Tag: DOJ

Categories
Blog

TD Bank: Part 5 – The Reckoning

Today, I want to review the OCC Consent Order to see the bank’s requirements. This is separate from the DOJ requirements under the Bank’s Plea Agreement(s) and the FinCEN Consent. Further, the DOJ and OCC have mandated separate monitors under their attendant settlement agreements. FinCEN’s Order imposes a four-year independent monitorship, and the DOJ Plea Agreement a 3-year Monitorship. As Matt Kelly noted in Radical Compliance, the remediation steps include:

  • Establishing a dedicated compliance committee at the board level;
  • Drafting a plan within 120 days to overhaul its AML compliance program;
  • Hiring an independent compliance consultant within 60 days to conduct their review of TD’s compliance program;
  • Hiring a senior-level AML compliance officer;
  • Staffing up a more robust AML compliance function; and
  • Implementing new policies, procedures, training, and all the other usual requirements we’ve seen from similar banking settlements.

In this blog post, we will consider some of the highlights above and beyond these remediation steps that the Bank must perform.

The Action Plan

The enforcement order mandates that within 120 days, TDBNA must submit a comprehensive BSA/AML Action Plan to the Examiner-in-Charge for approval. This plan must address the bank’s deficiencies in adhering to the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations. The action plan must include detailed corrective actions, reasonable timelines for implementation, and clear accountability for executing these measures. The board of directors is responsible for overseeing the implementation, ensuring adherence, and monitoring progress, with formal reviews required at least annually.

The Action Plan must be subject to continuous updates and modifications as necessary, particularly if directed by the Examiner-in-Charge or if the bank identifies further areas of improvement. The Examiner-in-Charge must approve any significant deviations or material changes to the plan. TDBNA must also submit quarterly progress reports detailing corrective actions, outstanding issues, and timelines for resolving compliance deficiencies, ensuring transparency in the bank’s efforts to remediate its AML program.

In the event of ongoing issues or independent assessments highlighting further weaknesses, the bank must provide written documentation to the Examiner-in-Charge. The board’s review and response to these assessments will drive accountability and ensure the continuous improvement of TDBNA’s BSA/AML compliance program.

AML Program Assessment and Remediation

TDBNA’s response to its enforcement action underlines the critical role of independent third-party assessments in fortifying a bank’s BSA/AML program. The bank must engage an independent consultant, approved by the OCC, to conduct an exhaustive end-to-end review of its entire BSA/AML framework. This process begins within 60 days of the enforcement order, where TDBNA must submit the proposed consultant’s qualifications, along with a detailed scope of work and timeline, for the OCC’s review. The consultant’s expertise in BSA/AML compliance is a key requirement to ensure the assessment is thorough and capable of addressing the bank’s regulatory obligations.

The independent consultant’s primary objective is to assess the bank’s BSA/AML program against its risk profile, identifying any gaps or weaknesses in its structure and operations. This review will examine whether the bank’s transaction monitoring, suspicious activity reporting, and overall governance are robust enough to meet the demands of U.S. regulatory requirements and the bank’s evolving risk landscape. The consultant’s findings will be critical in determining how effectively TDBNA’s AML framework functions and where improvements are necessary.

Upon completing the review, the consultant will deliver a comprehensive report to TDBNA’s board of directors detailing any deficiencies in the bank’s BSA/AML program. The report will also include recommendations for remediation, ensuring the bank addresses areas of concern in a structured and strategic manner. To ensure transparency and accountability, the board will document its review of the report in official meeting minutes, which must be submitted to the OCC. Additionally, the independent consultant will provide a copy of the report directly to the Examiner-in-Charge, ensuring that regulators have a clear view of the findings and the bank’s planned corrective actions.

Beyond simply identifying deficiencies, the bank must ensure it takes prompt and effective action to remediate the issues raised by the independent consultant. TDBNA must incorporate the necessary remediation efforts into its existing BSA/AML Action Plan, ensuring that all gaps are addressed promptly and comprehensively. This integration is crucial, as failure to properly implement corrective measures could lead to further regulatory actions and potentially severe penalties. The OCC will continue to monitor the bank’s progress by submitting updated action plans and progress reports.

Ultimately, this process highlights the importance of maintaining a dynamic and adaptable BSA/AML program that can respond to emerging risks and regulatory expectations. TDBNA’s engagement with an independent consultant reminds all financial institutions that complacency in AML compliance is not an option. By continually assessing and improving their compliance frameworks, banks can better mitigate risk, avoid regulatory scrutiny, and ensure their AML programs remain strong, effective, and compliant with the law.

Three is Not Always a Crowd

Are you beginning to see a pattern here? The Bank engaged third-party consultants who identified significant weaknesses in its AML program and reported these issues to the Bank’s AML leadership. In 2018, one consultant noted that increasing regulatory requirements and transaction volumes would pressure AML operations, making it difficult to meet demands and deadlines. Additionally, the consultant found that The Bank’s testing of its transaction monitoring scenarios took less than the industry average, highlighting inefficiencies in its ability to assess and capture suspicious activity.

In 2019, another consultant flagged sub-optimal transaction monitoring scenarios based on outdated parameters. These outdated scenarios generated many alerts, overwhelming the AML team and limiting their ability to focus on truly high-risk customers and transactions. This finding pointed to a broader issue in the bank’s ability to adapt its monitoring systems to changing regulatory and risk environments, significantly undermining the effectiveness of its AML compliance efforts.

In 2021, a third consultant identified additional limitations within the Bank’s transaction monitoring program, particularly its technology infrastructure. The consultant found that the bank faced technological barriers that restricted its ability to develop new scenarios or adjust existing parameters, further hampering its AML efforts. These ongoing challenges reflect a broader need for the Bank to modernize its systems and ensure its AML program is agile enough to meet regulatory expectations and address emerging risks effectively.

Restriction on Growth

The Consent Order also required the Bank to maintain its total consolidated assets at or below the level reported on September 30, 2024. This mandate prevents the banks from increasing their average total consolidated assets beyond this threshold until they achieve compliance with all actionable articles of the order. The total consolidated assets will be measured using the banks’ respective Consolidated Reports of Condition and Income.

