Tag: complaince

Categories
Blog

TD Bank: Part 2 – When Profits Trump Compliance: A Recipe for Corporate Disaster

We continue our exploration of the resolution of the AML/BSA enforcement action involving TD Bank US (the Bank), which is wholly owned by TD Bank Group, a publicly traded (NYSE: TD) international banking and financial services corporation headquartered in Toronto, Canada. TD Bank Group is one of the thirty largest banks in the world and the second-largest bank in Canada.

The enforcement action came in with a $3 billion penalty against the Bank, which has pled guilty to charges relating to the Bank Secrecy Act (BSA), which requires financial institutions to maintain programs to detect and report suspicious activity by their customers. The Bank also settled a series of civil investigations by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the Federal Reserve, and the Office of the Comptroller of the Currency (OCC), which mandated a Monitor to oversee the building out of the Bank’s compliance program and imposed an asset cap limiting the growth of the Bank’s U.S. retail business as a result of the breakdown of its controls.

This TD Bank case is right up there with Siemens, Petrobras, Odebrecht, Goldman Sachs, and Volkswagen as some of the most basic violations of corporate law we have ever seen. All of the above cases involved bribery and fraud, and the Bank case involved a violation of the most basic requirement of the BSA and the most basic tenets of an anti-money laundering compliance program. Moreover, the Bank’s conduct was not 20 years ago or even 10 years ago, as the conduct began in 2018, and the illegal conduct was right up to this past year. What led to these failures?

Failures at the Top

For the Bank, it all started at the top, where the very senior executives at the Bank decreed that no additional funds would be made available for compliance, compliance updates, or new technological solutions designed to make fulfillment of compliance obligations more efficient. This funding strangulation was termed the “flat cost paradigm” across the Bank’s operations. As a result, the Bank “willfully failed to remediate persistent, pervasive, and known deficiencies in its AML program, including (a) failing to substantively update its transaction monitoring system, which is used to detect illicit and suspicious transactions through the Bank, between 2014 and 2022 despite rapid growth in the volume and risks of the Bank’s business and repeated warnings about the outdated system.”

According to the TD Bank US Holding Company Information, this policy was pursued by the Bank Audit Committee and by the Bank’s Chief Anti-Money Laundering Officer during the relevant period, and the Bank’s BSA Officer both knew there were long-term, pervasive, and systemic deficiencies in the Defendants’ U.S. AML policies, procedures, and controls. This led to the Bank monitoring only approximately 8% of the volume of transactions because it omitted all domestic automated clearinghouse transactions, most check activity, and numerous other transaction types from its automated transaction monitoring system. Due to this failure, the Bank did not monitor approximately $18.3 trillion of transactions between January 1, 2018, through April 12, 2024.

It is not as if the Board of the Bank and its Canadian overlords were unaware of these deficiencies. As far back as 2013, FinCEN and the OCC brought enforcement actions against the Bank for its failures in its AML program. The Bank’s Board of Directors specifically signed off on the resolution of this enforcement action. IN 2018, the OCC characterized the Bank’s “planning, delivery, and execution of AML technology systems and solutions as insufficient. Specifically, the OCC highlighted the delays in implementing multiple AML technology projects and found those delays to be directly linked to nearly all of TDBNA’s outstanding AML program issues.”

Internal Audits at the bank also identified specific deficiencies in the bank’s AML and BSA compliance programs. In 2018, Internal Audit determined that the Bank’s high-risk jurisdiction transaction monitoring scenarios were using an outdated list of high-risk jurisdictions, meaning the bank’s scenarios were not designed to generate alerts on the jurisdictions currently deemed to be high-risk. Again, in 2020, Internal Audit identified AML compliance deficiencies related to the governance and review of transaction monitoring scenarios.

External third-party consultants also identified deficiencies in the Bank’s AML/BSA programs. One consultant “commented that “increased volumes and regulatory requirements” would pressure AML operations to meet demands and deadlines. The same consultant concluded that the Bank’s required testing of its transaction monitoring scenarios— which assessed whether scenarios were adequately capturing suspicious activity— took twice as long as the industry average.” A second consultant noted the Bank had “sub-optimal [transaction monitoring] scenarios” due, in part, to “outdated parameters” that generated a large volume of alerts that limited the Bank’s ability to focus on high-risk customers and transactions.” Finally, a third consultant “identified numerous limitations in the Bank’s transaction monitoring program, including technology barriers to developing new scenarios or adding new parameters to existing scenarios.”

