TDOPF Toronto Dominion Bank (PK)

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 6-K

REPORT OF FOREIGN PRIVATE ISSUER

Pursuant to Rule 13a-16 or 15d-16 of

the Securities Exchange Act of 1934

The Toronto-Dominion Bank

(Translation of registrant’s name into English)

c/o General Counsel’s Office

P.O. Box 1, Toronto Dominion Centre,

Toronto, Ontario, M5K 1A2

(Address of principal executive offices)

Indicate by check mark whether the registrant files or will file annual reports under cover of Form 20-F or Form 40-F:

Form 20-F ☐   Form 40-F ☑

EXHIBIT INDEX

FORM 6-K

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.

Exhibit 99.1

UNITED STATES OF AMERICA

DEPARTMENT OF THE TREASURY

OFFICE OF THE COMPTROLLER OF THE CURRENCY

CONSENT ORDER

WHEREAS, the Office of the Comptroller of the Currency (“OCC”) has supervisory authority over TD Bank, N.A., Wilmington, Delaware and TD Bank USA, N.A., Wilmington, Delaware (collectively “Bank”);

WHEREAS, the OCC intends to initiate cease and desist proceedings against the Bank pursuant to 12 U.S.C. § 1818(b), through the issuance of a Notice of Charges, for violating laws and regulations, including 12 C.F.R. § 21.21 (Bank Secrecy Act/anti-money laundering (BSA/AML) program violation), 12 C.F.R. § 21.11 (suspicious activity report violations), 31 C.F.R. § 1010.312 (currency transaction report violations), 31 C.F.R. § 1020.210(a)(2)(v) (customer due diligence violation), and recklessly engaging in unsafe or unsound practices related to the Bank’s BSA/AML Compliance Program (BSA/AML Program);

WHEREAS, the Bank has pursued growth without ensuring that it had established and maintained an adequate BSA/AML Program;

WHEREAS, the Bank needs to make a robust investment in remediation and BSA/AML compliance going forward;

1

WHEREAS, the Bank has begun corrective action and has committed to taking all necessary and appropriate steps to remedy the deficiencies identified in this Order.

WHEREAS, in the interest of cooperation and to avoid additional costs associated with administrative and judicial proceedings with respect to the above matter, the Bank, by and through its duly elected and acting Board of Directors (“Board”), consents to the issuance of this Consent Order (“Order”), by the OCC through the duly authorized representative of the Comptroller of the Currency (“Comptroller”); and

NOW, THEREFORE, pursuant to the authority vested in the OCC by Section 8(b) of the Federal Deposit Insurance Act, as amended, 12 U.S.C. § 1818(b), the OCC hereby orders that:

ARTICLE I

JURISDICTION

(1) The Bank is an “insured depository institution” as that term is defined in 12 U.S.C. § 1813(c)(2).

(2) The Bank is a national banking association within the meaning of 12 U.S.C. § 1813(q)(1)(A), and is chartered and examined by the OCC. See 12 U.S.C. § 1 et seq.

(3) The OCC is the “appropriate Federal banking agency” as that term is defined in 12 U.S.C. § 1813(q) and is therefore authorized to initiate and maintain this cease and desist action against the Bank pursuant to 12 U.S.C. § 1818(b).

ARTICLE II

COMPTROLLER’S FINDINGS

The Comptroller finds, and the Bank neither admits nor denies, the following:

(1) The Bank failed to develop and provide for the continued administration of a BSA/AML Program reasonably designed to assure and monitor compliance with the BSA and its implementing regulations, in violation of 12 C.F.R. § 21.21. Deficiencies in the Bank’s BSA/AML Program included deficiencies related to: internal controls and risk management practices; risk assessments; customer due diligence; customer risk ratings; suspicious activity identification, evaluation, and reporting; governance; staffing; independent testing; and training, among others.

2

(2) The Bank had significant, long-standing, systemic breakdowns in its transaction monitoring program.

(3) Since at least 2020, the Bank processed hundreds of millions of dollars worth of transactions with clear indicia of highly suspicious activity, creating a potential for significant money laundering, terrorist financing, or other illicit financial transactions. The Bank repeatedly failed to take appropriate and timely corrective action to address the highly suspicious activity and failed to properly emphasize BSA/AML compliance.

(4) The Bank had a systemic breakdown in its policies, procedures, and processes to identify and report suspicious activity, and a pattern or practice of noncompliance with the SAR filing requirement, resulting in numerous violations of 12 C.F.R. § 21.11 (suspicious activity report violations).

(5) The Bank violated 31 C.F.R. § 1010.312 (currency transaction report violations) on numerous occasions.

(6) The Bank failed to implement appropriate risk-based procedures for conducting ongoing customer due diligence in violation of 31 C.F.R. § 1020.210(a)(2)(v).

(7) The Bank recklessly engaged in unsafe or unsound practices related to the Bank’s BSA/AML Program.

3

(8) The Bank’s violations and recklessly unsafe or unsound practices were part of a pattern, and caused and are likely to cause more than a minimal loss to the Bank.

ARTICLE III

COMPLIANCE COMMITTEE

(1) Within fifteen (15) days of the effective date of this Order, the Board shall appoint a Compliance Committee of at least three (3) members of which a majority shall be directors who are not employees or officers of the Bank or any of its subsidiaries or affiliates. The Board shall submit in writing to the Examiner-in-Charge the names of the members of the Compliance Committee within ten (10) days of their appointment. In the event of a change of the membership, the Board shall submit in writing to the Examiner-in-Charge within ten (10) days the name of any new or resigning committee member. The Compliance Committee shall monitor and oversee the Bank’s compliance with the provisions of this Order. The Compliance

Committee shall meet at least quarterly and maintain minutes of its meetings.

ARTICLE IV

BSA/AML ACTION PLAN

(1) Within one-hundred twenty (120) days of the effective date of this Order, the Bank shall submit to the Examiner-in-Charge for review and prior written determination of no supervisory objection an acceptable written plan detailing the remedial actions necessary to achieve and sustain compliance with the BSA, as amended (31 U.S.C. § 5311 et seq.), the regulations promulgated thereunder, and the substantive requirements of Articles V through XVI of this Order and to address all BSA/AML deficiencies, violations and corrective actions communicated to the Bank (“BSA/AML Action Plan”).

4

(2) The BSA/AML Action Plan shall include at a minimum:

(3) thirty (30) days following receipt of the Examiner-in-Charge’s written determination of no supervisory objection to the BSA/AML Action Plan or to any subsequent amendment to the BSA/AML Action Plan, the Board shall adopt and Bank management, subject to Board review and ongoing monitoring, shall immediately implement and thereafter ensure adherence to the BSA/AML Action Plan. The Board shall review the effectiveness and progress of the BSA/AML Action Plan at least annually and no later than the end of the July 31^st fiscal quarter, and more frequently if necessary or if required by the OCC in writing, and amend the BSA/AML Action Plan as needed or directed by the OCC. The Board shall reflect its review of the BSA/AML Action Plan in official meeting minutes and provide a copy of the meeting minutes to the Examiner-in-Charge within 30 days following the review.

(4) In the event the Examiner-in-Charge requires changes to the BSA/AML Action Plan, the Bank shall promptly incorporate the required changes into the BSA/AML Action Plan and submit the revised BSA/AML Action Plan to the Examiner-in-Charge for review and prior written determination of no supervisory objection.

5

(5) The Bank shall not take any action that will cause a significant deviation from, or material change to, the BSA/AML Action Plan that has received a written determination of no supervisory objection from Examiner-in-Charge without a prior written determination of no supervisory objection from the Examiner-in-Charge.

(6) Upon written request by the Examiner-in-Charge, the Bank shall modify the Action Plan to address deficiencies in Matters Requiring Attention if the Examiner-in-Charge determines that such deficiencies substantially relate to Articles V through XVI of this Order.

(7) Where the Bank considers modifications to the BSA/AML Action Plan appropriate, the Bank shall submit a revised BSA/AML Action Plan containing the proposed modifications to the Examiner-in-Charge for review and prior written determination of no supervisory objection. Upon receipt of a written determination of no supervisory objection from the Examiner-in-Charge, the Board shall timely adopt the revised BSA/AML Action Plan and verify that Bank management has timely implemented all corrective actions required by this Order. Bank management, subject to Board review and ongoing monitoring, shall thereafter ensure adherence to the revised BSA/AML Action Plan, including the timelines set forth within the revised BSA/AML Action Plan.

(8) Within one hundred and twenty (120) days of receiving written determination of no supervisory objection to the BSA/AML Action Plan , and thereafter within thirty (30) days after the end of each Bank fiscal quarter, the Bank shall prepare, and shall submit to the Board, a written BSA/AML Action Plan progress report setting forth in detail:

6

(9) The Board shall forward a copy of the report, with any additional comments by the Board, to the Examiner-in-Charge within ten (10) days of the first Board meeting following the Board’s receipt of such report. If any independent assessment or review was completed regarding the Bank’s BSA/AML Program or any component of the BSA/AML Program, pursuant to this Order or otherwise, during the period of the progress report, the Board shall also include a copy of any written documentation setting forth the findings or recommendations of the independent assessment or review.

ARTICLE V

BSA/AML PROGRAM ASSESSMENT AND REMEDIATION

(1) Within sixty (60) days of the effective date of this Order, or as otherwise specified in the BSA/AML Action Plan for which the OCC has provided its no supervisory objection, the Bank shall submit, for review and prior written determination of no supervisory objection, the name, qualifications, and engagement terms of a proposed independent, third-party consultant (“Independent Consultant”) to conduct an end-to-end review and assessment of the Bank’s BSA/AML Program and then provide a written report on the Bank’s BSA/AML Program. The Bank’s submission shall include a proposed scope and timeline for completion of the BSA/AML Program assessment that address the requirements of paragraph (2) of this Article. The Bank’s submission shall address in detail the consultant’s specialized expertise in BSA/AML. Refer to “Use and Review of Independent Consultants in Enforcement Actions: Guidance for Bankers,” Nov. 12, 2013 (OCC Bulletin 2013-33).

7

(2) The purpose of the review is to conduct an end-to-end assessment of the Bank’s BSA/AML Program and to ensure the BSA/AML Program is commensurate with the Bank’s risk profile.

(3) Within thirty (30) days following receipt of the Examiner-in-Charge’s written determinations of no supervisory objection to the proposed Independent Consultant and the scope and timeline for completion of the consultant’s review, the Board shall enter into a written agreement with the consultant, consistent with the requirements of this Article, to conduct the end-to-end assessment of the Bank’s BSA/AML Program. The proposed written agreement, and any proposed amendments to it, shall be submitted to the Examiner-in-Charge for review and prior written determination of no supervisory objection. Upon execution, a copy of that written agreement, and any subsequent amendments thereto, shall be provided to the Examiner-in-Charge.

(4) Upon execution of the written agreement with the Independent Consultant, Bank management, subject to Board review and ongoing monitoring, shall timely provide all information requested by the consultant.

(5) Within thirty (30) days of completion of the end-to-end assessment of the Bank’s BSA/AML Program, the Independent Consultant shall provide the Board with a written report that identifies any gaps and deficiencies in the Bank’s BSA/AML Program and ensures the Bank is in compliance with U.S. laws and regulation. The report shall include the Independent Consultant’s written conclusions about the effectiveness of each component of the BSA/AML Program. The Board shall reflect its review of the written report in official meeting minutes and provide a copy of the meeting minutes to the Examiner-in-Charge within 30 days following the review.

8

(6) When providing the written report to the Board, the Independent Consultant shall, at the same time, directly provide a copy of the written report of the findings and recommendations from the end-to-end assessment of the Bank’s BSA/AML Program to the Examiner-in-Charge. All supporting materials and work papers associated with the end-to-end assessment of the Bank’s BSA/AML Program [as well as personnel of the Independent Consultant] shall be made available to the OCC upon written request.

(7) The Bank shall ensure effective remediation of any identified gaps and deficiencies. The Bank shall incorporate its plan to implement effective remediation of any identified gaps and deficiencies into the Action Plan required by Article IV of the Order.

ARTICLE VI

LIMITS ON GROWTH

(1) As of the last day of the first full calendar quarter following the date of this Order and the last day of each quarter thereafter, the Bank shall not take any action that would cause the average of the Bank’s total consolidated assets for the current calendar quarter and the immediate preceding calendar quarter to exceed the total consolidated assets reported as of September 30, 2024.

(2) For the purposes of this Order, total consolidated assets shall be defined as the combined total assets of TD Bank, N.A. and TD Bank USA, N.A. as reported in the Consolidated Reports of Condition and Income for a Bank with Domestic and Foreign Offices on line 12 of Schedule RC – Balance Sheet (for TD Bank, N.A.) and in the Consolidated Reports of Condition and Income for a Bank with Domestic Offices Only on line 12 of Schedule RC – Balance Sheet (for TD Bank USA, N.A.).

9

(3) The restrictions of paragraph (1) of this Article shall continue in force and effect until the Bank achieves compliance with all actionable Articles of this Order and the Order is terminated by the OCC. However, the Deputy Comptroller may, at the Deputy Comptroller’s discretion, temporarily suspend the asset limit pursuant to this Article in light of unusual circumstances at the Bank.

(4) If the Bank fails to meet the deadline for compliance with all actionable Articles in this Order, as established in the BSA/AML Action Plan to which the Examiner-in-Charge provided a written determination of no supervisory objection, the Deputy Comptroller may, at the Deputy Comptroller’s discretion, require the Bank to reduce its total consolidated assets by up to 7% from its total consolidated assets as reported as of the most recent calendar quarter.

(5) Within thirty (30) days of the date the Bank receives written notification from the Deputy Comptroller that it has failed to meet the deadline for compliance with all actionable Articles in this Order and that it must reduce its total consolidated assets, the Bank shall submit to the Examiner-in-Charge for review and prior written determination of no supervisory objection an acceptable written plan for reducing its total consolidated assets by the amount required by the Deputy Comptroller. The Bank shall have 60 days to reduce its total consolidated assets from the date the Bank receives a written determination of no supervisory objection to its written plan for reducing its total consolidated assets by the amount required by the Deputy Comptroller pursuant to Paragraph (4).

(6) For each successive year after the written notification described in paragraph (4) of this Article that the Bank continues to be in noncompliance with this Order, the Deputy Comptroller may, at the Deputy Comptroller’s Discretion, require the Bank to reduce its total consolidated assets by an additional amount, up to an additional 7%, from its total consolidated assets as reported as of the most recent calendar quarter. The timing and plan submission requirements for each successive year’s asset reduction shall conform to the timing and plan submission requirements in Paragraphs (4) and (5) of this Article.

10

ARTICLE VII

PRIORITIZATION OF EXPENDITURE ON REMEDIATION

(1) To ensure adequate resources are allocated to the remediation required by this Order, prior to declaring or paying dividends, engaging in share repurchases, or making any other capital distribution, the Board shall certify in writing to the Examiner-in-Charge that the Bank has allocated appropriate resources and staffing to the remediation required by this Order. The Board shall submit the certification to the Examiner-in-Charge at least 30 days prior to the proposed declaration or payment, repurchase, or distribution and contain, at a minimum: (i) a detailed description of and justification for the Bank’s current allocation of compliance resources related to this Order; (ii) a detailed description of the Bank’s timely progress in satisfying the remediation outlined in the plans and programs required by this Order; (iii) whether the Bank anticipates increasing or decreasing resources allocated for the remediation required by this Order; and (iv) the identification of the source of funding for the proposed payment or distribution.

ARTICLE VIII

NEW PRODUCTS, SERVICES, BRANCHES, AND MARKETS

(1) Within one hundred fifty (150) days of the effective date of the Order, or as otherwise specified in the BSA/AML Action Plan for which the OCC has provided its no supervisory objection, the Bank shall submit to the Examiner-in-Charge for review and prior written determination of no supervisory objection, improved policies and procedures for evaluating the BSA/AML risks posed by adding a new product or service and ensuring the Bank has adequate controls to mitigate such risks.

11

(2) Until the Bank receives a written determination of no supervisory objection to the Bank’s improved policies and procedures for evaluating BSA/AML risks pursuant to Paragraph (1) of this Article, the Bank shall not add any new product or service, without a prior written determination of no supervisory objection from the Examiner-in-Charge.

(3) After the Bank receives a written determination of no supervisory objection pursuant to Paragraph (1) of this Article, the Bank shall not add any new medium- or high-BSA/AML risk product or service without:

(4) The Bank shall not open any new branch (including a loan production office or a deposit production office) or enter any new market without receiving a written determination of no supervisory objection from the Examiner-in-Charge.

(5) The Bank shall make any request for prior written determination of no supervisory objection under this Article in writing to the Examiner-in-Charge.

12

ARTICLE IX

BSA/AML OFFICER AND STAFFING

(1) Within fifteen (15) days of the effective date of this Order, or as otherwise specified in the BSA/AML Action Plan for which the OCC has provided no supervisory objection, the Board shall ensure that the Bank maintains, at all times, a qualified BSA Officer vested with sufficient independence, authority, stature, and resources to fulfill the duties and responsibilities of the position and ensure compliance with the requirements of the BSA and its implementing regulations. The BSA Officer shall provide timely and accurate periodic reporting to the Board and senior management about the status of the Bank’s BSA/AML program, including compliance with the BSA and this Order, including the BSA/AML Action Plan.

(2) In the event that the Bank’s BSA Officer position is vacated, the Board shall promptly appoint a new BSA Officer. Prior to appointing a new BSA Officer, the Board shall submit to the Examiner-in-Charge the following information for a prior written determination of no supervisory objection to appoint the individual as BSA Officer:

13

(3) A prior written determination of no supervisory objection to the proposed individual shall not constitute an approval or endorsement of the proposed individual. In addition, the requirement to submit information and the prior written no supervisory objection provisions of this paragraph are based on the authority of 12 U.S.C. § 1818(b)(6)(E) and do not require the Examiner-in-Charge to complete the review and act on any such information within ninety (90) days.

(4) The Board shall ensure that the Bank has sufficient managers and staff with appropriate skills and expertise needed to support the BSA Officer and the Bank’s BSA/AML program and that such managers and staff are vested with sufficient authority to fulfill their respective duties and responsibilities.

(5) Once the Independent Consultant completes its end-to-end review and assessment of the Bank’s BSA/AML Program, the Board shall thereafter ensure that an annual review of the adequacy of the Bank’s BSA Officer and supporting staff is conducted and shall document its determinations in writing. The review shall evaluate and consider the effectiveness of the following:

14

Upon completion, this review must be submitted to the Examiner-in-Charge.

(6) The Board shall ensure that the Bank implements any changes that are needed in the Bank’s BSA Officer and supporting staff, including their responsibilities, authority, stature, structure, independence, competencies, or capabilities. In particular, the Board shall ensure that the BSA Officer and supporting staff have sufficient training, authority, resources, and skill to perform their assigned responsibilities. The Board shall further ensure that it and Bank management have the necessary knowledge to effectively oversee the Bank’s compliance with the BSA and that management information systems are effective. The Board shall also ensure that there are clear lines of authority and responsibility for the Bank’s BSA/AML compliance function and staff, including giving the BSA Officer the ultimate accountability for and authority over all U.S. AML Program components.

(7) The Board shall ensure that Bank policies and procedures clearly outline the BSA/AML responsibilities and accountability of senior managers and line of business employees, including but not limited to, compliance, business development, internal audit, and relationship managers. The Board shall also ensure that performance evaluation process for senior managers and line of business managers incorporates BSA/AML compliance.

15

ARTICLE X

BSA/AML TRAINING

(1) Within one-hundred (120) days of the effective date of this Order, or as otherwise specified in the BSA/AML Action Plan for which the OCC has provided no supervisory objection, the Bank shall develop and implement an effective BSA/AML Training Program. Refer to the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual: “BSA/AML Training” (Rev. March 2020).

(2) The BSA/AML Training Program shall include, at a minimum:

16

ARTICLE XI

BSA/AML INTERNAL CONTROLS

(1) Within one-hundred (120) days of the effective date of this Order, or as otherwise specified in the BSA/AML Action Plan for which the OCC has provided its no supervisory objection, the Bank shall develop and implement an effective program to identify and control the risks associated with money laundering and terrorist financing and other illicit financial activity, and to achieve and maintain compliance with the BSA (“BSA/AML Internal Control Program”). Refer to the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual: “BSA/AML Internal Controls” (Rev. March 2020).

17

(2) The Bank’s BSA/AML Internal Control Program shall include, at a minimum:

18

ARTICLE XII

CUSTOMER DUE DILIGENCE AND RISK IDENTIFICATION

(1) Within one-hundred twenty (120) days of the effective date of this Order, or as otherwise specified in the BSA/AML Action Plan for which the OCC has provided its no supervisory objection, the Bank shall develop and implement an effective customer due diligence program to ensure appropriate collection and analysis of customer information when opening new accounts, when renewing or modifying existing accounts for customers, and when the Bank obtains event-driven information indicating that it would be prudent to obtain updated

19

information in order to understand the nature of its customer relationships and generate and maintain an accurate customer risk profile (“CDD Program”). The CDD Program shall also ensure the Bank operates in accordance with applicable law and regulations, including regulations addressing customer due diligence (“CDD”), and be consistent with the Bank’s money laundering, terrorist financing and other illicit financial activity risk. Refer to the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual: “Customer Due Diligence” (Rev. May 2018).