The asset restrictions will remain in place until the banks meet all compliance obligations outlined in the order. However, the Deputy Comptroller can temporarily suspend the asset cap in unusual circumstances. If the banks fail to meet compliance deadlines, the Deputy Comptroller may require a reduction of up to 7% of their total consolidated assets, as reported in the most recent calendar quarter.

If the Bank is notified that a reduction is necessary, it must submit a plan within 30 days for the Comptroller’s approval and have 60 days to implement the asset reduction. If non-compliance continues beyond the first year, the Deputy Comptroller may impose an additional reduction of up to 7% annually, with the same plan submission and implementation requirements applying each successive year until full compliance is achieved.

Jon Hill wrote in Law360 that this is only the second time “that a federal banking agency has slapped such handcuffs on a financial institution’s overall growth.” The first was Wells Fargo, slapped for its fraudulent accounts scandal. Moreover, while the Wells Fargo “cap has remained in place much longer than many observers originally expected, the OCC has designed its cap for TD Bank with more of a need for remedial speed in mind. In particular, the OCC order establishing the cap includes express provisions that allow the agency to reduce the size limit — that is, tighten the cuffs — by up to 7% annually if the bank does not meet certain deadlines for strengthening its U.S. anti-money laundering compliance.” The article quoted Julie A. Hill, a banking law professor and dean at the University of Wyoming College of Law, for the following, “where the asset cap has gone on for years and years as the bank has tried to get compliant.”

Put Money Where Their Mouth Is

Even more than the commitment to do business ethically and in compliance with its AML/BSA requirements, the Bank must also financially commit to compliance. The Order requires that before the Bank can declare or pay dividends, engage in share repurchases, or make any other capital distributions, the Board of Directors must certify in writing to the Examiner-in-Charge that adequate resources and staffing have been allocated to the remediation efforts required by the OCC’s order. This certification must be submitted at least 30 days before any proposed capital action. It must include a detailed description of the Bank’s current allocation of compliance resources, its progress in remediation, any anticipated changes in resource allocation, and the funding source for the proposed payment or distribution. The goal is to ensure that remediation efforts take priority over capital distributions.

Join us next time, where I will consider TD Bank and the Caremark Doctrine.

Resources

OCC

OCC Press Release

Consent Order 

Civil Money Penalty 

DOJ

TD Bank US Holding Company Information

TD Bank N.A. Information

TD Bank US Holding Company Plea Agreement and Attachments

TD Bank N.A. Plea Agreement and Attachments

Merrick Garland Remarks

Nicole Argentieri Remarks

FinCEN

Press Release

Consent Order

Categories
Compliance and AI

Compliance and AI: Navigating AI Compliance: The EC Gang Reviews The 2024 ECCP

What is the role of Artificial Intelligence in compliance? What about Machine Learning? Are you using ChatGPT? These questions are but three of the many questions we will explore in this cutting-edge podcast series, Compliance and AI, hosted by Tom Fox, the award-winning Voice of Compliance.

In this episode, Matt Kelly leads the Everything Compliance quartet of Susan Divers, Jonathan Marks, Karen Moore and Tom Fox through a look at Compliance and AI from the prism of the 2024 Evaluation of Corporate Compliance Programs (ECCP).

Kelly examines the complexities of integrating artificial intelligence into corporate compliance frameworks, highlighting the DOJ’s recent guidance on managing AI risks as laid out in the 2024 ECCP. In Deputy Attorney General Nicole Argentieri’s SCCE speech, she noted the overlooked AI risks and compliance requirements and emphasized the need for businesses to assess both internal AI applications and external threats from malicious uses by scammers or fraudsters.

The gang then delved into the dual aspect of AI risk—its creation and reception—and underlining the importance of comprehensive risk assessment and control measures in AI deployment, such as developing bug bounty programs and ensuring anti-fraud mechanisms are robust. We explored the role of compliance officers in AI oversight, focusing on the challenges in governing AI-generated decisions compared to human actions. With various insights on the legal and operational aspects of AI compliance, the discussion urges companies to evaluate the implications of AI use, both in risk management and ethical execution.

Key Highlights:

  • Understanding AI Risks
  • Compliance Guidelines for AI
  • AI in Fraud Prevention
  • Challenges in AI Oversight
  • Compliance Officers and AI
  • Model Validation and AI

Resources:

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

TD Bank: Part 4 – Watergate, Actual Knowledge and Conscious Indifference

Mike Volkov often told the story of watching the Watergate Hearings as a teenager and being a seminal influence on his later professional life in the legal profession and government service. It was my first exposure to long-term Congressional hearings, at least when they were not the claptrap theater we have in place today. Perhaps the single thing I remember the most clearly was Tennessee Senator Howard Baker’s question, “What did the President know, and when did he know it?” The answer that we learned during the Watergate hearings was that President Nixon had known all along that the crimes of Watergate originated in the White House. Today, I want to use that question to explore what TD Bank knew, when they knew, and what that tells us about the culture of the world’s 30th-largest bank and 10th-largest bank in the US.

Prior OCC, FinCEN, and DOJ Enforcement Actions

In September 2013, the OCC and FinCEN levied a $37.5 million civil monetary penalty against the Bank for violating the Bank Secrecy Act (BSA) related to a Ponzi scheme run by a Florida attorney. Despite the numerous AML alerts triggered by its transaction monitoring system, the Bank failed to identify and report approximately $900 million in suspicious activity. This failure stemmed, in part, from inadequate anti-money laundering (AML) training for both AML and retail personnel. FinCEN emphasized that poorly resourced and trained staff managing critical compliance functions is unacceptable, underscoring the importance of adequate training and resources in compliance programs.

Following these enforcement actions, the Bank needed to adapt its transaction monitoring system to address its deficiencies substantively. The OCC had directed the bank to establish policies and procedures that could respond systematically and promptly to environmental or market changes, such as developing new monitoring scenarios. However, the bank’s failure to implement these recommendations meant it could not effectively mitigate emerging risks. This oversight revealed significant gaps in the Bank’s AML compliance efforts, particularly its ability to adjust its program to evolving threats.

