Next, I explore the TD Bank AML/BSA enforcement action by looking at the expansion of the Caremark Doctrine. In the McDonald’s case, the Delaware Court of Chancery took the Caremark Doctrine further by applying the Duty of Loyalty to officers and Directors. In that case, styled In re McDonald’s Corporation Stockholder Derivative Litigation (McDonald’s herein), the Delaware Court of Chancery for the first time extended the Caremark Duty to officers, in addition to Directors. Here, the Court stated, “Diverse authorities indicate that officers owe a fiduciary duty of oversight as to matters within their areas of responsibility. Those authorities include the reasoning of the original Caremark opinion, the Delaware Supreme Court’s holding that the duties of officers are the same as those of directors, decisions from other jurisdictions and academic commentary, and the additional duties that officers owe as agents. This decision confirms that officers owe a duty of oversight.”

Expansion of Caremark to Officers

Caremark created an affirmative duty for the Board to engage in oversight. The Caremark court formulated a “more functional terminology that species of claim can be called an “Information- Systems Theory” of Board liability, also known as “Prong-One” Board liability. In this case, a plaintiff typically pleads a ‘Red Flag Theory’ or Prong-Two Caremark claim by alleging that the board’s information systems generated red flags indicating wrongdoing and that the directors failed to respond. In McDonald’s, the Court expanded both Prong-One and Prong-Two liability to officers.

The Court of Chancery listed three key sources for expanding this duty from Boards to officers.

1. Management runs a company. While the Board oversees management, “most corporations are managed ‘under the direction of’ the board.” However, “the officers are charged with, and responsible for, running the corporation’s business.” Therefore, “Because of this reality, “[m]onitoring and strategy are not exclusively the dominion of the board. Nondirector officers may be more capable of making oversight and strategic decisions daily.”
2. Boards depend on information from management. Here, the court noted that “For relevant and timely information to reach the board, the officers who serve as the day-to-day managers of the entity must make a good faith effort to ensure that information systems are in place so that the officers receive relevant and timely information that they can provide to the directors.” From this, “it follows that officers must have a duty to make a good faith effort to establish an information system as a predicate to fulfilling their obligation to provide information to the board.”
3. Compliance systems are required under the USSG. The US Sentencing Guidelines (USSG) mandate that “high-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline.” This requirement includes, “Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program.” The USSG goes on to define an organization’s “high-level personnel“ as “individuals who have substantial control over the organization or who have a substantial role in the making of policy within the organization,“ which includes “a director; an executive officer, an individual in charge of a major business or functional unit of the organization, such as sales, administration, or finance; and an individual with a substantial ownership interest.“ This has the added benefit of putting compliance professionals directly in the path of liability created by this decision.

Interestingly, even as the Delaware courts had not explicitly expanded the duty of oversight to officers, the court found some support in bankruptcy court decisions. The Delaware court found that Prong-One Information Systems and Prong-Two Red Flag claims were available against officers under certain circumstances. The Delaware court concluded this section: “All preceding authorities start from the premise that officers owe the same duties as directors. Because directors owe a duty of oversight, these authorities reason that officers owe a duty of oversight. That logic is sound.”

The Delaware court also noted that officers have fiduciary duties to the corporation akin to those duties that agents owe their principals. The court pointed to a prior Delaware decision in Hampshire, which “recognized a standard of conduct at the officer level that included a duty to act carefully, loyally, and in good faith to gather and provide information, with the standard of liability for the care dimension of the duty measured by gross negligence. By recognizing the duty to provide information, Hampshire lays the foundation for an officer-level duty consistent with an Information-Systems Theory.“ The Court also found there is officer accountability to the Board, which supports this extension of the duty of oversight to officers.

Officer Actions

From the Information in the TD Bank matter, we have the following, “During the relevant period, Defendants willfully failed to maintain an adequate AML program at the Bank. At various times, high-level executives including those in Global AML Operations, in senior executive management, and on the TDBUSH Audit Committee—specifically including an individual who became Defendants’ Chief Anti-Money Laundering Officer (“Chief AML Officer”) during the relevant period (Individual-1) and the Bank’s BSA Officer (Individual-2)—knew there were long-term, pervasive, and systemic deficiencies in the Defendants’ U.S. AML policies, procedures, and controls.

 The Defendants did not substantively update the Bank’s automated transaction monitoring system from at least 2014 through 2022— including addressing known gaps and vulnerabilities in the TDBNA’s transaction monitoring program—despite increases in the volume and risk of its business and significant changes in the nature and risk of transactional activity. In addition, during the relevant period, TDBNA monitored only approximately 8% of the volume of transactions because it omitted all domestic automated clearinghouse (“ACH”) transactions, most check activity, and numerous other transaction types from its automated transaction monitoring system.

 Due to this failure, the Bank did not monitor approximately $18.3 trillion in activity between January 1, 2018, and April 12, 2024. At the same time, Bank senior executives repeatedly prioritized the “customer experience“ over AML compliance. They enforced a budget mandate, referred to internally as a “flat cost paradigm,“ that set expectations that all budgets, including the AML budget, would not increase year over year.

Is all of this enough to invoke Caremark liability for officers? Perhaps when you consider the additional facts as reported in the Information Bank, senior executives repeatedly prioritized the “customer experience“ over AML compliance and enforced a budget mandate, referred to internally as a “flat cost paradigm,“ that set expectations that all budgets, including the AML budget, would not increase year-over-year. The Defendants’ failures to appropriately fund the Bank’s AML program and to adapt its transaction monitoring program resulted in a willfully deficient AML program that allowed three money laundering networks to exploit the Bank and collectively transfer over $670 million through TDBNA accounts. At least one scheme had the assistance of five store insiders at TDBNA.

 At one point, the Information reported that the AML compliance program budget was reduced by 2021 to an amount lower than budgeted for the program in 2018. Further, both the Chief Anti-Money Laundering Officer (“Chief AML Officer”) and the Bank’s BSA Officer (Individual-2) touted their ability to stay within the budgetary constraints in their self-assessments as positive. Finally, Individual-1 referred to the Bank’s “historical underspend“ on compliance in an email to the Group senior executive responsible for the enterprise AML budget, yet the US-AML budget essentially stayed flat. GAML and US-AML employees explained to the Offices that budgetary restrictions led to systemic deficiencies in the Bank’s transaction monitoring program and exposed the Bank to potential legal and regulatory consequences. In other words, the Bank’s AML officers were well aware of the shortcomings in the Bank’s AML program yet did nothing to remediate or ameliorate these deficiencies.

 The bottom line is that if there is ever going to be a case to validate the expansion of the Caremark Doctrine to include officers, this is likely the case.