Knowledge at the Bottom

Perhaps the craziest thing about the Bank’s failures in AML/BSA was that everyone was in on the joke: the Board, senior management, Bank employees, and ‘the bad guys.’ One conversation went like this:

AML Technologist: what do the bad guys have to say about us Lol

AML Manager: Easy target

AML Technologist:  damnit

AML Manager: Old scenarios; old CRR; tech agility is poor to react to changes

AML Manager: Bottomline: we have not had a single new scenario added since we first implemented the SAS

Another example cited in the Information was the following: “Other employees, both in AML and retail, consistently commented on the Bank’s instant messaging platform about the Bank’s motto, “America’s Most Convenient Bank,” and directly linked it to the Bank’s approach to AML. For example, a US-AML employee noted that a reason the Bank had not stopped one of the below-referenced money laundering typologies was because “we r the most convenient bank lol.”

Finally, this example from the information section states that “employees at multiple levels understood and acknowledged the likely illegality of David’s activity. In August 2020, one TDBNA store manager emailed another store manager and remarked, “You guys need to shut this down, LOL.” In late 2020, another store manager implored his supervisors (several TDBNA regional managers) to act, noting that “[i]t is getting out of hand, and my tellers are at the point that they don’t feel comfortable handling these transactions.” In February 2021, one TDBNA store employee saw that David’s Network had purchased more than $1 million in official bank checks with cash in a single day and asked, “How is that not money laundering,” to which a back-office employee responded, “oh it 100% is.” “

In his remarks, Attorney General Merrick Garland cited three examples where Bank employees knew money laundering was ongoing.

  1. In February 2021, one TD Bank store employee saw that David’s network had purchased over $1 million in official bank checks with cash in a single day. The employee asked, “How is that not money laundering?” A back-office employee responded, “Oh, it 100% is.”
  2. In a second, separate money laundering scheme, five TD Bank employees conspired with criminal organizations to open and maintain accounts at the bank that were used to launder $39 million to Colombia, including drug proceeds.
  3. In yet a third scheme, a money laundering network maintained accounts at TD Bank for at least five shell companies. It used those accounts to move over $100 million in illicit funds through the bank.

The bottom line is that everyone knows that the Bank facilitated money laundering and BSA violations. Why? The Bank consciously decided not to fund the compliance function or pay for any upgrades or updates, all in the name of its ‘flat cost paradigm.’

I will explore this matter in some depth over the next several blog posts. Tomorrow, I will consider money-laundering schemes.

Resources

 OCC

OCC Press Release

Consent Order 

Civil Money Penalty 

DOJ

TD Bank US Holding Company Information

TD Bank N.A. Information

TD Bank US Holding Company Plea Agreement and Attachments

TD Bank N.A. Plea Agreement and Attachments

Merrick Garland Remarks

Nicole Argentieri Remarks

Categories
Blog

The DOJ Boeing Conundrum

The Department of Justice (DOJ) is currently in a conundrum over its Deferred Prosecution Agreement (DPA) for the Boeing 737 Max crashes. Understanding the implications of the DOJ’s upcoming decision on whether to prosecute Boeing under the existing criminal law is crucial. This decision carries significant weight and presents a multifaceted challenge for Boeing and the broader corporate compliance and governance landscape.

The criminal justice system’s fundamental purpose encompasses several key aspects: retribution, justice for victims, and the rehabilitation of offenders. While straightforward when applied to individuals, these principles become more complex in the context of corporate entities. For the families of the 346 victims of the 737 Max crashes, justice might mean seeing Boeing held criminally accountable, literally with senior executives or even Board members facing criminal charges. This desire for justice is understandable and necessary for those who have suffered immeasurable loss.

However, the broader societal interest in maintaining a safe and reliable aviation industry adds complexity. Ensuring that Boeing undergoes a cultural shift towards prioritizing safety over profit is crucial to preventing future tragedies. This balance between justice for the families of the crash victims and ongoing public safety is at the heart of the DOJ’s dilemma.

At the core of this issue is Boeing’s corporate culture. The company’s aggressive pursuit of profit and rapid production schedules has led to significant safety oversights. Incidents such as the recent mid-flight door detachment from a Boeing airliner and allegations of using falsified or contaminated titanium underscore ongoing safety concerns. Addressing these issues necessitates a fundamental shift in Boeing’s approach to safety and governance.