In 2015, the OCC instructed the Bank to enhance its transaction monitoring program for high-risk customers, who were subject to the exact scenarios and thresholds as the rest of the Bank’s customers despite their higher risk profile. In 2016,  the AML function and the Bank technology teams began to develop new high-risk customer scenarios. That effort was put on hold in October 2016 by AML executives due to a lack of resources. After being briefly revived in early 2017, this project was again put on hold, this time by the head of AML at the Bank partly due to “cost.” Although US-AML leadership informed the OCC during its 2017, 2018, and 2019 examinations that these scenarios were in development, the Bank never implemented the required enhanced transaction monitoring of high-risk customers. By 2018, the OCC determined that the Bank’s planning and execution of its AML technology systems remained insufficient. The Bank had delayed implementing key AML technology projects, which directly contributed to its failures around AML compliance.

The Bank even misrepresented itself to the Department of Justice (DOJ). In February 2018, the Bank entered a settlement over its failure to file Suspicious Activity Reports (SARs). The Bank’s issues were partly due to its cessation of transaction monitoring scenario threshold testing. The Bank’s US-AML executives were aware of this resolution and acknowledged the importance of monitoring transactions for suspicious activity. One key AML leader at THE BANK emphasized that their AML team reviewed similar enforcement actions to ensure their compliance programs aligned with regulatory expectations, particularly around scenario threshold testing.

He explained to the AML Oversight Committee that the Bank conducted a detailed analysis below scenario thresholds to determine if SARs should have been filed, adjusting thresholds accordingly. This approach was intended to avoid the failures that led to the other bank’s settlement. However, despite these assurances, by early 2018, THE BANK’s AML team and its technology partners effectively halted its threshold testing due to competing priorities and resource limitations.

As a result, between 2018 and 2022, the Bank conducted threshold testing, or “quantitative tuning,” on only one out of approximately 40 U.S. transaction monitoring scenarios. This significant reduction in testing left gaps in the Bank’s AML compliance program, potentially exposing the bank to similar risks and regulatory scrutiny that had affected other institutions in the industry.

Where Was Internal Audit?

The question in these massive enforcement actions is often, ‘Where was the internal audit?’ Regarding the Bank, the answer is simple: Right Here, Doing Our Job. In 2018, the Bank’s Internal Audit function uncovered a critical issue within the bank’s AML program: the high-risk jurisdiction transaction monitoring scenarios were based on an outdated list, meaning the bank was not flagging transactions from jurisdictions currently deemed high-risk. This oversight severely impacted the bank’s ability to monitor and address risks associated with these regions. The findings revealed a gap in how the bank’s transaction monitoring system adapted to evolving regulatory expectations and global risk landscapes, compromising the effectiveness of its AML efforts.

By 2020, Internal Audit highlighted even more deficiencies in the bank’s AML compliance, specifically related to the governance and review of transaction monitoring scenarios. Among the key issues were a need for formal timelines for completing scenario reviews, some of which had been outstanding since 2017, and the failure to implement proposed changes from the previous year. Moreover, there needed to be a formal process or documentation to guide the promotion of new monitoring scenarios, a governance gap mirroring issues identified by the OCC seven years earlier. These systemic failures indicated a troubling lack of progress in strengthening the bank’s AML compliance framework.

Despite the findings from 2018 and 2020, Internal Audits reviewed in the following years revealed that these issues remained unresolved. The Bank’s Board of Directors was informed of these ongoing deficiencies and remediation plans, yet the persistent gaps in governance and scenario management continued to hinder the bank’s ability to respond to AML risks effectively. For those keeping score at home, that means Actual Knowledge at the Board.

Three Clarion Calls

Are you beginning to see a pattern here? The Bank engaged third-party consultants who identified significant weaknesses in its AML program and reported these issues to the Bank’s AML leadership. In 2018, one consultant noted that increasing regulatory requirements and transaction volumes would pressure AML operations, making it difficult to meet demands and deadlines. Additionally, the consultant found that The Bank’s testing of its transaction monitoring scenarios took less than the industry average, highlighting inefficiencies in its ability to assess and capture suspicious activity.

In 2019, another consultant flagged sub-optimal transaction monitoring scenarios based on outdated parameters. These outdated scenarios generated many alerts, overwhelming the AML team and limiting their ability to focus on truly high-risk customers and transactions. This finding pointed to a broader issue in the bank’s ability to adapt its monitoring systems to changing regulatory and risk environments, significantly undermining the effectiveness of its AML compliance efforts.

In 2021, a third consultant identified additional limitations within the Bank’s transaction monitoring program, particularly its technology infrastructure. The consultant found that the bank faced technological barriers that restricted its ability to develop new scenarios or adjust existing parameters, further hampering its AML efforts. These ongoing challenges reflect a broader need for the Bank to modernize its systems and ensure its AML program is agile enough to meet regulatory expectations and address emerging risks effectively.

The AML Leadership Team

During the relevant period, the Bank’s AML leadership consisted of key individuals whose responsibilities significantly shaped the Bank’s approach to AML compliance, and, more importantly, all knew of the Bank’s AML deficiencies. They were identified as Individual-1, Individual-2, and Individual-3 in the Information. Individual-1 was hired in 2013 as VP of AML Operations and rose to become the sole Chief AML Officer by 2019, overseeing the bank’s global AML program. His role included setting the annual AML budget, developing strategic priorities, and regularly reporting to the board of directors. Individual-1’s oversight extended to AML technology services and the U.S. Financial Intelligence Unit (FIU), reflecting his pivotal role in the U.S. and global AML operations.

Individual 2 joined THE BANK in 2014 as Head of the U.S. FIU and was critical in overseeing the investigative teams responsible for reporting suspicious activities and managing high-risk customers. By 2019, Individual-2 had assumed the role of BSA Officer and Deputy Global Head of AML Compliance, where they were responsible for managing the U.S. AML program. However, despite these responsibilities, Individual 2 faced limitations due to the Chief AML Officer’s direct control over AML technology, a crucial aspect of the bank’s AML operations, which created challenges in overseeing technology-related AML issues.

Individual-3, a vice president within AML Operations, took on significant responsibilities within the U.S. FIU, especially between 2017 and 2018. In this role, Individual-3 managed the initial review of transaction monitoring alerts and the handling of Unusual Transaction Referrals (UTRs) and reports of suspicious activity submitted by employees. Together, these key figures shaped THE BANK’s AML efforts, though the division of responsibilities and challenges with AML technology governance highlighted areas of vulnerability within the bank’s compliance framework.

