TD Bank’s Insider Guilty Pleas Are the Aftershocks of a Long-Running AML Failure

Key Takeaways

• Two Former Employees Pleaded Guilty: Separate cases involving former TD Bank employees resulted in guilty pleas related to bribery and money laundering activity.
• Cases Involved Insider Access: Prosecutors alleged that both individuals exploited internal access to facilitate illicit financial flows to Colombia.
• Activity Reflected Known AML Risk Patterns: The conduct described in court filings included repeated account openings, debit-card issuance, and sustained foreign ATM withdrawals.
• Cases Follow Major Regulatory Enforcement: The guilty pleas come after TD Bank resolved significant U.S. enforcement actions related to Bank Secrecy Act compliance.
• Regulators Continue to Emphasize Insider Risk: Law enforcement statements in both cases highlighted the role insiders can play in enabling complex financial crimes.

Deep Dive

Two recent guilty pleas by former employees of TD Bank have drawn renewed attention to the role insider access can play in facilitating financial crime — particularly when combined with weaknesses in transaction monitoring, escalation, and account oversight.

In late January, federal prosecutors announced that Leonardo Ayala, a former TD Bank employee based in Florida, pleaded guilty to accepting bribes and conspiring to launder monetary instruments while employed by the bank. The case followed a separate guilty plea earlier in the month by Oscar Marcel Nunez-Flores, a New Jersey-based former employee accused of facilitating a larger money laundering network.

While the two matters were charged separately and involved different timeframes, prosecutors in both cases described similar methods that relied on insider access to open accounts, issue debit cards, and enable large volumes of ATM withdrawals abroad.

Conduct Described in Court Filings

According to court filings, Ayala accepted bribes while working at TD Bank between June and November 2023. Prosecutors alleged that he opened fraudulent accounts, issued more than 150 debit cards to shell companies, and removed internal restrictions placed on debit cards that had been flagged due to questionable activity. The accounts and cards were then used to conduct more than 12,000 ATM withdrawals in Colombia, moving approximately $5.5 million out of the United States. Ayala received more than $6,000 in bribes, paid in cash and through a peer-to-peer digital payment network.

In the earlier case, prosecutors said Nunez engaged in similar conduct over a longer period, beginning in March 2021 and continuing until his arrest in October 2023. Court filings alleged that Nunez opened dozens of accounts in the names of shell companies, frequently without customers present, and issued or arranged for the issuance of more than 600 debit cards. Those cards were used to execute more than 120,000 ATM withdrawals throughout Colombia, expatriating more than $26 million. Prosecutors also alleged that Nunez shipped debit cards to co-conspirators abroad and accepted bribes ranging from several hundred to several thousand dollars per account.

Both defendants pleaded guilty to conspiring to launder monetary instruments and to receiving bribes as bank employees. Each faces potential prison sentences of up to several decades, with sentencing hearings scheduled for May and June.

Regulatory Context and Prior Enforcement

In 2024, the Financial Crimes Enforcement Network imposed a $1.3 billion civil penalty on TD Bank for violations of the Bank Secrecy Act. The Department of Justice separately announced a criminal resolution totaling approximately $1.8 billion. The actions represented the largest combined AML enforcement outcome involving a financial institution in the United States.

Regulators stated that TD Bank’s AML program had experienced prolonged deficiencies, including weaknesses in transaction monitoring and oversight that allowed multiple money laundering networks to move hundreds of millions of dollars through the bank over several years. As part of the resolution, TD Bank agreed to significant remediation commitments and ongoing oversight.

In public statements announcing the guilty pleas, Justice Department officials emphasized that financial crimes of this scale often depend on insiders who misuse their access to internal systems and controls. Prosecutors described bank employees as critical gatekeepers whose actions can either prevent or enable illicit activity.

From a compliance perspective, the conduct described in the Ayala and Nunez cases reflects activity patterns commonly cited by regulators as elevated risk, including repeated account openings, high volumes of debit card issuance, and sustained foreign ATM withdrawals. The cases underscore how insider involvement can complicate detection and delay escalation, particularly when control weaknesses already exist.

Remediation and Oversight Efforts

TD Bank has publicly stated that it is investing heavily in strengthening its financial crimes compliance framework, including committing approximately $500 million to AML remediation efforts. The bank has also made leadership changes within its compliance organization and is operating under the supervision of an external compliance monitor.

At the executive level, longtime chief executive Bharat Masrani has announced his retirement, effective April 2025. He will be succeeded by Ray Chun, a transition the bank has described as part of its broader efforts to strengthen governance and regulatory engagement.

For financial institutions, the insider guilty pleas highlight ongoing supervisory expectations around employee oversight, escalation, and control effectiveness. Regulators have consistently emphasized that AML programs must account not only for external threats, but also for the risk posed by individuals with privileged system access.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.