What TD Bank’s Money Laundering Debacle Teaches Us About Underfunding Compliance

Choosing profits over compliance will get you in trouble with the Justice Department. That’s the lesson TD Bank learned in a $3 billion settlement related to large-scale Bank Secrecy Act (BSA) program violations. 

TD Bank is the first bank in the U.S. to plead guilty to conspiracy to commit money laundering with the Justice Department saying the bank was corrupted from the inside out, failing to address known risks for nearly a decade. 

As part of its guilty plea, TD Bank agreed to pay more than $1 billion in penalties to the Justice Department, $1.3 billion to the Financial Crimes Enforcement Network (FinCEN), and $450 million to the Office of the Comptroller of the Currency (OCC).  

Even more damaging to the bottom line, the bank is also not allowed to grow in asset size, add new products or services without regulatory permission, or open any new branches or loan production offices until it has fully complied with an OCC consent order. 

“Every bank compliance official in America should be reviewing today’s charges as a case study of what not to do. And every bank CEO and board member should be doing the same,” said Attorney General Merrick Garland. 

How did TD Bank get itself into hot water? Why did it make money laundering so easy? What lessons can financial institutions (FIs) and leadership teams learn about compliance budgeting and mandates?  

Read on to find out. 

What went wrong with TD Bank? 

Court documents reveal that TD Bank had “long-term, pervasive, and systemic deficiencies” in its U.S. AML program, lasting from January 2014 to October 2023. Regulators and the bank’s internal auditors repeatedly identified concerns with the bank’s transaction monitoring program, a critical element of an effective AML program.  

According to the Justice Department, the bank intentionally didn’t monitor domestic automated clearinghouse (ACH) transactions, most check activity, and other transaction types.  

How bad was the problem? According to the Justice Department, the bank's inaction resulted in at least three egregious money laundering network schemes that transferred more than $670 million between 2019 and 2023. The Justice Department charged more than two dozen individuals, including two bank insiders. 

In one scheme, a person known as "David" moved over $470 million in illicit funds through TD Bank branches in the U.S. The bank was not David's first target, but he chose it because of its lenient policies. He eventually bribed other employees with more than $57,000 in gift cards to further his scheme. However, perhaps David's most flagrant move was depositing more than $1 million in cash in a single day before immediately removing the funds using official bank checks and wire transfers.  

David's illegal conduct was so obvious it was acknowledged openly by frontline employees, who voiced their discomfort with "handling these transactions." In 2020, one store manager implored his supervisors, who were regional managers, to take action to address the issue. They didn’t. 

The second network involved 5 employees who funneled $39 million, including drug money, to Colombia. They conspired with criminal organizations, using the same Venezuelan passports to open multiple accounts and debit cards.  

TD Bank failed to detect the obvious conspiracy until law enforcement got involved and arrested one employee. 

In the third scheme, a network that maintained accounts for at least five shell companies, moving over $100 million in illicit funds. Despite employees flagging suspicious activities, TD Bank only filed a suspicious activity report once law enforcement intervened. By that time, the accounts had been open for over a year and had facilitated nearly $120 million in transfers.  

Skimping on risk management 

What motivated TD Bank to ignore clear signs of money laundering? Profits. 

According to the Justice Department, TD Bank senior executives enforced a budget mandate requiring that the bank’s budget not increase – even though both its profits and its risk profile continued to rise year after year.   

For example, even though TD Bank added new products and services, including the digital payment network Zelle, it didn’t add any additional monitoring systems or make any material changes to its existing monitoring scenarios.  

Both regulators and the bank’s internal auditors noted “glaring deficiencies” in TD Bank’s transaction monitoring program (In 2013, the bank paid more than $50 million to settle charges related to money laundering.), but the bank did nothing to correct them. Instead, it chose to underfund and understaff its AML program and put off much-needed program updates. 

Ultimately, nearly 92% of the bank’s transaction volume, totaling about $18.3 trillion, went unmonitored from January 1, 2018, to April 12, 2024. 

The takeaway: Compliance is expensive, but the cost of non-compliance – especially with BSA/AML issues – can’t be overstated. FIs must have a strong, documented BSA/AML compliance program, including a BSA/AML risk assessment, a designated officer to oversee the program, a training program, and independent testing. Trying to save money by underfunding BSA/AML is the definition of pennywise and pound foolish. Now in addition to building out and funding a sufficient BSA/AML program, the bank also has regulator-imposed growth limitations plus $3 billion in fines to pay.  

Related: The Redlining Wake-Up Call: Lessons for Mortgage Lenders 

A corrupt culture from the top down 

Some industry participants or consumers reading about the settlement may be surprised by how prescriptive the Justice Department and regulators were. The answer lies in the bank's culture—or lack of it. 

Not only did the bank have "long-term, pervasive, and systemic deficiencies" that extended throughout the organization, employees openly joked about how "convenient" they made money laundering to criminals. In 2020, a store manager emailed another manager, remarking, "You guys really need to shut this down LOL." 

Whether the store manager was joking out of discomfort or a lack of regard for ethics is debatable. Either way, management's lax approach seeped down to the frontline employees, some of whom openly questioned the bank's policies. When one particularly egregious act occurred, where David's network purchased over $1 million in official bank checks with cash in a day, an employee asked, "How is that not money laundering?" A back-office employee replied, "oh it 100% is."  

Actions like this are the result of a non-existent risk and compliance culture. While there were problems on the frontline and in lower management, it was up to the TD Bank leadership team to set a tone of compliance and prioritize risk and compliance management. They failed to address risk, and even when issues were brought to light by their lower-level employees, they chose profit over compliance. 

So far, the bank’s top executives have not been charged, which is at odds with some lawmakers’ arguments and the agency’s expressed commitment to “individual accountability.” However, future prosecutions are possible.  

The takeaway: When making a decision about compliance and its funding, leaders should ask: What is our risk tolerance for BSA/AML violations? What are our performance goals and are they in line with our company values? Are our resources aligned with our goals? Are we sending a message that encourages compliant behavior? Do we take employee compliance concerns seriously? 

Remember, a strong compliance culture starts at the top with a demonstrated commitment from the board and management.  

Related: Creating Value with A Culture of Risk Management 

The importance of compliance risk management 

The TD Bank leadership team took no substantive action to address gaps in its AML program for almost 10 years. Its failure to identify, assess, and monitor risks made it impossible for it to stay current with compliance risks and trends, which, in turn, allowed suspicious activity to persist. 

Choosing profit over regulatory compliance will eventually land any FI in hot water. Rather than investing in the necessary compliance infrastructure, staff, or processes to manage its growth successfully, the bank cut costs in vital areas that could have ensured it met regulatory standards.  

Compliance risk management is a regulatory obligation and should remain a top priority for institutions regardless of their profit goals. However, as authors Stephanie Lyon and Michael Berman outlined in their book The Upside of Compliance, it can also fuel growth, foster trust, and drive long-term success. 

Related: Webinar: The Upside of Compliance  

TD Bank’s regulatory challenges serve as a stark reminder of the importance of a robust compliance culture. Neglecting your FI’s challenges won’t make them go away. It’s more important than ever for institutions to prioritize proactive risk management and robust monitoring to avoid similar pitfalls.  

Want to learn the key components of a successful compliance management solution? 

Download the Buyer’s Guide to keep your organization exam-ready.