What did the Bank know, and when did they know it? As the Information rather dryly noted, “US-AML, including senior leadership, were aware of the lack of domestic ACH and check monitoring.” More importantly, like President Nixon, they knew about their AML failures and consciously chose not to do anything about them.

Resources

Join us tomorrow when I will consider the reckoning for the Bank.

Resources

 OCC

OCC Press Release

Consent Order 

Civil Money Penalty 

DOJ

TD Bank US Holding Company Information

TD Bank N.A. Information

TD Bank US Holding Company Plea Agreement and Attachments

TD Bank N.A. Plea Agreement and Attachments

Merrick Garland Remarks

Nicole Argentieri Remarks

Categories
Daily Compliance News

Daily Compliance News: October 17, 2024 – The RTX Settles Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • RTX settles FCPA and fraud cases. (FT)
  • Mexico ex-Drug Czar to be sentencing for accepting bribes. (Reuters)
  • McKinsey is close to settling its part in the opioid crisis. (Reuters)
  • A Boeing judge wants additional information on Monitor and selection. (Law360)

Categories
Blog

TD Bank: Part 3 – Lessons Learned for Compliance

We continue our exploration of the resolution of the AML/BSA enforcement action involving the TD Bank US (the Bank) wholly owned by the TD Bank Group,  a publicly traded (NYSE: TD) international banking and financial services corporation headquartered in Toronto, Canada. Today, we explore some key lessons learned for the AML compliance professional. We begin with what Attorney Merrick Garland noted: “Three money laundering networks took advantage of TD Bank’s failed anti-money laundering system.”

The 3 Money-Laundering Scheme

The David Scheme

Da Ying Sze, also known as David, used the Bank as a money laundering and unlicensed money transmitting scheme for which he pled guilty in 2022. David conspired to launder and transmit over $653 million, with more than $470 million laundered through TDBNA. He bribed bank employees with over $57,000 in gift cards to facilitate the scheme. David laundered money by depositing large amounts of cash, sometimes exceeding $1 million in a single day, into accounts opened by other individuals. He also instructed bank employees to send wires and issue official checks. The Bank needed to correctly identify David as the person conducting the transactions in over 500 CTRs, which covered more than $400 million in transaction value, despite David directly depositing large cash sums into accounts he allegedly did not control.

Bank Insiders

Five Bank employees provided material assistance to a second money laundering scheme, which laundered millions of dollars from the United States to Colombia. The five individuals, referred to as “TDBNA Insiders,” held various positions within the bank, including Financial Service Representative, Retail Banker, Assistant Store Manager, and Store Supervisor at TDBNA stores in New Jersey and Florida. These insiders helped the money laundering networks by opening accounts and providing dozens of ATM cards used to launder funds through high-volume ATM withdrawals. They also assisted in maintaining these accounts by issuing new ATM cards and overcoming internal controls and freezes on account activity. Through these actions, approximately $39 million was laundered through the bank. Despite significant internal red flags, TDBNA did not identify the insiders’ involvement in the money laundering scheme until law enforcement arrested Insider-1 in October 2023.

Shell Company Scammers

From March 2021 through March 2023, a money laundering organization known as “MLO-1,” which claimed to be involved in the wholesale diamond, gold, and jewelry business, maintained accounts for at least five shell companies at the Bank. These accounts moved approximately $123 million in illicit funds through the bank. The Bank knew these shell companies were connected, sharing the same account signatories. Despite these red flags, The Bank did not file a Suspicious Activity Report (SAR) on MLO-1 until law enforcement notified the bank in April 2022. By then, MLO-1’s accounts had been open for over 13 months and had transferred nearly $120 million through TDBNA.

Lessons Learned

This enforcement action is a sobering reminder of compliance’s critical role in preventing and detecting financial crimes like money laundering. With over $470 million laundered in one scheme, $39 million moved through insiders, and $123 million transferred via shell companies, significant compliance failures occurred.  Of course, these are only a part of the $18.3 trillion in transactions that the Bank does not monitor due to its conscious compliance failures. These incidents underscore the importance of maintaining robust internal controls, employee oversight, and proper reporting mechanisms.

Failing to Detect Obvious Red Flags

In this case, one of the most glaring issues is the bank’s failure to identify the obvious red flags associated with laundering large sums of money. In the case of David, the Bank failed to file accurate CTRs for over $400 million in transactions. David regularly deposited enormous amounts of cash, over $1 million in a single day, into accounts opened by others, yet the bank failed to link him to these transactions.

The key takeaway for compliance professionals is to ensure that their systems are calibrated to flag suspicious activities, especially when transactions exceed certain thresholds. Large cash deposits, frequent activity involving multiple accounts, and nominee account holders should always trigger enhanced due diligence and review. Automated systems must be updated and combined with human oversight to catch these patterns.

The Role of Corrupt Employees in Facilitating Money Laundering

The involvement of the Bank Insiders in the second laundering scheme is a textbook example of how internal corruption can undermine even the most sophisticated compliance programs. These employees assisted money laundering networks by opening accounts, providing ATM cards, and circumventing internal controls and account freezes. In exchange, they received bribes, showing the vulnerability of staff in critical roles.

This scenario mandates why employees must undergo regular anti-bribery and anti-corruption training to reinforce the consequences of accepting bribes and engaging in unethical behavior. In addition, a strong compliance culture should include mechanisms for detecting internal misconduct, such as anonymous reporting systems and independent audits to identify corrupt employees early. Creating ethical guardrails within your organization, alongside frequent checks and balances, can protect against insider threats.

CTRs and SARs Must be a Priority

A key regulatory requirement under the Bank Secrecy Act (BSA) is the filing of Currency Transaction Reports (CTRs) and Suspicious Activity Reports (SARs). The Bank’s failure to file accurate CTRs in David’s case and delayed filing of SARs in the Shell Company Scammers scheme underscores how devastating the consequences can be when compliance teams do not take their regulatory obligations seriously. Even after identifying that shell companies were linked to each other by shared account signatories, the Bank failed to act quickly, allowing nearly $120 million to be laundered through their systems.

