Categories
Compliance Tip of the Day

Compliance Tip of the Day: TD Bank Lessons Learned – What Does AML/BSA Enforcement Have to Do With ABC?

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Why does every type of compliance professional need to study the TD Bank enforcement Action?

Categories
Blog

TD Bank, Part 6 – Caremark Claims – The Board of Directors

Today, I continue my exploration of the TD Bank AML/BSA enforcement action through two of the most significant cases regarding Boards of Directors and corporate compliance: the Caremark and Stone v. Ritter decisions. The former decision was released in 1996, and the latter, some ten years later, in 2006. The original Caremark decision laid the foundation for the modern obligations of Boards of Directors in oversight of compliance in general and a company’s risk management profile in particular. Stone v. Ritter confirmed the ongoing vitality of the original Caremark decision.

Caremark

In Caremark, the Court noted that director liability for a breach of the duty to exercise appropriate attention can come up in two distinct contexts. The first, liability can occur from a board decision that results “in a loss because that decision was ill-advised or “negligent.” In the second, board liability for a loss “may be said to arise from an unconsidered failure of the board to act in circumstances in which due attention would, arguably, have prevented the loss.”

However, there is a second type of liability that boards can run afoul of under Caremark, and it is the one that seems to be the liability under which most boards are found wanting in successful Caremark claims. It is when “director liability for inattention is theoretically possible to entail  circumstances in which a loss eventuates not from a decision but from unconsidered inaction.” Board obligations had changed, and the Caremark court noted the following: the “obligation to be reasonably informed concerning the corporation, without assuring themselves that information and reporting systems exist in the organization that is reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation’s compliance with the law and its business performance.”

Stone v. Ritter

This case involved money laundering and a bank’s failure to report suspicious activity, which led to an employee running a Ponzi scheme. The bank in question was fined over $40 million. Once again, the plaintiffs needed to be more successful in their claims. The Stone v. Ritter court approved the Caremark Doctrine and further specified that Caremark required a “lack of good faith as a “necessary condition to liability.” It is because the Court was not focusing simply on the results but on the board’s overall conduct “of the fundamental duty of loyalty. It follows that because a showing of bad faith conduct “is essential to establish director oversight liability, the fiduciary duty violated by that conduct is the duty of loyalty.”

The Stone v. Ritter court ended by refining the Caremark Doctrine to define the necessary conditions for director liability under Caremark.

They are:

  1. Directors utterly failed to implement any reporting or information system or controls. This is called a Prong 1 claim or the ‘Information-Systems Theory and
  2. If they have implemented such a system or controls, they have consciously failed to monitor or oversee its operations, thus disabling themselves from being informed of risks or problems requiring their attention. This is called a Prong 2 claim or the ‘Red Flag Theory.’

In either situation, imposition of liability requires a showing that the directors knew they were not discharging their fiduciary obligations. Where directors fail to act in the face of a known duty to act, thereby demonstrating a conscious disregard for their responsibilities, they breach their duty of loyalty by failing to discharge that fiduciary obligation in good faith.

Board AML Obligations

TD Bank’s Board of Directors had a variety of obligations regarding compliance and the bank’s AML program. According to the Information, these duties included:

  1. Supervision and Strategy. The Board oversaw the Group’s overall operations to ensure the effective execution of major strategies and enterprise risk management.
  2. Executive Oversight. The Board is responsible for executive hiring and management and provides leadership across the Group’s subsidiaries.
  3. Internal Controls and Compliance. The Board was mandated to ensure that internal controls were effective and that the Group complied with applicable regulations. It was also mandated to set the tone for corporate integrity and culture and promote a compliance-oriented environment throughout the organization.
  4. Subsidiary Oversight. For TD Bank’s U.S. operations, the Board of TDBUSH was to oversee and monitor the BSA/AML program. They appointed the BSA Officer, were mandated to ensure the program’s effectiveness, and allegedly received regular updates on its performance. (More on this in a later blog.) The board also challenges information and actively participates in risk briefings to understand the program’s risks and controls adequately.

Overall, the Board was accountable for maintaining a strong compliance culture, particularly around AML policies, and ensuring a top-down commitment to these principles. Which, if any, of the above did the TD Bank actually fulfill?