(2) The Bank’s CDD Program shall include, at a minimum:

20

21

22

ARTICLE XIII

SUSPICIOUS ACTIVITY IDENTIFICATION, EVALUATION, AND REPORTING

(1) Within one-hundred twenty (120) days of the effective date of this Order, or as otherwise specified in the BSA/AML Action Plan for which the OCC has provided its no supervisory objection, the Bank shall develop and implement an effective suspicious activity monitoring and reporting program to ensure the timely and appropriate identification, review, and disposition of unusual activity, and the filing of SARs consistent with 12 C.F.R. § 21.11 (“Suspicious Activity Review Program”). Refer to the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual: “Suspicious Activity Report – Overview” (Rev. Feb. 2015).

(2) The Bank’s Suspicious Activity Review Program shall include, at a minimum:

23

24

25

26

ARTICLE XIV

BSA/AML INDEPENDENT TESTING

(1) Within one-hundred twenty (120) days of the effective date of this Order, or as otherwise specified in the BSA/AML Action Plan for which the OCC has provided its no supervisory objection, the Bank shall develop and implement an effective BSA/AML independent testing program (“BSA/AML Audit Program”) to test the Bank’s compliance with the BSA, relative to its risk profile, and the overall adequacy of the Bank’s BSA/AML Program. Refer to the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual: “BSA/AML Independent Testing” (Rev. March 2020) and the “Internal and External Audits” booklet of the Comptroller’s Handbook.

(2) The BSA/AML Audit Program shall address and determine, at a minimum, whether:

27

(3) The BSA/AML Audit Program shall develop risk assessment and planning processes which clearly document AML risk. The risk assessment and planning shall document the rationale for the products, services, and customers which are impacting the quantity and quality of the risk.

(4) Management shall require prompt reporting, no less than quarterly, of all deficiencies in BSA/AML processes and controls identified through the BSA/AML Audit Program to the Bank’s Board or BSA/AML Audit Committee, and to senior management. The reports shall indicate the severity of the deficiencies, the risks, and the required corrective actions. The Board or BSA/AML Audit Committee shall ensure that management takes prompt action to remedy deficiencies cited in audit reports and that the BSA/AML Audit Program reviews and validates corrective action promptly.

28

ARTICLE XV

SUSPICIOUS ACTIVITY REVIEW LOOK-BACK

(1) Within sixty (60) days of the date of this Order, or as otherwise specified in the BSA/AML Action Plan for which the OCC has provided its no supervisory objection, the Bank shall submit to the Examiner-in-Charge, for review and prior written determination of no supervisory objection, the name, qualifications, and engagement terms of a proposed independent, third-party consultant (“SAR Look-Back Consultant”) to conduct a review and provide a written report on the Bank’s suspicious activity monitoring, investigation, decisioning, and reporting (“SAR Look-Back”). The submission shall include a proposed scope and timeline for completion of the SAR Look-Back that address the requirements of paragraphs (2), (3), and (4) of this Article. The Bank’s submission shall address in detail the consultant’s specialized expertise in BSA/AML. Refer to “Use and Review of Independent Consultants in Enforcement Actions: Guidance for Bankers,” Nov. 12, 2013 (OCC Bulletin 2013-33).

(2) The purpose of the SAR Look-Back is to determine whether SARs should be filed for any previously unreported suspicious activity, including cases in which the BSA Officer or staff identified suspicious activity but failed to adequately support a decision not to file a SAR, and to review the quality and accuracy of previous SAR filings to determine whether corrections or amendments are necessary to ensure that the suspicious activity identified was accurately reported in accordance with 12 C.F.R. § 21.11, and to identify any transactions that represent excessive BSA/AML risk.

29

(3) The SAR Look-Back Consultant shall facilitate the updating of the due diligence information for existing moderate-and high-risk customers identified during the SAR Look-Back. The SAR Look-Back Consultant, or the Independent Consultant performing the BSA/AML program assessment pursuant to Article V of this Order, shall facilitate the remediation of any known errors, or errors identified during the BSA/AML Program assessment pursuant to Article V of this Order, in the Bank’s entire customer base, to establish an accurate customer risk profile that provides for ongoing monitoring and ensures the Bank understands the nature and purpose of the customer relationship.

(4) The scope of the SAR Look-Back shall be determined in writing by the Examiner-in-Charge.

(5) Within thirty (30) days following receipt of the Examiner-in-Charge’s written determinations of no supervisory objection to the proposed SAR Look-Back Consultant and the scope and timeline for completion of the consultant’s review, the Board shall enter into a written agreement with the consultant, consistent with the requirements of this Article, to conduct the SAR Look-Back. The proposed written agreement, and any proposed amendments to it, shall be submitted to the Examiner-in-Charge for review and prior written determination of no supervisory objection. Upon execution, a copy of that written agreement, and any subsequent amendments thereto, shall be provided to the Examiner-in-Charge.

(6) Upon execution of the written agreement with the Look-Back Consultant, Bank management, subject to Board review and ongoing monitoring, shall timely provide all information requested by the consultant.

(7) Within thirty (30) days of completion of the SAR Look-Back, the Look-Back Consultant shall provide the Board with a written report that addresses:

30

31

(8) When providing the written report to the Board, the SAR Look-Back Consultant shall, at the same time, directly provide a copy of the written report of the findings and recommendations from the SAR Look-Back to the Examiner-in-Charge. All supporting materials and work papers associated with the SAR Look-Back shall be made available to the OCC upon written request.

(9) Based upon the results of the SAR Look-Back, the OCC, at its sole discretion, may expand the scope of the SAR Look-Back, either in terms of the subjects to be addressed, or the time period(s) to be covered, or both (“Supplemental SAR Look-Back”). The Supplemental SAR Look-Back shall be carried out in a manner consistent with other requirements of this Article.

ARTICLE XVI

ACCOUNTABILITY FOR EMPLOYEES INVOLVED IN MISCONDUCT

(1) The Bank shall not in the future directly or indirectly retain any individual as an officer, employee, agent, consultant, or contractor of the Bank who, based on the investigative record compiled by the Bank or U.S. authorities: (i) participated in the misconduct described in the findings of Article II this Order; (ii) was subject to formal disciplinary action as a result of any internal disciplinary review or performance review in connection with the findings in Article II of this Order; or (iii) either separated from the Bank or any affiliate thereof or had their employment terminated in connection with the findings of Article II of this Order.

(2) Within thirty (30) days of the effective date of the Order, the Bank shall submit to the Examiner-in-Charge, for prior written determination of no supervisory objection by the Examiner-in-Charge, policies, procedures, and reporting requirements for ensuring compliance with this Article (“Employee Accountability Plan”). On a quarterly basis, the Bank shall submit a written attestation by the Bank’s senior executive officer overseeing human resources that the Bank is in compliance with this Article to the Examiner-in-Charge.

32

(3) The Bank shall fully cooperate with and provide any requested substantial assistance to the OCC and other federal agencies, including, but not limited to, the provision of information, testimony, documents, records, and other tangible evidence and perform analyses as directed by the OCC or other federal agencies to the extent necessary in connection with any individuals who are or were institution-affiliated parties of the Bank.

(4) For purposes of clarity and not limitation, substantial assistance as used in this Order means the Bank will use its best efforts, as determined by the OCC, to make available for interviews or testimony, as requested by the OCC, present or former officers, directors, employees, agents, and consultants of the Bank. This obligation includes, but is not limited to, sworn testimony in response to administrative subpoena as well as interviews with regulatory authorities. Cooperation under this paragraph shall also include identification of witnesses who,

to the Bank’s knowledge, may have material information regarding the matters under review.

ARTICLE XVII

GENERAL BOARD RESPONSIBILITIES

(1) The Board shall ensure that the Bank has timely adopted and implemented all corrective actions required by this Order, and shall verify that the Bank adheres to the corrective actions and they are effective in addressing the Bank’s deficiencies that resulted in this Order.

33

(2) In each instance in which this Order imposes responsibilities upon the Board, it is intended to mean that the Board shall:

ARTICLE XVIII

WAIVERS

(1) The Bank, by executing and consenting to this Order, waives:

34

ARTICLE XIX

OTHER PROVISIONS

(1) As a result of this Order, the Bank is not:

35

(2) This Order supersedes all prior OCC communications issued pursuant to 12 C.F.R. §§ 5.3, 5.51(c)(7)(ii), and 24.2(e)(4).

ARTICLE XX

CLOSING

(1) This Order is a settlement of the cease and desist proceedings against the Bank contemplated by the OCC, based on the unsafe or unsound practices and/or violations described in the Comptroller’s Findings set forth in Article II of this Order. The OCC releases and discharges the Bank from all potential liability for a cease and desist order that has been or might have been asserted by the OCC based on the practices and/or violations described in Article II of this Order, to the extent known to the OCC as of the effective date of this Order. The OCC expressly reserves its right to assess civil money penalties or take other enforcement actions if the OCC determines that the Bank has continued, or failed to correct, the practices and/or violations described in Article II of this Order or that the Bank otherwise is violating or has violated this Order. These actions could include additional requirements and restrictions, such as: (a) requirements that the Bank make or increase investments, acquire or hold additional capital or liquidity, or simplify or reduce its operations, or (b) restrictions on the Bank’s growth, business activities, or payment of dividends.

36

(2) Nothing in this Order shall prevent the OCC from:

(3) Nothing in this Order is a release, discharge, compromise, settlement, dismissal, or resolution of any actions, or in any way affects any actions that may be or have been brought by any other representative of the United States or an agency thereof, including, without limitation, the United States Department of Justice.

37

(4) This Order is:

(5) This Order is effective upon its issuance by the OCC, through the Comptroller’s duly authorized representative. Except as otherwise expressly provided herein, all references to “days” in this Order shall mean calendar days and the computation of any period of time imposed by this Order shall not include the date of the act or event that commences the period of time.

(6) The provisions of this Order shall remain effective except to the extent that, and until such time as, such provisions are amended, suspended, waived, or terminated in writing by the OCC, through the Comptroller’s duly authorized representative. If the Bank seeks an extension, amendment, suspension, waiver, or termination of any provision of this Order, the Board or a Board-designee shall submit a written request to the Deputy Comptroller asking for the desired relief and submit a copy to the Examiner-in-Charge. Any request submitted pursuant to this paragraph shall include a statement setting forth in detail the circumstances that warrant the desired relief or prevent the Bank from complying with the relevant provision(s) of the Order, and shall be accompanied by relevant supporting documentation. The OCC’s decision concerning a request submitted pursuant to this paragraph, which will be communicated to the Board in writing, is final and not subject to further review.

38

(7) The Bank will not be deemed to be in compliance with this Order until it has adopted, implemented, and adhered to all of the corrective actions set forth in each Article of this Order; the corrective actions are effective in addressing the Bank’s deficiencies; and the OCC has verified and validated the corrective actions. An assessment of the effectiveness of the corrective actions requires sufficient passage of time for the Bank to demonstrate the sustained effectiveness of the corrective actions.

(8) This Order is not a contract binding on the United States, the United States Treasury Department, the OCC, or any officer, employee, or agent of the OCC and neither the Bank nor the OCC intends this Order to be a contract.

(9) Each citation, issuance, or guidance referenced in this Order includes any subsequent citation, issuance, or guidance that replaces, supersedes, amends, or revises the referenced cited citation, issuance, or guidance.

(10) This Order applies to the Bank and all its subsidiaries.

(11) No separate promise or inducement of any kind has been made by the OCC, or by its officers, employees, or agents, to cause or induce the Bank to consent to the issuance of this Order.

(12) All reports, plans, or programs submitted to the OCC pursuant to this Order shall be forwarded, via email, to the following:

Examiner-in-Charge, or other such designees as determined by the Examiner-in-Charge.

(13) The terms of this Order, including this paragraph, are not subject to amendment or modification by any extraneous expression, prior agreements, or prior arrangements between the parties, whether oral or written.

39

IN TESTIMONY WHEREOF, the undersigned, authorized by the Comptroller as his duly authorized representative, has hereunto set his signature on behalf of the Comptroller.

40

IN TESTIMONY WHEREOF, the undersigned, as the duly elected and acting Board of Directors of TD Bank, N.A. have hereunto set their signatures on behalf of the Bank.

41

IN TESTIMONY WHEREOF, the undersigned, as the duly elected and acting Board of Directors of TD Bank USA, N.A. have hereunto set their signatures on behalf of the Bank.

42

Exhibit 99.2

UNITED STATES OF AMERICA

DEPARTMENT OF THE TREASURY

OFFICE OF THE COMPTROLLER OF THE CURRENCY

CONSENT ORDER

WHEREAS, the Office of the Comptroller of the Currency (“OCC”) has supervisory authority over TD Bank, N.A., Wilmington, Delaware and TD Bank USA, N.A, Wilmington, Delaware (collectively “Bank”);

WHEREAS, the OCC intends to initiate civil money penalty proceedings against the Bank pursuant to 12 U.S.C. § 1818(i), through the issuance of a Notice of Assessment of a Civil Money Penalty, for violating laws and regulations, including 12 C.F.R. § 21.21 (Bank Secrecy Act/anti-money laundering (BSA/AML) program violation), 12 C.F.R. § 21.11 (suspicious activity report violations), 31 C.F.R. §1010.312 (currency transaction report violations), 31 C.F.R. § 1020.210(a)(2)(v) (customer due diligence violation), and recklessly engaging in unsafe or unsound practices related to the Bank’s BSA/AML compliance program;

WHEREAS, the Bank has pursued growth without ensuring that it had established and maintained an adequate BSA/AML Program;

WHEREAS, the Bank needs to make a robust investment in remediation and BSA/AML compliance going forward;

WHEREAS, the Bank has begun corrective action and has committed to taking all necessary and appropriate steps to remedy the deficiencies identified in this Order;

1

WHEREAS, in the interest of cooperation and to avoid additional costs associated with administrative and judicial proceedings with respect to the above matter, the Bank, by and through its duly elected and acting Board of Directors (“Board”), consents to the issuance of this Consent Order (“Order”), by the OCC through the duly authorized representative of the Comptroller of the Currency (“Comptroller”); and

NOW, THEREFORE, pursuant to the authority vested in the OCC by Section 8(i) of the Federal Deposit Insurance Act, as amended, 12 U.S.C. § 1818(i), the OCC hereby orders that:

ARTICLE I

JURISDICTION

(1) The Bank is an “insured depository institution” as that term is defined in 12 U.S.C. § 1813(c)(2).

(2) The Bank is a national banking association within the meaning of 12 U.S.C. § 1813(q)(1)(A), and is chartered and examined by the OCC. See 12 U.S.C. § 1 et seq.

(3) The OCC is the “appropriate Federal banking agency” as that term is defined in 12 U.S.C. § 1813(q) and is therefore authorized to initiate and maintain this civil money penalty action against the Bank pursuant to 12 U.S.C. § 1818(i).

2

ARTICLE II

COMPTROLLER’S FINDINGS

The Comptroller finds, and the Bank neither admits nor denies, the following:

(1) The Bank failed to develop and provide for the continued administration of a BSA/AML Program reasonably designed to assure and monitor compliance with the BSA and its implementing regulations, in violation of 12 C.F.R. § 21.21. Deficiencies in the Bank’s BSA/AML Program included deficiencies related to: internal controls and risk management practices; risk assessments; customer due diligence; customer risk ratings; suspicious activity identification, evaluation, and reporting; governance; staffing; independent testing; and training, among others.

(2) The Bank had significant, long-standing, systemic breakdowns in its transaction monitoring program.

(3) Since at least 2020, the Bank processed hundreds of millions of dollars worth of transactions with clear indicia of highly suspicious activity, creating a potential for significant money laundering, terrorist financing, or other illicit financial transactions. The Bank repeatedly failed to take appropriate and timely corrective action to address the highly suspicious activity and failed to properly emphasize BSA/AML compliance.

(4) The Bank had a systemic breakdown in its policies, procedures, and processes to identify and report suspicious activity, and a pattern or practice of noncompliance with the SAR filing requirement, resulting in numerous violations of 12 C.F.R. § 21.11 (suspicious activity report violations).

(5) The Bank violated 31 C.F.R. § 1010.312 (currency transaction report violations) on numerous occasions.

(6) The Bank failed to implement appropriate risk-based procedures for conducting ongoing customer due diligence in violation of 31 C.F.R. § 1020.210(a)(2)(v).

(7) The Bank recklessly engaged in unsafe or unsound practices related to the Bank’s BSA/AML Program.

(8) The Bank’s violations and recklessly unsafe or unsound practices were part of a pattern, and caused and are likely to cause more than a minimal loss to the Bank.

3

ARTICLE III

ORDER FOR A CIVIL MONEY PENALTY

(1) The Bank shall make payment of a civil money penalty in the total amount of four hundred fifty million dollars ($450,000,000.00), which shall be paid upon the execution of this Order.

(2) Such payment shall be made by a wire transfer sent in accordance with instructions provided by the OCC and the docket number of this case (AA-ENF-2024-78) shall be entered on the wire confirmation. A copy of the wire confirmation shall be sent immediately, by overnight delivery, to the Director of Enforcement, Office of the Comptroller of the Currency, 400 7^th Street, S.W., Washington, D.C. 20219 or by email to the address provided by the OCC.

ARTICLE IV

WAIVERS

(1) The Bank, by executing and consenting to this Order, waives:

4

ARTICLE V

CLOSING

(1) This Order is a settlement of the civil money penalty proceedings against the Bank contemplated by the OCC, based on the violations of law and practices described in the Comptroller’s Findings set forth in Article II of this Order. The OCC releases and discharges the Bank from all potential liability for a civil money penalty order that has been or might have been asserted by the OCC based on the practices and/or violations described in Article II of this Order, to the extent known to the OCC as of the effective date of this Order. The OCC expressly reserves its right to assess additional civil money penalties or take other enforcement actions if the OCC determines that the Bank has continued, or failed to correct, the practices and/or violations described in Article II of this Order.

(2) Nothing in this Order shall prevent the OCC from:

5

(3) Nothing in this Order is a release, discharge, compromise, settlement, dismissal, or resolution of any actions, or in any way affects any actions that may be or have been brought by any other representative of the United States or an agency thereof, including, without limitation, the United States Department of Justice.

(4) This Order is:

6

(5) This Order is effective upon its issuance by the OCC, through the Comptroller’s duly authorized representative.

(6) This Order is not a contract binding on the United States, the United States Treasury Department, the OCC, or any officer, employee, or agent of the OCC and neither the Bank nor the OCC intends this Order to be a contract.

(7) No separate promise or inducement of any kind has been made by the OCC, or by its officers, employees, or agents, to cause or induce the Bank to consent to the issuance of this Order.

(8) The terms of this Order, including this paragraph, are not subject to amendment or modification by any extraneous expression, prior agreements, or prior arrangements between the parties, whether oral or written.

IN TESTIMONY WHEREOF, the undersigned, authorized by the Comptroller as his duly authorized representative, has hereunto set his signature on behalf of the Comptroller.

7

IN TESTIMONY WHEREOF, the undersigned, as the duly elected and acting Board of Directors of TD Bank, N.A. have hereunto set their signatures on behalf of the Bank.

8

IN TESTIMONY WHEREOF, the undersigned, as the duly elected and acting Board of Directors of TD Bank USA, N.A. have hereunto set their signatures on behalf of the Bank.

9

Exhibit 99.3

UNITED STATES OF AMERICA

BEFORE THE

BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM

WASHINGTON, D.C.