The timely filing of CTRs and SARs is not just a best practice; it is a regulatory requirement. Compliance officers must ensure that processes for flagging suspicious activity are effective and swift. Training staff to recognize when CTRs and SARs are needed and implementing systems that automatically flag transactions for review will help ensure compliance with reporting obligations.

Third-Party Risk and Shell Companies: Know Your Customer (KYC) Failures

The shell companies used to launder $123 million demonstrate a significant lapse in the bank’s Know Your Customer (KYC) protocols. The Bank knew the shell companies were linked by the same account signatories yet failed to act for over a year. This gap in KYC enforcement allowed significant funds to pass through without appropriate scrutiny or action.

KYC processes should be foundational to every compliance program. Regular reviews and enhanced due diligence are required when dealing with high-risk entities like shell companies. Compliance professionals should prioritize the identification of ultimate beneficial ownership (UBO) and remain vigilant when patterns suggest potential fraud, even if account openings appear legitimate at first glance. Your KYC protocols must also integrate ongoing monitoring, not just one-time checks.

The Consequences of Ignoring Red Flags

Across all three schemes, the Bank ignored significant internal red flags—whether employees directly deposited large sums of cash, insiders actively assisting in laundering activities, or shell companies linked by shared signatories. Compliance must be more than just a checkbox exercise. Red flags must be taken seriously and escalated quickly to prevent further damage.

Compliance teams must be empowered to act decisively when red flags are raised. This includes having the authority to freeze accounts, file reports, and escalate issues to senior management and regulatory authorities when needed. Additionally, a strong culture of compliance, backed by leadership, should encourage immediate action when suspicious activity is detected.

Monitoring and Auditing: Preventing Future Failures

Finally, this case reveals the importance of ongoing monitoring and regular auditing. In all three schemes, the Bank failed to sufficiently monitor account activities and employees, which allowed the laundering schemes to continue for extended periods. Regular audits and automated transaction monitoring systems are essential to detect and prevent similar issues.

Auditing and monitoring systems should be built into your compliance framework, focusing on high-risk accounts, employees, and geographies. By continuously reviewing and auditing compliance processes, teams can identify gaps early and prevent further exploitation. Technology can be key in monitoring, but human oversight is critical to analyzing more complex behavior patterns.

This enforcement action is a stark reminder of the consequences of weak compliance controls, employee corruption, and failure to act on red flags. For compliance professionals, the lessons from this case are clear: robust internal controls, continuous training, effective KYC procedures, and timely reporting are essential to preventing and detecting money laundering. By learning from these failures, compliance officers can strengthen their programs and ensure their organizations remain vigilant in the fight against financial crime.

I will explore this matter in depth over the next several blog posts. Tomorrow, I will consider the Bank’s culture and flat cost paradigm.

Resources

OCC

OCC Press Release

Consent Order 

Civil Money Penalty 

DOJ

TD Bank US Holding Company Information

TD Bank N.A. Information

TD Bank US Holding Company Plea Agreement and Attachments

TD Bank N.A. Plea Agreement and Attachments

Merrick Garland Remarks

Nicole Argentieri Remarks

Categories
Blog

TD Bank: Part 2 – When Profits Trump Compliance: A Recipe for Corporate Disaster

We continue our exploration of the resolution of the AML/BSA enforcement action involving TD Bank US (the Bank), which is wholly owned by TD Bank Group, a publicly traded (NYSE: TD) international banking and financial services corporation headquartered in Toronto, Canada. TD Bank Group is one of the thirty largest banks in the world and the second-largest bank in Canada.

The enforcement action came in with a $3 billion penalty against the Bank, which has pled guilty to charges relating to the Bank Secrecy Act (BSA), which requires financial institutions to maintain programs to detect and report suspicious activity by their customers. The Bank also settled a series of civil investigations by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the Federal Reserve, and the Office of the Comptroller of the Currency (OCC), which mandated a Monitor to oversee the building out of the Bank’s compliance program and imposed an asset cap limiting the growth of the Bank’s U.S. retail business as a result of the breakdown of its controls.

This TD Bank case is right up there with Siemens, Petrobras, Odebrecht, Goldman Sachs, and Volkswagen as some of the most basic violations of corporate law we have ever seen. All of the above cases involved bribery and fraud, and the Bank case involved a violation of the most basic requirement of the BSA and the most basic tenets of an anti-money laundering compliance program. Moreover, the Bank’s conduct was not 20 years ago or even 10 years ago, as the conduct began in 2018, and the illegal conduct was right up to this past year. What led to these failures?

Failures at the Top

For the Bank, it all started at the top, where the very senior executives at the Bank decreed that no additional funds would be made available for compliance, compliance updates, or new technological solutions designed to make fulfillment of compliance obligations more efficient. This funding strangulation was termed the “flat cost paradigm” across the Bank’s operations. As a result, the Bank “willfully failed to remediate persistent, pervasive, and known deficiencies in its AML program, including (a) failing to substantively update its transaction monitoring system, which is used to detect illicit and suspicious transactions through the Bank, between 2014 and 2022 despite rapid growth in the volume and risks of the Bank’s business and repeated warnings about the outdated system.”

According to the TD Bank US Holding Company Information, this policy was pursued by the Bank Audit Committee and by the Bank’s Chief Anti-Money Laundering Officer during the relevant period, and the Bank’s BSA Officer both knew there were long-term, pervasive, and systemic deficiencies in the Defendants’ U.S. AML policies, procedures, and controls. This led to the Bank monitoring only approximately 8% of the volume of transactions because it omitted all domestic automated clearinghouse transactions, most check activity, and numerous other transaction types from its automated transaction monitoring system. Due to this failure, the Bank did not monitor approximately $18.3 trillion of transactions between January 1, 2018, through April 12, 2024.

It is not as if the Board of the Bank and its Canadian overlords were unaware of these deficiencies. As far back as 2013, FinCEN and the OCC brought enforcement actions against the Bank for its failures in its AML program. The Bank’s Board of Directors specifically signed off on the resolution of this enforcement action. IN 2018, the OCC characterized the Bank’s “planning, delivery, and execution of AML technology systems and solutions as insufficient. Specifically, the OCC highlighted the delays in implementing multiple AML technology projects and found those delays to be directly linked to nearly all of TDBNA’s outstanding AML program issues.”