Board Knowledge of AML and Compliance Deficiencies

Over at least eleven years, the Board of Directors at TD Bank Group and its subsidiaries was repeatedly made aware of failures in the Banks’ AML program through several channels. These channels included:

  1. Regulatory Actions. In 2013, enforcement actions by the OCC and FinCEN resulted in a $37.5 million penalty, with the board of TDBNA signing the agreement. The failure to identify $900 million in suspicious activity highlighted concerns about inadequate AML training.
  • Ongoing Audits. Between 2017 and 2020, internal audits identified multiple unresolved AML deficiencies, such as outdated transaction monitoring scenarios and governance issues. The Board was informed of these audit findings and the associated remediation plans.
  1. Third-Party Consultants. Between 2018 and 2021, external consultants flagged key weaknesses, including delays in AML technology upgrades, outdated parameters, and inefficiencies in testing transaction monitoring scenarios. The Board was informed of these reports.
  2. Direct Board Briefings. In 2021, the Boards of TD Bank Group, TDGUS, and TDBUSH were directly briefed on the need for a more adaptive AML framework to address evolving risks, which had yet to be adequately implemented over time.

Despite multiple alerts from regulators, auditors, and consultants, the Board of Directors needed to take sufficient action to resolve the identified deficiencies in the AML program, which led to significant unmonitored customer activity.

The Board and Caremark

As previously noted, the standard for violation of the Caremark Doctrine is one of two potential claims:

  1. Directors utterly failed to implement any reporting or information system or controls. This is called a Prong 1 claim or the ‘Information-Systems Theory and
  2. If they have implemented such a system or controls, they have consciously failed to monitor or oversee its operations, thus disabling themselves from being informed of risks or problems requiring their attention. This is called a Prong 2 claim or the ‘Red Flag Theory.’

It appears that the Board of Directors was well aware of its obligations regarding AML reporting and oversight. Yet, for some reason, the Board failed to act on any of the information presented to it.

Categories
10 For 10

10 For 10: Top Compliance Stories For The Week Ending October 19, 2024

Welcome to 10 For 10, the podcast which brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance, brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes hear about the stories every compliance professional should be aware of from the prior week.

Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  • Kenya impeaches deputy President.  (Al Jazeera)
  • McKinsey is close to settling its part in the opioid crisis.  (Reuters)
  • A Boeing judge wants additional information on Monitor and selection. (Law360)
  • RTX settles FCPA and fraud cases. (WSJ)
  • Meta fires staff who abused $25 meal credits. (FT)
  • Is routine legal advice risky? If you advise paying a bribe. (Law.com)
  • Grewal moves to Wall Street. (WSJ)
  • Which EU country is the most corrupt? (EuroNews)
  • Moog settles FCPA claim. (WSJ)
  • Canada’s reputation for clean banking is gone in 40 minutes. (The Globe and Mail)

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

TD Bank: Part 5 – The Reckoning

Today, I want to review the OCC Consent Order to see the bank’s requirements. This is separate from the DOJ requirements under the Bank’s Plea Agreement(s) and the FinCEN Consent. Further, the DOJ and OCC have mandated separate monitors under their attendant settlement agreements. FinCEN’s Order imposes a four-year independent monitorship, and the DOJ Plea Agreement a 3-year Monitorship. As Matt Kelly noted in Radical Compliance, the remediation steps include:

  • Establishing a dedicated compliance committee at the board level;
  • Drafting a plan within 120 days to overhaul its AML compliance program;
  • Hiring an independent compliance consultant within 60 days to conduct their review of TD’s compliance program;
  • Hiring a senior-level AML compliance officer;
  • Staffing up a more robust AML compliance function; and
  • Implementing new policies, procedures, training, and all the other usual requirements we’ve seen from similar banking settlements.

In this blog post, we will consider some of the highlights above and beyond these remediation steps that the Bank must perform.

The Action Plan

The enforcement order mandates that within 120 days, TDBNA must submit a comprehensive BSA/AML Action Plan to the Examiner-in-Charge for approval. This plan must address the bank’s deficiencies in adhering to the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations. The action plan must include detailed corrective actions, reasonable timelines for implementation, and clear accountability for executing these measures. The board of directors is responsible for overseeing the implementation, ensuring adherence, and monitoring progress, with formal reviews required at least annually.

The Action Plan must be subject to continuous updates and modifications as necessary, particularly if directed by the Examiner-in-Charge or if the bank identifies further areas of improvement. The Examiner-in-Charge must approve any significant deviations or material changes to the plan. TDBNA must also submit quarterly progress reports detailing corrective actions, outstanding issues, and timelines for resolving compliance deficiencies, ensuring transparency in the bank’s efforts to remediate its AML program.

In the event of ongoing issues or independent assessments highlighting further weaknesses, the bank must provide written documentation to the Examiner-in-Charge. The board’s review and response to these assessments will drive accountability and ensure the continuous improvement of TDBNA’s BSA/AML compliance program.