WHEREAS, Toronto-Dominion Bank, Toronto, Canada (“TDB”), is a foreign bank as defined in section 1(b)(7) of the International Banking Act (12 U.S.C. § 3101(7)) that controls a large complex financial organization that consists of a number of separate business lines and legal entities in many countries around the world;

WHEREAS, TD Group U.S. Holdings, LLC, Cherry Hill, New Jersey (“TDGUS”), is an intermediate holding company that is a wholly-owned subsidiary of TDB;

WHEREAS, TD Bank U.S. Holding Company, Cherry Hill, New Jersey (“TDBUSH”), is a bank holding company and wholly-owned subsidiary of TDGUS;

WHEREAS, TDB conducts operations in the United States through TDGUS, TDBUSH, and its wholly-owned subsidiaries (the “U.S. Operations”), including two banks (the “National Banks”) regulated by the Office of the Comptroller of the Currency (“OCC”);

WHEREAS, the Board of Governors of the Federal Reserve System (“Board of Governors”) is the appropriate federal banking supervisor of TDB, TDGUS, and TDBUSH (collectively, the “Firm”);

WHEREAS, consistent with section 252.155(a)(2) of Regulation YY of the Board of Governors (12 C.F.R. § 252.155(a)(2)), TDGUS is required to maintain an enterprise-wide risk management program designed to identify and manage risks across the U.S. Operations;

WHEREAS, TDB has adopted an enterprise-wide risk management program designed to identify and manage compliance risks across the U.S. Operations related to all applicable anti-money laundering (“AML”) laws, rules, and regulations, including the Bank Secrecy Act (“BSA”) (31 U.S.C. § 5311 et seq.); the rules and regulations issued thereunder by the U.S. Department of the Treasury (31 C.F.R. Chapter X); and the AML regulations issued by the appropriate federal supervisors of TDB and its bank and nonbank subsidiaries, including but not limited to section 225.4(f) of Regulation Y of the Board of Governors (12 C.F.R. § 225.4(f)) (collectively, the “BSA/AML Requirements”);

WHEREAS, TDGUS, TDBUSH, and the National Banks, as appropriate, must comply with the BSA/AML Requirements;

WHEREAS, the most recent supervisory assessment of TDGUS issued by the Federal Reserve Bank of Philadelphia (“Reserve Bank”) identified significant deficiencies in oversight and risk management based on the failure of the National Banks to comply with the relevant BSA/AML Requirements;

WHEREAS, the OCC has issued a consent order and civil money penalty against the National Banks for failing to comply with the relevant BSA/AML Requirements (the “OCC Order”);

2

WHEREAS, the Financial Crimes Enforcement Network (“FinCEN”), a bureau of the U.S. Department of the Treasury, has issued a consent order and civil money penalty against the National Banks for failing to comply with the relevant BSA/AML Requirements;

WHEREAS, the U.S. Department of Justice (“DOJ”) has entered into an agreement with TD Bank, N.A., and TDBUSH (two subsidiaries of TDB and TDGUS) in which TD Bank, N.A., agrees to plead guilty to a criminal violation of 18 U.S.C. § 371 and TDBUSH agrees to plead guilty to criminal violations of 31 U.S.C. §§ 5322 and 5324;

WHEREAS, the material failure to remediate the Firm’s BSA/AML violations and deficiencies described herein and in the orders of the OCC, FinCEN, and DOJ may require additional and escalated formal actions by the Board of Governors against the Firm, including additional penalties or additional affirmative corrective actions pursuant to section 8(b)(6) of the FDI Act (12 U.S.C. § 1818(b)(6)) or other applicable authorities;

WHEREAS, it is the common goal of the Board of Governors, the Reserve Bank, and the Firm that the U.S. Operations operate in a safe and sound manner and in compliance with all applicable federal and state laws, rules, and regulations;

WHEREAS, the Firm and the Board of Governors have mutually agreed to enter into this consent Cease and Desist Order and Order of Assessment of a Civil Money Penalty (the “Order”) pursuant to section 8(b) and (i)(2)(B) of the Federal Deposit Insurance Act, as amended (the “FDI Act”) (12 U.S.C. § 1818(b) and (i)(2)(B));

WHEREAS, Canada’s Office of the Superintendent of Financial Institutions (“OSFI”) is the principal home country regulator of TDB and can act, with respect to the implementation of this Order, as permitted by the OSFI’s functions under the Office of the Superintendent of Financial Institutions Act;

3

WHEREAS, the boards of directors of TDB, TDGUS, and TDBUSH, at duly constituted meetings, adopted a resolution authorizing and directing the undersigned to enter into this Order on behalf of TDB, TDGUS, and TDBUSH, respectively, and consenting to compliance with each and every provision of this Order by TDB, TDGUS, and TDBUSH, and waiving any and all rights that TDB, TDGUS, and TDBUSH may have pursuant to section 8 of the FDI Act, including but not limited to: (i) the issuance of a notice of charges on any matters set forth in this Order; (ii) a hearing for the purpose of taking evidence on any matters set forth in this Order; (iii) judicial review of this Order; and (iv) challenge or contest, in any manner, the basis, issuance, validity, terms, effectiveness or enforceability of this Order or any provision hereof.

NOW, THEREFORE, it is hereby ordered that, before the filing of any notices, or taking of any testimony or adjudication of or finding on any issues of fact or law herein, and solely for the purpose of settling this matter without a formal proceeding being filed and without the necessity for protracted or extended hearings or testimony, pursuant to section 8(b)(1), (b)(3), and (b)(4) of the FDI Act (12 U.S.C. § 1818(b)(1), (b)(3), and (b)(4)), TDB, TDGUS, and TDBUSH shall cease and desist, and take affirmative actions as follows:

Board Oversight

1. Within 90 days of the effective date of this Order, the Firm’s boards of directors shall submit a written plan acceptable to the Reserve Bank to oversee the matters identified in this Order. The plan shall include the following three items:

(a) actions that the boards of directors will take to hold senior management accountable for executing effective and sustainable remediation plans by committed deadlines as required by this Order and the OCC Order;

(b) measures to ensure the Firm has dedicated adequate resources and staffing to execute the remediation required by this Order; and

4

(c) actions that the boards of directors will take to improve the quality, comprehensiveness, and granularity of the information and reports provided to the boards of directors to enable them to oversee senior management’s implementation of the remediation required by this Order.

Corporate Governance and Management Review

2. Within 30 days of the effective date of this Order, the boards of directors of TDB and TDGUS shall retain an independent third party acceptable to the Reserve Bank to assess the effectiveness of the Firm’s corporate governance, board and U.S. management structure, and staffing needs (the “Governance Review”), and to prepare a written report of findings and recommendations (the “Governance Report”). The Governance Review shall include the following two items: (i) an assessment of the current structure and composition of the Firm’s boards of directors and committees and a determination of the structure and composition needed to adequately oversee the U.S. Operations; and (ii) the identification of the Firm’s present and future management and staffing needs to adequately manage the U.S. Operations, including a management succession plan for U.S. senior executive officers.

3. Within 10 days of the Reserve Bank’s approval of the Governance Review’s independent third party, the boards of directors of TDB and TDGUS shall submit an engagement letter for approval by the Reserve Bank and for consideration by OSFI. The engagement letter shall require the independent third party to submit the Governance Report within 120 days of regulatory approval of the engagement letter, and shall include a commitment that the Governance Report will be provided to the Reserve Bank and OSFI at the same time that it is provided to the boards of directors of TDB and TDGUS and that any interim reports, drafts, workpapers, or other supporting material associated with the Governance Report will be made available to the Reserve Bank and OSFI upon request.

5

4. Within 60 days of receipt of the Governance Report, the boards of directors of TDB and TDGUS shall submit to the Reserve Bank and OSFI a written board oversight and management plan acceptable to the Reserve Bank that fully addresses the findings and recommendations in the report and describes the specific actions that the boards of directors of TDB and TDGUS will take to strengthen the Firm’s management and the corporate governance structure and to hire, as necessary, additional or replacement directors or staff to properly oversee and manage the U.S. Operations.

U.S. Remediation Office

5. Within 90 days of the effective date of this Order, the Firm shall submit a written plan to establish a Remediation Office in the United States that will operate under the oversight of the Firm’s boards of directors. The Remediation Office, which is to be staffed by a designated team of dedicated, qualified, and experienced individuals, will be responsible for the following four items:

(a) assessing the resources and staffing necessary to execute the remediation required by this Order;

(b) identifying the root causes of the BSA/AML compliance deficiencies described in this Order;

(c) assisting business and control functions in developing solutions to address the root causes of the BSA/AML deficiencies identified in this Order and assessing remediation plans for comprehensiveness, traceability, and accountability; and

(d) tracking, managing, and ensuring the development, implementation, and demonstrated sustainability of all remediation-related actions, including those in this Order.

6

U.S. Law Compliance Program

6. Within 60 days of the effective date of this Order, the Firm shall submit a compliance program acceptable to the Reserve Bank, including a timetable for implementation (the “U.S. Law Compliance Program”), that includes the following three items:

(a) the relocation to the United States of the part of the Firm’s global compliance function that is responsible for establishing and maintaining compliance with the BSA/AML Requirements by the Firm’s branches, affiliates, and global business lines;

(b) measures to ensure that the Firm appropriately identifies and communicates activities or deficiencies within its operations that may impact the ability of the U.S. Operations to comply with the BSA/AML Requirements; and

(c) policies and procedures that require the escalation of significant issues related to the BSA/AML Requirements to appropriate senior management for resolution.

BSA/AML Compliance Review

7. Within 30 days of the effective date of this Order, the Firm shall retain an independent third party acceptable to the Reserve Bank to conduct a review of the BSA/AML compliance elements of the U.S. Law Compliance Program (the “BSA/AML Compliance Review”) and to prepare a written report of findings and recommendations (the “BSA/AML Compliance Report”). The BSA/AML Compliance Review shall include, at a minimum, a comprehensive assessment of: (i) the Firm’s BSA/AML risk profile; (ii) the effectiveness of the Firm’s BSA/AML transaction monitoring systems; (iii) the Firm’s compliance with the BSA/AML Requirements related to suspicious activity monitoring and reporting; and (iv) the adequacy of the Firm’s resources, staffing, and governance structure for compliance with the BSA/AML Requirements. Any additional scope and the frequency of the BSA/AML Compliance Review shall be coordinated with the third-party reviews required by the orders of the OCC, FinCEN, and DOJ.

7

8. Within 10 days of the Reserve Bank’s approval of the independent third party, the Firm shall submit an engagement letter to the Reserve Bank for approval. The engagement letter shall require the independent third party to submit the BSA/AML Compliance Report within 90 days of regulatory approval of the engagement letter, and shall include a commitment that the BSA/AML Compliance Report will be provided to the Reserve Bank at the same time that it is provided to the Firm’s boards of directors and that any interim reports, drafts, workpapers, or other supporting material associated with the BSA/AML Compliance Report will be made available to the Reserve Bank upon request.

9. Within 60 days of the completion of the BSA/AML Compliance Report, the Firm shall submit a written plan acceptable to the Reserve Bank that fully addresses the findings and recommendations in the report and describes the specific actions that the Firm will take to strengthen the Firm’s compliance with the BSA/AML Requirements.

Resource Allocation for Remediation

10. To ensure adequate resources are allocated to the remediation required by this Order, prior to TDGUS or TDBUSH declaring or paying dividends, engaging in share repurchases, or making any other capital distribution, the Firm’s boards of directors shall certify to the Reserve Bank that the Firm has allocated appropriate resources and staffing to the remediation required by this Order. The certification shall be received in writing at least 30 days prior to the earlier of the proposed payment or distribution and contain, at a minimum: (i) a detailed description of and justification for the Firm’s current allocation of compliance resources related to this Order; (ii) a detailed description of the Firm’s timely progress in satisfying the remediation outlined in the plans and programs required by this Order; (iii) whether the Firm anticipates increasing or decreasing resources allocated for the remediation required by this Order; and (iv) the identification of the source of funding for the proposed payment or distribution.

8

Accountability for Employees Involved in Misconduct

11. TDB, TDGUS, and TDBUSH shall not in the future directly or indirectly retain any individual as an officer, employee, agent, consultant, or contractor of the Firm or any subsidiary or affiliate thereof who, based on the investigative record compiled by the Firm: (i) participated in the misconduct underlying this Order; (ii) was subjected to formal disciplinary action as a result of the Firm’s internal disciplinary or performance reviews in connection with the misconduct described above; or (iii) either separated from the Firm or had his or her employment legally terminated in connection with the misconduct described above. TDB, TDGUS, and TDBUSH shall continue to cooperate fully with and provide substantial assistance to the Board of Governors, including, but not limited to, the provision of information, testimony, documents, records, and other tangible evidence and shall perform analyses as directed by the Board of Governors in connection with any investigations of individuals who are or were institution-affiliated parties of the Firm and who were involved in the misconduct underlying this Order.

12. For purposes of clarity and not limitation, substantial assistance as used in this Order means the Firm will use its best efforts, as determined by the Board of Governors, to make available for interviews or testimony, as requested by the Board of Governors, present or former officers, directors, employees, agents, and consultants of the Firm. This obligation includes, but is not limited to, sworn testimony pursuant to administrative subpoena as well as interviews with regulatory authorities. Cooperation under this paragraph shall also include identification of witnesses who, to the Firm’s knowledge, may have material information regarding the matters under investigation.

9

Assessment of Civil Money Penalty

13. The Board of Governors hereby assesses TDB, TDGUS, and TDBUSH a joint civil money penalty in the amount of $123,500,000, which shall be paid upon the execution of this Order by Fedwire transfer of immediately available funds to the Federal Reserve Bank of Richmond ABA No. 051053310, beneficiary, Board of Governors of the Federal Reserve System. This penalty is a penalty paid to a government agency for a violation of law for purposes of 26 U.S.C. § 162(f) and 26 C.F.R. § 1.162-21. The Federal Reserve Bank of Richmond, on behalf of the Board of Governors, shall distribute this sum to the U.S. Department of the Treasury, pursuant to section 8(i) of the FDI Act (12 U.S.C. § 1818(i)).

Primary Contact

14. Within 10 days following the effective date of this Order, TDB, TDGUS, and TDBUSH shall designate an officer to be responsible for coordinating and submitting to the Reserve Bank the written plans and program required by paragraphs 1, 4, 5, 6, and 9 of this Order. Any changes in designated officers must be communicated timely throughout the course of this Order. Such officer shall serve as the primary contact for the Reserve Bank for purposes of this Order.

10

Approval, Implementation, and Progress Reports

15. The boards of directors of TDB, TDGUS, and TDBUSH shall jointly submit the written plans and program to the Reserve Bank within the applicable time periods set forth in paragraphs 1, 4, 5, 6, and 9 of this Order. Each plan shall contain a timeline for full implementation with specific deadlines for the completion of each component of the plan.

16. The independent third parties acceptable to the Reserve Bank shall be retained by the Firm in accordance with the Reserve Bank’s requirements within the time periods set forth in paragraphs 2 and 7 of this Order. The engagement letters acceptable to the Reserve Bank shall be submitted within the time periods set forth in paragraphs 3 and 8 of this Order.

17. Within 30 days after the end of the first full calendar quarter following the date of this Order and each quarter thereafter, the boards of directors of TDB, TDGUS, and TDBUSH shall jointly submit to the Reserve Bank written progress reports detailing the form and manner of all actions taken to secure compliance with this Order, a timetable and schedule to implement specific remedial actions to be taken, and the results thereof, and copies of all written progress reports required under the OCC Order.

Communications

18. All communications regarding this Order shall be sent to:

Deputy Associate General Counsel

Board of Governors of the Federal Reserve System

20th & C Streets, N.W.

Washington, D.C. 20551

Senior Vice President and General Counsel

William Spaniel

Senior Vice President and Lending Officer

Federal Reserve Bank of Philadelphia

Ten Independence Mall

Philadelphia, PA 19106

Executive Vice President and

General Counsel

TD Bank Group

66 Wellington Street West, TD Tower 4^th Floor

Toronto, Canada M5K 1A2

11

Head of U.S. Legal and

General Counsel, TD Bank, N.A.

One Vanderbilt Ave

New York, NY 10017

Miscellaneous

19. Notwithstanding any provision of this Order to the contrary, the Reserve Bank may, in its sole discretion, grant written extensions of time to the boards of directors of TDB, TDGUS, and TDBUSH, as applicable, to comply with any provision of this Order.

20. The provisions of this Order shall be binding on TDB, TDGUS, TDBUSH, and their institution-affiliated parties, as defined in sections 3(u) and 8(b)(3)-(4) of the FDI Act (12 U.S.C. §§ 1813(u) and 1818(b)(3)-(4)), in their capacities as such, and their successors and assigns.

21. Each provision of this Order shall remain effective and enforceable until stayed, modified, terminated, or suspended in writing by the Reserve Bank.

22. Except as otherwise provided in this paragraph, the Board of Governors hereby agrees not to initiate any further enforcement actions, including for civil money penalties, against TDB, TDGUS, TDBUSH, and their affiliates, successors, and assigns, with respect to the conduct described in the WHEREAS clauses of this Order to the extent known by the Board of Governors as of the effective date of this Order. This release and discharge shall not preclude or affect: (i) any right of the Board of Governors to determine and ensure compliance with this Order; (ii) any proceedings brought by the Board of Governors to enforce the terms of this Order; or (iii) any proceedings brought by the Board of Governors against individuals who are or were institution-affiliated parties of TDB, TDGUS, or TDBUSH.

12

23. Except as provided in paragraph 22, the provisions of this Order shall not bar, estop, or otherwise prevent the Board of Governors, the Reserve Bank, or any other federal or state agency from taking any other action affecting TDB, TDGUS, TDBUSH, any of their subsidiaries, or any of their current or former institution-affiliated parties and their successors and assigns.

By Order of the Board of Governors of the Federal Reserve System, effective this 9th day of October, 2024.

13

Exhibit 99.4

CONSENT ORDER IMPOSING CIVIL MONEY PENALTY

The Financial Crimes Enforcement Network (FinCEN) conducted a civil enforcement investigation and determined grounds exist to impose a Civil Money Penalty against TD Bank, N.A. and TD Bank USA, N.A. (collectively, TD Bank or the Bank)¹ for violations of the Bank Secrecy Act (BSA) and its implementing regulations.² TD Bank admits only to the facts admitted in the October 10, 2024 plea agreements between T.D. Bank, N.A. and TD Bank US Holding Company and the U.S. Department of Justice (DOJ) and neither admits nor denies the remainder of the facts set forth herein, consents to the issuance of this Consent Order, agrees to pay the civil money penalty imposed in this Consent Order, and agrees to comply with the provisions of this Consent Order, including, but not limited to, the Undertakings.

Overall authority for enforcement and compliance with the BSA lies with the Director of FinCEN, and the Director of FinCEN may impose civil penalties for violations of the BSA and its implementing regulations.³

At all times relevant to this Consent Order, TD Bank was a “bank” and a “domestic financial institution” as defined by the BSA and its implementing regulations.⁴ As such, TD Bank was required to comply with applicable BSA regulations.

The conduct described below took place from at least 2012 through May 9, 2024 (the Relevant Time Period) unless otherwise indicated.

FinCEN is a bureau within the U.S. Department of the Treasury and is the federal authority that enforces the BSA by investigating and imposing civil money penalties on financial institutions and individuals for willful violations of the BSA.⁵ As delegated by the Secretary of the Treasury, FinCEN has “authority for the imposition of civil penalties” and “[o]verall authority for enforcement and compliance, including coordination and direction of procedures and activities of all other agencies exercising delegated authority under this chapter,” including the Office of the Comptroller of the Currency (OCC).⁶

2

The OCC is a federal banking agency within the U.S. Department of the Treasury that has both delegated authority from FinCEN for examinations and separate authority under Title 12 of the United States Code for compliance and enforcement.⁷ Under this authority, the OCC conducts regular examinations and issues reports assessing a bank’s compliance with the BSA and other requirements.

TD Bank is an interstate federally chartered bank headquartered in Cherry Hill, New Jersey. The Bank is a member of TD Bank Group and is an indirect, U.S. subsidiary of The Toronto-Dominion Bank of Toronto, Canada, a global systemically important bank⁸ whose shares are dually listed and traded on both the New York and Toronto Stock Exchanges under the ticker symbol “TD.”

The Bank employs approximately 27,000 personnel and maintains over 1,100 branches and over 2,500 ATM locations in 15 states and the District of Columbia. The Bank’s most recent annual financial disclosure, for the year ending on December 31, 2023, reported net income of approximately $2.3 billion and its total assets at approximately $367 billion. TD Bank is the 10^th largest bank by assets in the U.S.

3

On September 22, 2013, FinCEN issued a Civil Money Penalty to TD Bank related to failures to file suspicious activity reports (SARs) associated with its involvement in the Scott Rothstein Ponzi scheme.⁹ The OCC brought a parallel enforcement action for the same conduct. TD Bank facilitated transactions related to the Rothstein Ponzi scheme from April 2008 through October 2009 and failed to identify and report suspicious activity.¹⁰ FinCEN determined that this failure resulted from, among other deficiencies, insufficient training of TD Bank’s business and anti-money laundering (AML) staff. This lack of training included failures to appropriately understand Ponzi schemes and their activity and identify suspicious activity.

