TD Bank and Block Inc. Anti-Money Laundering (AML) Failures Highlight Urgent Need for Strategic Compliance Oversight

AI Enables Comprehensive and Proactive AML Oversight

Recently, two high-profile money laundering scandals made headlines not only for the crimes themselves, but for the heavy penalties government agencies inflicted on the firms in question.

TD Bank’s failings were extensive and pervasive. In October 2024, the bank pleaded guilty to conspiracy to commit money laundering and violations of the Bank Secrecy Act (BSA), resulting in an estimated $3 billion in penalties—the largest penalty in U.S. history. The bank’s key deficiencies included inadequate transaction monitoring systems, which failed to scrutinize a staggering 92% of transaction volume between 2018 and 2024. This lack of oversight enabled criminals to exploit the bank's services undetected. Additionally, the bank's failure to file required Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) further hindered law enforcement efforts during the same time period.

Block, Inc., which operates Cash App, faces fines for inadequate AML controls and violations of the BSA. Block, Inc. must pay an $80 million fine from a coordinated effort across 48 state financial regulators after they identified deficiencies in its AML program that could have allowed illicit activities including money laundering and terrorism financing.

At the same time, the Consumer Financial Protection Bureau (CFPB) imposed a $55 million civil penalty on the company and mandated up to $120 million in restitution to affected Cash App users after finding that Block's weak security protocols and inadequate customer service practices exposed consumers to fraud and hindered the resolution of unauthorized transactions.

Where TD Bank Failed

TD Bank faced a litany of fines for broad breaches of AML compliance requirements including:

1. Inadequate Transaction Monitoring: Between 2018 and 2024, TD Bank's automated systems failed to monitor approximately 92% of transaction volume, equating to about $18.3 trillion in unmonitored activity. ​

   
   

2. Prioritization of Cost-Cutting Over Compliance: The bank enforced a ‘flat cost paradigm’, maintaining static budgets for AML programs despite increasing transaction volumes and associated risks. This led to underfunded compliance efforts and outdated monitoring systems. ​

   
   

3. Facilitation of Criminal Activities: TD Bank's compliance deficiencies allowed at least three money laundering networks to process over $670 million through its accounts between 2019 and 2023. In some instances, bank employees accepted bribes to assist in laundering operations. ​

   
   

4. Failure to File Required Reports: The bank neglected to file SARs for thousands of transactions totaling approximately $1.5 billion. Additionally, CTRs were often delayed or contained misleading information, hindering law enforcement efforts. ​

   
   

5. Cultural and Training Deficiencies: Internal communications revealed employees joking about the bank being an ‘easy target’ for illicit activities. Front-line staff lacked adequate training to detect and report suspicious transactions, contributing to systemic compliance failures. ​

Where Block, Inc. Failed

Block, Inc. was penalized most heavily for their lack of oversight on app activity, including:

1. Weak KYC (Know Your Customer) Controls: Block allegedly allowed users to open multiple Cash App accounts under false identities. In some cases, fake names like ‘Donald Trump’ or ‘Elon Musk’ were used without proper verification.

   
   

2. Insufficient Transaction Monitoring: Cash App was reportedly slow to implement effective monitoring systems for suspicious or high-risk transactions. High-volume or suspicious transactions may not have been flagged or investigated adequately.

   
   

3. Lax Controls Over Fraudulent Activity: According to a Hindenburg Research report, former employees described internal systems that allowed rampant fraud and criminal activity.

   
   

4. Inadequate SARs Filings: Banks and money services businesses are required to file SARs with FinCEN when suspicious activity is detected.

   
   

5. Use of the Platform by Criminal Enterprises: The company’s platforms, especially Cash App, were reportedly used for drug trafficking, illicit finance, and scams, with poor enforcement or follow-up. Anonymous and unverified accounts made it easier for bad actors to exploit the system.

TD Bank and Block, Inc. Are Not Alone

Anti-Money Laundering is an established pillar of financial services regulation and compliance, resulting in complex requirements for firms.

Financial services companies are required to implement comprehensive AML programs designed to detect, prevent, and report suspicious financial activity. These programs must include robust customer due diligence (CDD) and KYC procedures to verify client identities, especially for high-risk individuals or entities. Firms must also establish ongoing monitoring systems to flag unusual transactions and file SARs with regulatory authorities when necessary. Additionally, they are obligated to maintain detailed records, conduct regular AML training for employees, and perform independent audits of their compliance programs. These requirements are enforced by regulators such as FinCEN in the U.S., and similar bodies globally, under laws like the BSA and international standards set by the Financial Action Task Force (FATF).

