Why Banks Need OSINT: Lessons from the TD Bank Scandal

Introduction

Toronto-Dominion (TD), Canada’s second largest bank, is in trouble. Its AML programme has been under scrutiny for years, but a major scandal erupted earlier this month when it was revealed the US Department of Justice (DoJ) is investigating if Chinese drug traffickers and crime groups used the bank to launder the proceeds of illegal fentanyl sales.¹ The bank is also currently subject to three other AML investigations in the US, and last month was fined $9m by the Canadian banking regulator for failing to submit suspicious transaction reports.² The bank has said it will set aside $450m for any potential fines, although some reports think it could ultimately receive a multi-billion dollar penalty, which would be the third largest fine ever issued.³

The DoJ investigation came about after law enforcement agents discovered a money laundering operation funnelling hundreds of millions of dollars in drug proceeds through TD and other banks. They identified networks of Chinese money-brokers used by drug cartels to launder their illegal proceeds, and observed suspects depositing large bags of cash at banks in New York, into accounts held by small local businesses. The bank most extensively used by these launderers was TD.

The scheme has echoes of the so-called “Vancouver model”, where Chinese gangs launder the cash proceeds of illicit activities including fentanyl sales through Canadian casinos, and then through real estate transactions. This model was investigated by the Commission of Inquiry into Money Laundering in British Columbia, also known as the Cullen Commission, established by the government of British Columbia in 2021, and which reported how transnational crime groups had been targetting Canada for money laundering purposes.

How could OSINT help?

TD’s CEO has acknowledged the bank’s controls were insufficient, and has committed to investing more than $500m on programme remediation and platform enhancements, including new technology and processes, and hundreds of new AML staff. While the bank has not disclosed further details, one area which could undoubtedly benefit from investment is its investigations capacity, including the use of open source intelligence (OSINT).

Banks can make use of OSINT in numerous ways to strengthen their financial crime programmes and prevent or identify this type of large-scale money laundering activity:

1. Risk assessments

All good financial crime programmes are based on a robust, comprehensive risk assessment which highlights the most significant threats a firm faces. TD’s risk assessment should draw on a broad range of open sources including official reports like the Canadian national risk assessment⁴ and the final report of the Cullen Commission,⁵ which highlight related typologies. It could also reflect media reports and threat summaries by independent commentators and industry sources.  

Using open sources to identify the threat posed by organised crime gangs laundering cash derived from narcotrafficking could have helped the bank focus on establishing controls to identify and prevent this activity. 

2. Proactive investigations

Based on their risk assessments, banks can conduct proactive investigations to see if they have exposure to certain types of criminal activity. OSINT is ideally suited to support thematic investigations of this kind by amalgamating, sorting and processing vast amounts of useful information. It can draw out the names of individuals and companies named in criminal trials, government reports or media articles; it can identify locations or industries that are particularly vulnerable; or it can highlight typologies such as the use of casinos, real estate or small-scale front companies. 

3. Adverse media screening

Perhaps the most obvious place where OSINT can play a role is in identifying adverse media on customers or related parties. There has been significant media coverage of the Vancouver model and other money laundering activities involving Chinese gangs which banks would be expected to identify. Some investigative journalists have unearthed realms of information on the subject, and have published additional content on their social media accounts or blogs. There is also a treasure trove of information available in corporate records, legal filings, and reports from government enquiries. 

Given the amount of available open source material can be overwhelming, especially for major stories like this, an OSINT tool that consolidates, assesses and prioritises information can be especially valuable. This is particularly true when additional information may be available in other language sources, or official records in other countries with which in-house analysts may not be familiar.

4. Corroborating customer due diligence

OSINT isn’t only useful for identifying negative information and red flags; it’s also handy for corroborating narratives presented by customers. For instance, high-risk customers will often be asked to account for their source of wealth or the source of funds for a particular investment or transaction. Open sources can confirm if their account of their financial history is credible – raising the alarm if someone claims to be a successful business figure of many years standing, but has no discernible public profile, or has previously been associated with low-level positions that don’t accord with this account.  For corporate customers, a company may claim to have been trading successfully for many years but open sources can show it was only incorporated recently, its website is newly created, and it has no discernible online profile dating back more than a few months.

5. Network analysis

Money laundering rings like the one that allegedly targeted TD rely on complex networks of individuals, front companies, legitimate businesses and bank accounts to launder their money. OSINT can identify the links between the different parties and reveal otherwise hidden connections by combining a large range of data sources. This can involve corporate records, social media, legal filings and other evidence that draws connections between identifiable bad actors and a bank’s clients. It can also help banks expand their investigations when they identify exposure – rather than just rejecting or offboarding one customer, they can cast the net wider to identify relationships with other related parties also involved in illegal activity.

Conclusion

Despite numerous high-profile money laundering prosecutions of global banks in recent years, the current scandal at TD shows major banks around the world still need to significantly improve their controls. Financial institutions with any vulnerabilities are ruthlessly exploited by criminals, and are not enough to satisfy regulators. Comprehensively utilising the information made available through OSINT is a key pillar in building an effective programme and combating complex and evolving threats like transnational narco-traffickers. 

TD has promised to strengthen its AML programme, including investments in “talent, tools and technology”. It is right to highlight all three areas – more information, whether from open sources or elsewhere, is not a silver bullet by itself. It requires the right processes, enabled by the right technology and used by teams with the right expertise and training, to maximise the benefits. Adopting a technology-driven OSINT tool which is easy to use, supports analysts in their work, and aligns to specific risk profiles and operations, could prevent other banks from facing similar scandals.

1. www.wsj.com/articles/td-bank-probe-tied-to-laundering-of-illicit-fentanyl-profits-aae71243
2. https://globalnews.ca/news/10464987/td-bank-fintrac-fine-suspicious-transactions/
3. www.morningstar.com/news/marketwatch/20240506117/td-banks-stock-drop-on-money-laundering-probe-overblown-says-kbw-analyst-but-jefferies-is-not-so-sure
4. www.canada.ca/en/department-finance/programs/financial-sector-policy/updated-assessment-inherent-risks-money-laundering-terrorist-financing-canada.html
5. https://cullencommission.ca/files/reports/CullenCommission-FinalReport-Full.pdf