Canada banking regulator orders Toronto Dominion Bank to overhaul risk controls

Canada’s banking regulator has ordered Toronto-Dominion Bank TD-T -1.77% decrease to repair the nerve centre for its risk controls as the lender works to resolve money-laundering investigations that have raised the ire of American officials and thwarted TD’s plans for expansion in the United States.

 

The Office of the Superintendent of Financial Institutions, or OSFI, identified deficiencies with TD’s regulatory compliance management program during a recent assessment, according to two people familiar with the matter.

 

The RCM framework is a set of controls that banks must have in place to avoid running afoul of the various laws and regulations governing their operations in Canada, the U.S. and other countries. It is considered by OSFI to be a crucial element of a financial institution’s overall risk-management program and includes technology, processes and other oversight functions.

 

Anti-money-laundering is just one of the regulatory compliance risks that banks are required to manage through an effective RCM program. Some of the weaknesses detected in OSFI’s evaluation of TD involve the bank’s anti-money-laundering controls, the two sources added.

 

Findings from a separate compliance examination conducted by the Financial Transactions and Reports Analysis Centre of Canada (FinTRAC), the federal financial-crime watchdog, informed part of OSFI’s work, according to a third source.

The Globe and Mail is not identifying the sources because they were not authorized to speak to the media about confidential regulatory matters.

 

RCM functions as a safety net that helps TD mitigate regulatory compliance risks on an enterprise-wide basis.

“We continuously invest in our RCM program to address changing market dynamics, regulatory feedback and any potential findings. As the operating environment’s complexity intensifies, banks must always be focused on enhancing their programs. That work is ongoing at TD,” bank spokeswoman Lisa Hodgins said in an e-mailed statement.

 

“In the U.S., as we’ve previously communicated, we are executing a comprehensive effort to strengthen our AML program given the serious incidents in some locations. These investments will help to thwart illegal activity from bad actors, and will also benefit our global capabilities.”

 

TD, which reports its fiscal second-quarter earnings on Thursday, is under increasing pressure to disclose details about the U.S. probe into its anti-money-laundering weaknesses.

 

“Our U.S. AML program shortcomings are not as a result of our RCM program. It is important not to confuse normal course interactions with Canadian regulators with our ongoing discussion with U.S. regulators and authorities,” Ms. Hodgins added.

 

OSFI’s review of TD’s RCM program adds to the regulatory scrutiny of Canada’s second-largest bank on both sides of the border. TD is taking an initial provision of US$450-million to cover financial penalties that it faces because of probes by three regulators and law enforcement in the U.S. Those investigations are tied to a US$653-million money-laundering and drug-trafficking case, The Globe confirmed this month.

 

The final tally of the bank’s U.S. penalties is still not known, but some analysts estimate it could be as high as US$2-billion. TD also faces other potential consequences from U.S. regulators that could constrain its expansion south of the border, its main growth market. The U.S. probes have already led to last year’s collapse of TD’s proposed US$13.4-billion acquisition of Tennessee-based First Horizon Corp.

 

In Canada, meanwhile, FinTRAC imposed its largest-ever monetary penalty on TD in April after a 2023 compliance examination uncovered five violations of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and its associated regulations. But FinTRAC’s administrative money penalty – totalling more than $9.18-million – amounts to only about 1.5 per cent of the amount set aside by TD for its coming U.S. fines.

 

FinTRAC said it has the authority to exchange information with OSFI, including compliance examination findings involving Canada’s financial institutions. The financial-crime watchdog also shares information, including examination results and corrective actions, with the Financial Crimes Enforcement Network in the U.S.

 

FinTRAC is responsible for ensuring the compliance of several of Canada’s business sectors, including financial institutions, a spokeswoman wrote in an e-mailed statement. And those institutions are required to have controls in place to guard against various types of financial crime.

 

Finance Minister Chrystia Freeland has instructed financial regulators to resolve any outstanding problems at TD because U.S. officials have raised concerns about the bank’s ability to identify financial crime, according to a source.

 

U.S. regulators have also questioned why their Canadian counterparts previously failed to spot and remedy problems with TD’s anti-money-laundering risk controls, another one of the sources said.

 

OSFI and FinTRAC both report to Ms. Freeland, who is monitoring TD’s regulatory problems in Canada and the U.S., one of the sources said.

 

Department of Finance spokesperson Caroline Thériault did not provide answers to questions regarding OSFI’s assessment of TD. But she stressed that FinTRAC’s review was solely focused on Canada.

 

“The government continues to work closely with its American counterparts,” Ms. Thériault said in an e-mail statement.

 

TD, meanwhile, is working to address OSFI’s concerns. The bank is remediating its RCM program. Along with leaders across the bank’s businesses, that work has been overseen by Monica Kowal, TD’s senior vice-president and chief compliance officer; Denise Morris, vice-president of compliance; and Emily Jelich, vice-president of compliance, one of the sources said. (Ms. Jelich is retiring from the bank at the end of June, according to a different source.)

