A Record Penalty and a Stark Reminder: 10 Key Lessons We Can All Learn from FinCEN’s $1.3 Billion Enforcement Action Against TD Bank

A Record Penalty and a Stark Reminder: 10 Key Lessons We Can All Learn from FinCEN’s $1.3 Billion Enforcement Action Against TD Bank

Today, October 10, 2024, FinCEN dropped a bombshell—a record-setting $1.3 billion penalty against TD Bank for serious violations of the Bank Secrecy Act (BSA). Not to mention the $1.8 billion fine from the Dept of Justice. As one of the largest banks in the U.S., TD Bank’s systemic failures are not just about non-compliance, they’re about the kind of critical gaps that let serious financial crime slip through the cracks. When I first read the consent order, my immediate thought was, "How did things get to this point?"

As financial crime professionals, you know this job isn’t easy. The risks you manage are evolving faster than ever, and balancing efficiency with accuracy is always a struggle. But, like many of you, I can’t help but believe that there were signs along the way that should have prompted earlier intervention. From the frontline analysts struggling to keep up with alerts to leadership teams grappling with the scale of compliance demands, this case is a stark reminder of how easily things can spiral when the right support isn’t in place.

Let me share 10 key takeaways I’ve gathered from this case—lessons that, in my opinion, we can all reflect on as we strive to strengthen our AML programs.

The TD Bank Failures

We’ve all faced challenges with transaction monitoring and staying on top of SAR filings, but this case demonstrates just how devastating the consequences of neglect can be. Here's what FinCEN highlighted as the the core failures.

  1. Gaps in transaction monitoring where the Bank failed to monitor over 80% of domestic ACH, wire, and peer-to-peer (P2P) transactions. I would have thought that such a critical gap in high-risk areas, particularly with the rise of digital payments like Venmo and Zelle, would have been addressed immediately. But evidently, outdated systems were allowed to persist.
  2. Failure to File SAR's: You know just how important this is, right? But TD Bank neglected to file SARs for over $1.5 billion in suspicious transactions. We all know how easy it is for backlogs to build up, but leaving this much unreported is shocking.
  3. It’s my understanding that TD Bank’s AML Investigations Unit was significantly understaffed, leading to chronic backlogs in reviews. While we’ve all been there or witnessed, teams stretched too thin—this case really emphasizes just how important it is to have the right number of resources in place.
  4. Internal Corruption was not identified for over 3 years. It turns out that in 2021, a TD Bank employee was found laundering narcotics proceeds in exchange for bribes. I believe this highlights something we don’t talk enough about: internal threats. It’s easy to focus on external bad actors, but we can’t forget that risks often come from within.

10 Key Learnings for Financial Institutions

Here are the 10 lessons that I think we can all take from TD Bank’s case—lessons that should prove useful in your own institutions.

1. Transaction Monitoring Must be Proactive and Continuous

We’ve seen this time and again. When I think about TD Bank’s failure to update their monitoring systems, it’s clear that real-time monitoring would have caught many of these issues early. In my view, every bank should be continuously recalibrating their monitoring scenarios, especially as new threats (like P2P payments) emerge.

2. Adequate Staffing and Resources are Essential

I’ve always believed that under-resourcing is a recipe for disaster. Compliance teams, particularly in AML, need enough people to manage alerts and handle investigations in real-time. When I read that TD Bank’s backlog was partly due to staffing issues, I thought, "This is preventable." Ensuring teams are properly resourced isn’t just important—it’s critical.

3. SAR Filings Cannot Be Delayed

We all know how important it is to file SARs on time. But to see a bank of TD’s size miss filings on billions of dollars in transactions? It’s a huge wake-up call. I’ve always advocated for automation where possible, and this case reaffirms that SAR processing should never be left to the mercy of backlogs or under-resourcing.

4. Continuous Governance and Oversight are Non-Negotiable

It’s my understanding that TD Bank’s senior leadership wasn’t fully engaged in the governance of its AML program. That, to me, is where the cracks in oversight begin. Leadership needs to actively oversee the effectiveness of a bank’s compliance program, not just assume the team has it under control. However, tis culture comes from the very top and requires Board support.