AML Program Assessment and Remediation

TDBNA’s response to its enforcement action underlines the critical role of independent third-party assessments in fortifying a bank’s BSA/AML program. The bank must engage an independent consultant, approved by the OCC, to conduct an exhaustive end-to-end review of its entire BSA/AML framework. This process begins within 60 days of the enforcement order, where TDBNA must submit the proposed consultant’s qualifications, along with a detailed scope of work and timeline, for the OCC’s review. The consultant’s expertise in BSA/AML compliance is a key requirement to ensure the assessment is thorough and capable of addressing the bank’s regulatory obligations.

The independent consultant’s primary objective is to assess the bank’s BSA/AML program against its risk profile, identifying any gaps or weaknesses in its structure and operations. This review will examine whether the bank’s transaction monitoring, suspicious activity reporting, and overall governance are robust enough to meet the demands of U.S. regulatory requirements and the bank’s evolving risk landscape. The consultant’s findings will be critical in determining how effectively TDBNA’s AML framework functions and where improvements are necessary.

Upon completing the review, the consultant will deliver a comprehensive report to TDBNA’s board of directors detailing any deficiencies in the bank’s BSA/AML program. The report will also include recommendations for remediation, ensuring the bank addresses areas of concern in a structured and strategic manner. To ensure transparency and accountability, the board will document its review of the report in official meeting minutes, which must be submitted to the OCC. Additionally, the independent consultant will provide a copy of the report directly to the Examiner-in-Charge, ensuring that regulators have a clear view of the findings and the bank’s planned corrective actions.

Beyond simply identifying deficiencies, the bank must ensure it takes prompt and effective action to remediate the issues raised by the independent consultant. TDBNA must incorporate the necessary remediation efforts into its existing BSA/AML Action Plan, ensuring that all gaps are addressed promptly and comprehensively. This integration is crucial, as failure to properly implement corrective measures could lead to further regulatory actions and potentially severe penalties. The OCC will continue to monitor the bank’s progress by submitting updated action plans and progress reports.

Ultimately, this process highlights the importance of maintaining a dynamic and adaptable BSA/AML program that can respond to emerging risks and regulatory expectations. TDBNA’s engagement with an independent consultant reminds all financial institutions that complacency in AML compliance is not an option. By continually assessing and improving their compliance frameworks, banks can better mitigate risk, avoid regulatory scrutiny, and ensure their AML programs remain strong, effective, and compliant with the law.

Three is Not Always a Crowd

Are you beginning to see a pattern here? The Bank engaged third-party consultants who identified significant weaknesses in its AML program and reported these issues to the Bank’s AML leadership. In 2018, one consultant noted that increasing regulatory requirements and transaction volumes would pressure AML operations, making it difficult to meet demands and deadlines. Additionally, the consultant found that The Bank’s testing of its transaction monitoring scenarios took less than the industry average, highlighting inefficiencies in its ability to assess and capture suspicious activity.

In 2019, another consultant flagged sub-optimal transaction monitoring scenarios based on outdated parameters. These outdated scenarios generated many alerts, overwhelming the AML team and limiting their ability to focus on truly high-risk customers and transactions. This finding pointed to a broader issue in the bank’s ability to adapt its monitoring systems to changing regulatory and risk environments, significantly undermining the effectiveness of its AML compliance efforts.

In 2021, a third consultant identified additional limitations within the Bank’s transaction monitoring program, particularly its technology infrastructure. The consultant found that the bank faced technological barriers that restricted its ability to develop new scenarios or adjust existing parameters, further hampering its AML efforts. These ongoing challenges reflect a broader need for the Bank to modernize its systems and ensure its AML program is agile enough to meet regulatory expectations and address emerging risks effectively.

Restriction on Growth

The Consent Order also required the Bank to maintain its total consolidated assets at or below the level reported on September 30, 2024. This mandate prevents the banks from increasing their average total consolidated assets beyond this threshold until they achieve compliance with all actionable articles of the order. The total consolidated assets will be measured using the banks’ respective Consolidated Reports of Condition and Income.

The asset restrictions will remain in place until the banks meet all compliance obligations outlined in the order. However, the Deputy Comptroller can temporarily suspend the asset cap in unusual circumstances. If the banks fail to meet compliance deadlines, the Deputy Comptroller may require a reduction of up to 7% of their total consolidated assets, as reported in the most recent calendar quarter.

