Opinion: TD Bank anti-money laundering debacle requires action from Ottawa on compliance risks

Last Thursday, it took the U.S. Department of Justice 40 minutes to destroy Canada’s reputation as a global leader in banking regulation.

The DOJ’s astonishing case against Toronto-Dominion Bank TD-T and the bank’s admission of guilt show how Canada’s Treasury Department and two of the banking regulators it oversees – the Office of the Superintendent of Financial Institutions (OSFI) and the Financial Transactions and Reports Analysis Center of Canada (FinTRAC) – have been largely ineffective in overseeing non-financial regulatory risks, such as anti-money laundering, over the past decade.

TD Bank had “staggering and pervasive oversight failures,” the DOJ said, and “it willfully failed to monitor trillions of dollars in transactions” at its U.S. retail bank. Assistant U.S. Attorney General Lisa Monaco stated that “every bank compliance official… should review today’s charges.” [against TD Bank] as a case study in what not to do.” The same goes for Finance, OSFI and FinTRAC.

Canadian banks employ global regulatory frameworks to manage compliance requirements such as anti-money laundering (AML), as well as governance and controls that actively ensure that bank policies and procedures are followed by employees and are effective. Canadian requirements are at the heart of these frameworks, and variations or separate requirements for other jurisdictions in which a bank operates (e.g. the United States, the European Union or the United Kingdom) are included therein.

This provides bank executives in Canada (directors, chief compliance officers, internal auditors, legal teams, board members, etc.) with a national and global view of a bank’s non-financial regulatory compliance requirements. Based on this view, every bank, domestic and international, builds the necessary governance and control mechanisms to ensure that these requirements are met, audited, updated, monitored and used to produce effective internal and external reports. In short, if regulatory compliance efforts fail in other jurisdictions, they will almost certainly fail in Canada as well.

OSFI monitors these frameworks and sets its expectations in its Regulatory Compliance Management Guideline and Corporate Governance Guidelines. FinTRAC, in turn, is responsible for “monitoring and evaluating the quality, timeliness and scope of financial transaction reporting.”

What the U.S. Department of Justice found, and TD Bank admitted, was that “its compliance program was deprived of the resources necessary to comply with the law.” The result of this, the DOJ said, was that “from 2014 to 2022, TD Bank’s transaction monitoring program remained virtually static and failed to adapt to address known, glaring deficiencies; emerging money laundering risks; or TD’s new products or services.” Worse, “TD Bank’s federal regulators and TD Bank’s internal audit group have repeatedly identified concerns with its transaction monitoring program.” These concerns were ignored.

In the case of the DOJ, there is much more. But the point is that these TD guilty pleas raise the question: How did OSFI and FinTRAC miss the fact that TD underfunded its compliance program, that it did not keep its anti-money laundering monitoring systems up to date, and that there was a culture of risk that in which the findings of supervisory authorities and internal audits were not taken into account? ignored by senior executives, including in Canada?

The DOJ case offers a clue: “TD Bank maintained elements of an AML program that appeared appropriate on paper.”

This can also be attributed to regulatory confusion – in 2021, oversight of AML programs at Canada’s banks was split between OSFI and FinTRAC. That was a mistake.

OSFI recognizes the reputational damage that the DOJ case against TD has caused to Canadian banking regulators. Peter Routledge, OSFI Superintendent, took the unprecedented step of issuing a mitigation statement acknowledging the seriousness of the situation, adding: “Section 22 of the OSFI Act and Section 636 of the Banking Act prohibit me or any OSFI official from disclosing of information.” relating to the business affairs of a government-regulated financial institution.”

He then referred to FinTRAC and said: “We reiterate our support for the work of FINTRAC, Canada’s financial regulator for anti-money laundering activities.”

The TD Bank debacle in the US requires action from Treasury Secretary Chrystia Freeland.

Step 1 is to clarify the banking regulatory process by restoring OSFI’s sole responsibility for overseeing each Canadian bank’s overall AML compliance and reporting programs. Next, Ottawa must lift non-financial risk compliance confidentiality restrictions that are hampering OSFI and depriving Canadians of important information about their banks.

Finally, it is time for the Liberal government to make good on its promise to create a Canadian Financial Crimes Agency to investigate and prosecute financial crimes. To support such an authority, FinTRAC would abandon its oversight of banks and focus on gathering information to advance law enforcement.

The DOJ case was more than an indictment of TD Bank. It cast a dark cloud over the Canadian banking inspectorate that Ottawa cannot ignore.

John Turley-Ewart is a regulatory compliance consultant and Canadian banking historian.