new risks and increased profits.
During that period, the bank failed to substantively update its transaction monitoring system and adapt its AML programme to address known deficiencies, emerging risks, and new banking products, the DOJ outlined.
Attorney General Merrick Garland said that “TD Bank chose profits over compliance with the law – a decision that is now costing the bank billions of dollars in penalties.”
TD Bank’s apparent failures included not identifying suspicious activity from employees, and failing to file suspicious activity reports (SARs) on thousands of transactions totalling US$1.5 billion.
Similarly, unusual transaction referrals (UTRs), reports by bank staff of potentially suspicious conduct, were poorly managed. The DOJ found that the UTR team was understaffed as part of the bank’s profit over compliance approach.
FinCEN found that TD Bank’s processing of peer-to-peer transactions was insufficient and added that the bank failed to report these transactions to FinCEN.
TD Bank also failed to monitor automated clearing house (ACH) transactions, according to the DOJ, which found that the bank monitored just 8% of all transactions because it omitted all ACH deals and other transactions. This failure meant that US$18.3 trillion worth of activity went unmonitored by the bank between 1 January 2018 and 12 April 2024.
The DOJ said that these failures allowed corrupt bank employees to facilitate criminal network’s laundering of tens of millions of dollars.
Key AML compliance lessons for businesses
As a result of deficiencies in its AML programme, US regulators have adopted several remedial measures for TD Bank. For instance, FinCEN is imposing its first-ever accountability and data governance reviews on TD Bank, looking to assess the failure to escalate by bank staff and identify causes and fixes for its AML programme.
TD Bank has begun to address the AML failures identified by the authorities, with chair of the board Alan MacGibbon stating in a press release on 10 October 2024 that “enhancing our [AML] program and meeting our obligations today and into the future is the number one priority of the board and management.”
Banks should consider taking the following steps to develop and maintain a BSA 2017-compliant AML programme.
Continuous transaction monitoring
The DOJ found that TD Bank failed to update its automated transaction monitoring system to address known gaps and deficiencies.
Banks can use transaction monitoring to identify unusual patterns of activity which can then be escalated to senior management. Transaction monitoring systems should be updated regularly to ensure that banks are kept abreast of new risks.
Employ a BSA compliance officer
The BSA requires the bank’s board of directors to appoint a BSA compliance officer.
A joint statement on the enforcement of BSA and AML requirements by several federal agencies (including the OCC) issued in 2020 outlines that the designation of a qualified individual or individuals as the BSA compliance officer is one of five pillars needed for an effective BSA compliance programme.
The BSA compliance officer coordinates and monitors day-to-day compliance with BSA regulatory requirements and implements BSA/AML policies and procedures.
To work effectively, the BSA compliance officer must have clear communication channels with the bank’s senior management and board of directors. Leadership should also be actively involved in overseeing the effectiveness of a bank’s compliance programme.
Among its efforts to improve its AML programme, TD Bank has appointed a new US head of financial crime risk management and BSA/AML officer, in addition to 40 new leaders and more than 700 new AML specialists to strengthen its AML teams and transaction monitoring divisions which the DOJ had previously found were “understaffed.”
Manage and assess AML risk
The Anti-Money Laundering Act of 2020 (AMLA), enacted as part of the National Defense Authorization Act 2020, requires financial institutions to implement compliance programmes that include a stringent money laundering (ML) and terrorist financing (TF) risk assessment programme.
This Lexology PRO guide outlines how to assess an organisation for ML and TF risk including identifying inherent and residual risks and applying risk-based controls.
TD Bank set out to deploy data-driven technology to build long-term sustainable risk mitigation, as part of its steps to remediate its AML programme.
Continuous ML and TF risk assessment helps to create an effective compliance programme that can improve and evolve to address new risks, such as conflict and related sanctions.
Identify and file SARs efficiently
Under the BSA, FIs must keep, file reports and report suspicious activity that might suggest money laundering, tax evasion, and other criminal activities.
TD Bank’s failure to file SARs on thousands of suspicious transactions totalled US$1.5 billion, according to FinCEN. The bank has engaged an independent consultant as part of FinCEN’s compliance monitoring. The consultant will conduct a historical analysis of the bank’s transaction data, also known as a “SAR lookback”, to remediate the SAR filings that TD Bank missed due to its control failures.
This Lexology PRO guide helps in-house counsel and legal teams identity suspicious activity and make a SAR, including information on how FinCEN will share the information with law enforcement. This Lexology PRO checklist further outlines how banks should initially respond to a report of suspicious activity.
Enhanced customer due diligence and monitoring BSA compliance
According to the BSA/AML manual from the US Federal Financial Institutions Examination Council (FFIEC), a cornerstone of a strong AML compliance programme is to adopt and implement risk-based customer due diligence policies and processes for customers, particularly those that present a higher risk for ML and TF.
This Lexology PRO guide outlines how to monitor BSA compliance, including having appropriate risk-based procedures for conducting ongoing customer due diligence. The guide also highlights the need for banks to understand the ML and TF risks of their customers and implement a customer risk profile.
Provide resources to and train AML staff
In a first for the regulator, FinCEN has imposed accountability and data governance reviews on TD Bank to assess the involvement or failure to escalate by TD Bank personnel.
For example, in 2021 a TD Bank employee facilitated the laundering of narcotics proceeds in exchange for bribes, according to FinCEN. The employee allegedly opened numerous accounts that funnelled millions of dollars in a high-risk jurisdiction where TD Bank did not operate.
The potential involvement of TD Bank staff in money laundering could have been prevented by screening employees in AML compliance positions, including ongoing screening as appropriate.
Training staff on preventing ML and TF is key to a successful AML compliance programme. At minimum, the training should include employees whose duties require BSA and AML knowledge.
Independent testing for AML and BSA compliance
Banks should engage an independent auditor to verify compliance with the BSA.
Independent testing helps to determine if the financial institution’s policies and procedures align with the institution’s risk profile, and whether the financial institution is adequately adhering to its policies and procedures and maintaining BSA compliance.