What led TD Bank to receive the largest fine to date under AML law, and what should financial institutions do now?
On October 10th 2024, US Attorney General, Merrick B Garland, announced that TD Bank had pleaded guilty to multiple felonies under the Bank Secrecy Act and Money Laundering Conspiracy violations. TD Bank agreed to pay a total penalty of just over $3 billion, made up of a $1.7bn criminal fine and $1.33bn of civil fines. Added to this is a capital growth cap, an internal monitor and a Deferred Prosecution Agreement.
Every relevant commentary, from the US Department of Justice (DoJ), Financial Crimes Enforcement Network (FinCEN), Office of the Comptroller of the Currency (OCC) and others makes it very clear that TD Bank ‘wilfully conspired’ in failing to maintain an Anti-Money Laundering (AML) programme that complied with the US Bank Secrecy Act. This is a shocking statement – TD Bank wilfully and knowingly were complicit in a range of significant and wilful AML failures. These failures stretched over the last decade but came to a head in the last five years.
Deputy Attorney General, Lisa Monaco, said, “Every bank compliance official [in America] should be reviewing today’s charges as a case study of what not to do. And every bank CEO and board member should be doing the same. Because if the business case for compliance wasn’t clear before — it should be now.”
The findings relating to TD Bank, and what underpinned them, should be relevant and of interest to all Compliance Officers, Senior Management and Boards in financial institutions in the UK, Europe, the Middle East and elsewhere.
In this article, Bruce Viney sets out the key issues that led to the fine and provides guidance on some of the lessons that financial institutions should apply to ensure that their AML programmes are robust and free of any of the issues apparent in the case of TD Bank.
All references to currency in this article are in USD.
What happened at TD Bank?
As FinCEN points out, for over a decade TD Bank failed to update its money laundering compliance programme to address known risks. As bank employees commented, this made the Bank an ‘easy target’ for the ‘bad guys’ - whether these were external criminals or rogue employees.
In 2021, a TD Bank employee facilitated the laundering of narcotics proceeds on a large scale, in exchange for bribes. This involved millions of dollars being funnelled through shell companies in high-risk jurisdictions. Again, FinCEN points out that TD Bank knew that this type of activity was not subject to appropriate controls and failed to mitigate this risk.
At the heart of the current enforcement action are the following key money laundering cases:
Da Ying Se, known as ‘David’, was a money launderer, primarily laundering money from the sale of illicit narcotics. Having tried to launder money through other banks, he finally settled on TD Bank as it had the most permissive policies and procedures. To increase the chances of success and to facilitate his money laundering, David bribed TD Bank employees with gift cards valued in aggregate at $57,000, to ensure that they would take no action even when David’s activities comprised obvious illegal conduct.
David used TD Bank branches to launder $474m. Over three years David used a variety of methods, including shell companies, nominee accounts and mules to move the money. He used illicit cash to buy official bank cheques and to back personal cheques, as well as making large numbers of international and domestic wire transfers to thousands of individuals and entities in the USA, China, Hong Kong, and elsewhere. On several occasions he deposited more than $1m in cash over the counter in a single day. Once deposited, the money would be immediately moved out of the account.
The DoJ pointed out that there were many instances of concerns in relation to David’s actions at all levels of the Bank. For example:
- In 2020, one TD Bank Store Manager emailed another Store Manager writing ‘You guys really need to shut this down LOL’
- In the same year another Store Manager wrote to his supervisors ‘It is getting out of hand and my tellers are at the point where they don’t feel comfortable handling these transactions.’
- In 2021, one TD Bank store employee saw that David’s network had purchased more than $1m in official bank cheques in cash in one day. The employee wrote ‘How is that not money laundering.’ A back-office employee responded, ‘Oh it 100% is.’
Five TD Bank employees conspired with criminal organisations to open and maintain accounts at TD Bank that were used to transfer $39m in illicit funds to Colombia.
This scheme reused the same Venezuelan passports to open multiple accounts at TD Bank. On several occasions, the same passport was used to obtain multiple debit cards for a single account. The five bank staff are alleged to have acted to overcome internal controls and freezes to ensure the operation ran smoothly.
Despite significant internal red flags, TD Bank did not identify its employees’ involvement in moving up to $39m in illicit funds. The scheme was brought to a halt only after law enforcement had arrested one of the relevant TD Bank staff members.