AML Program: The BSA and its implementing regulations require U.S. banks, such as TD Bank, to implement and maintain an AML program, including policies, procedures, and controls to assure ongoing compliance with the applicable provisions of the Bank Secrecy Act.¹¹ TD Bank is also required to: (i) conduct independent testing for compliance; (ii) designate an individual or individuals responsible for implementing and monitoring the operations and internal controls of the program; (iii) conduct ongoing training for appropriate persons; and (iv) implement appropriate risk-

4

based procedures for conducting ongoing customer due diligence, including, but not limited to, (a) understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (b) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.¹²

Reporting Obligations – Currency Transaction Reports (CTRs): The BSA and its implementing regulations impose an obligation on banks to file a report of each deposit, withdrawal, exchange of currency or other payment or transfer, by, through, or to such financial institution which involves a transaction in currency of more than $10,000, including multiple transactions that aggregate to more than $10,000.¹³ A bank must file a CTR within 15 days after the transaction is conducted.¹⁴ Accurate, complete, and timely CTRs are critical to the utility of BSA data in combating financial crimes, terrorist financing, and other illicit activity. Additionally, a bank needs to verify and record the name and address of the individual presenting a transaction.¹⁵

Reporting Obligations – SARs: A bank must identify suspicious transactions relevant to a possible violation of law or regulation in SARs filed with FinCEN.¹⁶ Specifically, the BSA and its implementing regulations require banks to report transactions that involve or aggregate to at least $5,000, are conducted or attempted by, at, or through the bank, and that the bank “knows, suspects,

5

or has reason to suspect” are suspicious.¹⁷ A transaction is “suspicious” if a bank “knows, suspects, or has reason to suspect” that the transaction: (i) involves funds derived from illegal activities, or is conducted to disguise funds derived from illegal activities; (ii) is designed to evade the reporting or recordkeeping requirements of the BSA or regulations implementing it; or (iii) has no business or apparent lawful purpose or is not the sort in which the customer normally would be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including background and possible purpose of the transaction.¹⁸ A bank is generally required to file a SAR no later than 30 calendar days after the initial detection by the bank of the facts that may constitute a basis for filing a SAR.¹⁹

The reporting and transparency that financial institutions provide through these reports is essential financial intelligence that FinCEN, law enforcement, and others use to safeguard the U.S. financial system and combat serious threats, including money laundering, terrorist financing, organized crime, corruption, drug trafficking, and massive fraud schemes targeting the U.S. government, businesses, and individuals.²⁰

Despite awareness of significant deficiencies, the Bank willfully failed to implement an AML program that met the BSA requirements during the Relevant Time Period. The failures, described in the subsections below, spanned all pillars of TD Bank’s AML program. Although the violations involved a host of unique issues, these violations demonstrate key and systemic failures by TD Bank, including awareness of certain issues by senior management, as described below.

6

TD Bank willfully failed to establish an adequate AML program. The Bank did not invest sufficient time, money, or managerial resources in the creation and maintenance of TD Bank’s AML program, nor did the Bank take sufficient steps to ensure TD Bank’s ongoing compliance with the BSA. As described more fully below, TD Bank failed to devote sufficient resources to BSA compliance, and refused to invest in improvements to address such gaps when they were deemed too costly, thus allowing illicit activity to flow through the Bank.²¹ TD Bank vastly underinvested in its AML compliance efforts, with TD Bank knowingly spending an order of magnitude less than its peers. Additionally, the Bank’s AML staffing was not proportionate to its size, risk profile, and ongoing compliance concerns: during the periods of TD Bank’s most acute issues (including those related to backlogs from insufficient staffing), AML spending remained flat. As explained below, when a host of significant AML compliance issues arose during the Relevant Time Period, the Bank consistently chose to address them in the least costly way possible, even if it meant ignoring failures and refusing to meaningfully remediate issues and prevent recurrences.

The systemic failures of TD Bank’s AML program caused actual and material harm to the U.S. financial system. As set forth below, during the Relevant Time Period, funds flowing through TD Bank have been linked to numerous prosecutions, some of which included TD Bank personnel, for various financial crimes that likely could have been prevented, mitigated, or at least timely reported, if TD Bank implemented and maintained an adequate AML program.

7

The Bank’s inattention to, and underinvestment in, its AML program, including the failures of its AML management, led to willful failures during the Relevant Time Period across each pillar of its AML program: (i) ineffective oversight and management of TD Bank’s compliance obligations by the individual—its BSA Officer—responsible for coordinating and monitoring the Bank’s day-to-day compliance with the BSA, including the BSA Officer’s failure to timely and properly escalate material issues and failures by the Bank’s Board to provide adequate resources for the BSA Officer to discharge their duty of assuring the Bank’s compliance with the BSA; (ii) inadequate internal controls, most notably failure to ensure appropriate transaction monitoring; (iii) failure to properly train its staff on AML typologies and risks the Bank knew were associated with the products and services the Bank offered; (iv) deficient risk-based customer due diligence, including missing blatant disparities between customers’ actual activity and what would reasonably be expected based on available information; and (v) insufficient independent testing that failed to reasonably identify material gaps.

TD Bank was required to designate an individual to be responsible for coordinating and monitoring the Bank’s day-to-day compliance with the BSA—a “BSA Officer.” Longstanding regulatory guidance has made clear that this requirement is central to the effective function of a bank’s AML program and that the mere act of appointing an individual to the role of BSA Officer is

8

insufficient to assure and monitor the bank’s compliance with the BSA; ²³ thus, the existence of an individual with this title in a bank does not alone fulfill this requirement. To have an effective AML program, a bank’s board of directors must ensure that the designated BSA Officer has appropriate authority, independence, and access to resources to administer an adequate BSA compliance program.²⁴

As detailed below, TD Bank’s BSA Program was non-compliant for the following reasons: (i) its BSA Officer and AML management failed to seek, and TD Bank otherwise failed to allocate, sufficient resources across budget, personnel, and technology; (ii) it had a siloed governance structure that resulted in the designated BSA Officer lacking sufficient control or accountability for the Bank’s AML program;²⁵ and (iii) there was a lack of oversight over the Bank’s high-risk operations and gaps described below for which the BSA Officer failed to take accountability, including the BSA Officer’s awareness of material gaps in the Bank’s transaction monitoring system that went unabated for many years.²⁶

9

TD Bank willfully failed to establish or maintain an adequate AML program, in part, by failing to provide sufficient resources and staffing to the Bank’s AML program, and thus preventing the BSA Officer from performing their duties effectively. For example, TD Bank’s compensation system reflected the apparent disincentive for the BSA Officer to incur costs needed to assure the Bank’s compliance with the BSA. At times during the Relevant Time Period, both the Global Head of AML and the BSA Officer’s annual self-assessments noted as an “accomplishment” their respective abilities to “develop [the AML] program within a flat cost paradigm without compromising risk appetite.” AML management did not timely escalate requests for additional resources to executive management or the Boards, although the U.S. Parent Board was made aware that “inadequate staffing levels” were a root cause of issues that persisted during the Relevant Time Period. When confronted with the reality that TD Bank’s pennywise, pound-foolish approach caused the Bank to violate the BSA, the Bank refused to make the requisite investments to prevent future violations until near the end of the Relevant Time Period, after the investigations resulting in this Consent Order and parallel resolutions were underway. At that time, and under the direction of the Boards, the Bank began a large-scale remediation effort that included replacing the BSA Officer, as well as increasing AML staffing, updating and redelivering training programs, and enhancing policies and procedures.

TD Bank’s severe understaffing persisted throughout the Relevant Time Period. From 2017 to 2019, the compound annual growth rate of TD Bank’s assets—and, as explained below, due to persistent gaps in its program, corresponding measures of AML risk—significantly exceeded the Bank’s spending on AML compliance, which remained roughly flat. During certain earnings calls in this period, TD Bank Group management commented favorably about its operating leverage (which is defined as the difference between growth in revenues and growth in expenses) and noted that “expenses have been relatively stable.”²⁷

10

TD Bank only began to use a “forecast model” in which AML resourcing needs were projected in advance of an upcoming quarter starting in late 2019 and increased hiring in 2020. However, in 2022, the AML headcount decreased to less than 2020 totals, while the number of transaction monitoring alerts of potentially suspicious transactions continued to rise. Only once the Bank came under regulatory scrutiny were the relevant issues escalated and given sufficient attention by the Boards and TD Bank Group, with the Bank materially increasing AML resources and nearly doubling its AML staff over a six-month period ending in May 2024.

The effects of the Bank’s persistent under-resourcing and understaffing reverberated throughout every aspect of its AML program, but were especially apparent in the extensive, persistent, and prolonged backlogs within the AML function throughout much of the Relevant Time Period. As described below, these resource-related backlogs manifested themselves in two main areas within TD Bank’s AML program: (i) backlogs of alerts requiring review by investigators to resolve, and, where appropriate, prepare a SAR for reporting to FinCEN, and (ii) backlogs of customers to be exited that the Bank had determined presented unacceptable AML risk. In each case, the Bank had opportunities to increase staffing and resolve the backlogs effectively, but took a delayed and insufficient approach to do so.

AML Investigations Unit Backlogs. From 2016 through 2019, TD Bank faced extensive backlogs in the Detection and Further Investigation queues within its Financial Intelligence Unit (AML Investigations Unit, “AIU”), which reviewed alerts and case investigations linked to potentially suspicious activity to determine if the Bank needed to file a SAR with FinCEN and/or take other mitigating actions, that were attributable to understaffing. During this time, reporting by the BSA Officer to the Boards and the AML Oversight Committee consistently showed the AIU Detection and Further Investigations teams in “red” status, indicating significant backlogs.

11

In 2016, the then-head of the AIU (who subsequently became the Bank’s BSA Officer) delivered a presentation to AML senior management about resources, reporting that the AIU was understaffed by more than a dozen full-time employees. However, despite self-identifying the need for additional resources, the head of the AIU recommended waiting to reassess the need to hire new employees to fill this gap and extending the contracts of temporary employees in the meantime. In September 2017, this individual delivered another memo, addressed to the Global Head of AML, seeking approval to pay overtime to work through other, related backlogs involving high-risk customers caused by staffing that was not commensurate with the volume of cases to be completed. The memo anticipated a return to “green” status before the end of 2017. Permission for overtime was granted, but the backlog and related resourcing issues persisted.

A subsequent action plan submitted to internal audit in June 2018 identified the backlog’s root cause as inadequate staffing levels, as well as transaction monitoring system issues. In 2018, the AML program registered over 70,000 backlogged detection alerts and roughly 3,000 aged subpoena responses and further investigation cases, with less than 60% of alerts falling within benchmarks for timely detection. An AML manager of the PEP investigations team also cited resourcing constraints during this portion of the Relevant Time Period: in 2018, this manager noted that the Bank simply “won’t hire [additional staff] for us,” and in 2019 this manager noted that no response was received on open requests for additional staffing going back several quarters.

By 2019, the detection and subpoena processing case queues had not decreased, and a senior executive suggested the program was not “adequately resourced/managed,” a situation they described as “really concerning.” The Bank’s Global Head of AML’s response to the senior executive—to whom they reported—was, in part, to “identify opportunities to scale back review or investigative rigor” and reduce analyst time to investigate potentially suspicious activity, without reasonably addressing the ongoing problem.

12

The Bank engaged contractors in 2018 to help “gradually reduce” these backlogs, but nonetheless failed to investigate thousands of alerts for almost a year. In 2020, the AIU backlog was finally in “green” status from belated increases in full-time staffing, as well as other changes, such as offering overtime and other process improvements. In addition to these other measures, the Bank continued to rely in part on contractors despite reports from AML employees that the contractors delivered “sub-par, shoddy, and incompetent work that has created even more confusion” for full time employees.

In sum, for several years, the BSA Officer presented overly optimistic expectations to other AML senior management and to the U.S. Parent Board that the backlogs would be alleviated, even as the Bank continued to miss internal deadlines and failed to make meaningful investments in resources to address them. The U.S. Parent Board was informed about the issue, but did not act in a timely manner, despite mounting evidence that the issues were not resolving over the years.

Demarketing Backlogs. Although the Bank eventually made progress on the AIU backlogs, these strides contributed to backlogs involving or related to the Bank’s procedures for assessing and determining when the Bank elects to close a customer account.²⁸ TD Bank did not have a process to apply restrictions or appropriate mitigating controls to customers that are the subject of SAR filings. Instead, the Bank left demarketing adjudication to an investigator after a certain number of SAR

13

filings. As the Bank’s AIU began working through its large queue of potentially suspicious transactions, inevitably a portion would be found to be suspicious, and some of the related customers would be subject to the Bank’s demarketing processes. TD Bank’s lack of staffing and backlogs allowed these customers—which the Bank deemed to pose an unacceptable money laundering risk— to continue transacting without appropriate controls consistent with the Bank’s own AML program.

From 2018 to 2021, customers waiting to be demarketed received more than $5 billion into their accounts, with an average of more than $250,000 per account after a request to initiate account closure by an AML employee. For example, in late 2018, the Bank identified an Ecuador-based brokerage firm registered to a Miami residence as conducting over $200 million in suspicious foreign activity, which the AIU requested to close in October 2018. The Bank, however, did not close the accounts for almost a year after the initial request to close by relevant AIU personnel and allowed the entity to continue to transact without restriction until its July 2019 closure, despite filing SARs on the customer before and during the prolonged demarketing period.

In 2018, nearly 1,000 demarketing requests aged beyond the 35 days TD Bank’s AML policy allowed for the review and processing of such requests. Prior to approximately the summer of 2019, only one member of the relevant team was responsible for reviewing requests to close retail accounts, leading to delays in decisioning requests that frequently exceeded two weeks, and TD Bank generally taking more than two months to notify an account closure to the associated retail branch. Despite the demarketing queue reporting “green” within 2019, resource constraints continued later that year.²⁹

14

In February 2020, the demarketing queue again returned to “green” status as additional temporary resources joined the demarketing team to review the previous backlog, but again quickly fell into another backlog. From March through May 2020, as a result of the COVID-19 pandemic, the Bank implemented a decision to pause certain portions of the demarketing process. The Head of AML Operations sent a memo to AML senior management, including the BSA Officer, warning that, following the COVID-19 pause on demarketing through May 2020, the AIU “demarketing, and advisory teams could fall into a backlog,” but only four employees were staffed to resolve these cases. As a result, demarketing backlogs persisted through mid-2021, when the Bank finally allocated additional resources to properly implement its demarketing policies.

The Bank’s AML governance structure also impaired the BSA Officer from effectively managing the Bank’s compliance with the BSA. For example, the BSA Officer lacked direct authority over an AML Technology Head, who oversaw the transaction monitoring system, as well as the head of AML Operations within the AML function. As explained in Section II.E.2 below, this governance structure was especially problematic given the severe and widespread issues TD Bank experienced with its transaction monitoring software during the Relevant Time Period.³⁰ An AML Technology Head reported directly to the Global AML Officer for the U.S. and Canada, with only “dotted line” reporting to the BSA Officer. This structure led to TD Bank’s BSA Officer not being accountable for the numerous and persistent control gaps in an integral component of the Bank’s AML program: core functions, such as scenario development within the transaction monitoring system, were not subject to direct oversight by the BSA Officer. There is no evidence that the BSA Officer ever raised a concern about this structure to the Boards. The BSA Officer improperly relied on one of their direct reports for approval of changes to transaction monitoring scenarios and generally did not review such approvals.

15

Finally, TD Bank’s BSA Officer and AML senior management who reported to the BSA Officer failed to effectively monitor the Bank for day-to-day compliance with the BSA—especially considering the elevated risk of money laundering or terrorist financing present in certain aspects of the Bank’s operations.³¹

The Bank’s cash operations also suffered from deficient monitoring of high-risk transactions. Compared to peers, TD Bank engaged in cash processes that created higher risk for the Bank to be used as a vehicle to facilitate illicit activity. For example, until April 2021, the Bank permitted customers to go to a branch and exchange cash for an official bank check without first depositing the cash into the customer’s account, resulting in the transaction not being reflected in the customer’s account statements. Furthermore, limitations in the transaction monitoring scenarios applicable to this activity led to ineffective monitoring for potentially suspicious activity. The Bank produced internal reports highlighting which customers—and the branches at which they transacted—generated the greatest amount of cash activity in a given period. These manual reports were not reviewed and were not designed to mitigate AML risks, and therefore did not serve as an effective control.

In 2020, these reports of the greatest amount of cash activity identified a New York-area company purporting to operate in the clothing industry as among the Bank’s top customers for cash transactions, with this customer conducting $8 million to $20 million each quarter over hundreds of transactions across multiple TD Bank branches. This included a period during the COVID-19

16

pandemic when many cash-intensive businesses experienced declines in transaction volumes. DOJ later indicted an individual associated with the customer, Da Ying Sze (Sze), for his part in a larger conspiracy to operate as an unlicensed Money Services Business (the Sze Network).³² The BSA Officer’s only comment on the report during this portion of the Relevant Time Period involved a request that the report be generated less frequently, changing from a monthly report to a quarterly report, purportedly in order to gain more insight on trends (although there is no evidence that such trends were ever identified). Further, the BSA Officer, as well as people involved in the generation of these reports to the BSA Officer, never questioned why a clothing company would be engaged in such a high level of cash activity volume during the pandemic, even though an AML analyst specifically highlighted this customer in the report. No steps were taken to verify that these reports were reviewed.

Appointing multiple AML managers without any prior experience in AML also hindered the BSA Officer’s ability to effectively monitor the Bank’s day-to-day compliance with the BSA. In particular, the heads of the AIU and AML Operations for portions of the Relevant Time Period oversaw critical AML processes without any previous AML experience. The appointment of AML managers without sufficient AML knowledge directly conflicts with U.S. BSA/AML regulatory guidance on assuring and monitoring the Bank’s compliance with the BSA, which requires suitable resources, including staff, who maintain the proper skills and expertise necessary to support the timely identification, monitoring, reporting, and management of a bank’s illicit financial activity risks.³³

17

The BSA Officer further failed to monitor the Bank’s day-to-day BSA compliance related to the involvement of Bank personnel in suspicious activity. Specifically, internal reporting to AML senior management neither highlighted emerging patterns and trends of concern nor conveyed the significance of an insider’s involvement in suspicious activity.³⁴ This contributed to the Bank’s failure to timely detect related and, in several cases, ongoing employee misconduct.³⁵ In some cases, the Bank only looked into such activity after law enforcement arrested or charged the relevant employees.³⁶

As detailed below, the BSA Officer also drastically scaled back recommendations in a report to AML senior management on funnel account activity being effected through the Bank.³⁷ Specifically, AML compliance personnel initially provided the following recommendations in a draft briefing to AML senior management: (i) focus training and fine-tune customer identification protocols; (ii) “dig deeper for more individuals;” and (iii) “reconsider cash deposit policies.” The BSA Officer instructed the AML compliance personnel to remove the foregoing suggestions.

At times, the Bank also experienced challenges with reporting information to AML senior management. In one instance, the AIU reported that it temporarily could not provide accurate volumes and reporting due its ongoing technology issues. The AIU acknowledged that the Bank had “issues with accurately reporting volumes.”

18

Throughout the Relevant Time Period, TD Bank failed to address significant gaps and other deficiencies in its process to identify and report suspicious transactions. For most of the Relevant Time Period, and consistent with the Bank’s other piecemeal approaches to AML compliance, TD Bank failed to adopt a holistic approach to money laundering, terrorist financing, or other illicit finance risks assessments into its process for identifying and reporting suspicious activity. During the transaction monitoring system’s initial implementation in 2008, TD Bank applied certain “off-the-shelf” scenarios provided by its vendor without consideration as to whether such scenarios needed to be tailored for the products and services TD Bank offered or whether they were sufficient to the specific risks the Bank faced.³⁸ Ultimately, the system’s coverage excluded large swaths of the Bank’s transactions: in 2023 alone, the coverage gaps applied to several trillion dollars of transactions that were not screened by the Bank’s transaction monitoring system. As detailed below, the BSA Officer was aware of at least one of these gaps involving checks in at least 2017, and other AML senior management became aware of additional, more extensive gaps later in the Relevant Time Period; with limited exceptions, they took no action to escalate them, nor did they inform FinCEN or any of the Bank’s other AML supervisors of the nature and extent of the gaps.

As detailed in each of the subsections below, over an extended period of time, TD Bank failed to reasonably respond to significant issues with its ability to fulfill its obligation to identify and report suspicious activity. TD Bank’s failure to invest in technology and staffing necessary to implement its program, which required a functioning transaction monitoring system, led to failures to identify

19

and timely report money laundering activity. TD Bank’s governance of its transaction monitoring system also proved ineffective, as Bank leadership allowed temporarily “paused” scenarios to remain dormant for years and failed to implement new scenarios even after identifying risks. Finally, the Bank also did not effectively test its transaction monitoring system to ensure that it captured the Bank’s risks comprehensively. There is no evidence, until late in the Relevant Time Period, that any of this was escalated to executive management or the Boards.

TD Bank failed to make meaningful changes to its transaction monitoring scenario coverage during much of the Relevant Time Period. This deficient approach persisted despite recommendations by Bank personnel to add new scenarios and modify existing scenarios so the Bank could properly identify and report suspicious transactions. TD Bank attributed the torpor in its transaction monitoring system to technology issues, but the root causes were the Bank’s severe underinvestment in AML compliance combined with a flawed and piecemeal approach to addressing issues plaguing the transaction monitoring system.

Transaction Monitoring System Upgrade. Beginning in late 2016 and persisting through the end of 2019, TD Bank attempted to upgrade to a more recent version of the transaction monitoring software. The Bank viewed this as an important update needed to address several significant issues and limitations associated with its transaction monitoring software. The upgraded system would allow for more customized rules, which could have supplemented manual monitoring that, before the upgrade commenced, helped cover nearly half of the typologies the Bank identified as relevant risks. TD Bank’s inadequate transaction monitoring system also obstructed the Bank from implementing “customer segmentation” capabilities, which would have provided the Bank with a risk-based approach to reviewing customer transactions. Initially, TD Bank estimated this upgrade would be completed by October 2017.