Internal Audits at the bank also identified specific deficiencies in the bank’s AML and BSA compliance programs. In 2018, Internal Audit determined that the Bank’s high-risk jurisdiction transaction monitoring scenarios were using an outdated list of high-risk jurisdictions, meaning the bank’s scenarios were not designed to generate alerts on the jurisdictions currently deemed to be high-risk. Again, in 2020, Internal Audit identified AML compliance deficiencies related to the governance and review of transaction monitoring scenarios.

External third-party consultants also identified deficiencies in the Bank’s AML/BSA programs. One consultant “commented that “increased volumes and regulatory requirements” would pressure AML operations to meet demands and deadlines. The same consultant concluded that the Bank’s required testing of its transaction monitoring scenarios— which assessed whether scenarios were adequately capturing suspicious activity— took twice as long as the industry average.” A second consultant noted the Bank had “sub-optimal [transaction monitoring] scenarios” due, in part, to “outdated parameters” that generated a large volume of alerts that limited the Bank’s ability to focus on high-risk customers and transactions.” Finally, a third consultant “identified numerous limitations in the Bank’s transaction monitoring program, including technology barriers to developing new scenarios or adding new parameters to existing scenarios.”

Knowledge at the Bottom

Perhaps the craziest thing about the Bank’s failures in AML/BSA was that everyone was in on the joke: the Board, senior management, Bank employees, and ‘the bad guys.’ One conversation went like this:

AML Technologist: what do the bad guys have to say about us Lol

AML Manager: Easy target

AML Technologist:  damnit

AML Manager: Old scenarios; old CRR; tech agility is poor to react to changes

AML Manager: Bottomline: we have not had a single new scenario added since we first implemented the SAS

Another example cited in the Information was the following: “Other employees, both in AML and retail, consistently commented on the Bank’s instant messaging platform about the Bank’s motto, “America’s Most Convenient Bank,” and directly linked it to the Bank’s approach to AML. For example, a US-AML employee noted that a reason the Bank had not stopped one of the below-referenced money laundering typologies was because “we r the most convenient bank lol.”

Finally, this example from the information section states that “employees at multiple levels understood and acknowledged the likely illegality of David’s activity. In August 2020, one TDBNA store manager emailed another store manager and remarked, “You guys need to shut this down, LOL.” In late 2020, another store manager implored his supervisors (several TDBNA regional managers) to act, noting that “[i]t is getting out of hand, and my tellers are at the point that they don’t feel comfortable handling these transactions.” In February 2021, one TDBNA store employee saw that David’s Network had purchased more than $1 million in official bank checks with cash in a single day and asked, “How is that not money laundering,” to which a back-office employee responded, “oh it 100% is.” “

In his remarks, Attorney General Merrick Garland cited three examples where Bank employees knew money laundering was ongoing.

  1. In February 2021, one TD Bank store employee saw that David’s network had purchased over $1 million in official bank checks with cash in a single day. The employee asked, “How is that not money laundering?” A back-office employee responded, “Oh, it 100% is.”
  2. In a second, separate money laundering scheme, five TD Bank employees conspired with criminal organizations to open and maintain accounts at the bank that were used to launder $39 million to Colombia, including drug proceeds.
  3. In yet a third scheme, a money laundering network maintained accounts at TD Bank for at least five shell companies. It used those accounts to move over $100 million in illicit funds through the bank.

The bottom line is that everyone knows that the Bank facilitated money laundering and BSA violations. Why? The Bank consciously decided not to fund the compliance function or pay for any upgrades or updates, all in the name of its ‘flat cost paradigm.’

I will explore this matter in some depth over the next several blog posts. Tomorrow, I will consider money-laundering schemes.

Resources

 OCC

OCC Press Release

Consent Order 

Civil Money Penalty 

DOJ

TD Bank US Holding Company Information

TD Bank N.A. Information

TD Bank US Holding Company Plea Agreement and Attachments

TD Bank N.A. Plea Agreement and Attachments

Merrick Garland Remarks

Nicole Argentieri Remarks

Categories
Blog

TD Bank: Part 1 – Money Laundering and the China Syndrome

Last week, representatives of the US government announced one of the largest sets of fines and penalties for failures in anti-money laundering ever laid down. It involved TD Bank N.A. and TD Bank US Holding Company. It was over $3 billion in fines and penalties with a restriction in growth until the company gets its compliance act together. However, it is not the fine nor creative penalty that flags this matter but the underlying facts and raw brazen-ness of the 10th largest bank in the United States to either actively engage in an ongoing criminal enterprise or to willfully disregard specific evidence of criminal activity and failure of basic compliance which makes this enforcement action stand out. Employees from the front-line tellers who took in millions of dollars in cash, right up to the Board of Directors, knew the bank’s conduct was illegal or buried their collective heads so far down into the sand that they could have caused the China Syndrome to self-execute.

The regulators and enforcers in this sordid tale include the Department of Justice (DOJ), the Board of Governors of the Federal Reserve Board (FRB), the Treasury Department’s Office of the Comptroller of the Currency (OCC), and Financial Crimes Enforcement Network (FinCEN). According to a DOJ Press Release, TD Bank N.A. (TDBNA) and its parent company TD Bank US Holding Company (TDBUSH) (together with TDBNA, the Bank) pled guilty today. They agreed to pay over $1.8 billion in penalties to resolve the Department of Justice’s (DOJ) investigation into violations of the Bank Secrecy Act (BSA) and money laundering. Finally, TD Bank’s guilty pleas are part of a coordinated resolution with the FRB, the OCC, and FinCEN. With the additional fines and penalties due to these entities, the total fine and penalty is over $3 billion.

TDBNA pled guilty to conspiring to fail to maintain an anti-money laundering (AML) program that complies with the BSA, failing to file accurate Currency Transaction Reports (CTRs), and money laundering. TDBUSH pleaded guilty to causing TDBNA to fail to maintain an AML program that complies with the BSA and to fail to file accurate CTRs.

