Image source

On October 10, 2024, Toronto-Dominion (TD) Bank agreed to pay approximately US $3.09 billion to U.S. regulators – the single largest penalty ever imposed under the Bank Secrecy Act (BSA). The financial consequences extended beyond the headline figure: compliance overhauls, independent monitors, legal expenses, and operational restrictions materially affected the bank’s U.S. business. Senior executives departed, compensation was reduced, and branch-level employees now face criminal charges.

According to the U.S. Department of Justice, between January 2018 and April 2024, TD’s transaction monitoring program failed to review approximately 92% of its transactions — representing activity collectively valued at more than $18 trillion. Within that same period, three criminal networks with ties to drug trafficking organizations transferred over $670 million in illicit funds through TD accounts.

But the magnitude of the penalty — and its ramifications for TD and the broader banking sector — underscores something more unsettling. If criminal networks were able to move over half a billion dollars through a major financial institution over multiple years – despite the presence of formal monitoring systems – the underlying laundering infrastructure was not opportunistic. It was operationally mature.

While the TD case represents a particularly egregious breach of a major financial institution by bad actors, the vast demand to enter these systems by an expanding global criminal services market makes it a powerful warning of the dangers posed by a lack of action amid a global surge in parallel financial activity.

Investigation and findings

Federal authorities began investigating cartel-linked laundering activity in the New York tri-state area in the early 2020s. In one instance, agents reportedly tailed a box truck transporting bags of bulk cash that were deposited across multiple bank branches, with TD locations featuring prominently. The ringleader of these activities was Da Ying (“David”) Sze, a Chinese-born resident of Queens, New York. According to court filings, Sze’s network laundered approximately $653 million, roughly $470 million of which moved through TD Bank. A subsequent congressional report noted the network moved funds to thousands of individuals and entities across the United States, China, Hong Kong, and other jurisdictions.

The Sze network did not rely on large-scale corruption to operate within TD. According to court documents, the organization provided approximately $57,000 in retail gift cards to multiple bank employees over a three-year period. In exchange for these gift cards, employees repeatedly ignored reporting standards, issuing official bank checks for accounts mostly filled with underreported cash. According to charging documents, one branch employee asked another “how is that not money laundering?” after a customer was permitted to buy more than $1 million in bank checks with cash. “Oh, it 100 percent is,” replied the second employee.

While multiple insiders were charged in connection with related laundering schemes, the only publicly detailed case tied to the Sze network is that of Wilfredo Aquino, an assistant store manager at a Midtown Manhattan TD branch. Aquino accepted more than $11,000 in gift cards between 2019 and 2021. In the context of a mid-level retail banking salary in Manhattan, and given Aquino had processed some 1,680 checks worth over $92 million, the inducements were modest — suggesting that the network’s strategy depended less on dramatic bribery than on sustained, low-friction facilitation at key review points.

At $57,000 in gift cards, total known inducements amounted to roughly 0.01 percent of the funds Sze passed through TD-linked accounts — a negligible input cost for a network operating at industrial scale. The vulnerability was not expensive corruption, but calibrated pressure applied to the right choke points.

While global financial institutions continue to struggle to improve their compliance systems, what is clear is that demand to inject illicit cash into capital markets via legitimate institutions has reached an unprecedented scale and scope.

Da Ying (“David”) Sze depositing bulk cash at a NYC-area TD branch. Image source

Supply and Demand — Laundering as a Service Market

Service-based alternative clearing networks have emerged amid unprecedented capital mobility, digitized payment velocity, and increasing geopolitical fragmentation. Over the past decade, these systems have expanded in ways that bypass and place strain on formal regulatory frameworks. They reflect a convergence of three structural forces: capital flight from high-pressure jurisdictions such as China, the steady supply of bulk cash generated by large transnational criminal enterprises, and the acceleration of cross-border value transfer enabled by fintech and digital assets.

Operationally, these networks integrate bulk cash collection, offshore credit balancing, digital asset conversion, and trade-based value settlement into a continuous clearing cycle. The result is a service-layered market for laundering and liquidity conversion, scaled by the sheer volume of capital seeking movement across jurisdictions. The objective is not merely concealment, but transformation — converting trapped or illicit value into deployable capital within stable financial systems.