Another money laundering network maintained accounts at TD Bank for at least five shell companies and used those accounts to move illicit funds.
TD Bank staff flagged suspicious activities on these accounts, but TD Bank did not file a Suspicious Activity Report (SAR) until law enforcement alerted the Bank. By then, the accounts had been open for 13 months and nearly $120m of illicit funds had passed through them.
In addition to the above three cases, TD Bank failed to identify and report on a suspected human trafficking operation, which used TD Bank services to move $3.5m, despite a range of red flags. The transaction monitoring system failed to detect the fact that actual transactions showed material variations in value and volume from the expected activities of the client. TD Bank filed a SAR only once they were prompted by law enforcement.
Where did TD Bank go wrong?
TD Bank failed to update its financial crime controls over a period of a decade.
As the Bank pursued its policy of expansion into USA, the compliance programme failed to grow with the new risks that were associated with the expansion.
For UK financial institutions, it is worth remembering that the FCA issued a ‘Dear CEO’ letter in March this year, which specifically highlighted the danger of ‘…discrepancies between firms’ registered and actual activities, and lack of Financial Crime controls to keep pace with business growth’ (emphasis added).
For example, the plea agreement highlights that TD Bank did not automatically monitor domestic automated clearing house transactions, most cheque activity and other types of transactions and failed to meaningfully monitor transactions involving high-risk countries.
Between January 2018 and April 2024, TD Bank failed to monitor approximately $18.3 trillion worth of transaction activity, which allowed hundreds of millions of dollars connected to crime and criminal organisations to flow through the Bank.
As well as failures relating to transaction monitoring, TD Bank’s AML programme was deficient in other ways:
Customer Due Diligence (CDD)
TD Bank failed to maintain appropriate risk based CDD procedures, which significantly impeded the Bank’s ability to understand its customer-based and associated risks. This included:
- Failing to respond to material changes in customer activities
- Failure to apply or to update customer risk assessments
- Inadequate CDD and monitoring of designated high-risk customers.
Filing of Suspicious Activity Reports (SARs)
As highlighted above, on a number of occasions, clear red flags did not result in SARs until law enforcement notified TD Bank of the issue. FinCEN identified thousands of SARs, totalling up to $1.5bn, which were not submitted, but should have been, due to backlogs. In addition, FinCEN said that TD Bank’… wilfully failed to file over 6,000 SARs related to $5m in transaction values.’
When TD Bank did file SARs, it had inadequate resources and controls to ensure that those who were the subject of SARs were either subject to additional controls or exited. This meant that for three years, these customers continued to receive, in aggregate, $5bn into their accounts.
Training
FinCEN highlights a number of failures in training that materially contributed to the significant weaknesses in the TD Bank AML programme. These included:
- A lack of tailoring to appropriate personnel relating to relevant risks and typologies. For example:
- TD did not tailor its training for both AML compliance personnel investigators and “frontline” retail branch personnel
- Even after detecting funnel activity, including multiple debit cards, and high levels of ATM usage, no updated training on red flags was provided.
- Insufficient direction on evaluating unusual transaction reports.
- Improper training relating to filing of currency transaction reports.
The Flat Cost paradigm
TD Bank’s Senior Management prioritised a flat cost budgeting approach, which mandated that the Bank’s budget remain unchanged year-on-year. Despite Senior Management’s knowledge of long-standing issues with the AML programme, the flat cost budgeting approach ensured that TD Bank’s AML controls were under resourced, not attuned to the growth in business and not geared towards new and emerging red flags.
This budgeting constraint ensured that systems were not updated and, according to FinCEN ‘…AML staffing was not proportionate to its size, risk profile and ongoing compliance concerns.’
‘When a host of significant AML compliance issues arose the Bank consistently chose to address them in the least costly way possible, even if it meant ignoring failures and refusing to meaningfully remediate issues and prevent recurrences.’
Governance
Tellingly, during the relevant period, the annual assessment of the Global Head of AML noted as an accomplishment their ability to ‘…develop the [AML] program within a flat cost paradigm without compromising risk appetite.’
TD Bank had a governance structure that led to a lack of control or accountability for the Bank’s AML programme. There was a lack of oversight of the Bank’s high-risk operations, which went on unabated for years.
The reporting structure for the BSA officer ‘led to complications’ as weaknesses of reporting lines, unsupervised delegation and a lack of accountability all served to weaken any governance and oversight.