If the Bank is notified that a reduction is necessary, it must submit a plan within 30 days for the Comptroller’s approval and have 60 days to implement the asset reduction. If non-compliance continues beyond the first year, the Deputy Comptroller may impose an additional reduction of up to 7% annually, with the same plan submission and implementation requirements applying each successive year until full compliance is achieved.

Jon Hill wrote in Law360 that this is only the second time “that a federal banking agency has slapped such handcuffs on a financial institution’s overall growth.” The first was Wells Fargo, slapped for its fraudulent accounts scandal. Moreover, while the Wells Fargo “cap has remained in place much longer than many observers originally expected, the OCC has designed its cap for TD Bank with more of a need for remedial speed in mind. In particular, the OCC order establishing the cap includes express provisions that allow the agency to reduce the size limit — that is, tighten the cuffs — by up to 7% annually if the bank does not meet certain deadlines for strengthening its U.S. anti-money laundering compliance.” The article quoted Julie A. Hill, a banking law professor and dean at the University of Wyoming College of Law, for the following, “where the asset cap has gone on for years and years as the bank has tried to get compliant.”

Put Money Where Their Mouth Is

Even more than the commitment to do business ethically and in compliance with its AML/BSA requirements, the Bank must also financially commit to compliance. The Order requires that before the Bank can declare or pay dividends, engage in share repurchases, or make any other capital distributions, the Board of Directors must certify in writing to the Examiner-in-Charge that adequate resources and staffing have been allocated to the remediation efforts required by the OCC’s order. This certification must be submitted at least 30 days before any proposed capital action. It must include a detailed description of the Bank’s current allocation of compliance resources, its progress in remediation, any anticipated changes in resource allocation, and the funding source for the proposed payment or distribution. The goal is to ensure that remediation efforts take priority over capital distributions.

Join us next time, where I will consider TD Bank and the Caremark Doctrine.

Resources

OCC

OCC Press Release

Consent Order 

Civil Money Penalty 

DOJ

TD Bank US Holding Company Information

TD Bank N.A. Information

TD Bank US Holding Company Plea Agreement and Attachments

TD Bank N.A. Plea Agreement and Attachments

Merrick Garland Remarks

Nicole Argentieri Remarks

FinCEN

Press Release

Consent Order

Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance: Episode 39 – The TD Bank Edition

What happens when two top compliance commentators get together? They talk compliance of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!

In this episode, co-hosts Kristy Grant-Hart and Tom Fox tackle several high-profile compliance issues. They start with TD Bank’s $3 billion money laundering scandal, exploring how inadequate compliance measures and lack of investment enabled a decade-long operation involving $18.3 trillion in questionable transactions. The discussion critiques the penalties imposed on TD Bank and reflects on the broader industry implications. The hosts then shift focus to collateral damage from fentanyl, human trafficking, modern slavery, and terrorist financing, spotlighting the OCC’s novel restrictive actions and an SEC enforcement case involving Indian bribery schemes by Moog.

Transitioning to corporate compliance dynamics, the podcast covers the Texas incident involving Deloitte’s mishandling of a convicted felon’s loan application, raising significant questions about due diligence. Frances Haugen’s advocacy for stronger whistleblower protections, particularly in the AI sector, gets highlighted. The episode concludes by addressing the legal ramifications of anti-boycott provisions, the complexities of election season in the workplace, and recent developments in the Boeing case, encapsulating these serious discussions with a humorous note on a bizarre Florida man incident.

Stories Include:

  • TD Bank Money Laundering Scandal
  • Caremark Claims and Broader Implications
  • Indian Bribery Case and SEC Enforcement
  • Debating the ECCP Guidance
  • Texas’ $5 Billion Power Plant Scandal
  • Facebook Whistleblower Frances Haugen Speaks Out
  • Understanding Anti-Boycott Provisions
  • Managing Politics in the Workplace
  • Boeing’s Legal Troubles and DEI Concerns
  • Florida Man’s Unusual Drug Complaint

 Resources:

Kristy Grant-Hart on LinkedIn

Spark Consulting

Prove Your Worth

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

TD Bank: Part 4 – Watergate, Actual Knowledge and Conscious Indifference

Mike Volkov often told the story of watching the Watergate Hearings as a teenager and being a seminal influence on his later professional life in the legal profession and government service. It was my first exposure to long-term Congressional hearings, at least when they were not the claptrap theater we have in place today. Perhaps the single thing I remember the most clearly was Tennessee Senator Howard Baker’s question, “What did the President know, and when did he know it?” The answer that we learned during the Watergate hearings was that President Nixon had known all along that the crimes of Watergate originated in the White House. Today, I want to use that question to explore what TD Bank knew, when they knew, and what that tells us about the culture of the world’s 30th-largest bank and 10th-largest bank in the US.