Compliance officers face the daunting task of ensuring that DPAs are effectively implemented. Boeing’s situation raises critical questions about the enforcement of DPAs, the criteria for determining violations, and the appropriate remedies when violations occur. The rarity of formal DPA violations adds to the uncertainty and complexity.

The DOJ’s decision on Boeing involves balancing multiple interests: the victims’ families, Boeing’s employees, the air-traveling public, and the broader economic and national economic and national security implications of Boeing’s operations. As the “People’s Law Firm,” the DOJ must navigate these diverse and often conflicting interests to reach a peaceful resolution.

A key consideration is whether financial penalties alone can drive meaningful corporate reform. Historical evidence suggests that financial penalties, while necessary, may not suffice to instill lasting cultural change. More stringent measures, such as operational limits and enhanced monitoring, may be required.

The concept of a monitorship is particularly relevant. A monitor could provide ongoing oversight and guidance, ensuring Boeing meets stringent compliance standards. Transparency in monitoring, including public disclosure of monitor reports, could enhance accountability and public trust.

The Federal Aviation Administration (FAA) also plays a crucial role. However, the FAA’s past performance overseeing Boeing raises questions about its ability to enforce safety standards effectively. Ensuring that the FAA undergoes its cultural transformation and maintains rigorous oversight is essential for any comprehensive solution.

Boeing’s status as a major aircraft manufacturer has significant implications for national security and the economy, which makes its case unique. Compliance professionals in other industries must recognize that the consequences of non-compliance can vary significantly based on a company’s strategic importance. While some companies might face severe penalties or even closure, critical industries like aviation may require more nuanced solutions to balance justice and operational continuity.

Compliance officers should closely monitor the DOJ’s handling of Boeing’s DPA. The potential introduction of CEO and Chief Compliance Officer (CCO) certifications for compliance program effectiveness in future DPAs is a significant development. These certifications could greatly impact how compliance programs are designed and evaluated, making it crucial for compliance officers to stay informed and prepared.

The Boeing case underscores the complexities of enforcing corporate compliance in industries with significant public safety implications. The DOJ’s decision will likely set important precedents for future DPAs and compliance practices. As we await the DOJ’s final decision, it’s clear that achieving justice and ensuring safety requires a multifaceted approach, balancing financial penalties, operational oversight, and cultural transformation.

For compliance professionals, the key takeaway from this case is the importance of robust compliance programs and the necessity of adapting to new regulatory expectations. The introduction of CCO certifications, the potential for increased transparency in monitorships, and the evolving nature of DPA enforcement are all critical factors to consider in developing and maintaining effective compliance strategies. Compliance officers must remain vigilant and adaptable, drawing lessons from high-profile cases like Boeing’s to enhance compliance programs and contribute to a safer and more accountable corporate landscape.

Categories
Blog

Incentivizing Compliance

In today’s business landscape, fostering a culture of ethics and compliance is more crucial than ever. It not only ensures legal adherence but also promotes trust, integrity, and long-term success. One powerful tool in achieving this cultural shift is the strategic use of incentives. In this blog post, we will explore the significance of incentivizing ethical behavior within organizations, the role of human resources (HR) in designing effective incentive structures, and how data-driven insights can drive a culture of compliance and integrity.

The Department of Justice’s 2023 ECCP underscored the importance of incentives and rewards in promoting ethical conduct. It asks companies to consider the implications of their incentives and rewards on compliance and ethical behavior. Furthermore, it encourages organizations to provide specific examples of actions taken, such as promotions or awards denied, due to compliance and ethical considerations. This guidance highlights the significance of incentives in driving a culture of ethics and compliance.

When it comes to incentivizing ethics and compliance, the first thought that often comes to mind is financial rewards. While these can indeed send a strong message about the importance of compliance, it’s important to recognize that incentives go beyond monetary compensation alone. In fact, non-financial incentives can be equally effective in driving ethical behavior.

One powerful non-financial incentive is public recognition of ethical behavior. Acknowledging employees who consistently exhibit integrity and compliance can be a powerful motivator for others to follow suit. Whether it’s a simple pat on the back, an ethical award, or a t-shirt identifying an employee as engaging in ethical behavior, these gestures can go a long way in reinforcing the importance of doing business the right way.