To add to all the above, the government put a restriction on TD’s growth until it fully remediates its compliance program because, as noted by Matt Kelly in Radical Compliance,  it specified that “TDBNA’s total assets cannot exceed $434 billion without OCC approval, and that approval will not come until TDBNA completes an extensive transformation of its AML compliance program.” Further, Kelly noted that if “TDBNA does not make progress on those compliance program reforms in a timely manner, OCC can reduce that asset cap by another 7 percent, and keep going until TD gets its compliance act togetherIn other words, the longer TD drags its feet on implementing compliance reforms, the tighter the leash around its neck will get.”

How did the Bank get to this point, what can it do to resolve this mess, and what are the lessons learned for the compliance professional, corporate executive, and Board of Directors? Additionally, what is the point of punishment? Will foreign entities always come to the US, open branches, and engage in illegal activities, all in the scramble for the all-mighty dollar? Will corporate executives ever be held liable for intentionally looking the other way or burying their heads in the sand? Several blog posts will explore the answers to these questions and more.

What They Said-Merrick Garland

In a rare appearance by Attorney General Merrick Garland to announce the guilty plea, fine, and penalty, he stated, “Today, TD Bank pled guilty to multiple felonies, including conspiring to violate the Bank Secrecy Act and commit money laundering. TD Bank has also agreed to a $1.8 billion criminal penalty. Combined with civil enforcement actions announced today by other agencies, the United States will impose a total [penalty] of approximately $3 billion against TD Bank. TD Bank created an environment that allowed financial crime to flourish. By making its services convenient for criminals, it became one.

Today, TD Bank became the largest bank in U.S. history to plead guilty to Bank Secrecy Act program failures and the first U.S. bank to plead guilty to conspiracy to commit money laundering. This is also the largest-ever penalty under the Bank Secrecy Act and the first time the Justice Department has assessed a daily fine against a bank. As part of the plea agreement, TD Bank will fundamentally restructure its corporate compliance program at its U.S.-based bank, the 10th largest in the United States. The bank has also agreed to impose a three-year monitorship and a five-year term of probation. While the bank has started its remediation, it will continue to remediate and improve its anti-money laundering compliance program to ensure that it operates lawfully and safely.”

What They Said-Lisa Argentieri

Deputy Assistant Attorney General Nicole M. Argentieri said, “Over the course of a decade, TD Bank placed profits over compliance, prioritizing a “flat cost paradigm” that limited spending across the bank — including on the bank’s anti-money laundering (AML) compliance program, despite growing risks — even while profits soared. The bank knew it had pervasive and systemic deficiencies in its AML program, including a transaction monitoring system that remained stagnant over 10 years despite warnings from regulators, consultants, and even its employees. AML employees joked that the Bank’s failed AML system made TD an “easy target” and a “convenient” bank for bad actors. And they were right. TD’s failed AML compliance program created vulnerabilities that criminals — including TD’s employees — used to launder money through the Bank. All told, three large money laundering networks, two prosecuted by our partners in the District of New Jersey and the third prosecuted in the District of Puerto Rico, laundered over $670 million through TD.

Notably, the Bank did not self-disclose any regulator. Yet after the Bank was notified of the investigation into its conduct, “the Bank provided strong cooperation. For example, TD identified additional misconduct and provided evidence of that misconduct to the department. Some of that evidence helped advance our investigation of individuals, including video surveillance footage TD provided after reviewing hundreds of hours of videotape and materials recovered because TD secured the workplaces of employees involved in misconduct.”

Additionally, and becoming increasingly standard in such resolutions, the culpable entities are engaged in clawbacks. Argentieri noted that the Bank “took steps on its own to hold its employees financially accountable. The Bank clawed back bonuses, including for its CEO and other executives, resulting in a dollar-for-dollar reduction of the Bank’s fine of approximately $2 million.” Yet she emphasized that the Bank’s “resolution marks a first. This is the first time a company has committed to clawing back compensation prospectively. Over the next few months, TD will identify additional compensation it will claw back from its employees. And if the bank is successful during the term of its agreement with the department, the Criminal Division will credit those clawbacks against the fine.”

I will explore this matter in some depth over the next several blog posts. Tomorrow, I will consider how profits over compliance led to disaster.

Resources 

OCC

OCC Press Release

Consent Order 

Civil Money Penalty 

DOJ 

TD Bank US Holding Company Information

TD Bank N.A. Information

TD Bank US Holding Company Plea Agreement and Attachments

TD Bank N.A. Plea Agreement and Attachments

Merrick Garland Remarks

Nicole Argentieri Remarks

Categories
Daily Compliance News

Daily Compliance News: October 11, 2024 – The Breaking Up May Be Hard to Do Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Google to try and delay, deflect breakup. (FT)
  • For Ecuador, President and VP barred entry into the US. (Reuters)
  • TD Bank to pay $3bn in penalties. (WSJ)
  • Qantas apologizes for showing R-rated film on flight. (NYT)

Categories
Blog

Deere’s FCPA Enforcement Action: Performing a Root Cause Analysis to Inform Remediation

We recently had a Foreign Corrupt Practices Act (FCPA) enforcement action that reminded me that everything old is new again in anti-corruption compliance. The Securities and Exchange Commission (SEC) FCPA enforcement action involving Deere and Company (Deere) has bribery schemes torn literally from the first decade of the 21st century as they involved gifts, travel, and entertainment. In other words, it was about a low set of hanging fruit that any compliance officer would see. Today, I want to take a multipart look at the case and see what lessons the enforcement action can provide to the 2024 compliance professional.

Compliance Professionals all know the pressure to act swiftly when misconduct is discovered. It is often tempting to jump straight into remediation to address the problem, protect the company, and appease regulators. However, the case of Deere’s recent FCPA enforcement action reminds us that acting without first understanding the root cause of the misconduct can lead to superficial fixes that fail to prevent future violations.

In the Deere enforcement action, the company faced significant penalties due to bribes paid by subsidiaries of Wirtgen Group, which Deere acquired in 2017. Between 2011 and 2017, Wirtgen subsidiaries engaged in corrupt practices, paying bribes to government officials in several countries, including China and India. While Deere eventually addressed the misconduct post-acquisition, its failure to perform robust due diligence and root cause analysis before remediation exposed it to regulatory and reputational damage.