Prior OCC, FinCEN, and DOJ Enforcement Actions

In September 2013, the OCC and FinCEN levied a $37.5 million civil monetary penalty against the Bank for violating the Bank Secrecy Act (BSA) related to a Ponzi scheme run by a Florida attorney. Despite the numerous AML alerts triggered by its transaction monitoring system, the Bank failed to identify and report approximately $900 million in suspicious activity. This failure stemmed, in part, from inadequate anti-money laundering (AML) training for both AML and retail personnel. FinCEN emphasized that poorly resourced and trained staff managing critical compliance functions is unacceptable, underscoring the importance of adequate training and resources in compliance programs.

Following these enforcement actions, the Bank needed to adapt its transaction monitoring system to address its deficiencies substantively. The OCC had directed the bank to establish policies and procedures that could respond systematically and promptly to environmental or market changes, such as developing new monitoring scenarios. However, the bank’s failure to implement these recommendations meant it could not effectively mitigate emerging risks. This oversight revealed significant gaps in the Bank’s AML compliance efforts, particularly its ability to adjust its program to evolving threats.

In 2015, the OCC instructed the Bank to enhance its transaction monitoring program for high-risk customers, who were subject to the exact scenarios and thresholds as the rest of the Bank’s customers despite their higher risk profile. In 2016,  the AML function and the Bank technology teams began to develop new high-risk customer scenarios. That effort was put on hold in October 2016 by AML executives due to a lack of resources. After being briefly revived in early 2017, this project was again put on hold, this time by the head of AML at the Bank partly due to “cost.” Although US-AML leadership informed the OCC during its 2017, 2018, and 2019 examinations that these scenarios were in development, the Bank never implemented the required enhanced transaction monitoring of high-risk customers. By 2018, the OCC determined that the Bank’s planning and execution of its AML technology systems remained insufficient. The Bank had delayed implementing key AML technology projects, which directly contributed to its failures around AML compliance.

The Bank even misrepresented itself to the Department of Justice (DOJ). In February 2018, the Bank entered a settlement over its failure to file Suspicious Activity Reports (SARs). The Bank’s issues were partly due to its cessation of transaction monitoring scenario threshold testing. The Bank’s US-AML executives were aware of this resolution and acknowledged the importance of monitoring transactions for suspicious activity. One key AML leader at THE BANK emphasized that their AML team reviewed similar enforcement actions to ensure their compliance programs aligned with regulatory expectations, particularly around scenario threshold testing.

He explained to the AML Oversight Committee that the Bank conducted a detailed analysis below scenario thresholds to determine if SARs should have been filed, adjusting thresholds accordingly. This approach was intended to avoid the failures that led to the other bank’s settlement. However, despite these assurances, by early 2018, THE BANK’s AML team and its technology partners effectively halted its threshold testing due to competing priorities and resource limitations.

As a result, between 2018 and 2022, the Bank conducted threshold testing, or “quantitative tuning,” on only one out of approximately 40 U.S. transaction monitoring scenarios. This significant reduction in testing left gaps in the Bank’s AML compliance program, potentially exposing the bank to similar risks and regulatory scrutiny that had affected other institutions in the industry.

Where Was Internal Audit?

The question in these massive enforcement actions is often, ‘Where was the internal audit?’ Regarding the Bank, the answer is simple: Right Here, Doing Our Job. In 2018, the Bank’s Internal Audit function uncovered a critical issue within the bank’s AML program: the high-risk jurisdiction transaction monitoring scenarios were based on an outdated list, meaning the bank was not flagging transactions from jurisdictions currently deemed high-risk. This oversight severely impacted the bank’s ability to monitor and address risks associated with these regions. The findings revealed a gap in how the bank’s transaction monitoring system adapted to evolving regulatory expectations and global risk landscapes, compromising the effectiveness of its AML efforts.

By 2020, Internal Audit highlighted even more deficiencies in the bank’s AML compliance, specifically related to the governance and review of transaction monitoring scenarios. Among the key issues were a need for formal timelines for completing scenario reviews, some of which had been outstanding since 2017, and the failure to implement proposed changes from the previous year. Moreover, there needed to be a formal process or documentation to guide the promotion of new monitoring scenarios, a governance gap mirroring issues identified by the OCC seven years earlier. These systemic failures indicated a troubling lack of progress in strengthening the bank’s AML compliance framework.

