TD Bank's $3 billion lesson: what a "convenience culture" costs

Issue #1 | April 28, 2026 | 7 min read

In October 2024, TD Bank became the first US bank in history to plead guilty to conspiracy to commit money laundering. The $3.09 billion penalty that followed wasn't a surprise to anyone paying attention to the consent orders, it was the inevitable conclusion of a compliance program that optimized for customer experience at the explicit expense of AML controls.

This issue breaks down how three separate criminal networks moved hundreds of millions through TD's accounts, what the regulators found, and what the "convenience over compliance" finding means for practitioners running programs today.

ENFORCEMENT ACTION

The largest BSA penalty in US history exposes what happens when a compliance program is treated as a cost center.

TD Bank, N.A. and its parent TD Bank US Holding Company pleaded guilty in October 2024 to Bank Secrecy Act violations and conspiracy to commit money laundering, agreeing to pay $3.09 billion in combined penalties to the Department of Justice, FinCEN, the OCC, and the Federal Reserve. It is the largest BSA/AML penalty ever imposed on a US bank and the first time a US bank has pleaded guilty to a money laundering conspiracy charge.

The enforcement action was not the result of sophisticated tradecraft on the part of the criminal networks involved. It was the result of a compliance program that the DOJ characterized as prioritizing "convenience over compliance", a phrase that appears repeatedly across the consent orders and will almost certainly surface in examination findings at other institutions for years to come.

Three distinct money laundering networks operated through TD accounts simultaneously, each exploiting the same structural failures.

The Da Hua Xu Network moved $653 million through TD accounts over several years using shell companies and structured cash deposits. Associates opened accounts using fraudulent documentation, and five TD branch employees were bribed with gift cards and cash totaling approximately $57,000 to facilitate account openings and suppress escalations.

A Colombian drug trafficking network moved approximately $100 million through TD accounts, purchasing monetary instruments and executing international wires in patterns that should have generated Suspicious Activity Reports. They didn't.

A third network focused on fentanyl and other narcotics proceeds, using TD's retail branch network to layer funds through cash-intensive businesses.

What linked all three: TD's transaction monitoring system had not been meaningfully updated since 2014. Hundreds of thousands of transactions fell outside monitoring parameters entirely, not because the activity was sophisticated, but because the rules weren't built to catch it. When analysts did flag suspicious activity, the bank's internal incentive structure, which rewarded customer retention over escalation, suppressed SAR filings.

Red Flags in This Case

The practitioner implication here isn't primarily about transaction monitoring gaps, every compliance officer knows TM systems require ongoing tuning. The signal in this case is the "convenience over compliance" finding and what it represents legally.

When a DOJ consent order specifically documents that a bank's culture deprioritized compliance for business reasons, that language doesn't stay in the consent order. It becomes a template for how prosecutors characterize the next institution. If your program's SAR filing volumes don't correlate with your institution's risk profile, if escalation rates are anomalously low, if frontline staff understand that customer retention matters more than escalation, document that risk and remediate it. The TD consent order just made that argument significantly easier for examiners and prosecutors to make.

The Federal Reserve also imposed an asset cap on TD Bank, only the second time that penalty has been applied to a major US bank. It is not a fine. It is an operational constraint that limits the bank's growth until the Fed is satisfied with remediation progress. That is the consequence that gets a board's attention when a fine alone doesn't.

Source: DOJ Press Release, October 10, 2024 | FinCEN Consent Order, October 10, 2024 | OCC Formal Agreement, October 10, 2024

INTELLIGENCE BRIEFING

FinCEN Beneficial Ownership Reporting (Enforcement Posture Shifting) — FinCEN's beneficial ownership information (BOI) reporting rule under the Corporate Transparency Act has faced significant legal challenges in US federal courts, with multiple injunctions pausing enforcement. FinCEN has indicated it will prioritize willful non-filers once legal clarity is established. Compliance teams advising commercial clients should monitor the litigation docket, the underlying reporting obligation has not been eliminated, only its enforcement timing is in flux. Source: FinCEN.gov, BOI Reporting Rule updates.

FATF Grey List (Review Your Country Risk Ratings) — FATF's plenary reviews result in jurisdictions being added to and removed from its increased monitoring list on a rolling basis. Institutions with correspondent banking relationships or high-volume transaction flows through affected jurisdictions are required to apply enhanced due diligence under most AML programs. Confirm your country risk ratings and EDD procedures reflect the current FATF public statement, this is a routine examination finding when they don't. Source: FATF.org, Public Statements.

OCC Semiannual Risk Perspective (TM Model Validation in Focus) — The OCC's Semiannual Risk Perspective identified AML/BSA compliance as a continuing supervisory priority, with specific attention to transaction monitoring model validation and SAR quality. Examiners flagged inadequate lookback review procedures at multiple mid-size institutions. If your TM model hasn't been independently validated in the past 12–18 months, that finding may be coming. Source: OCC Semiannual Risk Perspective, Fall 2024.

FROM THE SOURCE

— U.S. Attorney General Merrick Garland, DOJ Press Conference, October 10, 2024

The phrase "prioritization of growth and profit over compliance" is now on record at the highest level of the Department of Justice. That framing, that AML failure is not a technical deficiency but a business decision, is a signal about how the Department intends to characterize future enforcement actions. Prosecutors do not use this language accidentally. For compliance officers making the internal case for program investment, this quote is a direct argument: the DOJ has established that underinvestment in compliance is a choice, and choices carry criminal liability. That argument is now available to every examiner who walks through your door.

If someone forwarded this to you, welcome.

The AML Brief goes out every Tuesday. Subscribe for free:
[Subscribe → theamlbrief.beehiiv.com]

Already subscribed? Forward this to one colleague who works in financial crimes. That's how we grow.

The AML Brief | theamlbrief.com/posts

Disclaimer: The AML Brief is an independent financial crimes intelligence publication. All content is sourced from publicly available regulatory documents, enforcement actions, and published research. Nothing published here constitutes legal, compliance, or regulatory advice. The AML Brief is not affiliated with any financial institution, regulator, law firm, or employer. For advice specific to your situation, consult a qualified attorney or compliance professional.