20

However, due to a combination of insufficient resources—including personnel and technology funding, technological issues, and ineffective planning by AML management—the project quickly fell behind schedule.³⁹ During this upgrade, the Bank also paused all changes to transaction monitoring scenarios. From 2017 to 2019, numerous reports about the project to AML senior management and the U.S. Parent Board identified that it was not on target, yet the Bank failed to take action. For example, in 2018 the BSA Officer reported to the AML Oversight Committee that the status of the upgrade was “yellow due to overspent approved funding,” thus suggesting the need for additional resources to complete the project. The resourcing issues continued to persist and the upgrade was further delayed. In 2019, the BSA officer presented to the Audit Committee an AML Technology Portfolio Readiness Assessment, which found that given a “reliance on a limited pool of people, leadership, and infrastructure to support the full portfolio of work” at the Bank, there was a “lack of sufficiently dedicated and capable resources across all streams of work” as well as a “historical siloed portfolio management approach.” A 2019 budget discussion indicated the Bank had been spending more on staffing to “avoid adding to the backlog” of alerts for investigation, which stemmed in part from the transaction monitoring system’s technological failures. The transaction monitoring system upgrade was not fully implemented until December 2019.

21

Transaction Monitoring System Replacement. In late 2019, TD Bank decided to consider changing vendors for its transaction monitoring system but did not select the successor system until early 2021. While transitioning to this new transaction monitoring system, TD Bank again paused changes to scenarios. The new transaction monitoring system only began a phased implementation in August 2024, and will continue to roll out in phases extending into 2025. After the Bank decided on and began the transition to a new system, it limited changes to its existing transaction monitoring system, including not adding any new scenarios, for four years.

As detailed below, these two largely co-extensive portions of the Relevant Time Period resulted in the Bank’s willful failures to address critical gaps in its ability to identify and report suspicious activity to FinCEN.

TD Bank failed to monitor a number of transaction types, including ACH,⁴⁰ certain funds transfers,⁴¹ and certain monetary instruments⁴² (including remote deposit capture (RDC)).⁴³ This failure to monitor represented over 80% of the activity in these types of transactions and aggregated to trillions of dollars in value. The coverage gaps occurred throughout the Relevant Time Period.

22

Since at least 2012, TD Bank knew it failed to monitor virtually any domestic ACH transactions. In 2012, AML employees recognized a need to do so and proposed a scenario to monitor such ACH transactions. An AML senior manager rejected their request.

A 2017 internal coverage assessment of the Bank’s transaction monitoring system reported “no active ACH monitoring” was in place for domestic ACH transactions. The review and approval of these annual coverage assessments, that determined the Bank was not monitoring this significant category of transactions, was delegated by the BSA Officer to subordinates.

Subsequent coverage assessments incorrectly reported that the transaction monitoring system covered ACH payments, even though such coverage was limited to international ACH transactions only (a small portion of the total population of ACH transactions). This inaccurate reporting continued for the remainder of the Relevant Time Period because the Bank never conducted any mapping or testing to verify which types of transactions were covered by the transaction monitoring system.⁴⁴

Once these substantial gaps were identified by one of TD Bank’s regulators, the Bank reported incorrectly that its risk assessment historically categorized ACH payments as low risk, which the Bank claimed justified the lack of monitoring for these transactions. However, the Bank later determined that it could not identify any “historic documentation related to risk analysis or risk memos related to Domestic ACH risk and its exclusion for monitoring from [the transaction monitoring system].”

23

TD Bank also failed to properly monitor checks, even though AML senior management knew of this gap and the risks these transactions posed. As early as 2017, the BSA Officer was told the AIU did not “typically monitor for checks,” when discussing the AIU’s failure to monitor an existing scenario covering rapid movement of funds involving checks. In a 2020 discussion on new scenario recommendations, an AML Compliance manager stated, “[c]urrently we . . . do not monitor checks as far as I have seen, but we see a lot of ML [money laundering] in this space.” There is no evidence the BSA Officer escalated the issue to other AML management or the Boards.

TD Bank’s failure to conduct appropriate testing and gap assessments of its transaction monitoring system led these monitoring gaps to persist for well over a decade. When TD Bank began transitioning to a new transaction monitoring system, it conducted a mapping exercise; this exercise, though, was not “to make changes to [the existing transaction monitoring system] unless it’s a severe gap [because] the scenarios would be addressed in [the new transaction monitoring system]” that, at the time, was over a year out from implementation, which remains ongoing. In connection with this exercise in the summer of 2023, an external consultant alerted the Bank that there would be a significant increase in the number of alerts in the new transaction monitoring system due to, among other factors, additional transactions captured in the new system, including checks and a broader definition for wire payments. An AML senior manager shared with the Global Head of AML that in a five and half month test period, the new system would monitor roughly $1 trillion in additional wire transactions than the existing system.

24

In August 2023, an AML senior manager responded to the transaction monitoring discrepancies, “WOW, there is a significant difference especially for monetary instruments and wires!” The Global Head of AML was then informed of the issue and noted the need to understand the “200% increase in wires” that would be captured in the new transaction monitoring system, but failed to escalate the issue to the Boards, other senior management, or its regulators, and failed to implement mitigating controls.

From August 2023 to February 2024, there were at least four presentations to TD Bank executives that compared the coverage between the old and new systems, with each presentation noting a substantial difference between the two, and one describing a monthly increase of “$220 billion of transactions (123% increase)” covered under the new system’s transaction codes. However, during this time, TD Bank executives did not apply mitigating controls or notify regulators. The Bank estimated that it would need to almost triple its AML staff to handle the projected volumes in the future, but did not initiate any remediation efforts. It was only after one of TD Bank’s regulators became aware of the gaps that the Bank began taking steps to mitigate the significant ongoing risk that they posed to both the Bank and the broader financial system.

TD Bank’s insufficient monitoring included transactions that its customers effected via peer-to-peer (P2P) channels, including Zelle, which the Bank launched for personal accounts in April 2017. ⁴⁵ Due to the Bank’s lack of domestic ACH monitoring, TD Bank did not monitor P2P, such as Venmo or PayPal, if effected through a channel other than Zelle.

25

Non-Zelle P2P. The Bank knowingly failed to appropriately monitor over $100 billion of non-Zelle P2P transactions, such as Venmo transactions, during the Relevant Time Period.⁴⁶ Within TD Bank, Non-Zelle P2P transactions were processed as domestic third-party debit card or direct deposit activity in customer accounts. In January 2019, an internal assessment of a terror financing scenario recommended adding coverage for online money transfer systems, such as PayPal, Venmo, and Zelle, to align with FATF guidance.⁴⁷ The recommendation stated, “[i]ncluding additional payment types for monitoring within these scenarios may increase the probability of detecting terrorist financing activity as well as reduce any AML risks by not monitoring these transaction types.” However, in November 2019, when the Bank was updating its AML transaction codes to allow for changes in its monitoring coverage, the AIU determined that all external P2P vendors, such as Venmo or Square, would be “out of scope.” TD Bank never created transaction codes necessary to monitor P2P platforms, instead focusing on creating codes for Zelle only, thereby knowingly excluding these other P2P transactions from any specific scenario monitoring.

As of 2021, when the Bank had another opportunity to create transaction codes and specific scenarios for P2P transactions, AML senior management improperly concluded the current monitoring mechanism was sufficient. In March 2024, an AML Technology Head’s response to questions from the Bank’s newly hired BSA Officer about monitoring P2P acknowledged that non-Zelle P2P were not “assigned specific tran[saction] codes, [that allow] for systemic monitoring.”

Zelle stands apart from many other P2P applications (such as Venmo) because it is owned and operated by Early Warning Services, LLC, a bank service company owned by seven major U.S. banks; TD Bank is not one of the owners and operators of this company, but TD Bank does allow its customers to use Zelle to effect P2P transactions.

26

Zelle.⁴⁸ From 2017 to 2023, about 300 million incoming and outgoing Zelle transactions were conducted at TD Bank with a total value over $75 billion—nearly the same as the total amount of P2P activity that TD Bank customers processed across all other P2P channels combined. Prior to launching Zelle, TD Bank AML personnel identified potential money laundering-related risks, including transactions involving high-risk jurisdictions. The AML team further stated existing scenarios for the predecessor service to Zelle, a much lower volume product, needed to be reviewed to determine the impact on monitoring. After Zelle was implemented, AML teams requested unique scenarios that would be appropriate for Zelle, but TD Bank ultimately did not implement any new scenarios specifically focused on this product (instead adding Zelle to certain existing scenarios).

Initially, TD Bank monitored Zelle personal transactions through scenarios used to monitor debit card transactions. In April 2020, roughly three years after launching Zelle, the Bank belatedly added unique codes to allow it to differentiate Zelle payments from other transactions executed on the Bank’s debit cards. TD Bank’s deployment of these unique codes allowed the AIU to include Zelle transactions within the scope of existing scenarios the Bank used to monitor personal accounts’ high velocity incoming and outgoing funds transfer activity. However, these scenarios were designed to be used for wire activity and were not fit for the purpose of monitoring Zelle activity: they generated alerts only when a personal account received at least two wires or transfers with an aggregate greater than or equal to $10,000 over five business days or sent at least two cash deposits with an aggregate greater than or equal to $9,000 over five business days. Yet, Zelle has a daily transaction limit of $2,500 and a rolling 30-day limit of $10,000. TD Bank repeatedly cited these scenarios (without

27

describing the scenarios’ parameters), along with even less applicable scenarios geared towards commercial customers with a $100,000 threshold, as examples of current Zelle monitoring to at least one of its regulators, even though the thresholds were not suitable to the product and TD Bank anticipated monthly alert volume for these scenarios in the single digits.

Bank personnel knew that these wire-oriented scenarios would not reasonably mitigate the risks associated with Zelle activity. One AML manager observed that because wire scenarios have high-dollar thresholds inconsistent with the types of transactions effected via Zelle and other P2P platforms, Zelle activity “[got] lost in the much bigger $ wire category.” The Bank added Zelle transaction codes to five other scenarios in 2023, which all monitor for aggregate amounts ranging from $50,000 to $150,000, continuing the Bank’s ineffective monitoring of Zelle activity.

AML staff also expressed specific concern with low-dollar amount Zelle transactions, especially in higher velocities. In August 2020, the Bank abandoned plans to add Zelle to certain existing terror financing scenarios because an impact analysis showed that too many alerts would be generated; instead, the Bank decided to create a new scenario unique to Zelle. In October 2020, AML personnel submitted such a request for new high velocity scenarios specific to detecting potential terrorist financing transactions effected via Zelle. However, as with other examples of extensive delays described elsewhere in this Consent Order, analysis for the potential scenario implementation was not completed until November 2021, more than a year later.

Even after eventually performing the analysis in late 2021, AML management stated that, based on “direction” they had received, the Bank would not introduce any new scenarios unless there was an “exposed risk or regulatory need” and that “unless absolutely required, new scenario development in [the transaction monitoring system] is regrettable spend.” TD Bank implemented the proposed scenario only in February 2023, roughly six years after Zelle’s launch, two-and-a-half years after the initial request for the scenario was submitted, and well after the Bank was aware its AML practices were facing intense scrutiny by regulators and law enforcement.

28

TD Bank’s failure to implement scenarios addressing risks specific to Zelle, even after several AIU staff flagged potential monitoring gaps, led to TD Bank’s failure to timely report suspicious activity. In May 2021, more than four years after the Bank’s initial implementation of Zelle, an AIU analyst investigating transactions linked to potential human trafficking, which had been manually identified by a TD Bank employee completing an unusual transaction referral (UTR),⁴⁹ determined that many of the accounts involved in the activity transacted via P2P channels, including Zelle. However, despite the “really big red flags” of such activity being associated with human trafficking, no automated alerts had flagged this activity—some of which took place months before the AIU investigator became aware of it—for review. The AIU analyst provided examples to an AML senior manager of the Zelle “activity that we are missing” by not having a relevant scenario in the automated monitoring system.⁵⁰

In another example, TD Bank failed to identify and timely report suspicious activity that was indicative of human trafficking and processed in part through P2P transactions. In one instance related to a purported HVAC company, the undetected suspicious activity spanned a nine-month period, from July 2023 to April 2024, and included over $3.5 million in a combination of more than 1,000 P2P transactions, as well as check deposits, withdrawals, and ACH transactions. This high volume of activity drastically conflicted with the customer due diligence documentation collected by TD Bank, which reported the maximum annual sales revenue of this customer as $500,000.

29

Yet, TD Bank never questioned the ultimate source of the millions of dollars flowing through the customer’s accounts over a relatively short timeframe, which was clearly disproportionate to the customer’s reported annual revenue. Despite purporting to relate to operating in the HVAC industry, the suspicious transactions involving this supposed HVAC company related to interstate freight carrier services, hotels, and multiple mobile phone providers. The suspicious transactions also included purchases of hundreds of airfare tickets to high-risk jurisdictions such as Turkey, Thailand, and Colombia, and hundreds of purchases for visa immigration services in high-risk jurisdictions such as Suriname, Nicaragua, Ethiopia, and Singapore. Similarly, suspicious transactions involving this purported HVAC company also included withdrawals from ATMs across four states and multiple foreign jurisdictions, including Uzbekistan, Ecuador, and Mexico. Further, a TD Bank salesperson expressed concerns shortly after onboarding customers affiliated with the owner of the HVAC company, upon realizing one of the affiliated businesses was inappropriately operating out of a residential address. Despite the clear human trafficking “red flags,”⁵¹ TD Bank failed to proactively identify any of this suspicious activity over nearly a year due to the known gaps in its transaction monitoring system as described above,⁵² and, ultimately, filed a late SAR after prompting from law enforcement. After the Bank identified the issues with this customer, it proactively notified FinCEN of its internal investigation and subsequently filed a late SAR.

Similarly, some of the employee-related misconduct at TD Bank, identified only after one of its employees was arrested (described below), involved Zelle transactions.

30

FinCEN issued an advisory in 2014 about funnel accounts,⁵³ and during the Relevant Time Period, TD Bank clearly understood both the risks associated with this typology and the gaps in its coverage of them, but did not implement adequate controls to manage those risks and close those gaps.

TD Bank maintains no physical presence in Latin America, yet during the Relevant Time Period, TD Bank customers conducted millions of ATM withdrawals in that region: a sample review of ATM withdrawals from five high-risk Latin American and Caribbean jurisdictions totaled more than $750 million. Moreover, within this sample, transactions in Colombia stood out as clear outliers: they accounted for nearly half of the $750 million of ATM withdrawals by dollar value and far exceeded the withdrawals in Mexico—despite the fact that Mexico’s economy is roughly four times as large as Colombia’s economy. Similarly, the volume of Colombian ATM withdrawals exhibited a roughly 50% annual increase each year over a four-year portion of the Relevant Time Period.

AML personnel identified customers engaged in funnel account activity in the spring of 2019. AML investigators were also aware that, with respect to funnel accounts, “bad actors target TD [Bank],” including because the Bank maintained different policies than other peer financial institutions. In a one-month period in late 2020, the Bank’s scenario for personal ATM activity in high-risk countries identified Colombia as accounting for over 90% of the triggering transactions in a one-month period that exceeded expected parameters.

31

Despite this awareness, TD Bank demonstrated no urgency to address the issue and failed to take sufficient measures to mitigate funnel activity risks. Moreover, even in the instances in which the Bank identified a funnel account, between October 2019 and March 2022, the Bank averaged approximately 329 days from account opening to demarket the relevant customer from the Bank.

Two years after AML personnel began raising concerns about funnel accounts, TD Bank finally developed a manual control to compensate for deficiencies in its ability to timely identify customers engaged in funnel account activity. To date, this manual control has never been subjected to appropriate testing to determine if its parameters are fit to mitigate the risks.⁵⁴

TD Bank still has not implemented planned automated scenarios to mitigate related risks due to the extensive delays with the transaction monitoring system replacement described above. In late 2023, a third-party service provider to TD Bank notified an AML senior manager about ongoing concerns related to TD Bank’s internal controls for international ATM withdrawals that were consistent with the funnel account issues described above: “the actual number of unique accounts is close to over 20,000 so it is very important to find the pattern and scheme and for TD [Bank] to tighten the controls to prevent this type of activity in the future.” The third party provided the Bank with analysis identifying large and unexplained amounts of activity in Colombia, including identifying “multiple cards that conducted withdrawals at the same ATM location, just seconds/minutes apart.” For example, the customer linked to the cards underlying these back-to-back transactions purported to be a computer repair company based in New Jersey that had no apparent commercial reason to engage in such high-risk transactions. This issue was not timely escalated to executive leadership or the Boards. In 2024, the Bank implemented additional controls to address this activity, including reduced ATM withdrawal limits in certain high-risk countries.

32

TD Bank’s pause on implementing new scenarios or changing existing scenarios also impacted its monitoring of high-risk jurisdictions. As early as 2018, the Bank’s Internal Audit department found that not all jurisdictions TD Bank identified as high-risk were subject to monitoring by relevant scenarios in the Bank’s transaction monitoring system. Not only did TD Bank fail to timely address this finding, but also at a subsequent meeting to discuss potential updates to the high-risk jurisdiction scenarios, AML senior management, including the BSA Officer, concluded that only proposed changes that “would have no impact or lower the volume of false positives have been approved to proceed.” This meant the AIU could only remove those jurisdictions from monitoring that were no longer high-risk; the AIU was not allowed to add new jurisdictions, because doing so would increase the volume of alerts.

A subsequent review of ATM-related scenarios concluded the list of high-risk jurisdictions associated with these scenarios should be updated, but adding all high-risk jurisdictions would increase the monthly alert volume by more than 250%. Accordingly, AML personnel recommended updating the list of countries while simultaneously modifying another parameter to reduce relevant resulting alerts.

The Bank eschewed subsequent reviews of scenarios related to ATMs and wires in high-risk jurisdictions due to the ongoing transition to the new transaction monitoring system, but the Bank knew this implementation was delayed. AML personnel similarly concluded updating the list in the transaction monitoring system, while necessary to properly account for the high-risk jurisdictions in which TD Bank operated, would increase the alert volumes and add to the “sub-optimal utilization of TD [Bank] resources.”

33

In July 2023, TD Bank discovered that a portion of international wires was coded incorrectly as domestic rather than international, and therefore not properly monitored. For example, in June 2023, “(7.31%) [of] outgoing international wires have the value “US” in the Country Code field as opposed to the actual destination country.” The Bank believed this issue had “been in existence since day 1 (so could be as long as 10 years.)” and caused scenarios to miss alerts on wires sent to high-risk jurisdictions. The Bank planned to implement a solution in October 2023 to improve the quality of the country code data with the caveat that manual controls would need to continue.

Governance and oversight failures also contributed to TD Bank’s failure to implement and maintain appropriate scenarios in its transaction monitoring system. In 2018, members of the Bank’s AML Risk and Monitoring team authored a “Transaction Monitoring Strategy” document which described the Bank’s transaction monitoring system as “lagging behind peer group standards” and stated upgrades to existing tools “experience[d] frequent delays.” During the drafting of the document, one AML senior manager heading this team requested that the authors revise the document to represent the current transaction monitoring system in a more “positive” light. The document recommended the Bank’s transaction monitoring strategy should change to include “a proactive customer behavioral strategy.” However, the Bank failed to meaningfully respond to these concerns, proceeding first with the delay-ridden upgrade to the system, then beginning the prolonged (and, more than five years later, yet to be completed) process of switching vendors.

As a result, TD Bank did not develop a comprehensive framework for implementing new transaction monitoring scenarios until September 2021. From 2017 to 2021, six new transaction monitoring scenarios were proposed, but none were implemented. The six new scenarios were recommended to cover gaps in the Bank’s monitoring of high-risk jurisdictions and cash debits, as well as Zelle, cross-border transactions, and ATM transactions. The failure to implement these scenarios led to significant gaps in TD Bank’s transaction monitoring.

34

These governance failures ultimately contributed to many of the Bank’s failures to timely identify and report suspicious activity.

First, in 2011, AML senior management “paused” a transaction monitoring scenario targeting large cash deposits in commercial accounts; although this “pause” was framed as temporary at that time, the scenario remained dormant for at least a decade. As a result of this oversight failure, the Bank’s transaction monitoring system failed to generate over 150 alerts for suspicious activity related to a scheme involving a group of TD Bank customers (Customer Group A) that purported to operate in the precious metals industry, but that bore indicia of unregistered money services businesses (MSBs).⁵⁵

A separate money laundering scheme and unlicensed MSB operated by the Sze Network⁵⁶ also exploited a gap in the monitoring of commercial cash transactions.⁵⁷ TD Bank’s failure to reinstate this scenario for business accounts caused the Bank to fail to detect suspicious activity and report it to FinCEN. Additionally, TD Bank allowed its customers to make cash deposits at its branches and purchase official bank checks from these proceeds without any entries in the corresponding customer account(s). The scenarios applicable to these large cash transactions were also defective, as they did not alert for purchases of official bank checks beyond a certain value. This created a gap in the Bank’s ability to identify and report suspicious cash transactions.

