Anti-money-laundering cases pile up in 2024

Banks' anti-money-laundering controls, or lack thereof, were in the spotlight in 2024, led by a regulatory probe into TD Bank Group that revealed startling negligence and compliance failures.

In October, regulators hit the Toronto-based company's U.S. subsidiary with a record-setting $3.09 billion fine and capped its assets at $434 billion as part of a plea deal following criminal charges that TD allowed the movement of more than $670 million in dirty money to flow through its channels between 2019 and 2023. The U.S. Department of Justice, which has previously said that it identified at least three money-laundering schemes during that period, has charged two dozen people, including three TD Bank employees, in connection with those crimes.

But TD wasn't the only bank generating anti-money-laundering-related news in 2024. Bank of America, Wells Fargo and a community bank in Kansas also drew unwanted attention for shortcomings in their own money-laundering compliance practices.

The year was full of other bank regulatory news. The Consumer Financial Protection Bureau has been on a tear lately as Director Rohit Chopra seeks to finalize a flurry of rules, including circulars and reports, that appear to be an effort to gum up the works for the incoming Trump administration.

The CFPB recently targeted the credit card industry by arguing that issuers may be violating federal laws if they devalue rewards earned by cardholders or make them hard to redeem.

In December, the bureau finalized a rule that would cap overdraft fees at $5 or at cost, beefed up protections for Property Assessed Clean Energy, or PACE, loans, and issued a blog post on the role of credit cards and cash advance fees in sports gambling.

Meanwhile, the proposed Basel III endgame capital rules — initially meant to impose higher capital requirements on banks with more than $100 billion of assets — were largely watered down and could see further changes with President-elect Donald Trump at the helm.

Top regulator appointments and how those will change under the new administration generated a fair share of post-election news coverage. The Treasury Department and the Federal Deposit Insurance Corp. will have new leaders next year, and all eyes will be watching to see what unfolds for Jerome Powell at the Federal Reserve and Chopra at the CFPB.

Finally, USAA Bank is navigating a regulatory minefield, an American Banker investigation showed.

Here's a deeper look at the top regulatory news of 2024.

Anti-money-laundering scrutiny ramps up

TD spent much of the year preparing for a possible regulatory penalty and other potential fallout stemming from the DOJ's anti-money-laundering investigation, which was disclosed in 2023.

In May of this year, Canada's second-largest bank set aside $450 million in provisions for potential fines from U.S. regulators. In August, it added another $2.6 billion to the pile and warned that it could be forced to not only pay fines but also deal with nonmonetary consequences.

The $370 billion-asset bank's compliance problems dragged on into September when its U.S. arm entered into a consent agreement with the CFPB. The bureau ordered Cherry Hill, New Jersey-based TD Bank to pay $28 million, saying the bank gave false information to consumer reporting companies, sometimes knowingly, and failed to correct the practices afterward.

Ultimately, the plea deal has put TD and the U.S. arm into a five-year probationary period.

Amid the turmoil, the parent company is preparing for a leadership change. CEO Bharat Masrani will retire next year. Raymond Chun, head of Canadian personal banking, will succeed him.

Separately, Wells Fargo found itself in hot water this fall when the Office of the Comptroller of the Currency flagged "deficiencies" related to the bank's anti-money-laundering compliance programs. While the OCC's order did not include any monetary penalties, it did require Wells to take "comprehensive corrective actions" to ensure that it is reporting suspicious activity, in addition to performing adequate customer due diligence and customer identification.

Meanwhile, this week the Office of the Comptroller of the Currency issued a cease-and-desist order against Bank of America for shortcomings in its sanctions programs and noncompliance with the Bank Secrecy Act. The Charlotte, North Carolina-based bank has to revamp its anti-money-laundering protocol, hire a third-party consultant to evaluate Bank Secrecy Act and sanctions compliance, and undergo a review to confirm that all suspicious activity was properly reported.

And last month, for the second time in 14 months, the Fed issued a cease-and-desist order against Small Business Bank in Lenexa, Kansas, for deficient anti-money-laundering controls.

Samuel Corum/Bloomberg

CFPB issues flurry of new rules at the 11th hour

Few regulators have drawn the fury of lawmakers quite like Rohit Chopra, the CFPB's director.

The CFPB has been one of the most active regulators this year. It has finalized major rules that would cap credit card late fees at $8, require banks to share consumers' financial data and mandate data reporting on small business loans to combat discrimination.

Bank trade groups sued the CFPB over late fees and appear likely to prevail in court after a federal judge found that the bureau's rule unlawfully prevents credit-card issuers from imposing penalty fees. Banks and credit-card issuers are breathing a sigh of relief because the CFPB's rule would have wiped out $10 billion a year in late fee revenue.