Despite the findings from 2018 and 2020, Internal Audits reviewed in the following years revealed that these issues remained unresolved. The Bank’s Board of Directors was informed of these ongoing deficiencies and remediation plans, yet the persistent gaps in governance and scenario management continued to hinder the bank’s ability to respond to AML risks effectively. For those keeping score at home, that means Actual Knowledge at the Board.

Three Clarion Calls

Are you beginning to see a pattern here? The Bank engaged third-party consultants who identified significant weaknesses in its AML program and reported these issues to the Bank’s AML leadership. In 2018, one consultant noted that increasing regulatory requirements and transaction volumes would pressure AML operations, making it difficult to meet demands and deadlines. Additionally, the consultant found that The Bank’s testing of its transaction monitoring scenarios took less than the industry average, highlighting inefficiencies in its ability to assess and capture suspicious activity.

In 2019, another consultant flagged sub-optimal transaction monitoring scenarios based on outdated parameters. These outdated scenarios generated many alerts, overwhelming the AML team and limiting their ability to focus on truly high-risk customers and transactions. This finding pointed to a broader issue in the bank’s ability to adapt its monitoring systems to changing regulatory and risk environments, significantly undermining the effectiveness of its AML compliance efforts.

In 2021, a third consultant identified additional limitations within the Bank’s transaction monitoring program, particularly its technology infrastructure. The consultant found that the bank faced technological barriers that restricted its ability to develop new scenarios or adjust existing parameters, further hampering its AML efforts. These ongoing challenges reflect a broader need for the Bank to modernize its systems and ensure its AML program is agile enough to meet regulatory expectations and address emerging risks effectively.

The AML Leadership Team

During the relevant period, the Bank’s AML leadership consisted of key individuals whose responsibilities significantly shaped the Bank’s approach to AML compliance, and, more importantly, all knew of the Bank’s AML deficiencies. They were identified as Individual-1, Individual-2, and Individual-3 in the Information. Individual-1 was hired in 2013 as VP of AML Operations and rose to become the sole Chief AML Officer by 2019, overseeing the bank’s global AML program. His role included setting the annual AML budget, developing strategic priorities, and regularly reporting to the board of directors. Individual-1’s oversight extended to AML technology services and the U.S. Financial Intelligence Unit (FIU), reflecting his pivotal role in the U.S. and global AML operations.

Individual 2 joined THE BANK in 2014 as Head of the U.S. FIU and was critical in overseeing the investigative teams responsible for reporting suspicious activities and managing high-risk customers. By 2019, Individual-2 had assumed the role of BSA Officer and Deputy Global Head of AML Compliance, where they were responsible for managing the U.S. AML program. However, despite these responsibilities, Individual 2 faced limitations due to the Chief AML Officer’s direct control over AML technology, a crucial aspect of the bank’s AML operations, which created challenges in overseeing technology-related AML issues.

Individual-3, a vice president within AML Operations, took on significant responsibilities within the U.S. FIU, especially between 2017 and 2018. In this role, Individual-3 managed the initial review of transaction monitoring alerts and the handling of Unusual Transaction Referrals (UTRs) and reports of suspicious activity submitted by employees. Together, these key figures shaped THE BANK’s AML efforts, though the division of responsibilities and challenges with AML technology governance highlighted areas of vulnerability within the bank’s compliance framework.

What did the Bank know, and when did they know it? As the Information rather dryly noted, “US-AML, including senior leadership, were aware of the lack of domestic ACH and check monitoring.” More importantly, like President Nixon, they knew about their AML failures and consciously chose not to do anything about them.

Resources

Join us tomorrow when I will consider the reckoning for the Bank.

Resources

 OCC

OCC Press Release

Consent Order 

Civil Money Penalty 

DOJ

TD Bank US Holding Company Information

TD Bank N.A. Information

TD Bank US Holding Company Plea Agreement and Attachments

TD Bank N.A. Plea Agreement and Attachments

Merrick Garland Remarks

Nicole Argentieri Remarks

Categories
Compliance Into the Weeds

Compliance into the Weeds: Adventures in Squeezing Out Compliance – TD Bank’s Flat Cost Paradigm

The award-winning Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into the TD Bank BSA and AML enforcement action, which led to $3 billion in fines and penalties.

Tom and Matt discuss TD Bank’s conscious strategy of not raising the budget, known as the Flat Cost Paradigm or Zero Expense Growth Paradigm, and how this strategy severely restricted the Bank’s compliance and AML functions. This tactic aimed to increase profits by keeping expenditures flat year after year. The impact of this strategy is particularly evident in the global AML team’s expenditures on the U.S. anti-money laundering program, which decreased in 2021 compared to 2018. Despite significantly growing U.S. assets and net income, the bank refrained from increasing its budget for essential programs, a fact highlighted in the Justice Department indictment. The Bank’s strategy serves as a clear warning about the dangers of prioritizing profits over compliance.