35

Second, in 2013, TD Bank decommissioned two scenarios for funnel accounts due to “data quality” challenges. Bank personnel understood these scenarios generated SAR filings that were helpful for law enforcement, and the decommissioning was intended to be temporary while the data-related issues were addressed. However, despite subsequent requests to reinstate one of the scenarios, “no one was willing to [reinstate it]…so that scenario sits there idle going on seven or eight years now.”

Finally, in 2020, TD Bank’s Internal Audit department conducted a review of the Bank’s AML function that resulted in a high-risk rating, in large part because there were outstanding reviews of transaction monitoring scenarios, as well as recommended changes to scenarios that were overdue due to defects stemming from the transaction monitoring system upgrade. In response, an AML senior manager acknowledged the need to add new scenarios to the transaction monitoring system but noted budget constraints. The AML senior manager described this failure of scenario development as a “glaring risk.”

TD Bank conducted several scenario “tunings” from 2017 to 2021. In theory, scenario tuning should test the performance of scenarios by looking at both false positives and missed suspicious activity. However, early in the Relevant Time Period, TD Bank’s scenario tunings focused on SAR conversion rates and changing scenario thresholds to minimize false positives, although the Bank looked at limited opportunities to capture additional intended risk. A 2015 Model Validation found the approaches to scenario tuning “were not statistically adequate” and recommended a new tuning methodology. Although the Bank subsequently accepted and implemented the new tuning methodology, its approach to scenario testing continued to be subject to other issues.

TD Bank failed to reasonably assess whether the scenarios it maintained adequately mitigated the money laundering risks that the Bank faced. A 2017 Model Validation found that even though an AML group performed an assessment to evaluate gaps, the typologies that the AML group used were too broad to effectively evaluate the scenarios’ mitigation of the Bank’s risks. The report

36

recommended the AML function develop a “more comprehensive adjustment that pays attention not only to avoiding false positives but also to capturing true positives.” Although TD Bank eventually implemented a process to review scenarios in order to address these concerns, this occurred nearly a decade after it initially implemented its transaction monitoring system, and many of the reviews were still outstanding in 2020, several years after the process was first developed.

According to a 2020 internal audit, half of the transaction monitoring scenarios’ mandatory reviews remained outstanding for three years, with no overall target date for completion. Moreover, the 2020 audit also found that, for the scenarios with completed reviews that included recommended changes, implementation work was not performed in a timely manner. Finally, until late 2021, the Bank did not maintain any procedures or formal documents outlining processes for either the promotion of new scenarios in the transaction monitoring system or in a manual environment to capture any triggers or market-driven factors, such as the impact of COVID-19.

Until near the end of the Relevant Time Period, TD Bank’s AML management failed to properly ensure the requisite employees received appropriate training. The issues included: (i) a lack of tailoring to appropriate personnel regarding relevant risks and typologies; (ii) insufficient direction on evaluating and responding to UTRs, as frontline personnel were encouraged to stop reporting potentially suspicious activity; and (iii) improper training related to filing of CTRs, which contributed to employees’ provision to law enforcement of misleading information.

37

Despite awareness that it faced elevated risks of specific money laundering typologies in certain regions, the Bank did not tailor its training program for both AML compliance personnel investigators and “frontline” retail branch personnel. For example, as discussed above, in 2019, the Bank identified an increasing trend of apparent funnel account activity, including multiple debit cards linked to the same account being used to withdraw large amounts of cash via ATMs in high-risk jurisdictions. Even after developing potential red flags and a methodology to identify the accounts, AML personnel did not provide updated training to retail employees or visit branches identified as onboarding the high-risk customers. Instead, in the four years since AML personnel first began tracking this risk, the Bank conducted only one training, in 2020, to a subset of its branches that contained a single sentence regarding the risks of ATM withdrawals. In 2023, the Bank conducted additional trainings that addressed specific issues, including funnel accounts.

The Bank’s manual processes around UTRs included training-related deficiencies, particularly with respect to (i) specialized red flags for higher-risk activities, and (ii) more fundamental concepts as to how and where to file UTRs. The AIU analysts who reviewed UTRs often missed money laundering typologies or provided incorrect guidance to other Bank employees.

In one example, personnel working at a retail branch submitted a UTR raising concerns about potential collusion of two individuals—later determined to be part of the Sze network—who deposited large amounts of cash at different branches and ATMs. The individuals mentioned in the UTR were ultimately indicted for their involvement in a larger money laundering ring that effected a significant portion of its transactions through TD Bank: in February 2022, Sze pled guilty⁵⁸ for his role in coordinating a vast money laundering conspiracy, operating an unlicensed MSB, and bribing bank employees. From 2016 through 2021, the Sze Network laundered an estimated $650 million in cash, consisting of narcotics and other illicit proceeds, utilizing TD Bank and other institutions. The Sze network conducted more than $400 million in transactions through the Bank.

38

Despite collusion by Sze’s associate—as mentioned in the UTR—as well as the AIU investigators’ identification of a recent SAR for the same individual, TD Bank investigators failed to use salient information from the UTRs as a basis for preparing SARs. For example, a May 2020 UTR clearly identified two members of the network “working together” to engage in cash activity at multiple branches and ATMs. However, the corresponding SAR failed to clearly explain such information, including identifying both the relevant persons named in the UTR as subjects of the SAR. This deprived law enforcement of information that would have allowed for faster identification and prosecution of Sze and his co-conspirators.

Branch personnel continued to have concerns about these individuals and corresponding customer accounts, and as required by Bank policy, they submitted additional UTRs. However, an AIU manager informed branch personnel they no longer needed to send additional UTRs for unusual activity about these individuals and corresponding customer accounts that occurred for the next six months because they were already under investigation. Coupled with other instances in which Branch personnel were told not to file additional UTRs on the same activity, even when the unusual activity continued, certain branch employees assumed the ongoing activity was deemed appropriate by AML management.

TD Bank’s training deficiencies led to employees filing numerous CTRs without recording all of the individuals present for transactions and accepting photos of identification on phones for persons not physically present at the bank branch. For example, the Sze Network routinely accepted illicit proceeds and then deposited the cash into approximately 100 TD Bank branches in New York, New Jersey, Pennsylvania, and elsewhere, utilizing bank accounts in the names of shell companies

39

and conspirators. The Sze Network then further obfuscated the source of the illegal cash by purchasing official bank checks, writing personal and business checks, and making international and domestic wires to jurisdictions like Hong Kong, which can pose a higher risk for a North American-focused bank like TD Bank. The Bank did not properly record Sze on over 100 CTRs, and instead Bank branch personnel reported only the accountholder, who on many occasions was not present and, in at least one instance, accepted a photo of the accountholder’s identification that Sze showed a Bank employee on Sze’s phone.

The branch employees clearly recognized Sze, as he routinely provided gift cards to employees of TD Bank when he visited branches. In 2020 and 2021, Sze provided at least $57,000 in gift cards to financial institution employees in connection with financial transactions. However, some of the branch employees later indicated they believed they were not required to name the individual(s) transacting where the customer was also present for the transaction, despite FinCEN’s clear instructions for filing CTRs.⁵⁹

TD Bank failed to implement and maintain appropriate risk-based customer due diligence (CDD) procedures, which significantly impeded the Bank’s ability to understand their customer base and associated risks.⁶⁰ The Bank failed to sufficiently collect and review information required to develop an adequate customer risk profile and identify high-risk accounts. Further, the Bank’s failures to remediate numerous and longstanding issues with its customer risk rating system led to significant deficiencies in the ongoing monitoring of high-risk customers.

40

The Bank’s CDD policies and procedures were deficient, as information obtained about customers at account opening and the Bank’s analysis of such information was inadequate to properly assess the customers’ risk and support the Bank’s effective suspicious activity monitoring. For example, in February 2021, when the Bank onboarded accounts for Customer Group A, the New York companies purporting to operate in the precious metals industry, the Bank collected information about the customers’ expected activity as well as financial information about the companies’ operations. Almost immediately after account opening, the customers began bringing large volumes of cash deposits to TD Bank branches, and branch personnel soon expressed concern about this activity.⁶¹ However, the Bank failed to properly consider Customer Group A’s high volume of cash deposits as part of the Bank’s AML risk profile for the relevant accounts. Instead, the Bank focused primarily on its operational (but not AML-related) risks by enrolling these customers in armored car services. In doing so, the TD Bank sales team acknowledged that in the onboarding of these customers, “the cash is what is making this [relationship] so lucrative,” but remained nervous about the large volume of cash, since the AIU sought documentation from the sales team to legitimize the cash deposits. The Bank took other steps to accommodate these customers, including waiving fees, as gestures of good faith. Over time, these customers continued to increase their cash activity through the Bank. However, the Bank collected the customers’ financial statements and tax returns only after Customer

41

Group A applied for a lending product; this financial information that Customer Group A eventually provided to the Bank contained numerous inconsistencies and red flags that the activity was not supported by legitimate operations. TD Bank personnel continued to allow these customers to conduct large volumes of transactions through the Bank for roughly a year, until after receiving additional inquiries from law enforcement about these customers.⁶²

The Bank also failed to ensure sufficient information regarding the nature of customers’ businesses was obtained at account opening and maintained during the life of the relationship. For example, after receiving an inquiry from law enforcement in 2022 related to alleged drug trafficking, the Bank initiated an investigation into a Florida-based customer purportedly operating in the computer manufacturing industry. Upon investigation, the prior due diligence failures became immediately apparent, as the Bank determined from the product reviews of electronics listed on the customer’s public website that the company was purportedly selling prescription drugs. Further, the Bank’s investigation identified red flags pertaining to the address on file for the customer, namely that it was a residential address shared by several other TD Bank customers, including entities that were also purportedly operating in the electronics and computer industry. The customer remitted and received millions of dollars with the accounts of other TD Bank customers at its address, and also received wires, including from high-risk jurisdictions such as Paraguay, the Dominican Republic, and Panama. In sum, TD Bank failed to detect and act on red flags, allowing a continuation of customer relationships that posed heightened and unmitigated risks until after the Bank received an inquiry from law enforcement.

42

TD Bank’s process for identifying and assessing high-risk customers was insufficient and improperly administered due to TD Bank’s inadequate staffing and failure to maintain the necessary software. The failure to maintain such software led to extensive system-related deficiencies, similar to those associated with the Bank’s transaction monitoring system (as described above). These issues spanned both the Bank’s primary risk rating system for its customers, as well as related data feeds and processes.

Throughout the Relevant Time Period, AML senior management frequently reported issues with the Bank’s primary customer risk rating system. In January 2019, the Bank identified at least 65 unresolved issues involving this system that spanned from 2016 to 2019. One such outstanding issue pertained to risk scores for certain customers that were displaying a string of arbitrary numbers, instead of the proper date, time, and score. Around the same time, an AML senior manager acknowledged a subset of customers were inadvertently omitted from scoring, which resulted in the identification of more than 500 U.S.-based high-risk customers that had not been previously identified as posing a high risk by the Bank’s AML group. However, the Bank took no steps to scrutinize this population of customers or the transactions they had effected through the Bank while they were not classified as high-risk customers.

These issues also extended to other systems and processes that were integral to effective customer risk rating. In 2019, the BSA Officer and AML senior management were informed that certain updated risk-related information was not linked to the related customer records because updates made to customer data while a computer memory issue persisted were not factored into a customer’s risk rating score. This resulted in the Bank failing to integrate accurate information necessary for proper risk monitoring.

43

In June 2019, the BSA Officer informed a Bank risk management committee that projects intended to strengthen the Bank’s customer risk-rating system and related processes were delayed due to technology and funding issues. The BSA Officer assured the committee these projects would get back on track by August 2019.

However, in September 2019, the risk-rating projects remained in “red” status, with revised planning efforts then just getting underway. At the same time, AML personnel reported to another risk management committee of senior executives, including the BSA Officer, that a backlog of 1.6 million customers had been identified that were never scored for risk rating. The members of this executive committee, including the BSA Officer, debated the approach the Bank should take for this population of customers. This included consideration of the results of a small sample analysis which indicated that the number of high-risk customers within this unscored, larger population may have exceeded 200,000 customers. The committee members ultimately recommended against any remedial work specific to this large population of unscored customers, in part because it would compete with ongoing risk-related projects and resources. Instead, the members of the committee discussed the importance of Bank personnel “align[ing] on messaging to regulators” regarding customer risk-rating processes.

The same committee later identified another risk rating issue that pertained to account linkages, in which certain customers were either not scored or were incorrectly scored, due to customer accounts improperly linking to unique identifiers assigned by the Bank. This issue resulted in approximately 5.2 million unscored accounts related to more than 2.5 million unique customers. Despite the fact the issue was first identified five months earlier, the report to the committee indicated personnel were still working to identify the root cause and categorized the issue as “complicated” and requiring “extended analysis,” with no immediate resolution proposed.

44

In November 2019, AML senior management acknowledged all ongoing customer risk rating projects would be delayed until mid-2020, with a final resolution date of February 2021. However, in April 2020, the committee identified additional projects required to remediate the customer risk rating processes, many of which had been deferred due to resource constraints.

In 2023, the Bank implemented a new customer risk scoring methodology as part of its migration to another risk rating system. However, this required the Bank to rescore all its customers and complete a remediation of data inputs. This data remediation for the Bank’s highest risk customers is underway but is not yet completed.

TD Bank’s AML function maintains a High-Risk Customer (HRC) Group based upon risk ratings determined by the issue-laden risk-rating processes described above. HRCs are classified as either Tier I or Tier II⁶³ based upon their potential money laundering and terrorist financing risk. The Bank’s HRC procedures mandate the highest risk customers, those belonging to Tier I, are subjected to the most frequent application of review and the highest degree of enhanced due diligence (EDD). However, in practice, the Bank failed to implement controls sufficient to address risks associated with Tier I and Tier II HRCs.

For example, the Bank’s highest risk customers in Tier I were not subject to comprehensive transactional reviews to assess whether Tier I customers’ use of the Bank’s products and services was consistent with TD Bank’s risk profile for that customer. TD Bank required only a 90-day review window of transactional activity. These limited reviews of Tier I HRCs and their transactional data resulted in the Bank failing to monitor customers in a risk-based manner and exposed the Bank to significant risks.

45

For example, in July 2019, the Bank onboarded accounts for a New York-based religious institution despite its leader’s ties to terrorist organizations and involvement as an unindicted co-conspirator in the 1993 World Trade Center bombings. Despite this publicly available negative news, TD Bank failed to perform adequate due diligence at account opening and failed to understand its customers’ terrorism-related associations.⁶⁴ As a result, the Bank failed to categorize this customer relationship as high-risk, consequently failing to perform EDD reviews and properly monitor its transactions.⁶⁵ 65 As a result of a recently implemented scenario designed to look at changes in customer behavior—a foundational red flag used to identify and report suspicious customer activity⁶⁶—TD Bank ultimately filed a SAR on this customer in April 2024, but acknowledged the suspicious activity indicative of terrorist financing began four years prior, shortly after the customer was onboarded by the Bank. From approximately April 2020 to March 2024, TD Bank processed over $3 million in suspicious transactions for this customer, which included deposits from crowdfunding platforms,⁶⁷ charitable institutions, donations from individuals and businesses, unknown remitters utilizing a West

46

Africa-based MSB, and bulk cash and check deposits totaling approximately $1 million from possible shell companies. This volume of activity significantly varied from the customer’s reported expected activity, in which the customer claimed its anticipated cash deposits and wire transfer activity would not exceed $50,000 on a monthly basis. TD Bank’s delays in identifying and reporting this customer’s activities illustrate weaknesses in the Bank’s CDD process, including failing to timely investigate a significant discrepancy between expected and actual activity. As a result, the Bank failed to detect and report these indicators of terrorist financing sooner, depriving law enforcement of an opportunity to intervene earlier. After the Bank identified the issues with this customer, it proactively notified FinCEN of its internal investigation and subsequently filed a late SAR.

TD Bank’s Tier II HRCs were subjected to even less scrutiny, requiring a periodic review only every 24 months, and, more significantly, provided no requirement for any transactional review as part of the periodic reviews. This approach to monitoring Tier II HRCs failed to properly mitigate the Bank’s risks.

The EDD and periodic reviews performed for the Bank’s HRCs were of insufficient depth and impeded the Bank’s ability to understand risks within customer relationships. The Bank failed to apply the appropriate operational rigor required to successfully address the risks associated with its highest risk customer base. For example, in or about 2010, the Bank onboarded a Pennsylvania-based company that purported to operate as a travel agency and opened hundreds of related accounts for this high-risk customer, even though the Bank did not have a clear understanding of the customer’s expected activity and the parties with whom it expected to transact. This customer’s accounts remained open throughout the Relevant Time Period and routinely engaged in excessive cash activity—including withdrawals at ATMs in foreign jurisdictions, the frequency and volume of which were inconsistent with this type of business—with the Bank filing nearly 2,000 CTRs for cash activity

47

with an aggregate value of over $85 million for this customer. The Bank did not reassess this large volume of transactional activity as part of the customer’s risk profile, and failed to file SARs on this cash activity that exhibited clear indicia of suspicion. At the same time, the business line focused on the customer’s revenue to the Bank by tracking variances in this customer’s account activity as part of the Bank’s monthly revenue reporting.

TD Bank further failed to deploy automated transaction monitoring in a differentiated manner based on the risks of its customers. Such tailoring, which the Bank referred to as “segmentation,” enables a financial institution to apply controls to customer activity on a risk basis and allows for effective monitoring of suspicious activity. As early as 2017, the BSA Officer and AML senior management identified customer segmentation as a key initiative for the Bank, as it would allow for a risk-based approach to reviewing customer transactions. Throughout the Relevant Time Period, AML personnel attempted to plan this proposed customer segmentation effort, but were continuously hampered by the Bank’s transaction monitoring system, including the delayed software upgrade described above. The vendor for this system also issued a report to the Bank recommending that, before attempting to implement segmentation, the Bank first address alert aggregation methodology and ensure all alerts were being closed with a true understanding of worthiness. In making this recommendation, the vendor noted that the Bank’s decision to use an older version of a transaction monitoring system severely limited the Bank’s ability to calibrate AML scenarios.

Failure to establish an effective CDD program and critical, ongoing issues with the Bank’s customer risk rating processes allowed millions of high-risk customers to remain unscored during the Relevant Time period, which significantly impeded the Bank’s ability to monitor its customer base and properly address associated risks.

48

TD Bank’s independent testing function was ineffective and, as with the other pillars of TD Bank’s AML program, the approach to testing was insufficiently grounded in the actual illicit finance risks that the Bank faced.

First, TD Bank’s scope of testing was insufficient relative to the Bank’s high-risk customers, products, and services. For example, during the Relevant Time Period, TD Bank’s audit function performed multiple tests of the Bank’s controls related to physical cash, but such testing included only a limited review of AML controls. As a result, the Bank failed to detect the cash-related control gaps described above. Furthermore, the Bank also failed to appropriately test coverage assessments resulting in trillions of dollars going unmonitored for the entire Relevant Time Period.

The Bank’s methodology to assess risk across its entire AML program, via its annual assessments, was inadequate and overlooked key risk and control factors that materially impacted the analyses of the Bank’s risk profile. The assessments lacked depth and specificity, which prevented AML management from accurately assessing the BSA/AML risks associated with TD Bank. Inaccurate risk assessments, which included inconsistent risk ratings of certain bank products, demonstrate the Bank lacked an understanding of the illicit financial activity risks within the products and services it offered.

Second, the Bank failed to properly prioritize AML-related risks in planning processes related to testing. AML risks were not independently rated for assessment, and the Bank repeatedly failed to assess such risks as part of its testing processes. ⁶⁸ Similarly, in the testing of the Bank’s AML risk assessment process, internal audits simply determined whether controls existed and not whether they were, in fact, being appropriately used.

49

Finally, reports of independent testing to the Bank’s Audit Committee generally failed to highlight BSA-related findings, which prevented the Audit Committee from properly overseeing the remediation of BSA-related deficiencies.

CTR reporting requirements play a significant role in FinCEN’s core mission to safeguard the financial system from illicit use through the collection, analysis, and dissemination of financial intelligence. FinCEN and law enforcement depend on the accurate and timely filing of CTRs by financial institutions to develop an understanding of the movement of such funds, which may be associated with several cash-based money laundering typologies. As explained further below, TD Bank’s violations of CTR requirements involved two main deficiencies: (i) late filings caused by a combination of longstanding and known technological issues; and (ii) willfully filing more than 1,000 inaccurate CTRs, some of which not only failed to meet regulatory reporting requirements but also misled law enforcement.