The CFPB also was sued immediately after issuing its open-banking rule requiring banks to safely share financial data on checking accounts, prepaid cards, credit cards, mobile wallets, payment apps and other financial products. Banks are concerned the rule will expose them to greater liability and also require costly oversight of third-party fintech companies. Experts think a Trump-appointed CFPB director will attempt to make changes to the rule, potentially allowing banks to recoup costs, or even rescinding and reissuing the sweeping data privacy rule.

The CFPB also was sued after finalizing the small-business data collection rule, also known as the 1071 rule for its section in the Dodd-Frank Act. The rule requires that lenders start collecting data on how many small-business applicants are approved or denied loans on a wide range of credit products, including term loans, lines of credit, business credit cards, online credit products and merchant cash advances. A judge ruled in August that the CFPB was given the authority by Congress to collect the information, and banks are likely to press the Trump administration's CFPB director to rescind some of the data elements required by the rule.

Developments in Basel III endgame rules

The year began with significant pushback against the proposed Basel III endgame capital rules, which were rolled out during the summer of 2023. Bankers and trade groups raised concerns with the reforms, which were jointly proposed by the OCC, the FDIC and the board of governors of the Federal Reserve.

By May, the industry was in limbo as regulators tried to decide if they would modify the initial proposal or unveil an entirely new offering. Meanwhile, banks were building up their capital.

After months of anticipation, Fed Vice Chair for Supervision Michael Barr in September outlined the changes he would like to see in a revised version of the Basel III endgame. Excluding banks between $100 billion and $250 billion in assets from being subject to the rules was one of the changes he proposed. So too was upping the aggregate capital for the largest banks by 9% rather than the proposed 19%, and capping capital requirements to less than 5% for banks with more than $250 billion of assets that are not deemed to be global systemically important banks.

What happens to the proposed rules remains to be seen under the incoming administration.

"I don't know what the regulators will agree to once they get the new people in," Bank of America Chairman and CEO Brian Moynihan said at a recent industry conference. "But we need to finalize it without much impact honestly … because it's good to put it behind us."

Regulators’ changing of the guard

There will be turnover at the nation's top banking regulatory agencies, starting with the January departure of Martin Gruenberg, who has twice chaired the FDIC.

Gruenberg, who first joined the agency in 2005, announced his plan to step down earlier this year, once a successor had been identified. In November, he said he would leave his post on Jan. 19, one day before President-elect Donald Trump is scheduled to be sworn into office.

His departure follows numerous allegations of sexual harassment and racial discrimination at the FDIC. The claims were later substantiated by an independent third-party review.

A second Trump presidency is bound to bring other changes in who's sitting at the top of the regulatory agencies that watch over banks. FDIC Vice Chair Travis Hill, the Republican appointee to the Fed's five-person board, is seen as the frontrunner to succeed Gruenberg.

The head of the OCC, Michael Hsu, and Chopra at the CFPB are also likely to be replaced. Earlier this month, Chopra refused to say that he would step down from his role when Trump takes office, implying that the president would have to fire him.

Scott Bessant, a hedge fund veteran and former George Soros associate, has been nominated by Trump to succeed Janet Yellen as secretary of the Treasury Department.

Meanwhile, Powell has said that he has no plans to bow to pressure from the incoming administration to resign. Two days after the election, following a Federal Open Market Committee press conference, Powell had this to say about whether the president could remove or demote a member of the Federal Reserve board of governors at will: "Not permitted under the law."

USAA lands in the regulatory hot seat

An investigation by American Banker and the San Antonio Current revealed that USAA Bank, known for its service to military members and their families, is navigating a regulatory minefield of its own making.

The problem lies with the bank growing its customer base without making the investments needed to keep regulators happy.

A series of regulatory penalties hasn't sparked enough internal change. Neither has the reshuffling of key leaders, the latest move being the upcoming retirement of CEO Wayne Peacock. Another issue is the lack of profits at USAA's bank, which has turned to layoffs to cut costs.

The list of regulatory problems in the banking division is varied. Regulators have demanded overhauls of the bank's technology and information security protections, plus its efforts to prevent money laundering. They've punished the bank for charging military members more interest than federal law allows. And they've failed USAA twice in a row on an exam that measures how well banks serve communities.

On Dec. 18, federal regulators issued a stinging enforcement action outlining "comprehensive" shortcomings at USAA Federal Savings Bank, marking the third attempt in five years to force an overhaul of the military-focused bank.

In a cease-and-desist order, the OCC — USAA's primary federal banking regulator — prohibited the bank from adding "any new product or service" or loosening its membership criteria without evaluating the risks of getting bigger.