To truly embed a culture of ethics and compliance within an organization, incentives should be integrated into the hiring and promotion process. HR plays a pivotal role in this aspect, ensuring that compliance evaluations and rewards are part of an employee’s discretionary bonus. By making compliance performance a key factor in promotion decisions, companies can send a clear message that ethical behavior is valued and rewarded.

Human resources professionals are experienced in implementing incentives and can effectively measure and incentivize behavior. By leveraging data-driven insights, HR can identify key metrics to evaluate compliance performance and align incentives accordingly. This approach ensures that the right type of behavior is driven throughout the organization, reinforcing a culture of compliance and integrity.

From these general guidelines, I have developed six key principles for developing and delivering incentives into your compliance regime.

The Power of Supporting Systems. Compliance incentives alone may not be sufficient to drive desired behavior. To make these incentives stick, it’s crucial to establish a compliance support system that operationalizes pro-compliance incentives at different levels within the organization. These systems reinforce the importance of compliance and make it visible to employees, ensuring consistent commitment throughout the company.

Incentives Must Be for All. Compliance incentives to be implemented at all levels of the company, from senior management to lower-level employees. It’s essential to recognize that compliance professionals and internal audit staff play a vital role in promoting compliance within the organization. By acknowledging their efforts and providing tangible incentives, companies can highlight the significance of compliance and make it an integral part of the company’s DNA.

Global Consistency. In addition to fairness in your incentive program, compliance incentives should be consistent for employees both within and outside of the United States. Global enforcement of the compliance program not only ensures fairness but also enhances the credibility of the incentive system. By treating all employees equally, regardless of their location, companies foster a culture of compliance and ethical business practices.

Designed to Endure. Creating your incentive program to endure is crucial to ensure the longevity of compliance incentives, especially during financial downturns. A counterweight acts as an institutional mechanism that enforces a continued focus on nonfinancial goals, such as compliance. It prevents compliance incentives from being discarded when other goals take precedence. By incorporating a counterweight into the incentive system, companies can maintain their commitment to ethical practices, even in challenging times.

Compliance Incentives Alignment. You must align your compliance incentives to work in an oblique manner, rather than following a linear approach. This means integrating compliance goals into employees’ daily tasks and responsibilities, making it a natural part of their work. By consistently emphasizing compliance as part of the company’s DNA, organizations can foster a culture where ethical practices are valued and rewarded.

Support Systems. Support systems are critically important for the success of compliance incentives. These systems should be in place even during downturns or cutbacks to support compliance and ethical business practices. They should reinforce the importance of compliance and provide employees with tangible incentives to engage in ethical behavior. By documenting compliance actions, companies can also demonstrate their commitment to regulators if necessary.

Incentivizing ethics and compliance is not just a tick-the-box exercise; it is a powerful tool for driving cultural change within organizations. By integrating incentives into the hiring and promotion process, HR professionals can reinforce the importance of ethical behavior. Data-driven insights enable organizations to measure and incentivize compliance effectively. Whether through financial rewards or non-monetary gestures, incentives play a vital role in promoting a culture of ethics and compliance. Let’s embrace the power of incentives and work towards building organizations that prioritize integrity, compliance, and long-term success.

Always remember, compliance incentives do not have to be elaborate or novel; they need to be consistent and aligned with the company’s values. By implementing enduring compliance incentives and creating a counterweight, you can ensure that ethical behavior remains a priority, even in challenging times. Build a culture of compliance and reap the benefits of an ethically driven organization.

Categories
Blog

Mastering ChatGPT: Ethical Challenges of ChatGPT

In this Part 2 of a five-part blog post series, I am considering the revolution wrought by ChatGPT. Today we consider how and, more importantly, why AI developers and industry professionals need to garner insights into the ethical considerations surrounding AI and ChatGPT. With the guidance of AI expert and founder of Red Hat Media, Larry Roberts, we will delve into the complexities of AI ethics, including data privacy, misinformation, bias, and job displacement. Roberts’s extensive field knowledge and experience make him a relatable source for understanding the challenges and best practices in implementing ethical AI solutions. By addressing these ethical concerns head-on, this article will equip you with the necessary tools and knowledge to navigate the ethical landscape of AI development, ensuring responsible and informed decision-making. Say goodbye to uncertainties and us as we demystify AI ethics, paving the way for a more ethically sound AI industry.

