TD Bank fined $3 billion for anti-money laundering lapses

Author: Aiying

Within the high walls of the financial system, there is a secret waterway that is surging, and TD Bank is one of the key valves in this flow. This bank, which claims to be the 10th largest in the US, was recently fined a total of $3 billion (settlement) by the Financial Crimes Enforcement Network (FinCEN) of the US Treasury Department for its serious deficiencies in anti-money laundering compliance, becoming the first bank in history to be convicted of money laundering conspiracy. This has uncovered the long-hidden loopholes in its anti-money laundering system. From the settlement between the US Treasury Department's Financial Crimes Enforcement Network (FinCEN) and TD Bank, Aiying sees the following:

I. The Historical Legacy Issues of TD Bank

TD Bank is not the first time it has been thrust into the public spotlight for failing to fulfill its anti-money laundering obligations. As early as 2013, the bank was penalized for failing to report suspicious activities related to the Scott Rothstein Ponzi scheme. However, the latest investigation shows that similar negligence not only has not been thoroughly rectified, but has continued to this day, involving larger-scale fund flows and more complex system vulnerabilities.

From 2012 to 2024, TD Bank failed to establish and maintain an anti-money laundering program that complied with the Bank Secrecy Act, allowing a large amount of suspicious funds to flow into the US financial system. It is worth noting that not only traditional banks face such compliance challenges, but also leading companies in the cryptocurrency industry, such as Binance, have been heavily fined for violating similar anti-money laundering regulations. Binance was heavily penalized for failing to effectively implement customer due diligence and report suspicious transactions. These incidents reflect that both traditional financial institutions and cryptocurrency platforms have deficiencies in anti-money laundering and compliance, posing great risks to the transparency and security of the financial system. These funds not only have questionable origins, but are also closely linked to high-risk activities such as terrorist financing and Ponzi schemes. In the eyes of regulators, the failure of TD Bank's anti-money laundering officers to effectively perform their duties is one of the core reasons for these problems.

II. The "Paper-Thin Defense" of Anti-Money Laundering Compliance

According to the agreement, TD Bank's anti-money laundering system was likened to a "paper-thin defense", the most fatal flaw of which was the bank's failure to monitor a large number of domestic ACH transactions, checks, and other types of fund flows. This lack of monitoring means that TD Bank allowed trillions of dollars to flow through its account system without any scrutiny, some of which were suspicious funds used for illegal purposes.

In the most basic element of anti-money laundering - transaction monitoring, TD Bank introduced a generic transaction monitoring system as early as 2008. However, this system did not adapt to the bank's specific products and business adjustments, but simply applied the existing rules. This "one-size-fits-all" monitoring approach allowed a large amount of funds to escape proper monitoring, especially for fund types such as ACH transactions and check transactions, which are the preferred means of money laundering.

III. The Interaction of Large Encrypted Funds and High-Risk Areas

In the case related to Customer Group C, TD Bank seriously failed to conduct sufficient due diligence on the customers. Although the Customer Group C promised the bank that their wire transfer activities would be kept to a minimum, with each transaction not exceeding $25,000 and annual sales not exceeding $1 million when they opened the account, the reality was far from that. This customer group conducted over $1 billion in transactions at TD Bank, more than 90% of which came from a cryptocurrency exchange based in the UK. Furthermore, more than 60% of the funds were transferred via wire to a financial institution in Colombia that also provides virtual asset-related services.

The activity pattern of Customer Group C shows that over a 9-month period (July 2023 to April 2024), the average monthly wire transfer amount exceeded $100 million. Most of these transactions were used to support third-party cryptocurrency trading and involved high-risk industries and jurisdictions, including several countries in Colombia, China, and the Middle East. However, these activities were vastly different from the documents provided by Customer Group C at the time of initial onboarding, which did not mention Colombia or China as expected destinations for cross-border transactions.

During this period, Customer Group C received over $650 million in funds from an international cryptocurrency trading platform, the purpose, actual originators, and sources of which were completely unclear to TD Bank. Despite such a large-scale, opaque influx of funds, TD Bank continued to process transactions for Customer Group C, including transferring over $420 million to a financial institution in Colombia that provides cryptocurrency services.

When faced with these clearly high-risk customers and abnormal fund flows, TD Bank lacked sufficient control measures to address the additional risks posed by cryptocurrency transactions. Although the bank's senior management had relevant policies stating the need for additional control measures for virtual asset transactions, no enhanced monitoring measures were found to be implemented for Customer Group C. This lack of due diligence and failure to implement effective additional monitoring directly led to the cross-border flow of large amounts of suspicious funds, further amplifying the potential for money laundering and other illegal activities.

Furthermore, although the high-risk transaction activities of Customer Group C triggered multiple "red flag" warnings, including involvement of high-risk jurisdictions and rapid fund transfers within a short period of time, TD Bank did not proactively report these suspicious activities until the law enforcement authorities made multiple inquiries about Customer Group C. Moreover, four months after the customer group entered the bank, the regulatory authorities ordered the associated company to cease operations and liquidate its assets, information that TD Bank only identified after law enforcement intervention. This lack of due diligence reflects TD Bank's inadequate preparedness in addressing the risks posed by emerging financial technologies and products, particularly in its ability to respond to high-risk transactions and new financial technologies.

IV. Management's Neglect and Sluggish Response

Even more shocking is that the bank's management was aware of these system vulnerabilities early on, but chose to address them in the most cost-saving manner. The bank's senior management made budget tightening and so-called "operating leverage" their top priorities, preferring to save costs rather than increase investment in anti-money laundering compliance. This choice directly led to a long-term shortage of human resources. The article reveals that from 2017 to 2019, TD Bank's asset compound annual growth rate far exceeded the growth of its anti-money laundering budget, and this budget constraint directly resulted in the AML team's inability to keep up with the growing compliance demands.

The management's choice not only led to the long-term existence of system vulnerabilities, but also subjected the compliance team to enormous workload pressure and time constraints when dealing with the issues. The FinCEN report shows that the bank repeatedly delayed at critical time points, and even failed to take timely action when explicitly informed of significant deficiencies in transaction monitoring. It was not until 2019 that the bank began to upgrade its outdated transaction monitoring system, but this upgrade process was repeatedly delayed due to lack of funding and resources.

Other Violations:

• Vulnerabilities in the Transaction Monitoring System: TD Bank's transaction monitoring system failed to monitor several important transaction types, including domestic ACH transactions and P2P transactions (such as Zelle). Although the bank's senior management was aware of these vulnerabilities, they did not take effective measures to address the problem. This resulted in trillions of dollars in fund flows going unmonitored, and transactions involving high-risk jurisdictions being overlooked.

This series of system and management failures directly led to the improper flow and risk spillover of funds. FinCEN noted that thousands of account holders used TD Bank to move massive amounts of funds to high-risk regions, particularly the extensive ATM cash withdrawals in Colombia and Mexico. A prime example is that during the entire investigation period, the ATM cash withdrawals in Colombia even exceeded those in Mexico, which has an economy four times larger.

More seriously, TD Bank failed to effectively monitor customer transactions through peer-to-peer payment channels like Zelle, allowing hundreds of millions in suspicious funds to be transferred through these platforms. Some of these funds were linked to human trafficking and other illicit activities, and the bank only discovered and belatedly reported these suspicious activities after law enforcement intervention. Aiying believes this incident may lead traditional financial institutions to impose stricter regulations on the crypto industry, especially at the traditional banking level, which seems difficult to avoid. However, as legal infrastructure and regulatory policies are developed in various countries, traditional financial institutions should also quickly adjust and adapt to the innovative demands brought by the evolving Web3 development.