Foodman CPAs and Advisors

On 10/10/24, FinCEN assessed a record $1.3 billion penalty against TD Bank for BSA violations.  This unprecedented penalty should function as a cautionary message and a warning to all financial institutions. All financial institutions should critically evaluate whether they have developed and sustained a well-structured BSA/AML and CFT compliance program. The risk assessment process of a financial institution, along with ensuring it is sufficiently supported, is essential for an effective corporate compliance program. Institutions can no longer overlook the importance of adequately funding hiring and training in compliance areas. It is imperative to ensure that sufficient resources are budgeted and allocated.

TD Bank Consent Order

FinCEN’s TD Bank Consent Order states that:  “all U.S. banks, such as TD Bank, to implement and maintain an AML program, including policies, procedures, and controls to assure ongoing compliance with the applicable provisions of the Bank Secrecy Act. TD Bank is also required to:

  • conduct independent testing for compliance;
  • designate an individual or individuals responsible for implementing and monitoring the operations and internal controls of the program;
  • conduct ongoing training for appropriate persons; and
  • implement appropriate risk based procedures for conducting ongoing customer due diligence, including, but not limited to, (a) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (b) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.”

The Consent Order addresses  “Reporting Obligations” that are essential for FinCEN, law enforcement, and others use to safeguard the U.S. financial system and combat serious threats, including money laundering, terrorist financing, organized crime, corruption, drug trafficking, and massive fraud schemes targeting the U.S. government, businesses, and individuals:

  • Currency Transaction Reports (CTRs): The BSA and its implementing regulations impose an obligation on banks to file a report of each deposit, withdrawal, exchange of currency or other payment or transfer, by, through, or to such financial institution which involves a transaction in currency of more than $10,000, including multiple transactions that aggregate to more than $10,000. A bank must file a CTR within 15 days after the transaction is conducted.
  • Suspicious Activity Reports ( SARs): A bank must identify suspicious transactions relevant to a possible violation of law or regulation in SARs filed with FinCEN.  Specifically, the BSA and its implementing regulations require banks to report transactions that involve or aggregate to at least $5,000, are conducted or attempted by, at, or through the bank, and that the bank “knows, suspects,   or has reason to suspect” are suspicious.   A transaction is “suspicious” if a bank “knows, suspects, or has reason to suspect” that the transaction: (i) involves funds derived from illegal activities, or is conducted to disguise funds derived from illegal activities; (ii) is designed to evade the reporting or recordkeeping requirements of the BSA or regulations implementing it; or (iii) has no business or apparent lawful purpose or is not the sort in which the customer normally would be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including background and possible purpose of the transaction.  A bank is generally required to file a SAR no later than 30 calendar days after the initial detection by the bank of the facts that may constitute a basis for filing a SAR.

Excerpts from the Consent Order regarding TD Bank’s failure to establish and uphold an Anti-Money Laundering (AML) program

  • TD Bank willfully failed to establish an adequate AML program.
  • The Bank did not invest sufficient time, money, or managerial resources in the creation and maintenance of TD Bank’s AML program, nor did the Bank take sufficient steps to ensure TD Bank’s ongoing compliance with the BSA.
  • TD Bank failed to devote sufficient resources to BSA compliance and refused to invest in improvements to address such gaps when they were deemed too costly, thus allowing illicit activity to flow through the Bank.
  • TD Bank vastly underinvested in its AML compliance efforts, with TD Bank knowingly spending an order of magnitude less than its peers.
  • The Bank’s AML staffing was not proportionate to its size, risk profile, and ongoing compliance concerns: during the periods of TD Bank’s most acute issues (including those related to backlogs from insufficient staffing), AML spending remained flat.
  • When a host of significant AML compliance issues arose during the Relevant Time Period, the Bank consistently chose to address them in the least costly way possible, even if it meant ignoring failures and refusing to meaningfully remediate issues and prevent recurrences.

The Bank’s insufficient focus and inadequate investment in its AML program led to intentional deficiencies in the five pillars of an AML Compliance Program, as highlighted in the excerpts from the Consent Order below:

  • ineffective oversight and management of TD Bank’s compliance obligations by the individual—its BSA Officer—responsible for coordinating and monitoring the Bank’s day-to-day compliance with the BSA, including the BSA Officer’s failure to timely and properly escalate material issues and failures by the Bank’s Board to provide adequate resources for the BSA Officer to discharge their duty of assuring the Bank’s compliance with the BSA;
  • inadequate internal controls, most notably failure to ensure appropriate transaction monitoring;
  • failure to properly train its staff on AML typologies and risks the Bank knew were associated with the products and services the Bank offered;
  • deficient risk based customer due diligence, including missing blatant disparities between customers’ actual activity and what would reasonably be expected based on available information; and
  • insufficient independent testing that failed to reasonably identify material gaps.

TD Bank’s BSA Program did not meet compliance standards for the following reasons:

  • “its BSA Officer and AML management failed to seek, and TD Bank otherwise failed to allocate, sufficient resources across budget, personnel, and technology;”
  • “it had a siloed governance structure that resulted in the designated BSA Officer lacking sufficient control or accountability for the Bank’s AML program;” and
  • “there was a lack of oversight over the Bank’s high-risk operations and gaps described below for which the BSA Officer failed to take accountability, including the BSA Officer’s awareness of material gaps in the Bank’s transaction monitoring system that went unabated for many years.”

TD has made the following commitments

TD Bank has committed to hiring an independent consultant who will perform a historical analysis of the bank’s transaction data, commonly known as a “SAR lookback,” under the supervision of FinCEN’s monitor. This analysis aims to address the SAR filings that were overlooked due to significant control deficiencies within the bank. Additionally, TD Bank has consented to have the monitor conduct a comprehensive, independent review of its AML Program. This marks the first instance where FinCEN is enforcing accountability and data governance assessments. The accountability review will evaluate the actions or inactions of TD Bank staff in relation to specific behaviors outlined in the Consent Order’s Statement of Facts. It will also provide the bank with recommendations, particularly concerning its compliance culture. Meanwhile, the data governance review will focus on ensuring that TD Bank identifies and rectifies the underlying issues contributing to the deficiencies in its AML program.

Know this

FinCEN is strategically utilizing its enforcement powers to enhance its effectiveness by focusing on institutions whose unethical practices result in considerable damage. At the same time, it continues to oversee all financial entities to ensure compliance with BSA/AML regulations. The requirement for admissions of misconduct and the implementation of multi-year monitoring indicate that FinCEN anticipates banks to thoroughly address and rectify BSA/AML shortcomings, rather than merely settling with financial penalties.

Are you receiving Corporate Governance Guidance?

What are your Best Practices to Prevent Financial Crimes?

Who is your Corporate Governance Expert? ©