Five Issues for Compliance Managers/Money Laundering Reporting Officers (CM/MLRO); the TD Bank Case Study

Five Issues for Compliance Managers/Money Laundering Reporting Officers (CM/MLRO); the TD Bank Case Study

TD Bank Enforcement Action

In March 2024, the Financial Crime Enforcement Network (FinCEN) announced a major enforcement action against TD Bank for systemic failures in its anti-money laundering (AML) program. The bank was fined $3.09 billion for among other AML infractions, failing to detect and report suspicious (SAR) transactions tied to large-scale fraud schemes. These failures included delayed SAR filings, ineffective transaction monitoring, and insufficient AML staffing.

The enforcement highlighted long-standing weaknesses despite repeated internal audit warnings. In response, TD Bank implemented major leadership changes, including the replacement of senior compliance personnel and the hiring of external experts to rebuild its AML program. The bank also committed to significant investment in AML technology and training.

Responsibilities of CM/MLRO

The CM/MLRO plays a central role in ensuring the effectiveness of an institution’s AML program. Key responsibilities include:

  • Oversight of transaction monitoring systems to detect suspicious activity.
  • Filing timely Suspicious Activity Reports (SARs).
  • In the case of TD Bank, ensuring compliance with regulations such as the Bank Secrecy Act (BSA), USA PATRIOT Act, and related guidance.
  • Training staff on AML obligations and risk awareness.
  • Monitoring employee behavior and internal risk exposure through Know Your Employee (KYE) processes.
  • Reporting to senior management and the board on compliance effectiveness.
  • Responding to audit findings and closing identified gaps.


Five issues for CM/MLRO from the TD Bank Case

  1. Inadequate AML Staffing and Expertise

TD Bank’s AML team was understaffed and lacked experienced personnel, resulting in backlogs of unreviewed alerts and delayed SARs.

Impact: Compliance managers cannot effectively oversee programs without sufficient and qualified human resources.

  1. Weak Use of Technology for Monitoring

TD Bank’s transaction monitoring system was outdated, lacked automation, and could not adapt to new fraud patterns.

Impact: Inefficient systems lead to missed alerts and increased compliance risk.

  1. Poor Employee Training and KYE Controls

Many staff lacked adequate training to recognize suspicious behavior or understand escalation procedures. There were also failures in monitoring internal misconduct risks.

Impact: Untrained employees are unable to detect red flags. Weak KYE processes undermines internal safeguards and timely detection of employee breaches, particularly in higher risk areas such as an institution’s AML obligations, and employee responsibilities in effective compliance.

  1. Failure to Act on Audit Findings

Internal audits identified multiple deficiencies, but the bank failed to take timely corrective actions or escalate the concerns effectively.

Impact: Ignoring audit results leaves vulnerabilities exposed and increases the risk of regulatory penalties.

  1. Insufficient Board Oversight

The board was not fully engaged in AML oversight and relied too heavily on internal assurances without challenging compliance gaps.

Impact: Without active board involvement, compliance managers lack the authority and support to drive necessary reforms.

Imperatives for CM/MLROs

✅ Strengthen AML Staffing

  • Advocate for dedicated budget to hire experienced compliance staff.
  • Use workforce planning to ensure alert-to-analyst ratios are manageable.

✅ Modernize Monitoring Technology

  • Invest in AI-powered transaction monitoring and automated alert triage systems.
  • Conduct regular system reviews to update typologies and thresholds.

✅ Enhance Staff Training and KYE Oversight

  • Provide mandatory annual AML training tailored to business units.
  • Implement KYE systems to track employee risks, escalations, and conduct.

✅ Enforce Audit Closure Protocols

  • Set strict deadlines for remediation of audit findings.
  • Establish a tracking system to monitor closure and escalation of unresolved issues.
  • Present audit exception in Board Reports and at Board Meetings to highlight risk exposure due to unresolved audit points.

✅ Engage the Board

  • Deliver clear, data-driven compliance reports to the board.
  • Arrange targeted AML training for Board Members to build capacity that enables the board to ask challenging questions and demand accountability on AML matters.
  • Reference recent fines applied by regulator against competitors for similar areas of AML risk present in your entity to reinforce risk exposure and to leverage board influence for corrective action by management.


Conclusion and Key Takeaways

The TD Bank case is a clear reminder that a compliance culture must be built from the top down and executed from the ground up. A CM/MLRO can only succeed if they are supported by adequate resources, modern technology, responsive governance, and an informed workforce.

Key Takeaways:

  • Understaffed AML teams are a systemic weakness. Hire and train strategically.
  • Outdated systems cannot keep pace with evolving threats. Upgrade regularly.
  • Employee awareness and internal conduct monitoring are key compliance pillars.
  • Audit findings must lead to immediate corrective action.
  • Board engagement is not optional—it drives the tone and strength of the compliance program.


Staying ahead of enforcement risk means making these actions routine—not reactive. Proactive compliance leadership is the only sustainable defense.

Fabian E. Sanchez, JP | LinkedIn CIPM, Intl. Dip. AML, CAMS, CIRM, MBA, BBA – fsanchez@fabian-sanchez.com