This case highlights the critical need for companies to conduct a thorough root cause analysis before embarking on remediation efforts. In this blog post, we will detail why a root cause analysis should always precede remediation, what the process entails, and how it can protect your company from future enforcement actions and compliance failures.

Understanding the True Nature of the Problem

The first and most obvious reason to conduct a root cause analysis before remediation is to ensure you address the correct problem. In the Deere case, the misconduct stemmed from bribery by Wirtgen subsidiaries, but the real issue wasn’t just the bribery itself—it was the company’s failure to identify and prevent this behavior in the first place. Simply punishing the employees involved or updating internal policies would have been insufficient without understanding why these bribes were paid.

Before designing an effective remediation plan, you must understand why the misconduct occurred. Was it due to weak internal controls? A culture that tolerated unethical behavior? Inadequate training? A failure to perform due diligence on third parties? Each of these potential causes requires a different remediation strategy. If you do not identify the true cause of the problem, your remediation efforts will be superficial and may not prevent future violations. Root cause analysis allows compliance officers to uncover the underlying reasons for misconduct, enabling them to design targeted solutions that address the actual problem—not just the symptoms.

Root Cause Analysis Helps Identify Systemic Issues

One of the biggest risks when dealing with FCPA violations or corporate misconduct is that the issue may not be isolated to one event or individual. Corruption or compliance failures are often systemic, indicating deeper issues within the company’s culture, policies, or risk management framework. If Deere had conducted a more thorough root cause analysis post-acquisition, it could have uncovered broader issues in Wirtgen’s compliance program and taken proactive steps to address those weaknesses company-wide.

Root cause analysis forces you to ask tough questions about your company’s broader compliance infrastructure. Are certain business units, regions, or third-party relationships more misconduct-prone? Are there patterns of behavior that suggest systemic problems? You can implement more effective, company-wide remediation efforts by identifying these systemic issues beyond addressing a single incident.

Regulators Expect a Root Cause Analysis

Regulators, including the DOJ and the Securities and Exchange Commission (SEC), expect companies to conduct thorough root-cause analyses when investigating FCPA violations. The DOJ’s 2024 ECCP explicitly states that prosecutors will consider whether a company has adequately identified and remediated the root causes of misconduct when determining penalties. Additionally, this was specifically called out in the SAP Deferred Prosecution Agreement (DPA) earlier this year, where the DOJ stated, “5. Conducted a root cause analysis of the underlying conduct then remediating those root causes through enhancement of its compliance program;”.

In the Deere enforcement action, part of the company’s challenge was showing regulators that it had addressed the bribes themselves and the underlying reasons that allowed the misconduct to occur. Companies that skip the root cause analysis and rush into remediation without clearly understanding what went wrong will likely face harsher penalties.

Performing a root cause analysis is more than good practice; it has moved to a regulatory expectation. The more comprehensive your analysis, the more likely regulators (DOJ and SEC) are to view your remediation efforts as credible. A company that can demonstrate it understands the root cause of its compliance failures—and has taken meaningful steps to address those causes—is more likely to receive leniency during enforcement actions.

Preventing Recurrence: Moving Beyond Quick Fixes

One of the major pitfalls of jumping into remediation without a root cause analysis is the risk of implementing quick fixes that don’t address the root problem. For example, in the Deere case, if the company had updated its anti-corruption policy without addressing the broader cultural or systemic issues, it would have left the door open for future violations.

Root cause analysis ensures that your remediation efforts are comprehensive and designed to prevent future violations. Instead of focusing solely on policies or individuals, you’re addressing the broader systems and processes that allowed the misconduct to occur. This might involve rethinking your company’s approach to third-party due diligence, improving internal reporting mechanisms, or enhancing employee training programs to emphasize ethical behavior. A quick fix might resolve the immediate problem, but a comprehensive root cause analysis will prevent recurrence and protect your company long-term.

Improving Your Compliance Program Over Time

Root cause analysis is not a reactive tool; it is a mechanism to continuously improve your company’s compliance program. By regularly performing root cause analyses in response to compliance failures or near misses, you can identify trends, weaknesses, and gaps in your existing program. This allows you to make proactive adjustments and improvements, ensuring that your compliance program evolves to meet new risks and challenges.

Compliance is an ongoing process, and root cause analysis is key. By taking the time to understand why compliance failures happen, you can strengthen and improve your program over time. Don’t wait for a major enforcement action to identify weaknesses in your compliance program—use root cause analysis as a tool for continuous improvement.

Building a Culture of Accountability

Finally, one of the most important benefits of conducting a root cause analysis before remediation is that it fosters a culture of accountability. When employees see that the company is taking a thoughtful, thorough approach to addressing misconduct, they’re more likely to trust the compliance function and adhere to ethical standards.

In the Deere case, the company’s failure to identify and address the root causes of Wirtgen’s corrupt practices could have contributed to a culture where employees felt that bribery was tolerated or encouraged. By contrast, companies emphasizing accountability and transparency in their root cause analyses send a clear message: misconduct will be thoroughly investigated, and systemic issues will be addressed.

Building a strong culture of compliance starts with holding people—and processes—accountable. Root cause analysis helps you identify the individuals responsible for misconduct and the broader systems and structures that allowed it to happen. This accountability, in turn, strengthens your compliance culture and reinforces your company’s commitment to ethical behavior.

The Deere FCPA enforcement action powerfully reminds us of the importance of conducting a root cause analysis before proceeding with remediation. Companies need to understand why misconduct occurred before implementing superficial fixes. By taking the time to perform a thorough root cause analysis, compliance professionals can ensure that their remediation efforts are comprehensive, effective, and designed to prevent future violations.

Remember, root cause analysis isn’t just a best practice, as the DOJ has now noted several times in several places and through several different media; it is a regulatory expectation. It’s also a critical tool for improving your compliance program, building a culture of accountability, and protecting your company from future compliance failures. This means that before you rush to fix the problem, ensure you understand it first. Only then can you design a remediation plan that addresses the cause of misconduct and sets your company up for long-term success.

Categories
Compliance Tip of the Day

Compliance Tip of the Day: DOJ Whistleblower Financial Incentive Program

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we consider the remarks by Principal Deputy Assistant Attorney General Nicole M. Argentieri on the DOJ Corporate Whistleblower Incentive Program and her review of its early results.