 

In January, TD hired Erin Morrow, who previously worked in compliance at New York-based Citibank, as its deputy chief compliance officer, that person added.

 

TD is investing in its risk and control infrastructure, outlays that are creating a drag on its earnings. Last year, the bank said it expected to post an adjusted net loss of $200-million to $250-million per quarter this year in its internal corporate segment as a result of that spending.

 

Unlike with FinTRAC, OSFI’s findings from its assessment of TD will not be disclosed to the public because of secrecy provisions in Canadian law.

 

An OSFI spokesperson said that the regulator cannot comment on confidential matters with the bank, but it expects board members to be engaged in mitigating non-financial risks.

 

“We expect boards to comprehensively examine their oversight of non-financial risks and synthesize them into an enterprise-wide approach to protecting their institutions from threats to their integrity and security,” Superintendent Peter Routledge said in an e-mail statement.

 

OSFI is, however, expected to share supervisory information about TD with the Office of the Comptroller of the Currency, which regulates national banks in the U.S., because of an existing information-sharing agreement. The two banking regulators have shared supervisory information about TD in the past, including the bank’s performance in the OCC’s 2017 sales practices review, according to a fourth source.

 

“The OCC does not comment on specific banks or supervisory activities,” a spokesperson wrote in an e-mailed statement.

 

OSFI last updated its RCM requirements for banks a decade ago. That guidance requires banks to review and update their RCM frameworks at least once a year to keep abreast of evolving regulatory compliance risks.

 

The pro-active testing of controls is the cornerstone of an effective RCM program. That risk-based testing creates feedback loops for a bank’s individual business units, which are then expected to use the information to fix any weaknesses.

 

In TD’s case, failures of its risk-based testing may have led to faulty controls, one of the sources said.

 

TD’s problems with its RCM framework date back years. In 2015, its RCM program was supported by Thomson Reuters Corp. The bank, however, experienced a software problem that necessitated a rebuild of its RCM program, one of the sources said.

 

(Woodbridge Co. Ltd., the Thomson family holding company and controlling shareholder of Thomson Reuters, also owns The Globe.)

 

Thomson Reuters declined to comment.

 

Then, in 2016, TD replaced the Thomson Reuters platform with one from Archer Technologies LLC, an enterprise risk-management company based in Overland, Kan.

 

TD, though, experienced problems during the implementation process, said the source, who stressed there was nothing wrong with the Archer platform. Banks sometimes experience technology glitches when trying to pair new technologies with their legacy systems.

 

TD’s remediation process is also trying to resolve the remainder of these RCM problems, another source said.

 

Archer did not provide comment.

 

The bank has also been consolidating data that were fragmented across its various businesses to ensure that it is being pulled into the technology platforms that monitor and identify risks, according to a source.

 

FinTRAC’s compliance examination, which was conducted in 2023, identified weaknesses in the processes and controls that TD had in place for assessing client risk. That technology problem has since been resolved by the bank, that source added.

 

When asked if FinTRAC is conducting any further remediation work with TD, the spokeswoman for the financial intelligence unit said in the e-mail: “When serious deficiencies are identified during a compliance examination of financial institutions, FINTRAC requires the creation of detailed action plans for corrective action. For Canada’s large banks, the Centre monitors the progress of these action plans on a quarterly basis at a minimum.”

 

As for OSFI, this isn’t the first time the banking regulator has flagged problems with TD’s approach to managing its anti-money-laundering risks. OSFI officials raised the matter directly with then-chief executive officer Ed Clark in 2010 and 2011, according to a fifth confidential source.

Mr. Clark declined to comment.

 

For its part, TD has hired risk consultancy Proviti, a wholly owned subsidiary of Robert Half Inc., for advice on improving its anti-money-laundering controls, one of the sources said.

 

“In keeping with Protiviti’s policies, we do not publicly comment on client matters,” wrote Lisamarie Lukas, Protiviti’s senior director of communications.

 

The bank has already launched an overhaul of its U.S. and global anti-money-laundering program and has invested more than $500-million to enhance its platforms and remediate the weaknesses.

 

In an internal memo to employees, TD CEO Bharat Masrani said the bank is overhauling its anti-money-laundering program by hiring new leaders and hundreds of employees, redesigning controls, building new processes, deploying new technology and implementing improved training.

 

“We did not meet our expectations or our regulatory obligations to monitor, detect, report and respond to suspicious activity. As a result, criminals broke through our defences and used the bank to launder money,” Mr. Masrani said in the memo.

 

“This is absolutely unacceptable. While our systems stopped a lot of activity, I am deeply disappointed there were serious instances where we failed to stop these criminals. It goes against our values and everything we believe.”

 

 

 

This article was first reported by The Globe and Mail