FinCEN’s investigation identified more than 4,000 late-filed CTRs covering more than $150 million in cash transactions filed weeks after the required deadline.⁶⁹ Throughout the Relevant Time Period, the Bank identified longstanding challenges with a vendor used to support its CTR filing process, with an October 2018 report acknowledging recent improvements led to “somewhat of a normal state” by bringing down the monthly numbers of late filings from “300+ and in some [months] the 1,000 range.” Even later in the Relevant Time Period, the Bank found that nearly half of its CTR batch filings were not successfully sent to FinCEN. AML senior management identified the causes of certain of these late-filed CTRs, including the inability to “track all cash transactions to reconcile what should have been filed compared to what was filed” in CTRs, resulting in outstanding CTRs roughly six months after the filing deadline. For example, the Bank’s poor controls and lack of oversight allowed an issue related to late batch-filings of CTRs to remain unidentified for months, resulting in hundreds of late CTRs.

50

During the Relevant Time Period, TD Bank also filed more than 1,000 CTRs with incomplete and erroneous information, and in many instances, failed to collect any form of identification information (e.g., social security number) for parties conducting transactions. The Bank has been aware of this issue since at least 2019, when the Bank learned that its CTR application failed to verify whether an identifier (e.g., social security number) was collected within a CTR. The Bank failed to promptly address this issue, and as of 2021, the defect remained unresolved. The Bank considered it a low priority, postponing any effort to implement a resolution.

TD Bank’s filing of numerous inaccurate CTRs also hampered law enforcement investigations. Specifically, the Bank failed to report the individual conducting the transaction or collect accurate identification information about the customer, as required by CTR requirements, and thus failed to accurately report more than 500 CTRs covering transactions totaling more than $400 million tied to Sze.⁷⁰ By misidentifying the conductors of these transactions, TD Bank impeded law enforcement’s and FinCEN’s ability to identify and track potentially unlawful behavior. Further, the incorrect CTRs misled law enforcement and caused the investigators to incorrectly expend time and resources focused on the wrong subject.

Bank personnel processing these transactions knew Sze’s identity, but repeatedly accepted identification belonging to other individuals, including in at least one instance mentioned previously, wherein Sze presented to branch personnel a photo of a license on his phone. This led TD Bank to intentionally report incorrect driver’s license numbers and misidentify the true individuals conducting

51

the transactions in the CTRs. Even in the limited instances when the Bank filed CTRs listing Sze, it sometimes misattributed identification (e.g., driver’s license number) of his co-conspirators—the TD Bank account holders and others whose information Branch staff listed in the CTR by TD Bank.

Example of CTR violation:

The image above reflects Sze at the counter, but he is not mentioned in the CTR, which lists 29 locations and involved over $3 million in cash deposits.

TD Bank failed to adequately monitor, detect, and timely report suspicious activity. As described above, TD Bank willfully failed to implement and maintain its AML program, which included failing to maintain an adequate transaction monitoring system and staff to review alerts and investigate cases for possible reporting to FinCEN. TD Bank underreported amounts in multiple money laundering networks and missed the involvement of employees who facilitated suspicious transactions. FinCEN identified thousands of suspicious transactions totaling approximately one and a half billion dollars for which TD Bank failed to timely and accurately file a SAR. The following six examples illustrate the Bank’s failures to identify and report suspicious transactions and the resulting harm that this caused the U.S. financial system.

52

As explained above, TD Bank’s persistent underinvestment and lack of resourcing caused substantial and persistent backlogs to develop in its investigations of potentially suspicious activity. AML senior management was well aware of the duration and extent of these backlogs yet did not make sufficient and timely investments to reasonably resolve them. Instead of treating the issue with the urgency required, the Bank followed plans to “gradually reduce” such backlogs. In the instances in which the Bank spent limited additional funding, it did so only after business cases could be made by AML personnel, such as paying for employees’ overtime to work through the mounting backlogs. At times, alerted activity went unreviewed for months. As a result, the Bank’s lengthy backlogs of investigations delayed the timely notification of suspicious activity to law enforcement.

During the periods of these backlogs, TD Bank willfully failed to timely file over 6,000 SARs. The aggregate value of this late-reported suspicious activity exceeded $500 million.

Of the missed and improperly reported suspicious transactions identified by FinCEN, over 1,000 were transactions processed for Customer Group A, primarily from 2021 to 2022, with an aggregate value of roughly $200 million.⁷¹ Most of this activity consisted of unreasonable cash activity that exceeded, within a short timeframe after account opening, both the expected cash activity on the account as well as what could reasonably be supported by the financial statements that Customer Group A provided to TD Bank as part its CDD processes. Moreover, the pattern of activity exhibited other clear indicia of suspicion, with over 99% of the cash deposited transferred out to other

53

banks soon after the cash was deposited at TD Bank, including to overseas accounts. At times, some of these accounts moved millions of dollars in cash in a single day, and branch employees submitted UTRs for “excessive” in-branch cash activity. However, the Bank did not file any SARs on this activity until April 2022, more than a year after the activity began and after receiving multiple subpoenas.

In addition to the Bank’s CDD failures, other control gaps contributed to TD Bank’s failure to timely identify and report Customer Group A’s suspicious transactions. For example, the Bank’s transaction monitoring system “paused” a scenario to monitor large cash deposits of business accounts, which resulted in over 150 alerts not generating.⁷² Moreover, deficiencies in the Bank’s investigative processes contributed to the Bank’s failure to report Customer Group A’s suspicious transactions: Bank personnel investigating Customer Group A’s transactions that generated alerts closed them if the counterparty contained words such as “jewels” on the assumption that such the activity was not suspicious because the transaction was between parties in the same industry, even in instances where the activity exhibited other red flags (such as excessive cash, as noted above) or the counterparty was subject to adverse media.

Of the missed and improperly reported suspicious transactions identified by FinCEN, over 4,000 of these were transactions processed for Sze’s Network, primarily from 2017 to 2021, with an aggregate value of more than $200 million. Sze laundered these funds primarily through cash, and TD Bank did not timely file SARs despite numerous red flags. Surveillance footage indicated that,

54

for years, Sze conducted transactions at TD Bank on behalf of other customers’ accounts, even after TD Bank had previously identified Sze as having been involved in suspicious activity.⁷³ TD Bank’s failure to timely limit or restrict Sze’s activity resulted from the Bank failing to reasonably respond to clear red flags. First, despite the customers effecting this activity purporting to operate in the clothing or textile industries (which are not known to be cash-intensive businesses), they were some of the most active Bank customers processing cash transactions. Second, much of this cash activity took place, and even increased, during the COVID-19 pandemic when most cash-intensive businesses were conducting far lower levels of transactions. Third, branch personnel filed repeated UTRs with the Bank’s AML group (until AML personnel instructed Branch employees to stop filing such UTRs for extended periods of time up to six months)⁷⁴ without taking action to mitigate the recurring suspicious activity. Finally, as described above in the discussion of the Bank’s CTR failures, Sze’s transacting in cash through accounts that were not his own should have also presented a significant red flag to the Bank.

Further, TD Bank did not file SARs on over $125 million in cash used to purchase official bank checks by Sze and his network due to a gap in its monitoring controls and failed to identify wires to and from foreign jurisdictions as well as large checks for round dollar amounts as suspicious. In the SARs TD Bank filed involving the relevant accounts,⁷⁵ the Bank only occasionally and inconsistently referenced Sze in the narrative, even though he conducted the majority of the underlying transactions at the retail branches. Finally, TD Bank listed Sze as a subject in only six SARs that captured less than 10% of the illicit activity that Sze conducted through TD Bank. Even after being directly told by law enforcement that Sze conducted the transactions, the Bank chose not to correct any of the relevant SARs for almost two years.

55

Of the missed and improperly reported suspicious transactions identified by FinCEN, Individual A, a TD Bank retail branch employee, conducted several transactions totaling more than $100,000. Due to backlogs, the Bank failed to timely file on the suspicious activity in Individual A’s personal account, filing a SAR over a year after two wires totaling over $35,000 that had alerted for funds rapidly moving through Individual A’s account.

More egregiously, beginning in early 2021, Individual A exploited their position to facilitate money laundering activities in exchange for bribes. During their tenure at the Bank, Individual A opened over 2,000 accounts whose account holders conducted more than 600,000 transactions aggregating to over $200 million, many of which were shell companies with nominee owners.⁷⁶ In return for their role in facilitating the funnel accounts, Individual A received thousands of dollars in bribe payments. Certain of the accounts opened by Individual A were then used to launder narcotics proceeds, including to Colombia. Individual A assisted the money laundering efforts by giving those who provided bribes online access to the accounts, along with dozens of debit cards for the accounts that were used to withdraw cash from ATMs in Colombia. Individual A received bribes for opening these accounts and often violated a Bank requirement that branch personnel only open accounts when customers are physically present in the branch. Individual A also attempted to lift account freezes and unblock Zelle restrictions placed on certain of these accounts.

56

For many of the accounts, the Bank failed to timely file accurate SARs and considerably delayed closing the accounts, which allowed millions of dollars’ worth of suspicious activity to continue to flow unobstructed through the Bank. For example, five of the accounts Individual A opened cumulatively conducted over $20 million worth of transactions before the Bank ultimately closed their accounts. These five accounts were established for companies⁷⁷ incorporated in the United States and controlled by Colombian nationals. For an average of eight months,⁷⁸ the five accounts conducted transactions that exhibited clear indicia of funnel account activity,⁷⁹ including the receipt of approximately $12 million in wire transfers⁸⁰ followed by $12 million in cash withdrawals at ATMs in Colombia. TD Bank failed to timely report this suspicious funnel account activity and took an average of five months to file SARs on the five accounts. Further, the SARs filed were consistently incomplete and of limited value to law enforcement, as they failed to reflect Individual A’s readily apparent involvement in the activity. Despite the high volume of suspicious activity, and the red flags associated with the rapid movement of funds involving a high-risk jurisdiction such as Colombia, it took TD Bank an average of eight months to ultimately close the five fraudulent shell company accounts.

57

Of the missed and improperly reported suspicious transactions identified by FinCEN, over 300 were transactions processed for Customer Group B, primarily from 2018 to 2023, with an aggregate value of roughly $1 million. These transactions, including nearly $15,000 through Zelle, were linked to human trafficking at massage parlors and money laundering. Since the majority of incoming funds to Customer Group B’s accounts were in the form of cash and other unattributable sources, TD Bank lacked an understanding of the origin of funds going into Customer Group B’s accounts. TD Bank did not report this suspicious activity until nearly five years after it began. As previously described above, TD Bank did not tailor transaction monitoring scenarios to address the risks of Zelle. TD Bank’s failure to identify the Zelle suspicious activity stemmed directly from this failure. By 2021, the Bank was aware that Zelle transactions at the Bank may have links to human trafficking. The Bank failed to update its transaction monitoring scenarios, ignoring internal recommendations to implement such scenarios. As a result, the Bank failed to effectively monitor or report suspicious Zelle activity linked to human trafficking throughout the Relevant Time Period.

Of the missed and improperly reported suspicious transactions identified by FinCEN, several were transactions processed for Individual B, primarily from 2021 to 2023, with an aggregate value of nearly $100,000. Individual B worked at a TD Bank branch in Florida from 2015 to February 2023 and held at least two personal accounts at TD Bank. From November 2021 through February 2023, Individual B engaged in suspicious cash activity and wire transfers for the benefit of their relatives in Cuba. Individual B claimed to use the cash to facilitate payments to international buyers on behalf of their family in Cuba. However, there were no receipts of sale to confirm their statements. TD Bank’s untimely internal investigation eventually found Individual B abused their position as a TD

58

Bank employee and involuntarily terminated Individual B in February 2023, roughly two years after the relevant transactions began. In at least one instance, Individual B used a private room at a TD Bank location to accept a cash payment from an unidentified individual. In a separate instance, Individual B used a photo of themselves wearing a TD Bank name tag as proof of identification to alleged buyers to provide assurance.

On another occasion, a Cuban national made a cash deposit into Individual B’s personal TD Bank account, using a deposit slip Individual B falsely pre-populated. TD Bank failed to file a CTR for not only the cash deposit (which exceeded the reporting threshold), but also the two offsetting cash withdrawals that occurred less than a month later. All three transactions were processed by a former TD Bank branch manager who was suspected of colluding with Individual B and intentionally circumventing reporting requirements and AML escalation.

TD Bank’s investigation did not reference potential Cuba sanctions issues, and personnel involved in this investigation failed to escalate such concerns. Moreover, the Bank did not file a SAR until March 2023—almost two years after the conduct began—including due to an extensive delay between escalation of an alert and its subsequent investigation.

Of the missed and improperly reported suspicious transactions identified by FinCEN, roughly 2,000 transactions were processed for Customer Group C, primarily during a nine-month period, from July 2023 to April 2024, with an aggregate value of over $250 million. Customer Group C, purportedly operating in the sales finance and real estate industries, had informed TD Bank, as part of the Bank’s CDD processes, that their intended wire activity would be minimal and would not exceed $25,000. Additionally, Customer Group C estimated their annual sales would not exceed $1 million; in fact, Customer Group C conducted over $1 billion in transactions through TD Bank during the relevant period, with over 90% of the incoming funds from a UK-based cryptocurrency exchange and more than 60% of outgoing transactions sent as wires to a Colombian financial institution that also offers virtual asset-related services.

59

The pattern of activity revealed Customer Group C conducted, on average, over $100 million in wire transfers each month, most of which facilitated apparent third-party cryptocurrency trading and involved high-risk industries and jurisdictions, including Colombia, China, and countries in the Middle East. Yet this significantly deviated from Customer Group C’s onboarding documentation, which did not identify Colombia or China as jurisdictions through which cross-border transactions were expected to be processed. During this time, Customer Group C received more than $650 million from an international cryptocurrency exchange platform, where the purpose, ultimate originators, and source of funds were unknown to TD Bank. Despite this high volume of funds from unknown sources, TD Bank continued to process transactions for Customer Group C, including the facilitation of over $420 million to a financial institution offering cryptocurrency services in the high-risk jurisdiction of Colombia. TD Bank processed these transactions on behalf of Customer Group C, due in part to a lack of clear controls applicable to customers dealing in cryptocurrency: the limited high-level written policies the Bank had in place relating to virtual assets alluded to the requirements for certain additional controls and monitoring. However, there is no evidence any enhanced controls were ever applied to Customer Group C’s extensive transactions with virtual asset service providers.

Despite the high volume of suspicious transactions and “red flags” associated with high-risk jurisdictions and rapid movement of funds within a short timeframe, TD Bank failed to proactively report this suspicious activity until it received multiple law enforcement inquiries about Customer Group C. Furthermore, four months after Customer Group C was onboarded by the Bank, a financial regulator ordered an affiliate of Customer Group C to cease its operations, and its assets were ordered to be liquidated for the benefit of investors. TD Bank failed to conduct appropriate due diligence and only identified this adverse media related to Customer Group C after inquiries from law enforcement.

60

FinCEN determined TD Bank willfully violated the BSA and its implementing regulations during the Relevant Time Period. Specifically, FinCEN determined TD Bank willfully failed to implement and maintain an AML program that met the minimum requirements of the BSA, in violation of 31 U.S.C. § 5318 (h)(1) and 31 C.F.R. § 1020.210(a). Additionally, FinCEN determined TD Bank willfully failed to accurately and timely report suspicious transactions and Currency Transaction Reports to FinCEN, in violation of 31 U.S.C. § 5318(g) and 31 C.F.R. § 1020.320, and 31 U.S.C. § 5313 and 31 C.F.R. § 1010.311, respectively.

As summarized below, FinCEN considered all factors outlined in the Statement on Enforcement of the Bank Secrecy Act issued August 18, 2020, when deciding whether to impose a civil money penalty in this matter.⁸¹

61

62

63

64

65

FinCEN may impose a Civil Money Penalty of up to $69,733 per day for willful violations of the requirement to implement and maintain an AML program.⁸²

66

For each willful violation of a SAR or CTR reporting requirement, FinCEN may impose a civil money penalty not to exceed the greater of the amount of the transaction (capped at $278,937) or $69,733.⁸³

After considering all the facts and circumstances, as well as the enforcement factors discussed above, FinCEN is imposing a Civil Money Penalty of $ 1.3 billion in this matter. FinCEN has agreed to credit against the $1.3 billion Civil Money Penalty payments of $543 million to DOJ and the OCC. Accordingly, TD Bank shall make payment of $757 million to the U.S. Department of the Treasury pursuant to the payment instructions that will be transmitted to TD Bank upon execution of this Consent Order.

The undertakings agreed to in this Consent Order are in addition to, and independent of, any undertakings to which TD Bank or its affiliates agree in connection with any related consent order or plea agreement, settlement agreement, or any other agreements with or orders imposed by any other representative of the United States or agencies thereof.⁸⁴ By execution of this Consent Order, TD Bank agrees to the following Undertakings:

1. TD Bank agrees to retain an independent compliance monitor (Monitor) promptly after FinCEN’s selection pursuant to Paragraph 4 below.

67

2. The Monitor’s duties and authority, and the obligations of TD Bank with respect to FinCEN, are set forth in Attachment A, which is incorporated by reference into this Consent Order. TD Bank is responsible for ensuring that the Monitor carries the responsibilities set forth in Attachment A. Within 30 days after the Effective Date of this Consent Order, TD Bank shall submit a written proposal identifying no less than three candidates to act as Monitor, and, at a minimum, providing the following:

3. The candidates to act as Monitor or their team members shall have, at a minimum, the following qualifications (Minimum Qualifications):

68

4. FinCEN retains the right, in its exclusive discretion, to choose the Monitor from among the candidates proposed by TD Bank, though TD Bank may express its preference(s) among the candidates. Monitor selections shall be made in keeping with FinCEN’s commitment to diversity and inclusion. If FinCEN determines, in its exclusive discretion, that any candidate is not, in fact, qualified to serve as the Monitor, or if FinCEN, in its exclusive discretion, is not satisfied with any candidate proposed, FinCEN reserves the right to reject that candidate. In the event that FinCEN rejects any proposed candidate, TD Bank shall propose additional candidates within 30 business days after receiving notice of the rejection so that three qualified candidates are proposed. This process shall continue until a Monitor acceptable to both parties is chosen, unless FinCEN, at any time and in its sole discretion, determines that TD Bank is not recommending candidates in good faith. If FinCEN makes such a determination, FinCEN may solicit applications from the public and select a Monitor from among those applicants meeting the Minimum Qualifications. FinCEN will endeavor to complete the selection process within 60 days of the execution of this Consent Order. If the Monitor resigns or is otherwise unable to fulfill their obligations as set out herein and in Attachment A, TD Bank shall within 20 days recommend a pool of three qualified candidates from which FinCEN will choose a replacement through the process set out herein.

69

5. The Monitor’s term shall be four years from the date on which the Monitor is retained by TD Bank (Term of the Monitorship). The Monitor shall be retained at TD Bank’s own expense throughout the Term of the Monitorship. In the event that FinCEN finds, in its exclusive discretion, that there exists a change in circumstances sufficient to eliminate the need for the Monitor, and that the other provisions of this Consent Order have been satisfied, the Term of the Monitorship may be terminated early. Without prejudice to FinCEN’s right to proceed in the event of a Breach of this Consent Order, FinCEN may, in consultation with the Monitor extend the Term for up to a total additional time of one year.

6. The Monitor’s powers, duties, and responsibilities, as well as additional circumstances that may support an extension of the Monitor’s term or its early termination, are set forth in Attachment A. TD Bank agrees that it will not employ, contract with, or otherwise be affiliated with the Monitor or the Monitor’s firm for a period of not less than two years from the date on which the Monitor’s term expires. Nor will TD Bank discuss with the Monitor, any member of the Monitor’s team, or the Monitor’s firm the possibility of further employment or affiliation at any time during the Term of the Monitorship and for a period of two years after the Monitor’s term expires.

7. TD Bank agrees to require that its wholly owned subsidiaries and affiliates comply with the requirements and obligations set forth in Attachment A, provided that compliance with such requirements and obligations would not violate locally applicable laws and regulations or the instructions of local regulatory agencies.

70

8. In connection with this resolution, TD Bank has engaged a qualified independent consultant (SAR Lookback Consultant)⁸⁵ at its own expense, to conduct a SAR Lookback Review. The scope of the SAR Lookback Consultant’s work, including but not limited to the SAR Lookback Review, will be evaluated and overseen by the Monitor. The SAR Lookback Consultant will determine whether activity effected by TD Bank’s customers, from 2018 until the completion of TD Bank’s phased implementation of its new transaction monitoring system,⁸⁶ is properly identified and reported under 31 U.S.C. § 5318(g) and implementing regulations, including but not limited to:

(i) transactions effected via Zelle and other P2P payment products, (ii) transactions involving or related to high-risk jurisdictions, including transactions consistent with funnel account typologies, and (iii) transactions that did not generate an alert due to gaps in the coverage of TD Bank’s automated monitoring system, such as gaps related to coverage of ACH and RDC transactions, as well as gaps stemming from TD Bank’s failures to implement new scenarios during the Relevant Time Period, resume scenarios that had been temporarily paused, or to capture other types of transactions (Covered Transactions).