Add to this list of regulatory requirements the ongoing cat-and-mouse game of criminal money laundering activity, in which criminals use the most sophisticated technology and tactics to out-maneuver banks and regulators. Firms must go beyond complying with regulations tied to past money laundering—they must also anticipate and prevent future incidents.

Many firms view compliance with these regulations as both costly and time-consuming, leading some to take a calculated risk by deprioritizing adherence.

Consider these widespread cases:

Outdated Monitoring and Due Diligence: In today’s banking landscape, AI and data drive decision-making and operations. Yet many compliance frameworks remain outdated—dependent on manual systems, fragmented processes, and stale data—leaving institutions ill-equipped to detect and respond to real-time criminal activity.

Fragmented Process and Tactics: Instead of implementing a centralized, top-down AML strategy, many organizations permit individual business units to develop their own approaches—resulting in fragmented oversight and increased exposure to compliance gaps.

Cost Cutting: In a predominantly manual environment, auditing and monitoring processes are often prohibitively costly and time-consuming. TD Bank is not alone in facing the difficult trade-off—opting to scale back rather than invest in modernization and system upgrades.

How Weave.AI Helps Prevent AML Failures

While both firms faced penalties for tactical control failures, the root cause in each case was strategic inattention—failure to connect the dots across policy, regulation, organizational risk, and peer practices.

Weave.AI addresses this challenge by equipping senior leadership with a strategic decision intelligence layer purpose-built for AML and FinCrime governance. Rather than replacing tactical systems like transaction monitoring or identity verification, Weave.AI augments them by providing top-down, regulation-aligned insight into where organizations stand—and where they are falling behind.

Strategic Oversight Anchored in Regulatory Expectations

Weave.AI enables boards, CROs, and CCOs to systematically assess their AML/KYC posture through the lens of global standards—such as FATF’s 40 Recommendations, 6AMLD, FinCEN’s BOI Rule, and emerging jurisdictional rules like Australia’s AML/CTF Act 2024.

This allows executive teams to:

• Benchmark against peer institutions and regulatory best practices.

• Surface gaps not visible through bottom-up monitoring.

• Understand where investment or remediation is most urgently needed.

  
  

In the case of TD Bank, this kind of oversight could have illuminated systemic misalignments between static budgets and rising risk exposure—well before $18.3 trillion in transactions went unmonitored.

Proactive Risk Triage and Regulatory Change Management

Weave.AI continuously tracks the evolution of AML-related regulations, identifying emerging obligations and surfacing which internal policies and controls are impacted. This empowers compliance leaders to:

• Triage regulatory complexity into prioritized actions.

• Align compliance roadmaps with regulatory momentum, not just past violations.

• Avoid surprises from rule changes or jurisdictional shifts.

  
  

Block might have benefited from such foresight by better anticipating the growing scrutiny over fintech KYC controls and tightening expectations around digital platform governance.

Gap Analysis and Tailored Next-Best Actions

Unlike generic advisory dashboards, Weave.AI delivers tailored insight at both the institutional and functional level:

• Pinpoints where firm policies diverge from regulatory mandates and peer standards.

• Offers context-specific guidance on how to effectively close compliance gaps.

• Recommends operational next steps, empowering organizations to take decisive and coordinated action.

  
  

A proactive analysis could have helped TD Bank prevent cultural drift by identifying specific shortcomings in its AML policy framework and outlining clear enhancements—enabling corrective action before reaching the point of regulatory intervention.

Cross-Functional Clarity and Reduced Cost of Oversight

Executives often struggle to reconcile board-level governance with frontline compliance execution. Weave.AI bridges this gap by offering explainable, audit-grade outputs that map insights back to both regulatory texts and internal documentation—eliminating guesswork and easing the burden of audits.

Weave.AI does not replace existing operational systems; rather, it provides a centralized view of AML readiness to ensure their outputs are strategically aligned and effectively coordinated. By integrating insights from filings, policies, regulatory updates, and peer benchmarks, it creates a centralized decision fabric for GRC leaders to:

• Monitor readiness across business units and jurisdictions.

• Align risk appetite and resource allocation with actual regulatory exposure.

• Ensure nothing falls between the cracks—from BOI compliance to SAR quality.

  
  

This centralized visibility is what both TD and Block lacked—and what regulators now demand.

The shortcomings at TD Bank and Block stemmed not only from limitations in available tools, but also from a broader lack of foresight, prioritization, and strategic coordination. Weave.AI complements existing transaction monitoring and KYC tools by empowering leaders to see the whole board, understand regulatory dynamics as they evolve, and act decisively to prevent the next crisis.

In today’s complex regulatory landscape, intelligence must be complemented by strategic foresight to effectively navigate evolving challenges.