by Jonathan J. Rusch

On October 10, the U.S. Department of Justice, the Financial Crimes Enforcement Network (FinCEN), the Office of the Comptroller of the Currency (OCC), and the Federal Reserve Board (FRB) announced an extraordinary set of coordinated criminal and civil resolutions involving TD Bank, N.A. and its parent company TD Bank US Holding Company (collectively TD Bank) for systematic and years-long violations of the Bank Secrecy Act (BSA) and money laundering.  The first post on the TD Bank resolutions addressed only the Department of Justice’s criminal resolution with TD Bank.[1] This post will focus on the bank’s resolutions with the regulatory agencies, and identify certain lessons to be learned from this case.

The FinCEN Resolution

On October 10, the Financial Crimes Enforcement Network (FinCEN) issued a consent order imposing a record $1.3 billion penalty against TD Bank, N.A. and TD Bank USA, N.A. (the Bank) for BSA violations.  FinCEN stated that this penalty was the largest penalty against a depository institution in U.S. Treasury and FinCEN history.  It also imposed a four-year independent monitorship to oversee TD Bank’s required remediation.

FinCEN stated that its investigation “revealed that TD Bank knew that its AML program was neither appropriately designed nor adequately resourced to mitigate the actual illicit finance risks that it faced on multiple fronts.” It listed a variety of the Bank’s failures:

• The Bank’s processing of peer-to-peer transactions (e.g., Venmo and Zelle), including transactions indicative of human trafficking, “was insufficient, and as a result, TD Bank failed to identify and timely report these transactions to FinCEN.”
• The Bank “also allowed significant backlogs of potentially suspicious activity to persist, thereby depriving law enforcement of necessary information.” It knew “that it was the subject of significant funnel account activity involving high-risk countries yet failed to take timely action to address this substantial risk.”
• The Bank “also failed to timely detect suspicious activity involving its own employees. For example, in 2021, a TD Bank employee facilitated the laundering of narcotics proceeds in exchange for bribes. This employee opened numerous accounts, including for shell companies, that then engaged in millions of dollars’ worth of funnel account activity in a high-risk jurisdiction where TD Bank maintained no operations. TD Bank knew that this type of activity was not subject to appropriate controls and failed to mitigate this glaring risk.”
• As a result of these failures, the Bank “allowed trillions of dollars in transactions annually to go unmonitored for potentially suspicious activity that would require reporting to FinCEN. Specifically, during the time period covered by the Consent Order, TD Bank willfully failed to file Suspicious Activity Reports (SARs) on thousands of suspicious transactions—totaling approximately $1.5 billion. Additionally, TD Bank’s Currency Transaction Reports (CTRs) of large cash transactions were often delayed, and, in some instances, misleading to law enforcement.”
• In addition, the Bank “failed to properly limit or report suspicious transactions and cash activity that included substantial criminal activity, as further detailed in the Consent Order. For example, from 2017 to 2021, TD Bank facilitated over $400 million in transactions for Da Ying Sze (Sze), who pled guilty to money laundering in 2022 for his role in conspiring to hide proceeds of narcotics trafficking. Sze conducted most of these transactions in large sums of cash (often in bags that Sze brought into TD Bank branches), yet the Bank failed to timely limit or restrict Sze’s activity. TD Bank failed to timely file SARs on a substantial portion of this activity and also failed to identify Sze in more than 500 CTRs totaling more than $400 million, which hindered FinCEN and law enforcement.”[2]

The OCC Resolution

On October 10, the Office of the Comptroller of the Currency (OCC) announced a cease and desist order and a $450 million civil penalty against TD Bank, N.A. and TD Bank USA, N.A. (bank), for deficiencies in the bank’s Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance program.[3]  The OCC set forth a number of determinations with regard to TD Bank’s conduct:

• The bank “failed to develop and maintain a BSA/AML program reasonably designed to assure and monitor compliance with the BSA and its implementing regulations. Deficiencies in the bank’s BSA/AML program included those related to internal controls and risk management practices; risk assessments; customer due diligence; customer risk ratings; suspicious activity identification, evaluation, and reporting; governance; staffing; independent testing; and training, among others.”
• The bank “had significant, systemic breakdowns in its transaction monitoring program. The bank processed hundreds of millions of dollars of transactions with clear indicia of highly suspicious activity, creating a potential for significant money laundering, terrorist financing, or other illicit financial transactions. The bank repeatedly failed to take appropriate and timely corrective action to address the highly suspicious activity and failed to properly emphasize BSA/AML compliance.
• The bank “had a systemic breakdown in its processes to identify and report suspicious activity, and a pattern or practice of noncompliance with the suspicious activity report filing requirement, resulting in numerous violations. The bank also violated currency transaction reporting requirements on numerous occasions.”[4]

In addition to the $450 million civil penalty, the OCC’s actions also imposed what it termed “both novel and customary elements.”  These elements included:

• An asset cap limiting the bank’s total consolidated assets (to include the combined assets of both charters for TD Bank, N.A. and TD Bank USA, N.A.) to those reported as of September 30, 2024) for the duration of the order, with prolonged noncompliance triggering further potential reductions of the bank’s consolidated assets by up to 7 percent;
• Business restrictions that include (1) prohibition of opening a new branch (including a loan production office or deposit production office) or entering a new market without the OCC’s no supervisory objection and (2) requiring the bank to improve its policies and procedures for evaluating the BSA/AML risks posed by adding a new product or service and ensuring the bank has adequate controls to mitigate the risks;
• Complete and timely correction of the bank’s BSA/AML deficiencies, with corrective action requirements covering “the full scope of the BSA/AML program”;
• Board of directors certification to the OCC — prior to declaring or paying dividends, engaging in share repurchases, or making any other capital distribution – that includes “an explanation and justification for the bank’s current allocation of resources to comply with the order and a description of the bank’s progress in complying with the order”;
• An independent third-party “end-to-end” assessment of the bank’s BSA/AML program; and
• A suspicious activity review lookback by an independent third party; and
• A prohibition on rehiring any employees who participated in the misconduct discussed in the order.[5]

The Federal Reserve Board Resolution

On October 10, the Federal Reserve Board (FRB) fined TD Bank $123.5 million for violations related to AML laws, requiring TD to implement enhanced measures to comply with AML laws and to correct its risk management deficiencies. Having determined that “TD failed to conduct adequate risk management and oversight of its retail banking operations in the United States, resulting in a U.S. subsidiary being used to launder hundreds of millions of dollars in illicit proceeds”, the FRB order directed TD Bank to:

• Establish a new office in the United States dedicated to remediating the deficiencies identified in the order;
• Relocate to the United States the parts of its AML compliance program that are responsible for complying with U.S. law. This program will be subject to oversight by U.S. regulators;
• Certify that sufficient resources and attention are allocated to correcting the firm’s AML deficiencies prior to issuing any dividends or capital distributions; and
• Undertake a thorough and independent review of the firm’s board of directors and management to ensure adequate oversight of the U.S. operations. [6]

In addition, because Canada’s Office of the Superintendent of Financial Institutions is the home country regulator of TD, the FRB order further provided that the OSFI can act, with respect to the implementation of the FRB order, as permitted by its legal authority.[7]

Observations

It is commonplace in compliance circles to refer to governance, risk, and compliance as though they were separate and unconnected topics.  The TD Bank resolutions collectively provide substantial evidence that the three topics are very much interrelated.  In particular, the conduct described in those resolutions shows that poor governance can lead directly to poor and inadequate risk assessment and in turn to inadequate, even fatally defective, compliance programs.  As studies have shown, poor governance may be attributable not only to failure of proper oversight and accountability mechanisms[8], but to adoption of and commitment to flawed business strategies and financial miscalculations by the board of directors[9].

In this case, TD Bank’s leadership committed the bank to a budgetary strategy that effectively guaranteed the sustained constriction of the AML compliance program’s ability to carry out critical functions, and that led to three money laundering networks’ laundering more than $670 million through TD Bank from 2019 to 2023.  None of the four government resolutions identifies, by name or title, any of the executives who initiated or continued that strategy, but they individually and collectively constitute a severe condemnation of TD Bank’s senior leadership.