Recent enforcement actions and reporting demonstrate the scale and operational capacity of this underground services market. In Southeast Asia, the Huione Chinese language marketplace and corporate networks associated with Prince Group have been identified as providing services used by criminal actors tied to scam compounds and gambling rings. According to Chainalysis, Huione-linked addresses processed more than $70 billion in crypto-denominated transactions between 2021 and 2025. In October 2024, the U.S. Department of Justice announced a civil forfeiture action involving over $15 billion in bitcoin connected to activity tied to Prince Group–associated entities — the largest digital asset seizure in history. In North America, FinCEN reporting has identified Chinese money laundering networks (CMLNs) as key facilitators of bulk cash clearing. Suspicious Activity Reports referencing such networks reflected approximately $312 billion in flagged transactions between 2020 and 2024. The Da Ying Sze network likely represented only one operational node within this broader clearing architecture.

These figures illustrate that the networks in question are not marginal or episodic; they are structured, capitalized, and globally integrated. Their continued operation depends not on remaining entirely outside the formal financial system, but on accessing it selectively at key integration points. This is where regulated financial institutions enter the equation.

Banks as Entry Points for Illicit Capital

Banks sit at the final integration point between parallel financial systems and formal capital markets. At its core, this is a supply-and-demand equilibrium: illicit or trapped capital seeks conversion; regulated capital markets offer absorption capacity and safety; intermediaries profit from the spread. As enforcement actions over the past decade demonstrate, financial institutions exposed to these flows face escalating compliance, reputational, and sanctions-related risks.

Court documents reveal the extent to which TD Bank’s compliance team failed to monitor suspicious transactions and the Department of Justice cited systemic weaknesses in the bank’s AML infrastructure, including gaps in transaction monitoring coverage and risk escalation. But while the TD example may be extreme in scope, the bank is not alone.

Over the past several years, major financial institutions — from HSBC to Danske Bank — have faced significant penalties tied to AML deficiencies valued in the billions of dollars. In less extreme cases – such as Capital One or USAA Federal Savings Bank – penalties have still reached hundreds of millions of dollars. The recurrence of multi-billion-dollar penalties across traditional banks and digital asset platforms underscores a systemic compliance lag rather than isolated institutional failure. Industry analyses and regulatory reports repeatedly warn that compliance systems often lag behind transaction complexity and adversary adaptation. The recurring pattern is not episodic misconduct, but structural misalignment between institutional monitoring models and industrial-scale laundering services.

As banks increasingly integrate digital assets into their payment and settlement systems, risk exposure expands rather than contracts. Beyond retail deposits and digital asset channels, trade finance instruments and correspondent banking relationships provide additional integration pathways between shadow liquidity networks and formal capital markets.

Existing AML evaluation frameworks primarily assess compliance with reporting and supervisory standards; they are less equipped to measure institutional resilience against coordinated, service-based clearing models. As parallel liquidity systems scale, institutions calibrated to detect isolated transactional anomalies — rather than sustained throughput facilitated by dispersed nodes within otherwise profitable client relationships — will remain structurally exposed.

Recalibrating compliance from anomaly detection toward throughput risk management may become one of the banking sector’s defining challenges in the years ahead. National supervisory regimes remain fragmented, while clearing networks operate transnationally, exploiting jurisdictional seams faster than coordination mechanisms can align. In this environment, the question is no longer whether parallel clearing systems can penetrate formal institutions, but whether supervisory models can evolve quickly enough to recognize that they already have.

Conclusion

The TD enforcement action highlights more than episodic compliance breakdown. It reflects the growing sophistication of parallel clearing systems that now function as service-based liquidity providers, capable of sustained access to regulated institutions. These networks do not depend on dramatic corruption, but instead rely on consistent access to friction points — human, procedural, or technological — where transaction flow can continue with minimal interruption.

As illicit and constrained capital continues to seek conversion into stable financial markets, pressure on these integration nodes will increase. Monitoring systems calibrated to detect irregular spikes may struggle to identify persistent throughput dispersed across routine activity. The resulting vulnerability lies less in individual misconduct than in structural misalignment between institutional oversight models and industrial-scale clearing operations. Reorienting supervision toward throughput risk — rather than isolated anomaly detection — may become essential as shadow liquidity systems continue expanding alongside formal capital markets.