5. Technology Alone Won’t Solve the Problem—It Requires Human Oversight

I’ve often said that while technology can make your jobs easier, it's not the be all and end all. It simply can’t replace the human element. TD Bank had outdated systems, but what struck me was that the human oversight necessary to adjust those systems wasn’t there. In my opinion, technology is a tool, but it’s the people behind it who ensure the system stays effective.

6. Cultural Change is Crucial

A strong culture of compliance can make or break an AML program. I believe the issue at TD Bank wasn’t just about technology or processes—it was about a cultural failure to prioritize compliance. Compliance can’t be an afterthought; it has to be baked into the institution’s DNA.

7. Independent Monitors and External Audits Should Be Standard Practice

FinCEN has imposed a four-year independent monitorship on TD Bank, which, in my view, is a necessary step. Independent auditors should be reviewing AML programs regularly, and I’ve always supported the idea of proactive, external stress tests. If this had been in place at TD Bank, the issues might have been addressed long before FinCEN got involved.

8. Corruption and Internal Fraud Must Be a Priority

Internal fraud is one of the hardest things to detect, but when you see cases like TD Bank’s employee facilitating money laundering, it becomes clear that we need better internal controls. I’ve often believed that banks focus too much on external threats and not enough on insider risks. This needs to change. A bad actor is a bad actor internally or externally.

9. Scenario Management Cannot Be Neglected

I’ve always thought scenario management was one of the most critical aspects of transaction monitoring, yet TD Bank neglected this for years. We must constantly update and test our scenarios to ensure we’re catching emerging risks. P2P transactions, crypto, and cross-border activities all need their own dedicated scenarios.

10. A Culture of Accountability Starts at the Top

It’s clear to me that leadership at TD Bank failed to set the right tone for compliance. Accountability for an institution’s AML program begins and ends with senior management. I would have expected more engagement from TD Bank’s board in the oversight of these serious issues. In fact I'll go so far as to blame the Board in the majority, especially when you look at compensation models that underscored some of the overall weaknesses..

Moving Forward Is A Shared Responsibility

We know how difficult this job is. We’re all trying to stay ahead of threats that are constantly changing. But this case highlights that when institutions fail to invest in their compliance functions—whether it’s through technology, staffing, or governance—they put themselves at risk.

I believe that as financial crime professionals, we need to support each other in this shared responsibility. It’s not just about technology; it’s about building resilient teams, fostering a culture of compliance, and ensuring our systems are dynamic and responsive. Let’s use this moment as an opportunity to learn, grow, and continue to protect the financial system we’re all responsible for safeguarding.

#FinancialCrime #AML #FinCEN #Compliance #Banking #Governance #SAR #TransactionMonitoring #AMLCompliance #FinancialInstitutions #BankSecrecyAct #RiskManagement #FinCrime

Pat MILLAIS

Retraité !X! Retired

2mo

Très informatif

Ricardo Sahagun, MBA

Channels and Alliances | Sales | Leadership | Cloud | Analytics | Geospatial | Imagery & Remote Sensing | MDM | Esri | AWS | Google | USA | LATAM | EMEA | Global

2mo

I was counting the minutes until you posted about this, Richard!

Don Parker, CAMS, MBA

Strategic AE, leveraging AI/ML to help combat fraud for the world’s largest banks.

2mo

Thank you Richard; you've unearthed some extremely clear call to actions for all of us. 📣 Interesting to see the continued convergence of AML/BSA, TM, SAR filing and internal fraud / mule recruitment. 🐴 Luckily, we have some fantastic solutions out there addressing both under one roof, such as yours and ours. 🏠 Keep up the great work! I learn something new every time I'm around you! ⚡ 💡 👊

To view or add a comment, sign in

More articles by Richard Stocks - CAMS

Insights from the community

Others also viewed

Explore topics