TD Bank: The Strategic Errors

Today we begin a series on the compliance failures at TD Bank, which pleaded guilty last week to charges that its anti-money laundering compliance program totally sucked. The failures here are so astonishing and the lessons so important, a single post can’t do the story justice. 

Let’s start with a recap of the misconduct itself, as outlined by the Justice Department last week. Essentially, TD Bank intentionally underfunded its AML compliance program for years, even as the bank’s business boomed and customer transactions exploded. Three separate criminal gangs took advantage of those weaknesses to launder $670 million through the bank from 2019 into 2023. One of the gangs even conspired with bank employees to launder $39 million for drug cartels in Colombia.

The Justice Department wasn’t the only regulator that documented appalling misconduct. FinCEN (a wing of the Treasury Department that fights money laundering) found a supposed HVAC company that funneled $3.5 million through TD Bank from July 2023 until April 2024. The money went to interstate freight services, hotels, and flights to countries including Turkey, Thailand, and Colombia. The HVAC company was, of course, a cut-out for a human trafficking operation — and it was still running transactions through TD Bank this year.

Clearly the misconduct at TD Bank will be legendary in compliance circles, right up there with Enron, WorldCom, Wells Fargo, and Theranos. But if we want to identify the singular lesson here, we can capture it in one pithy statement from Nicole Argentieri, head of the Criminal Division at the Justice Department.

“For nearly a decade,” Argentieri said in a press conference last week, “TD Bank failed to update its anti-money laundering compliance program to address known risks.” 

That’s the whole ballgame, folks. TD Bank kept expanding its business, so its compliance risks evolved; but management didn’t give the compliance program sufficient resources to keep pace with those changing risks — and look where it got ’em. That’s the lesson compliance officers should stress with CEOs, CFOs, board directors, and everyone else in senior management. 

When Strategy and Compliance Risk Collide

At this point we should even back up a step, to ask why TD Bank would ever make such colossally short-sighted decisions about its compliance program in the first place. Well, when you read the indictment against TD Bank, the answer is immediately clear. 

TD Bank didn’t increase the resources to its AML compliance program because that was part of its strategy.

Literally, senior management adopted a strategy that called for keeping budgets flat even as the business grew. Management called it the “flat cost paradigm” or the “zero expense growth paradigm,” although we all know that horse-poo phrase really means: no money.

For example, the global AML team’s expenditures on the U.S. anti-money laundering program were less in fiscal 2021 than they were in fiscal 2018 — even though in that same period U.S. assets went from $417 billion to $559.5 billion (up 34 percent) and U.S. net income went from $4.19 billion to $4.98 billion (up 19 percent). 

That cheapskate approach to compliance investments went back at least as far as 2011. Throughout the 2010s, regulators and internal auditors alike were flagging severe problems with TD Bank’s transaction monitoring system. 

For example, an internal audit in 2018 determined that the bank’s transaction monitoring scenarios for high-risk jurisdictions were based on an outdated list of high-risk jurisdictions. Translation: the bank’s scenarios to raise alarms about suspicious activity weren’t reflecting jurisdictions currently deemed to be high-risk; so the scenarios — and by extension, the transaction monitoring program as a whole — wasn’t properly designed. 

Those audit findings went to TD’s board. What happened then? Nothing, which is exactly what you’d expect when a bank’s strategy is based on that “flat cost paradigm” baloney. TD’s internal audit team found more deficiencies in 2020; external consultants found the same in 2021.  

Developing a Culture of Non-Compliance

As I sat there thinking about TD’s stupid strategy, I couldn’t help but think of Wells Fargo, which went through its own $3 billion criminal resolution in 2020 for its fake accounts scandal. 

Why? Because Wells Fargo also embarked on a strategy that contained the seeds of its own demise. Management developed a strategy known as the cross-sell metric, and then set impossible performance goals for bank employees. To meet their goals as defined by that strategy, they resorted to cheating. 

TD Bank adopted a different strategy, but its senior leaders still made the same fundamental mistake: they failed to anticipate how their strategy might drive corporate misconduct. 

That is, by keeping compliance budgets flat even as business expanded, the strategy drove bank executives (including the chief AML compliance officer, who is no saint in this story) to ignore compliance risks. That was the only way they could meet the performance goals of the flat-cost strategy. So that’s what they did, and years of rampant money-laundering was the result.

Indeed, consider this telling paragraph from the indictment:

The defendants did not substantively update the bank’s automated transaction monitoring system from at least 2014 through 2022 — including to address known gaps and vulnerabilities in the [bank’s] transaction monitoring program — despite increases in the volume and risk of its business and significant changes in the nature and risk of transactional activity.

Folks, this is exactly what the Justice Department means when it talks about the importance of a culture of compliance. When management doesn’t support a strong compliance function, that lack of support manifests as problems such as inadequate technology budgets and unaddressed audit findings. Those weaknesses, in turn, lead to criminal misconduct. TD Bank’s flat-cost strategy sowed the seeds of its own demise every bit as much as Wells Fargo’s cross-sell metric did. 

Indeed, let’s also remember that the Justice Department updated its guidelines for effective compliance programs just weeks ago, and the department added a new section specifically on IT resources for the compliance function:

How do the assets, resources, and technology available to compliance and risk management compare to those available elsewhere in the company? Is there an imbalance between the technology and resources used by the company to identify and capture market opportunities and the technology and resources used to detect and mitigate risks?

I mean, holy [expletive]. This new material is so on-point to TD Bank that I wonder whether the department added the language because of TD and its nonsense; TD’s misconduct is that demonstrative of what can go wrong when a company doesn’t support its compliance function.

Suffice to say, TD Bank chose this path of a cheapskate compliance program, consequences be damned. Those consequences were known and documented — and then ignored, for years, all to achieve a clearly stated strategy.

That’s how you get a defective corporate culture, and that’s the thing we need to stamp out.