I’m sorry to admit it’s been a while since we’ve been with you, but sometimes life happens. In any case, this morning as we were preparing our latest edition some breaking news hit - the CFPB released its final Rule 1033, as expected and anticipated by many including yours truly.
We will have much more to say about this in the days (and weeks) to come, but for now please enjoy our past deep dives into the initial proposal:
The real meat of what we want to focus on today is TD Bank. To give some background and focus on the main headline, on October 10, TD reached agreements with the Federal Reserve, the OCC, FinCEN, the US Attorney’s Office in New Jersey/the DOJ, all focused on its lack of anti-money laundering controls. The fines and penalties break down as follows:
- The Federal Reserve fined TD $123.5 million with much of the focus being on the fact that the US compliance-based/AML operations would need to shift to the US. TD is a Canadian company after all.
- The OCC fined them $450 million and specifically highlighted gaps in the company’s transaction monitoring.
- FinCEN fined them $1.3 billion, which is the largest fine they have ever levied against a depository institution in US history. This is where we start to get a picture that this is not just your standard consent order. The hints of criminal activity start to become apparent with references to human trafficking, taking bribes to launder, and much worse.
- TD pled guilty to criminal charges of conspiracy levied by the DOJ and the US Attorney’s Office in New Jersey, paying penalties of $1.8 billion.
All in all, the damage to TD comes out to $3.673 billion. For context, their Q3 adjusted net income was $3.646 billion, which means they have essentially wiped out a quarter’s worth of profit. If there was ever an example of proving just how essential compliance is to a company’s bottom line, this is it. I also imagine the regulators/authorities deliberately structured the fines to send home that sort of a message.
None of this is a shock, as this has been bubbling for over a year. Some of the timeline:
- August 2023 - TD announces in its Q3 earnings call that it expects fines and non-monetary penalties from a US DOJ investigation into its AML program. It is revealed this comes on the heels of the company calling off its planned acquisition of First Horizon Bank, which would have helped it increase its investment into the US. As is the case with bank mergers, regulators have a say particularly for larger linkups, and it’s obvious that the merger attempt kickstarted all this investigation.
- January 2024 - FINTRAC, one of the Canadian regulators, announces a record breaking penalty against TD for AML gaps. The news leaks in January 2024, and the penalty is formally assessed in May.
- April 2024 - Amidst the ongoing DOJ/US probe and FINTRAC preparing its penalty, during the company’s annual shareholder meeting TD’s CEO Bharat Masrani admits the AML program is not “up to the mark” and that the US probe is still ongoing.
- August 2024 - In its Q3 earnings call, TD announces that they will be setting aside $2.6 billion for the fines they expect are coming.
- October 10, 2024 - The penalties are formally issued.
Today we’ll hone in on the FRB’s order, as it is the shortest and probably the closest thing to a “traditional” consent order as you could fine. The juicy stuff requires a much deeper dive, and we’ll talk more about that in the editions to come.
- The International Banking Act is cited at the outset, establishing the Fed’s authority to go after TD. This doesn’t come up much, but the law was passed in 1978 and gives the US the authority to regulate local branches of foreign banks. For a good primer on the Act, check out this old-school summary from the Richmond Fed.
- It cites BSA/AML requirements, but also cites work done by the Philadelphia Fed as first bringing some of these to light.
- It opens the door to the Canadian regulator (Office of the Superintendent of Financial Institutions) to take further action, although to be frank from my view this makes the OSFI look like they were caught with their pants down as TD is at the end of a day a Canadian institution. Here is a good piece that elaborates on the structural issues that need to be changed to give the OSFI more teeth to catch these kinds of things in the future.
- The first two detailed sections of the order are fairly standard run-by-the-numbers fare you would expect to see in many consent orders, namely expectations of the board taking ownership of the situation, and a focus on corporate governance and management (including staffing).
- The next two sections double down on this US first approach, with the first requiring a US-based remediation office, and the second requiring relocation of the section of the firm’s global compliance function responsible for AML coverage to the US. This is pretty unprecedented, and should be interesting to see if it sets a trend for US regulation going forward (and theoretically how other governments respond). The US is really pushing the International Banking Act to its limits here.
- An outside party will have to come in and do a 90-day engagement on the entire BSA/AML program, and TD will then have 60 days to come up with action plans to address the external findings.
- TD will need to attest that it has allocated the appropriate resources to address the Order. Odds are, a lot of new job opportunities will be opening up!
- The last part is one that is not typical to most consent orders and reflects the criminal nature of the matter - TD is asked to not only ensure anyone involved with the misconduct is terminated/never hired again, but also essentially make other employees available for conversations with the regulators up to and including sworn testimonies and subpoenas. I can’t imagine it’s going to be a fun time over there.
This is quite a mess, and we’re just getting started. Stick around and join us for Part 2 of the TD AML Enforcement Action deep dives, coming next time.
If you’re impatient, check out Financial Crime News’ deep dive where they tackle it all in 18 pages.
(Note - all views are those of Fintech Compliance Chronicles/my personal views and not affiliated with any other organization)
