RegTech Intelligence 
On 24 September, TD Bank was fined nearly $90 million from US federal authorities for failing to accurately detect and report suspicious banking activity arising from one of its clients, Scott Rothstein, who was charged with racketeering and having operated a large Ponzi scheme to the tune of $900 million. Suspicious activity was detected by the firm’s anti-money laundering (AML) software on several occasions, but the firm failed to take appropriate action with authorities for reporting. This case has illustrated the need for firms in the industry to pay close attention to their activity, as agencies like the Financial Crimes Enforcement Network (FinCEN), the Office of the Comptroller of the Currency (OCC), and the Securities and Exchange Commission (SEC) up their scrutiny on institutions of all shapes and sizes.
- At what point of ‘de-risking’ among big banks will the flow of financial crime start to hit other financial services firms?
- If smaller firms have difficulty complying with established regulation, how can they best prepare for the larger, complicated links set to emerge in the next three years?
- The TD Bank case exposed a larger aspect of control risk within the bank. How can other firms optimise their operations and risk management policies based on this case?
The AML software alerts were first triggered in Mr. Rothstein’s Interest On Trust Accounts (IOTAs), where a report indicated that the alerts had been triggered for 17 months between April 2008 and September 2009. Furthermore, Rothstein was able to produce unenforceable “lock letters” from TD Bank officials, which were then manipulated and fraudulently issued to Rothstein’s investors. Ultimately, a former regional senior management official at the bank was charged with a civil suit by the SEC for failing to comply with the AML provisions, and the firm was found to have violated the Bank Secrecy Act. While the Act has been in effect since 1970, the fact that FinCEN, the OCC, and the SEC all pursued charges against a non-tier 1 bank should raise some serious questions about regulators’ agendas moving forward and the implications of greater AML scrutiny for firms traditionally not caught in the scope of oversight. Additionally, as bigger banks pursue policies of ‘de-risking’ and more rigorously enforce their client acceptance models, criminal activity could make its way to smaller banks with less AML resources or wherewithal to combat it.
The TD Bank case also highlights major issues in operational risk for the firm and potentially its peers. Non-compliance with an established regulation is a foreboding prospect, especially given the non-traditional nature of the prosecution at a smaller bank. The failure for TD Bank to issue a timely SAR has illustrated larger issues with the firm, especially concerning their risk modelling. If management was not capable of training staff to recognise nor submit fraudulent activity, what does that say about their systems and controls mechanisms or how they will handle more complicated regulations, such as Dodd-Frank, FATCA, CRD IV, MiFID, AIFMD, or EMIR, which have yet to come to full enforcement? The need to handle regulatory compliance for long-standing legislation should shed light on the implications for a firm’s regulatory adaptation as the landscape continues to evolve.
TD Bank’s large fines should serve as an alert of its own to both firms and regulators about the importance of adequate risk management, management information, and corresponding operational oversight. It is necessary for firms to adequately train their employees to detect and understand fraudulent activity, and to file the SAR within the appropriate time, but also to seriously focus on the broader implications of operational risk failure. Regulators need to emphasise the necessity of proper reporting to the firms they supervise in order to stem illicit activity, but also to understand the risks involved when big banks take more proactive measures to deter criminal financial activity. JWG will continue to follow this issue as it evolves, but firms can prepare best by ensuring an adequate understanding of the regulatory issues driving financial crime reform and revisiting their policies to make sure they act accordingly if it happens to them.