Key Highlights:

  • Introduction to the Flat Cost Paradigm
  • Details of the Budget Strategy
  • Impact on Anti-Money Laundering Efforts
  • Financial Growth Amidst Budget Constraints

Resources:

  1. Blogs

Matt in Radical Compliance

Tom in the FCPA Compliance and Ethics Blog

  1. Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

  1. Enforcement Related Material

OCC

OCC Press Release

Consent Order 

Civil Money Penalty 

 DOJ

TD Bank US Holding Company Information

TD Bank N.A. Information

TD Bank US Holding Company Plea Agreement and Attachments

TD Bank N.A. Plea Agreement and Attachments

Merrick Garland Remarks

Nicole Argentieri Remarks

Categories
Daily Compliance News

Daily Compliance News: October 16, 2024 – The Gone in 60 Seconds Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Canada’s reputation for clean banking gone in 40 minutes.  (The Globe and Mail)
  • Grewal moves to Wall Street. (WSJ)
  • Which EU country is the most corrupt? (EuroNews)
  • It wasn’t the AML; it was intentionally starving compliance. (Bloomberg)

Categories
Blog

TD Bank: Part 2 – When Profits Trump Compliance: A Recipe for Corporate Disaster

We continue our exploration of the resolution of the AML/BSA enforcement action involving TD Bank US (the Bank), which is wholly owned by TD Bank Group, a publicly traded (NYSE: TD) international banking and financial services corporation headquartered in Toronto, Canada. TD Bank Group is one of the thirty largest banks in the world and the second-largest bank in Canada.

The enforcement action came in with a $3 billion penalty against the Bank, which has pled guilty to charges relating to the Bank Secrecy Act (BSA), which requires financial institutions to maintain programs to detect and report suspicious activity by their customers. The Bank also settled a series of civil investigations by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the Federal Reserve, and the Office of the Comptroller of the Currency (OCC), which mandated a Monitor to oversee the building out of the Bank’s compliance program and imposed an asset cap limiting the growth of the Bank’s U.S. retail business as a result of the breakdown of its controls.

This TD Bank case is right up there with Siemens, Petrobras, Odebrecht, Goldman Sachs, and Volkswagen as some of the most basic violations of corporate law we have ever seen. All of the above cases involved bribery and fraud, and the Bank case involved a violation of the most basic requirement of the BSA and the most basic tenets of an anti-money laundering compliance program. Moreover, the Bank’s conduct was not 20 years ago or even 10 years ago, as the conduct began in 2018, and the illegal conduct was right up to this past year. What led to these failures?

Failures at the Top

For the Bank, it all started at the top, where the very senior executives at the Bank decreed that no additional funds would be made available for compliance, compliance updates, or new technological solutions designed to make fulfillment of compliance obligations more efficient. This funding strangulation was termed the “flat cost paradigm” across the Bank’s operations. As a result, the Bank “willfully failed to remediate persistent, pervasive, and known deficiencies in its AML program, including (a) failing to substantively update its transaction monitoring system, which is used to detect illicit and suspicious transactions through the Bank, between 2014 and 2022 despite rapid growth in the volume and risks of the Bank’s business and repeated warnings about the outdated system.”

According to the TD Bank US Holding Company Information, this policy was pursued by the Bank Audit Committee and by the Bank’s Chief Anti-Money Laundering Officer during the relevant period, and the Bank’s BSA Officer both knew there were long-term, pervasive, and systemic deficiencies in the Defendants’ U.S. AML policies, procedures, and controls. This led to the Bank monitoring only approximately 8% of the volume of transactions because it omitted all domestic automated clearinghouse transactions, most check activity, and numerous other transaction types from its automated transaction monitoring system. Due to this failure, the Bank did not monitor approximately $18.3 trillion of transactions between January 1, 2018, through April 12, 2024.

It is not as if the Board of the Bank and its Canadian overlords were unaware of these deficiencies. As far back as 2013, FinCEN and the OCC brought enforcement actions against the Bank for its failures in its AML program. The Bank’s Board of Directors specifically signed off on the resolution of this enforcement action. IN 2018, the OCC characterized the Bank’s “planning, delivery, and execution of AML technology systems and solutions as insufficient. Specifically, the OCC highlighted the delays in implementing multiple AML technology projects and found those delays to be directly linked to nearly all of TDBNA’s outstanding AML program issues.”

