$3B TD Bank AML Settlement Is A Wake-Up Call For All Banks
Law360
On Oct. 10, Attorney General Merrick Garland announced that TD Bank pled guilty to conspiracy to commit money laundering and agreed to pay over $1.8 billion in penalties to resolve the U.S. Department of Justice's investigation into money laundering and Bank Secrecy Act violations.
When combined with agreements with the Federal Reserve, the Office of the Comptroller of the Currency and the U.S. Treasury Department's Financial Crimes Enforcement Network, the Toronto-based bank will pay approximately $3.09 billion in penalties.
The scope and structure of the overarching settlement have raised eyebrows across the financial services industry and may portend an increasingly aggressive regulatory posture toward BSA and anti-money laundering, or AML, compliance.
TD Bank's guilty plea is the beginning, not the end, of a long road. The bank must now retain independent compliance monitors and spend tens to hundreds of millions of dollars enhancing its compliance program as part of a multiyear remediation agreement. The OCC has mandated an unprecedented asset cap, which will inhibit TD Bank's growth for years to come.
And, unsurprisingly, shareholders have filed a class action, Tiessen v. TD Bank, in the U.S. District Court for the Southern District of New York in October after TD Bank's stock fell more than 10% in the wake of the settlement.
As TD Bank begins the long process of revamping its compliance program and making up for BSA/AML shortcomings, the rest of the industry is wondering where regulators will go from here, and how other banks can avoid the same fate.
Case Background
The TD Bank investigation started like a scene from a Hollywood movie. Law enforcement was investigating a Mexican drug cartel and surveilled several of the cartel's couriers delivering cash to a Chinese money laundering ring in Queens, New York, run by Da Ying Sze.
Following the money, federal agents tailed a literal box truck filled with cartel cash around the tristate area, and observed members of Sze's organization depositing bags of cash into bank after bank.
Sze's money laundering organization deposited funds at multiple banks, but law enforcement soon noticed that Sze relied on one financial institution more than any other — namely, TD Bank.
In reference to TD Bank's motto, "America's Most Convenient Bank," Garland quipped, "[b]y making its services convenient for criminals, it became one."
The plea agreement highlighted several independent, multiyear money laundering schemes Jack Harrington running through the bank, but Sze's was arguably the most prolific.
According to the government, Sze, who was known to branch staff as David, laundered more than $470 million in narcotics profits through TD Bank. He would enter branches carrying bags of cash and deposit those funds into accounts opened in others' names. Sze would then instruct bank staff to send wires and issue checks. On occasion, Sze would deposit more than $1 million in a single day.
According to FinCEN, TD Bank failed to identify Sze in more than 500 currency transaction reports as the conductor of the transaction, instead listing the nominal account holder who branch employees knew not to be the person depositing the cash.
According to the DOJ, one day when Sze's network walked into a branch with more than $1 million in checks and cash, an employee asked in an email, "How is that not money laundering?" A back-office employee responded, "oh, it 100% is."
Three Takeaways From the TD Bank Settlement
The TD Bank settlement reminds banks of all shapes and sizes why they need to take financial crime compliance seriously. BSA/AML programs must be risk-based, adequately resourced and top of mind for the board of directors.
That said, the settlement highlights at least three areas in which bank leadership, counsel and compliance staff must focus their efforts.
1. Banks must account for insider threats.
As compliance programs become more technologically sophisticated, the TD Bank case shows that financial institutions are still vulnerable to insider threats.
According to prosecutors, Sze "bribed bank employees with more than $57,000 in gift cards in furtherance of the scheme."
The plea agreement also highlights five specific TD Bank employees who "provided material assistance, often in return for a fee, to a second money laundering scheme" involving Colombian drug cartels. The "insiders opened accounts and provided dozens of ATM cards to the money laundering networks, which [they] used to launder funds from the United States to Colombia through high volume ATM withdrawals."
On Oct. 30, federal prosecutors indicted Oscar Marcelo Nunez-Flores, a TD Bank branch manager in Scotch Plains, New Jersey, for money laundering and bribery. Further indictments of TD Bank insiders are likely to follow.
In the world of BSA/AML compliance, it is often said that the business is the first line of defense. Bank tellers and relationship managers are best positioned to spot money laundering red flags or other suspicious activity by a customer or in an account. But what happens when the front-line business becomes part of the problem?
Banks must focus their compliance and training attention on the front lines of their retail and business operations. BSA/AML programs are only as strong as their weakest link, and regulators will continue to focus on know-your-customer onboarding, customer due diligence, and banks' capacity to identify and respond to insider threats.
2. Transaction monitoring requires constant attention.
The TD Bank plea agreement noted the bank's "pervasive and systemic failure to maintain an adequate AML compliance program, including its failure to substantively update its transaction monitoring program from at least 2014 to 2022, [and] its failure to monitor trillions of dollars of transactions from at least 2014 to 2024."
Banks cannot afford to set and forget transaction monitoring scenarios. The compliance, audit and executive functions must continuously scrutinize transaction monitoring policies and technologies based on the institution's evolving risk profile.
