Artificial Intelligence and Cybersecurity : …
TD Bank Faces Historic $3 Billion Fine: A Look at AML Shortcomings and Key Insights on Building a Resilient Compliance Program
On October 10th, it was announced that TD Bank will pay $3.09 billion to several U.S. regulatory bodies, including the Office of the Comptroller of the Currency (OCC), the Department of Justice (DoJ), and the Financial Crimes Enforcement Network (FinCEN), for systemic violations of the Bank Secrecy Act (BSA) and failures in its anti-money laundering (AML) program. The fines resulted from TD’s involvement in enabling the movement of over $670 million through money-laundering schemes over a 6-year period, detailed in FinCEN’s Consent Order. The bank's underfunded AML system failed to detect or prevent these illicit transactions.
The penalties highlight the persistence of issues TD Bank faced in 2013 with the Scott Rothstein Ponzi scheme. After the 2013 enforcement, TD Bank committed to improving its AML controls, including better transaction monitoring and internal governance. However, the 2024 violations show many of these promised changes were either incomplete or ineffective, and despite prior commitments, the bank's Transaction Monitoring System (“TMS”) remained underfunded and understaffed. The lack of accountability and effectiveness of TD Bank’s AML program led to one of the largest penalties ever assessed under the BSA and highlights the importance of an effective AML framework.
Sia Partners has designed a framework for an effective BSA/AML program applicable to all covered financial institutions (e.g. Banks, Trusts, Broker Dealers, etc.), broken down into 6 key program areas that can be utilized to prevent the issues identified within the Consent Order.
Governance is the backbone of the Sia Partners framework as its presence is found in each of the other 5 pillars. For an effective BSA/AML program to function, those on the governance team are responsible for:
The governance of TD Bank’s AML program was described as “siloed” and ineffective as the BSA Officer responsible for overseeing compliance had insufficient control over key aspects of the AML program, including a lack of authority over the AML Technology Head, who oversaw the Transaction Monitoring system, as well as the Head of AML Operations. This structure led to TD Bank’s BSA Officer not being accountable for persistent control gaps within the program and no evidence was found that the BSA Officer ever raised concern about the structure to the Board.
A successful AML framework prioritizes a sustainable governance structure with:
Risk assessment programs are typically structured in a systematic manner to ensure coverage of all relevant areas, which include the assessment of the institution’s inherent risks and control structure to determine the institution’s residual risk. Institutions conduct risk assessments on a periodic basis and in ad-hoc situations such as when a new product and service is added. The results of these assessments help senior management understand where the compliance risks reside.
TD Bank’s methodology to assess risk across its entire AML program, via its annual assessments, was inadequate and overlooked key risk and control factors that materially impacted the analyses of the Bank’s risk profile. The assessments lacked depth and specificity, which prevented AML management from accurately assessing the BSA/AML risks associated with the bank. Inaccurate risk assessments, which included inconsistent risk ratings of certain bank products, demonstrate the bank lacked an understanding of the illicit financial activity risks within products and services it offered.
A risk assessment program should be integrated into all aspects of the business and should include a detailed understanding of the businesses offerings in order to properly assess risks.
Employee training should focus on a financial institution’s internal policies, roles, and procedures to create accountability and risk reduction in the workplace. Training should be tailored to the individuals’ responsibilities. Resources should be proportional to alert volume and should be adaptable to changing volumes and lookbacks. Under-resourcing led to prolonged backlogs and contributed to missed SAR filings at TD Bank.
Insufficient training remains a systematic problem, and the consent order claims, “TD Bank’s AML management failed to properly ensure the requisite employees received appropriate training”.
A successful AML framework prioritizes an adaptable operations structure with knowledgeable team members, including:
Internal controls are the foundation on which policies and procedures are written. Effective internal controls for Transaction Monitoring and Regulatory Reporting include alert generation modules, which provide full transaction coverage, so alerts are reviewed and dispositioned correctly and within SLA, the proper identification of reportable transactions through Suspicious Activity Reports (“SARs”), and processes for taking additional actions to remove the identified risk from the platform.
TD Bank’s transaction monitoring system was found to be outdated and failed to cover key areas of risk, for example a significant number of ACH transactions were not monitored. Additionally, TD Bank failed to file timely SARs in several instances, including large Ponzi Schemes and customer accounts with ties to suspicious transactions across jurisdictions. In most cases, SARs were only filed after external law enforcement inquiries or when serious investigations were already underway.
A successful AML framework prioritizes a comprehensive alert investigation process with
Establishing roles and responsibilities for the 1st, 2nd, and 3rd line is critical for ensuring there is proper segregation of duties, and the necessary controls required are being implemented through the organization.
TD Banks failures mentioned throughout the consent order highlight a failure to establish roles and responsibilities between the various lines of defense. Negligence within the AML department around deficient policies and procedures, inadequate staffing, outdated trainings, and a siloed governance structure represents how proper segregation of duties was ignored and the necessary controls were not implemented.
Between 2018 to 2020, TD Bank’s Internal Audit identified issues such as inadequate staffing, high-risk jurisdictions not properly monitored, and past-due reviews for up to three years, and appropriate actions weren’t taken.
Clearly delineated lines of defense ensure that everyone has a role to play in effectively mitigating AML risks.
Tools and systems help a program function efficiently and ensure that compliance teams have the necessary information to correctly mitigate risk. A strong AML program relies on technology & systems to correctly identify money laundering typologies and red flags such as:
TD Bank’s failure to invest in the technology necessary to implement its program, which required a functioning transaction monitoring system, led to failures to identify and timely report money laundering activity. In late 2019, TD Bank decided to consider changing vendors for its transaction monitoring system but did not select the successor system until early 2021. The new transaction monitoring system only began a phased implementation in August 2024 and will continue roll out in phases extending in 2025.
A successful AML framework prioritizes robust models and tooling designed for the needs of the program, with
Following these violations, TD Bank has agreed to remediate several key areas, including upgrading its TMS with advanced scenarios to detect suspicious activity, hiring over 700 AML specialists to address staffing shortages, establishing a BSA/AML oversight committee, and appointing new leadership. The bank is also improving customer due diligence processes for high-risk customers and conducting a SAR lookback to review and report previously missed suspicious transactions. By addressing these critical gaps, TD Bank can rebuild trust with regulators and avoid further costly fines. The issues addressed above highlight the necessity to apply a comprehensive and effective framework to every BSA/AML program.