Human in the Loop

Human in the Loop (HITL) is an interaction model involving a human operator in AI decision-making. Due to their unpredictability, HITL scenarios often occur when definitive responses are difficult for AI systems to generate without human intervention. HITL emphasizes that human input and collaboration are critical in AI development, as an AI alone may only partially account for unforeseen situations.  Larry Roberts discusses the ‘Human in the Loop’ approach extensively. He highlights examples where human intervention was necessary to prevent unforeseen outcomes, implying the indispensability of human involvement in AI usage and development. Larry reiterates that even with advances in AI technology, human input remains vital to ensure quality results and prevent unexpected consequences.

AI Ethics and Best Practices

AI ethics is the study of the ethical issues related to the development and application of AI. It includes accountability, privacy, intellectual property, discrimination, bias, and job displacement. Fostering a deeper understanding and implementation of AI ethics ensures that advancements in AI technology are a force for good, benefiting humanity as a whole.  Referencing the episode, Larry Roberts provides an in-depth discussion on AI ethics. He emphasizes that understanding the perspectives of AI developers is paramount to accurate assessment and mitigation of bias. Recognizing the issues surrounding job displacement due to AI implementation, Larry suggests the potential of AI to create new opportunities, underlining the necessity of monitoring and adapting to the evolving AI landscape.

Securing Data Privacy and GDPR Compliance

The digital revolution has brought to the fore the importance of securing data privacy and tick-marking all requirements of the General Data Protection Regulation (GDPR) across industries. The speed and sky-rocketing impact of artificial intelligence (AI) technologies necessitate special attention to these aspects. As data forms the lifeblood of AI systems, ensuring the secure handling of this data keeps prominence. Equally significant is the adherence to GDPR policies, which is a step beyond data privacy, focusing on EU citizens’ fundamental rights. Non-compliance can lead to severe penalties. Addressing these requirements is more than just about legal and ethical obligations; it’s about building trust with the end users, enhancing business reputation, and ensuring that privacy concerns or non-compliance issues do not hold back AI’s fantastic potential.

Mitigating the Misuse of AI Tools

As we consider the suitability of AI technologies for various tasks, it’s crucial to discuss the potential for misuse. With the pervasiveness of AI in our digital landscape, there’s an increasing risk of these technologies being exploited. One of the leading concerns revolves around ethical use, mainly because AI technologies like chatbots can process vast amounts of data, some of which can be sensitive or private. Consequently, the misuse of AI tools could result in a breach of privacy and security, making it significantly vital to establish preventative measures.

As we strive to achieve an increased understanding of AI ethics and best practices for implementation, let us remember that great power comes with great responsibility. By staying informed, remaining vigilant, and consistently reassessing our practices, we can pave the way for a future where AI serves as a force for good. Join us tomorrow when we consider how ChatGPT will transform compliance training.

For more information on Larry Roberts, check out Red Hat Media.

Categories
Creativity and Compliance

Do We Really Have to do E&C Training?

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the award-winning Compliance Podcast Network. In this episode, Tom and Ronnie continue their short series of provocative statements on compliance training and communications, followed by a discussion. In this episode, Ronnie pitches today’s question to Tom on is ethics and compliance training is required? Highlights include:

·      Is E&C training required by law?

·      Why doesn’t E&C training work?

·      Why not spend your time doing things that help?

·      How E&C training can promote speak-up culture.

·      Why E&C training provides tools and resources.

·      How E&C training gets leadership involved.

Resources:

Ronnie Feldman (LinkedIn)
Learnings & Entertainments (LinkedIn)
Ronnie Feldman (Twitter)

Learnings & Entertainments (Website)

60-Second Communication & Awareness Shorts – A variety of short, customizable, quick-hitter “commercials” including songs & jingles, video shorts, newsletter graphics & Gifs, and more. Promote integrity, compliance, the Code, the helpline and the E&C team as helpful advisors and coaches.

Workplace Tonight Show! Micro-learning – a library of 1-10-minute training and communications wrapped in the style of a late-night variety show that explains corporate risk topics and why employees should care.

Custom Live & Digital Programing – We’ll develop programming that fits your culture and balances the seriousness of the subject matter with more engaging delivery.

Tales from the Hotline – check out some samples.