Last Thursday it took the U.S. Department of Justice 40 minutes to demolish Canada’s reputation as a global leader in bank supervision.
The DOJ’s astonishing case against Toronto-Dominion Bank TD-T, and the bank’s admission of guilt, demonstrate how Canada’s Finance Department and two of the bank supervisory agencies it oversees – the Office of the Superintendent of Financial Institutions (OSFI) and the Financial Transactions and Reports Analysis Centre of Canada (FinTRAC) – have for much of the past decade been ineffective in supervising non-financial regulatory risk, such as anti-money laundering.
TD Bank had “staggering and pervasive failures in oversight,” the DOJ said, and “it willfully failed to monitor trillions of dollars of transactions” at its U.S. retail bank. U.S. deputy attorney-general Lisa Monaco stated that “every bank compliance official … should be reviewing today’s charges [against TD Bank] as a case study of what not to do.” The same can be said of Finance, OSFI and FinTRAC.
Canadian banks deploy global regulatory frameworks to manage compliance requirements, such as anti-money laundering (AML), as well as governance and controls that actively ensure bank policies and procedures are followed by employees and are effective. Canadian requirements are the heart of those frameworks, and variations or separate requirements for other jurisdictions where a bank operates (such as the United States, European Union or Britain) are plugged into them.
This gives bank leaders in Canada (chief executives, chief compliance officers, internal auditors, legal teams, board members etc.) a domestic and global picture of a bank’s non-financial regulatory compliance requirements. Based on this view, each bank builds the necessary governance and controls at home and abroad to ensure such requirements are met, audited, updated, monitored and used to generate effective internal and external reports. In short, if the regulatory compliance effort is broken in other jurisdictions, it will almost certainly be broken in Canada.
OSFI supervises these frameworks and lays out its expectations in its Regulatory Compliance Management Guideline as well as its Corporate Governance Guidelines. FinTRAC, in turn, is accountable for “monitoring and assessing the quality, timeliness and volume of financial transaction reporting.”
What the U.S. DOJ determined, and TD Bank admitted to, was “starving its compliance program of the resources needed to obey the law.” The result of this, the DOJ said, was that “from 2014 through 2022, TD Bank’s transaction monitoring program remained effectively static, and did not adapt to address known, glaring deficiencies; emerging money laundering risks; or TD’s new products or services.” Worse still, “TD Bank’s federal regulators and TD Bank’s own internal audit group repeatedly identified concerns about its transaction monitoring program.” Those concerns were ignored.
There is much more in the DOJ case. But the point is that these TD admissions of guilt beg the question: How did OSFI and FinTRAC miss TD underfunding its compliance program, its failure to keep its money-laundering monitoring systems current, and a risk culture where findings by regulators and internal audits were ignored by senior leaders, including those in Canada?
The DOJ case offers a clue: “TD Bank maintained elements of an AML program that appeared adequate on paper.”
It can also be put down to oversight confusion – in 2021, oversight of AML programs at Canada’s banks was split between OSFI and FinTRAC. That was a mistake.
OSFI is alive to the reputational damage the DOJ case against TD has caused Canada’s bank supervisor. Peter Routledge, OSFI’s superintendent, took the unprecedented step of issuing a damage-control statement acknowledging the seriousness of the situation, while adding that “Section 22 of the OSFI Act and Section 636 of the Bank Act bar me or any OSFI official from disclosing information regarding the business affairs of a federally regulated financial institution.”
He then pointed to FinTRAC, saying, “We reiterate our support for the work of FINTRAC, Canada’s financial supervisor for anti-money laundering activities.”
The TD Bank debacle in the U.S. demands action from the Minister of Finance, Chrystia Freeland.
Step 1 is to clarify the bank supervision process by restoring OSFI’s sole responsibility for supervising every Canadian bank’s entire AML compliance and reporting programs. Next, Ottawa needs to remove the secrecy restrictions on non-financial risk compliance issues that gag OSFI and keep important information from Canadians about their banks.
Finally, the time has come for the Liberal government to keep its promise to create a Canadian financial-crime agency to investigate and prosecute financial crimes. To support such an agency, FinTRAC would shed its supervision of banks and focus on gathering intelligence to help drive prosecutions.
The DOJ case was more than an indictment of TD Bank. It cast a dark cloud over Canadian bank inspection that Ottawa cannot ignore.
John Turley-Ewart is a regulatory compliance consultant and Canadian banking historian.