Regulators expect banks to ask the tough questions: Are we routinely reviewing our monitoring scenarios? Do our monitoring scenarios have blind spots, given our risk profile? What percentage of our transactions are being monitored, and do those percentages cover our highest-risk transactions, given the bank's risk profile?
Transaction monitoring can never be static or one-size-fits-all. The TD Bank plea agreement noted that from 2014 to 2022, TD Bank did not monitor domestic Automated Clearing House transactions because the bank deemed them low risk. In certain contexts, and at certain institutions, domestic wires can be relatively low risk. However, in the age of peer-to-peer payment products, such as Zelle and Venmo, those domestic ACH transactions can be breeding grounds for money laundering.
Transaction monitoring programs will continue to be a focus of regulatory attention. Banks cannot omit entire segments of transaction activity from monitoring.
Monitoring programs need to be thoughtfully designed to account for the institution's unique risk profile, and they must be continuously evaluated.
3. Tone at the top is defined in part by the resources allotted to compliance.
According to the plea agreement, TD Bank Group executives were responsible for "the integrity and effectiveness of the Group's internal controls and adherence to applicable compliance standards and ... for 'setting the tone at the top as it relates to integrity and culture ... and communicating and reinforcing the compliance culture throughout the [Group].'"
However, the DOJ emphasized that bank "executives strove to maintain ... a 'flat cost paradigm,'" in which each department's budget was expected to remain flat despite consistent revenue growth.
BSA/AML compliance is one area in which banks cannot abide flat budgets in the face of significant growth. Additional revenues mean new customers and an inherently evolving risk profile, and compliance budgets must increase in the face of increased risk.
In 2019, an employee emailed TD Bank executives regarding a "'historical underspend' on compliance" and how the bank's flat-cost paradigm had "led to systemic deficiencies in the Bank's transaction monitoring program." Bank executives took no action.
The plea agreement is riddled with examples of how TD Bank's leadership chose cost savings over necessary investments in the compliance function — investments that undoubtedly would have been far less costly than the $3.1 billion fine levied against the bank.
Bank executives must have visibility into, and maintain oversight of, how their institutions are budgeting for evolving BSA/AML risks. BSA officers and compliance professionals cannot accept flat-cost paradigms, and must communicate budgetary concerns before they themselves become the focus of regulatory action.
An institution's compliance focus is much more than a budgetary line item. What's clear is that to achieve the requisite tone at the top, the BSA/AML compliance function must be adequately resourced to account for a bank's risk profile.
Preparing for Novel and Aggressive Enforcement Resolutions
It is difficult to predict what BSA/AML enforcement actions will look like in the new administration, but the TD Bank settlement has set a new benchmark for the structure of future resolutions.
Not only is the TD Bank settlement the largest-ever monetary resolution of its kind, but for the first time, the OCC has instituted an asset cap as part of a BSA/AML compliance-related consent order.
Article VI of the consent order enables the OCC, at its discretion, to require TD Bank to reduce its total consolidated assets by up to an additional 7% every year the bank does not meet its compliance and remediation obligations under the order.
This makes it nearly impossible for TD Bank to accurately predict the long-term impact of the settlement, and it significantly increases the potential losses from shareholder litigation, as plaintiffs will presumably argue damages are based not only on the $3.1 billion outlay, but also on the long-term impact on the bank's growth.
TD Bank is also the first bank to ever plead guilty to conspiracy to commit money laundering. Beginning in October 2021, Deputy Attorney General Lisa Monaco signaled a more aggressive enforcement approach to corporate crime, including increased emphasis on individual accountability and more widespread use of corporate monitors.
The TD Bank settlement is the latest example of this policy, and the government's shift away from deferred prosecution agreements and toward criminal convictions.
Despite the historic guilty plea, some do not believe the DOJ went far enough. In a six-page letter to Garland and Monaco, Sen. Elizabeth Warren, D-Mass., argued that the DOJ's charging decisions in the TD Bank case "represent absurd legal gymnastics by DOJ that ultimately have allowed the bank and its top executives to avoid full responsibility for their actions."
Warren also highlighted that the plea agreement shifts responsibility for money laundering from the bank to its holding company, ensuring the OCC would not be legally required to serve TD Bank with a notice of intent to terminate the bank's charter.
The DOJ has already charged two, albeit low-level, TD Bank employees for their alleged involvement in one of the money laundering schemes. In his public remarks, however, Garland noted that "criminal investigations into individual employees at every level of TD Bank are active and ongoing," signaling that prosecution of TD Bank executives could be on the horizon.
A Wake-Up Call
TD Bank is the nation's 10th-largest bank. Federal regulators may have stumbled onto TD Bank's money laundering conspiracy, but rest assured the deficiencies they observed will be the focus of future investigations into financial institutions of all sizes.
The TD Bank settlement is a wake-up call and an opportunity for industry members to examine their BSA/AML programs and ensure they are not the next headline.
Republished with permission. This article, "$3B TD Bank AML Settlement Is A Wake-Up Call For All Banks," was published by Law360 on November 20, 2024.