Culture
It is clear that TD Bank lacked an AML culture. Senior Management’s focus on business growth, while restricting the AML programme budget is indicative of a poor attitude to money laundering risks and related compliance. Weak governance and reporting lines served to exacerbate this.
FinCEN points out that TD Bank appointed ‘…multiple AML managers without any prior experience in AML…’ in direct contradiction to regulatory guidance.
The staff emails highlighted earlier demonstrate a surprisingly lax approach to red flags and suspicions of money laundering.
In addition, it has been widely reported that staff joked about the TD Bank tag line ‘America’s most convenient bank’, commenting that TD Bank was ‘…most convenient for criminals.’ Attorney General, Merrick Garland, on the other hand, said, ‘TD Bank created an environment that allowed financial crime to flourish. By making its services convenient for criminals, it became one.’
What does TD Bank’s actions mean for my firm?
Enforcement actions generally provide lessons highlighting what firms should or should not do to ensure they are compliant with regulations and best practice. The TD Bank case is a shocking example of wilful conspiracy to reduce AML controls, undermine regulatory and legal compliance and to enable widespread use of the Bank by criminals and money launderers.
Firms can use this case as a benchmark to check and measure their own AML programme. Below are some key points to consider in relation to your firm’s AML controls.
- Is the governance structure appropriate, responsive to and reflective of the firm’s activities and related AML and other financial crime risks?
- Are Senior Management, including the Board, fully aware and understanding of the AML risks, their identification, assessment and mitigation? Are they able to describe them and do they actively ensure their application?
- Is there a rigorous, explicit culture that is understood and applied by all staff, and which is unequivocal and clear as a zero tolerance of any failure to identify, respond to or prevent money laundering?
- Is the AML programme, including policies and procedures, fully and appropriately reflective of the firm’s profile, including any growth in the business or changes in products, operations or risk?
- Is any transaction monitoring technology appropriately set up, are cases managed and processed on a timely and informed basis?
- Is the Compliance function sufficiently resourced in terms of both numbers and experience of staff concerned? Is there clear and explicit support from Senior Management and does the function retain full independence from the business?
- Is there an ongoing programme of training for staff which is up to date, tailored to roles and risks and which provides practical guidance on identifying and responding to red flags?
- Is there a clear system for staff to report suspicious activities to the MRLO?
Canada’s Globe and Mail reported recently that all of TD Bank’s 97,000 staff have been told that ‘dropping LOL into emails or texts’ about working with criminals, will be a career ending move. Whilst it seems clear that TD Bank is keen to move on from this “difficult chapter” in its history, the enforcement will serve as an important warning of the dangers of failing to maintain an adequate AML programme for a long time to come.
Financial Crime and AML Training
At CCL Academy, we understand that staying compliant with AML regulations is not just about ticking boxes—it's about fostering a culture of integrity and vigilance within your organisation.
Our AML and Financial Crime training programmes are designed to equip your teams with the practical knowledge and skills needed to detect, prevent, and report suspicious activity effectively.
If you're looking for Financial Crime training for your firm, Compliance Team, or Senior Management & the Board, get in touch. We offer:
- eLearning modules for your front & back-office staff
- Classroom training for the front office, MLROs & FCC staff
- The MLRO CPD Programme, a live, 12-month CPD programme for MLROs
- Senior Management & Board training
- On-Demand tutorials for those responsible for ongoing Financial Crime Compliance training
To learn about our practical, case-study-led courses and related training resources concerning AML and Financial Crime, get in touch.
About the Author
Bruce has been working in financial services for nearly 40 years, 25 of these as a learning professional focusing on compliance for a wide range of financial services companies, mainly through the analysis, design, creation and implementation of global training programmes for Tier 1 Banks and FTSE 100 companies. He has been Global Head of Compliance Learning for such firms three times and has provided compliance learning consultancy to similar companies many times.
Bruce has also provided compliance training and consultancy in other fields such as real estate, industrial supply chains, charities, payment services providers, gambling and casinos and many others.
A former Director of Training for CISI, Bruce has extensive experience of compliance and financial services-related qualifications and qualified as a Chartered Accountant with Price Waterhouse (as it was then known).
Bruce provides excellent training events on compliance, with a specific focus on financial crime, including all aspects of anti-money laundering, anti-bribery and corruption, fraud and sanctions.