Internal Audits at the bank also identified specific deficiencies in the bank’s AML and BSA compliance programs. In 2018, Internal Audit determined that the Bank’s high-risk jurisdiction transaction monitoring scenarios were using an outdated list of high-risk jurisdictions, meaning the bank’s scenarios were not designed to generate alerts on the jurisdictions currently deemed to be high-risk. Again, in 2020, Internal Audit identified AML compliance deficiencies related to the governance and review of transaction monitoring scenarios.

External third-party consultants also identified deficiencies in the Bank’s AML/BSA programs. One consultant “commented that “increased volumes and regulatory requirements” would pressure AML operations to meet demands and deadlines. The same consultant concluded that the Bank’s required testing of its transaction monitoring scenarios— which assessed whether scenarios were adequately capturing suspicious activity— took twice as long as the industry average.” A second consultant noted the Bank had “sub-optimal [transaction monitoring] scenarios” due, in part, to “outdated parameters” that generated a large volume of alerts that limited the Bank’s ability to focus on high-risk customers and transactions.” Finally, a third consultant “identified numerous limitations in the Bank’s transaction monitoring program, including technology barriers to developing new scenarios or adding new parameters to existing scenarios.”

Knowledge at the Bottom

Perhaps the craziest thing about the Bank’s failures in AML/BSA was that everyone was in on the joke: the Board, senior management, Bank employees, and ‘the bad guys.’ One conversation went like this:

AML Technologist: what do the bad guys have to say about us Lol

AML Manager: Easy target

AML Technologist:  damnit

AML Manager: Old scenarios; old CRR; tech agility is poor to react to changes

AML Manager: Bottomline: we have not had a single new scenario added since we first implemented the SAS

Another example cited in the Information was the following: “Other employees, both in AML and retail, consistently commented on the Bank’s instant messaging platform about the Bank’s motto, “America’s Most Convenient Bank,” and directly linked it to the Bank’s approach to AML. For example, a US-AML employee noted that a reason the Bank had not stopped one of the below-referenced money laundering typologies was because “we r the most convenient bank lol.”

Finally, this example from the information section states that “employees at multiple levels understood and acknowledged the likely illegality of David’s activity. In August 2020, one TDBNA store manager emailed another store manager and remarked, “You guys need to shut this down, LOL.” In late 2020, another store manager implored his supervisors (several TDBNA regional managers) to act, noting that “[i]t is getting out of hand, and my tellers are at the point that they don’t feel comfortable handling these transactions.” In February 2021, one TDBNA store employee saw that David’s Network had purchased more than $1 million in official bank checks with cash in a single day and asked, “How is that not money laundering,” to which a back-office employee responded, “oh it 100% is.” “

In his remarks, Attorney General Merrick Garland cited three examples where Bank employees knew money laundering was ongoing.

  1. In February 2021, one TD Bank store employee saw that David’s network had purchased over $1 million in official bank checks with cash in a single day. The employee asked, “How is that not money laundering?” A back-office employee responded, “Oh, it 100% is.”
  2. In a second, separate money laundering scheme, five TD Bank employees conspired with criminal organizations to open and maintain accounts at the bank that were used to launder $39 million to Colombia, including drug proceeds.
  3. In yet a third scheme, a money laundering network maintained accounts at TD Bank for at least five shell companies. It used those accounts to move over $100 million in illicit funds through the bank.

The bottom line is that everyone knows that the Bank facilitated money laundering and BSA violations. Why? The Bank consciously decided not to fund the compliance function or pay for any upgrades or updates, all in the name of its ‘flat cost paradigm.’

I will explore this matter in some depth over the next several blog posts. Tomorrow, I will consider money-laundering schemes.

Resources

 OCC

OCC Press Release

Consent Order 

Civil Money Penalty 

DOJ

TD Bank US Holding Company Information

TD Bank N.A. Information

TD Bank US Holding Company Plea Agreement and Attachments

TD Bank N.A. Plea Agreement and Attachments

Merrick Garland Remarks

Nicole Argentieri Remarks

Categories
Daily Compliance News

Daily Compliance News: October 14, 2024 – The Do GC’s Face Peril Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network.

Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

In today’s edition of Daily Compliance News:

  • Is routine legal advice risky? If you advise paying a bribe. (Law.com)
  • Deloitte fooled by fraudster in Texas (Houston Chronicle)
  • Moog settles FCPA claim. (WSJ)
  • TD Bank fined $3bn (WSJ)