Although the bank has promised to upgrade their compliance program and hire more than 700 new specialists[10], the extraordinarily high financial penalties and significant business restrictions under which it will be operating for some time to come should be an object lesson for the financial community about the importance of maintaining effective AML/BSA compliance.

Lawyers representing financial institutions, as well as financial institution chief compliance officers, should therefore provide their clients with detailed briefings on the TD Bank resolutions, and incorporate key elements of those resolutions into BSA/AML training, particularly for senior business and legal executives.

Footnotes

[1]   See Jonathan J. Rusch, TD Bank Pleads Guilty to Bank Secrecy Act and Money Laundering Conspiracy Violations and Agrees to Pay More Than $3.09 Billion in Criminal and Civil Penalties for “Systemic Breakdown” in Compliance Policies, Procedures, and Processes – Part I: The Justice Department Resolution, Compliance & Enforcement, December 17, 2024, https://wp.nyu.edu/compliance_enforcement/2024/12/17/td-bank-pleads-guilty-to-bank-secrecy-act-and-money-laundering-conspiracy-violations-and-agrees-to-pay-more-than-3-09-billion-in-criminal-and-civil-penalties-for-systemic-breakdown/.

[2]   Financial Crimes Enforcement Network, FinCEN Assesses Record $1.3 Billion Penalty against TD Bank, October 10, 2024, https://fincen.gov/news/news-releases/fincen-assesses-record-13-billion-penalty-against-td-bank.

[3]   Office of the Comptroller of the Currency, OCC Issues Cease and Desist Order, Assesses $450 Million Civil Money Penalty, and Imposes Growth Restriction Upon TD Bank, N.A. for BSA/AML Deficiencies, October 10, 2024, https://occ.gov/news-issuances/news-releases/2024/nr-occ-2024-116.html.

[4]   Id.

[5]   Office of the Comptroller of the Currency, Fact Sheet: OCC Cease and Desist Order and Civil Money Penalty  against TD Bank N.A. and TD Bank USA, N.A., October 10. 2024, https://occ.gov/news-issuances/news-releases/2024/nr-occ-2024-116a.pdf.

[6]   Federal Reserve Board, Federal Reserve Board fines Toronto-Dominion Bank $123.5 million for violations related to anti-money laundering laws, October 10, 2024, https://www.federalreserve.gov/newsevents/pressreleases/enforcement20241010a.htm.

[7]   Board of Governors of the Federal Reserve System, In the Matter of Toronto-Dominion Bank et al., Order to Cease and Desist and Order of Assessment of a Civil Money Penalty Issued Upon Consent, Pursuant to the Federal Deposit Insurance Act, as Amended, Docket Nos. 24-027-B-FB, 24-027-CMP-FB, 24-027-B-HC, and 24-027-CMP-HC at 3 (October 9, 2024), https://www.federalreserve.gov/newsevents/pressreleases/files/enf20241010a1.pdf.

[8]   See The most common reasons for corporate governance failure: A deep dive, The CFO, January 19, 2023, https://the-cfo.io/2023/01/19/the-most-common-reasons-for-corporate-governance-failure-a-deep-dive/.

[9]   See Mark Amin, The greatest board failures, Corporate Governance Institute, https://www.thecorporategovernanceinstitute.com/insights/case-studies/the-greatest-board-failures/.

[10]   Ramishah Maruf, Former Florida TD Bank employee charged in cartel money laundering scheme, CNN, December 11, 2024, https://www.cnn.com/2024/12/11/business/former-florida-td-bank-employee-arrested-cartel-money-laundering/index.html.

Jonathan J. Rusch is Director of the U.S. and International Anti-Corruption Law Program and Adjunct Professor at American University Washington College of Law and a Senior Fellow with the NYU Program on Corporate Compliance and Enforcement at New York University Law School.

The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright of this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).