9. Within 150 days from the date of engagement of the Monitor, the SAR Lookback Consultant will deliver to FinCEN and the Monitor a report summarizing the proposed scope and methodology of the review of the Covered Transactions that the SAR Lookback Consultant plans to conduct (SAR Lookback Scope Report). FinCEN, in consultation with the Monitor, may amend the

71

scope of the review of Covered Transactions within 30 days of FinCEN’s receipt of the report summarizing the proposed scope and methodology. Following submission of the SAR Lookback Scope Report to FinCEN, the SAR Lookback Consultant will deliver quarterly progress reports to the Monitor documenting the status of the SAR Lookback Review. Based on the quarterly progress reports, FinCEN, in consultation with the Monitor, may expand the time period of the SAR Lookback Review within the Relevant Time Period.

10. Within eighteen months from the date of the SAR Lookback Scope Report, and no later than April 2027, the SAR Lookback Consultant will deliver a detailed report (SAR Lookback Report) to FinCEN, the Monitor, and TD Bank that summarizes the methodology and findings of its review and identifies the Covered Transactions that may require a SAR to be filed pursuant to 31 U.S.C. § 5318(g) and its implementing regulations. TD Bank will make, and will cause the SAR Lookback Consultant to make, interim reports, drafts, work papers, or other supporting materials related to the SAR Lookback Review available to FinCEN upon request. TD Bank will comply with the findings of the SAR Lookback Consultant, the Monitor, or FinCEN that TD Bank file SARs on any of the Covered Transactions, and, in the event that any of the SAR Lookback Consultant, the Monitor, or FinCEN recommend that TD Bank file a SAR on a Covered Transaction, TD Bank will comply with that recommendation. TD Bank may begin filing SARs on the Covered Transactions during the pendency of the SAR Lookback Review (and prior to completion of the SAR Lookback Report), provided that the Bank notifies FinCEN at least 30 days prior to commencing such SAR filings.

72

11. No later than 90 days from the date of the SAR Lookback Report, TD Bank will complete the filing with FinCEN of SARs regarding all the Covered Transactions identified by the independent consultant as ones that would have required a report pursuant to 31 U.S.C. § 5318(g) and implementing regulations. TD Bank shall be entitled to one 60-day extension of this SAR filing deadline as of right. Any additional extensions require the written consent of FinCEN in its sole discretion.

12. Within 60 days from the date of retention of the Monitor, the Monitor will propose a qualified independent consultant (AML Program Consultant) for TD Bank to hire, at its own expense, to conduct a review of the effectiveness of TD Bank’s AML program though an AML Program Review.⁸⁷ The Monitor has the right to veto the engagement of an AML Program Consultant that the Monitor deems unsuitable to complete the AML Program Review. The AML Program Review will determine whether TD Bank complies with the BSA.

13. Within 90 days from the date of TD Bank’s retention of the AML Program Consultant, the AML Program Consultant will provide FinCEN with a report summarizing the proposed scope and methodology of the review of TD Bank’s AML program (AML Program Scope Report). The AML Program Scope Report must include proposed analyses to cover at least the following aspects of TD Bank’s AML Program:

73

74

75

76

14. FinCEN, in consultation with the Monitor, may amend the scope of the review of TD Bank’s AML program through a notification to the Monitor within 30 days of FinCEN’s receipt of the report summarizing the proposed scope and methodology. Following submission of the AML Program Scope Report to FinCEN, the Monitor will deliver quarterly progress reports to FinCEN documenting the status of the AML Program Review.

15. Within 60 days from the end of its review, but no later than one year from the date of its engagement, the AML Program Consultant will submit to FinCEN a written report: (i) addressing the adequacy of TD Bank’s AML program, including, but not limited to, the areas set forth in the AML Program Scope Report; (ii) describing the review performed; and (iii) describing any recommended modifications or enhancements to TD Bank’s AML program. TD Bank will make, and will cause the AML Program Consultant to make, interim reports, drafts, workpapers, or other supporting materials related to the AML Program Review available to FinCEN upon request.

77

16. TD Bank, in consultation with the Monitor, will develop a plan to implement any recommendations made in connection with the AML Program Review (Implementation Plan) or, within 90 days after issuance of a report, propose alternatives. The AML Program Consultant will provide a written response to any proposed alternatives within 60 days. Within 180 days after finalization of the Implementation Plan, TD Bank will provide FinCEN and the Monitor with a written report detailing the extent to which it has adopted and implemented the Implementation Plan. As set forth in Attachment A, TD Bank’s implementation of the recommendations shall be subject to the Monitor’s validation reviews.

17. The Monitor shall, in addition to other duties described herein, oversee a Third-Party Accountability Review.⁸⁸ The Accountability Review process will assess the accountability review work the Bank has conducted prior to the selection of the Monitor concerning the involvement or failure to escalate by current and former TD Bank personnel in conjunction with the conduct described in the Statement of Facts relating to TD Bank’s transaction monitoring failures; at the Monitor’s discretion, the Accountability Review may also review certain other conduct described in the Statement of Facts, provided that such additional conduct is not covered by TD Bank’s completed investigations involving the Sze network and Customer Group A.

78

18. The Accountability Review will assess TD Bank’s internal review of the relevant conduct, including both fact-finding and conclusions, undertaken prior to the Monitor’s selection. The Monitor may reasonably rely on facts developed pursuant to such internal review. If the Monitor, in their discretion, determines that incremental fact-finding is appropriate, TD Bank shall cooperate with such incremental fact-finding in a manner consistent with its obligations to comply with the Monitor as set forth in Attachment A. The Monitor shall make corresponding recommendations, including consideration of: (i) for current TD Bank employees, potential disciplinary measures; (ii) for former TD Bank employees, recommendations regarding the Bank’s potential “clawback” of prior compensation from such employees; and (iii) the culture of compliance at the Bank, including the extent to which such culture of compliance contributed to employee involvement in the Bank’s BSA violations and related misconduct.

19. Within 120 days from the date of TD Bank’s retention of the Monitor, the Monitor will provide FinCEN with a report summarizing the proposed scope and methodology of the Accountability Review, including the extent to which the Monitor plans to undertake incremental fact-finding. The Monitor will deliver quarterly progress reports to FinCEN documenting the status of the Accountability Review.

20. Within 60 days from the end of its review, but no later than one year from the date of its engagement, the Monitor will submit to FinCEN a written report, including: (i) the Monitor’s recommendations and any decisions by the Bank as to whether to continue to retain in the future, directly or indirectly, any officer, employee, agent, consultant, contractor of TD Bank or any affiliate of TD Bank, or in any other capacity individuals who, based on the Accountability Review, participated in the conduct underlying this Consent Order, (ii) formal disciplinary action taken by TD Bank in connection with the conduct described, and (iii) the Monitor’s recommendations and any

79

actions taken by the Bank to strengthen its culture of compliance, including the prioritization, stature, and authority for AML/CFT compliance functions within the Bank, and the level of support for such functions from the Bank’s senior management. FinCEN reserves the right to take further action related to current or former TD Bank employees irrespective of their inclusion in the Accountability Review.

21. The Monitor shall, in addition to other duties described herein, oversee a Third-Party Data Governance Review.⁸⁹ The Data Governance Review will assess the Bank’s data governance framework (including implementing policies, procedures, and internal controls) applicable to information that the Bank uses or is otherwise required for use in its AML Program, including but not limited to information related to transaction monitoring for compliance with the Bank’s obligation to identify and report suspicious transactions and the Bank’s information sharing-related obligations under 31 C.F.R. § 1010.520–540.

22. The Data Governance Review will assess TD Bank’s data governance framework for accuracy, completeness, consistency, effectiveness, and timeliness of TD Bank’s AML data processing, including relative to TD Bank’s size, complexity, and risk profile. The Monitor shall review and make corresponding recommendations, including consideration of TD Bank’s: (i) governing bodies, fora, and other structures responsible for the design, implementation, and oversight of the relevant policies, procedures, and internal controls; (ii) identification and definition of relevant stakeholders and their corresponding roles and responsibilities, including the maintenance of Bank personnel with the requisite subject matter expertise applicable to the in-scope data populations; (iii) identification and flow of relevant data sources and associated systems; and (iv) controls and monitoring of the use of relevant data within its AML Program—both as currently designed and with respect to processes governing change- or issue-management—including quality control, assurance, and other error detection mechanisms.

80

23. Within 120 days from the date of TD Bank’s retention of the Monitor, the Monitor will provide FinCEN with a report summarizing the proposed scope and methodology of the Data Governance Review. The Monitor will deliver quarterly progress reports to FinCEN documenting the status of the Data Governance Review.

24. Within 60 days from the end of its review, but no later than one year from the date of its engagement, the Monitor will submit to FinCEN a written report setting forth the Monitor’s recommendations and completed remedial actions as well as commitments by TD Bank to revise the Bank’s data governance framework.

To resolve this matter and only for that purpose, TD Bank admits to the Statement of Facts and Violations set forth in this Consent Order to the extent described above and admits that it willfully violated the BSA and its implementing regulations. TD Bank consents to the use of the Statement of Facts, and any other findings, determinations, and conclusions of law set forth in this Consent Order in any other proceeding brought by or on behalf of FinCEN, or to which FinCEN is a party or claimant, and agrees they shall be taken as true and correct and be given preclusive effect without any further proof. TD Bank understands and agrees that in any administrative or judicial proceeding brought by or on behalf of FinCEN against it, including any proceeding to enforce the Civil Money Penalty imposed by this Consent Order or for any equitable remedies under the BSA, TD Bank shall be precluded from disputing any fact or contesting any determinations set forth in this Consent Order.

81

To resolve this matter, TD Bank agrees to and consents to the issuance of this Consent Order and all terms herein and agrees to make payment of $757 million to the U.S. Department of the Treasury within ten days of the Effective Date of this Consent Order. If timely payment is not made, TD Bank agrees that interest, penalties, and administrative costs will accrue.⁹⁰

TD Bank understands and agrees that it must treat the Civil Money Penalty paid under this Consent Order as a penalty paid to the government and may not claim, assert, or apply for a tax deduction, tax credit, or any other tax benefit for any payments made to satisfy the Civil Money Penalty. TD Bank understands and agrees that any acceptance by or on behalf of FinCEN of any partial payment of the Civil Money Penalty obligation will not be deemed a waiver of TD Bank’s obligation to make further payments pursuant to this Consent Order, or a waiver of FinCEN’s right to seek to compel payment of any amount assessed under the terms of this Consent Order, including any applicable interest, penalties, or other administrative costs.

TD Bank affirms that it agrees to and approves this Consent Order and all terms herein freely and voluntarily and that no offers, promises, or inducements of any nature whatsoever have been made by FinCEN or any employee, agent, or representative of FinCEN to induce TD Bank to agree to or approve this Consent Order, except as specified in this Consent Order.

TD Bank understands and agrees that this Consent Order implements and embodies the entire agreement between TD Bank and FinCEN, and its terms relate only to this enforcement matter and any related proceeding and the facts and determinations contained herein. TD Bank further understands and agrees that there are no express or implied promises, representations, or agreements between TD Bank and FinCEN other than those expressly set forth or referred to in this Consent Order and that nothing in this Consent Order is binding on any other law enforcement or regulatory agency or any other governmental authority, whether foreign, Federal, State, or local.

82

TD Bank understands and agrees that nothing in this Consent Order may be construed as allowing TD Bank, its subsidiaries, affiliates, Board, officers, employees, or agents to violate any law, rule, or regulation.

TD Bank consents to the continued jurisdiction of the courts of the United States over it and waives any defense based on lack of personal jurisdiction or improper venue in any action to enforce the terms and conditions of this Consent Order or for any other purpose relevant to this enforcement action. Solely in connection with an action filed by or on behalf of FinCEN to enforce this Consent Order or for any other purpose relevant to this action, TD Bank authorizes and agrees to accept all service of process and filings through the Notification procedures below and to waive formal service of process.

TD Bank shall fully cooperate with FinCEN in any and all matters within the scope of or related to the Statement of Facts, including any investigation of its current or former directors, officers, employees, agents, consultants, or any other party. TD Bank understands its cooperation pursuant to this paragraph shall include, but is not limited to, truthfully disclosing all factual information with respect to its activities, and those of its present and former directors, officers, employees, agents, and consultants. This obligation includes providing to FinCEN, upon request, any document, record, or other tangible evidence about which FinCEN may inquire of TD Bank. TD Bank’s cooperation pursuant to this paragraph is subject to applicable laws and regulations, as well as valid and properly documented claims of attorney-client privilege or the attorney work product doctrine.

83

Execution of this Consent Order and compliance with all of the terms of this Consent Order settles all claims FinCEN may have against TD Bank for the conduct described in this Consent Order during the Relevant Time Period. Execution of this Consent Order, and compliance with the terms of this Consent Order, does not release any claim FinCEN may have for conduct by TD Bank other than the conduct described in this Consent Order during the Relevant Time Period, or any claim FinCEN may have against any current or former director, officer, owner, or employee of TD Bank or any other individual or entity other than those named in this Consent Order. In addition, this Consent Order does not release any claim or provide any other protection in any investigation, enforcement action, penalty assessment, or injunction relating to any conduct after the Relevant Time Period as described in this Consent Order.

Nothing in this Consent Order shall preclude any proceedings brought by, or on behalf of, FinCEN to enforce the terms of this Consent Order, nor shall it constitute a waiver of any right, power, or authority of any other representative of the United States or agencies thereof, including but not limited to DOJ.

In consenting to and approving this Consent Order, TD Bank stipulates to the terms of this Consent Order and waives:

84

Determination of whether TD Bank has failed to comply with this Consent Order, or any portion thereof, and whether to pursue any further action or relief against TD Bank shall be in FinCEN’s sole discretion. If FinCEN determines, in its sole discretion, a failure to comply with this Consent Order, or any portion thereof, has occurred, or TD Bank made any misrepresentations to FinCEN or any other government agency related to the underlying enforcement matter, FinCEN may void any and all releases or waivers contained in this Consent Order; reinstitute administrative

85

proceedings; take any additional action it deems appropriate; and pursue any and all violations, maximum penalties, injunctive relief, or other relief FinCEN deems appropriate. FinCEN may take any such action even if it did not take such action against TD Bank in this Consent Order and notwithstanding the releases and waivers herein. In the event FinCEN takes such action under this paragraph, TD Bank expressly agrees to toll any applicable statute of limitations and to waive any defenses based on a statute of limitations or the passage of time applicable to the Statement of Facts in this Consent Order, until a date 180 days following TD Bank’s receipt of notice of FinCEN’s determination that a misrepresentation or breach of this agreement has occurred, except as to claims already time barred as of the Effective Date of this Consent Order.

In the event that FinCEN determines that TD Bank has made a misrepresentation or failed to comply with this Consent Order, or any portion thereof, all statements made by or on behalf of TD Bank to FinCEN, including the Statement of Facts, whether prior or subsequent to this Consent Order, will be admissible in evidence in any and all proceedings brought by or on behalf of FinCEN. TD Bank agrees that it will not assert any claim under the Constitution of the United States of America, Rule 408 of the Federal Rules of Evidence, or any other law or federal rule that any such statements should be suppressed or are otherwise inadmissible. Such statements shall be treated as binding admissions, and TD Bank agrees that it shall be precluded from disputing or contesting any such statements. FinCEN shall have sole discretion over the decision to impute conduct or statements of any director, officer, employee, agent, or any person or entity acting on behalf of, or at the direction of TD Bank in determining whether TD Bank has violated any provision of this Consent Order.

86

TD Bank agrees it shall not, nor shall its attorneys, agents, partners, directors, officers, employees, affiliates, or any other person authorized to speak on its behalf or within its authority or control, take any action or make any public statement, directly or indirectly, contradicting its admissions and acceptance of responsibility or any terms of this Consent Order, including any fact finding, determination, or conclusion of law in this Consent Order.

FinCEN shall have sole discretion to determine whether any action or statement made by TD Bank, or by any person under the authority, control, or speaking on behalf of TD Bank contradicts this Consent Order, and whether TD Bank has repudiated such statement.

In addition to any other record retention required under applicable law, TD Bank agrees to retain all documents and records required to be prepared or recorded under this Consent Order or otherwise necessary to demonstrate full compliance with each provision of this Consent Order, including supporting data and documentation. TD Bank agrees to retain these records for a period of 6 years after creation of the record, unless required to retain them for a longer period of time under applicable law.

TD Bank agrees that if a court of competent jurisdiction considers any of the provisions of this Consent Order unenforceable, such unenforceability does not render the entire Consent Order unenforceable. Rather, the entire Consent Order will be construed as if not containing the particular unenforceable provision(s), and the rights and obligations of FinCEN and TD Bank shall be construed and enforced accordingly.

TD Bank agrees that the provisions of this Consent Order are binding on its owners, officers, employees, agents, representatives, affiliates, successors, assigns, and transferees to whom TD Bank agrees to provide a copy of the executed Consent Order. Should TD Bank seek to sell, merge, transfer, or assign its operations, or any portion thereof, that are the subject of this Consent Order, TD Bank must, as a condition of sale, merger, transfer, or assignment obtain the written agreement of the buyer, merging entity, transferee, or assignee to comply with this Consent Order.

87

This Consent Order can only be modified with the express written consent of FinCEN and TD Bank. The headings in this Consent Order are inserted for convenience only and are not intended to affect the meaning or interpretation of this Consent Order or its individual terms.

TD Bank’s representative, by consenting to and approving this Consent Order, hereby represents and warrants that the representative has full power and authority to consent to and approve this Consent Order for and on behalf of TD Bank and further represents and warrants that TD Bank agrees to be bound by the terms and conditions of this Consent Order.

Unless otherwise specified herein, whenever notifications, submissions, or communications are required by this Consent Order, they shall be made in writing and sent via first-class mail and simultaneous email, addressed as follows:

To FinCEN:

Associate Director, Enforcement and Compliance Division

Financial Crimes Enforcement Network

P.O. Box 39, Vienna, Virginia 22183

To TD Bank, N.A. and TD Bank USA, N.A.:

General Counsel

TD Bank

1 Vanderbilt Avenue, 14^th Floor, New York, New York 10017

Notices submitted pursuant to this paragraph will be deemed effective upon receipt unless otherwise provided in this Consent Order or approved by FinCEN in writing.

88

This Consent Order may be signed in counterpart and electronically. Each counterpart, when executed and delivered, shall be an original, and all of the counterparts together shall constitute one and the same fully executed instrument.

This Consent Order shall be effective upon the date signed by FinCEN. Calculation of deadlines and other time limitations set forth herein shall run from the effective date (excluding the effective date in the calculation) and be based on calendar days, unless otherwise noted, including intermediate Saturdays, Sundays, and legal holidays.

By Order of the Director of the Financial Crimes Enforcement Network.

Consented to and Approved By:

89

ATTACHMENT A

INDEPENDENT COMPLIANCE MONITOR

The duties and authority of the Monitor, and the obligations of TD Bank, on behalf of itself, its subsidiaries, and its affiliates, with respect to the Monitor and FinCEN, are as described below:

1. TD Bank shall retain the Monitor for a period of four years (the Term of the Monitorship), unless the early termination or extension provisions of Paragraph 4 of Section VII.A of the Consent Order is triggered.

Monitor’s Mandate

2. The Monitor’s primary responsibility is, in the manner set forth below, to: (i) assess and monitor TD Bank’s compliance with the terms of the Consent Order, including completion of the Undertakings set forth in Section VI, so as to specifically address and reduce the risk of any recurrence of TD Bank’s misconduct; (ii) evaluate the effectiveness of TD Bank’s compliance with the BSA and implementing regulations; and (iii) assess and monitor senior management’s commitment to and effective implementation of TD Bank’s AML compliance program (collectively, the Mandate).

TD Bank’s Obligations

3. TD Bank shall cooperate fully with the Monitor, and the Monitor shall have the authority to take such steps as, in their view, may be reasonably necessary to be fully informed about TD Bank’s AML compliance program in accordance with the terms of the Consent Order and the animating principles thereof, subject to applicable law, including applicable data protection and labor laws and regulations. To that end, TD Bank shall: facilitate the Monitor’s access to TD Bank’s documents and resources; not limit such access, except as provided in

90

Paragraphs 4–5; and provide guidance on applicable local law (such as relevant data protection and labor laws). TD Bank shall provide the Monitor with access to all information, documents, records, facilities, and employees, as requested by the Monitor, that fall within the scope of the Mandate of the Monitor under the Consent Order and this Attachment A. TD Bank shall use its best efforts to provide the Monitor with access to TD Bank’s former employees and its third-party vendors, agents, consultants, contractors, and subcontractors.

Withholding Access

4. The parties agree that no attorney-client relationship shall be formed between TD Bank and the Monitor. In the event that TD Bank seeks to withhold from the Monitor access to information, documents, records, facilities, or current or former employees of TD Bank that may be subject to a claim of attorney-client privilege or to the attorney work-product doctrine, or where TD Bank reasonably believes production would otherwise be inconsistent with applicable law or regulation, TD Bank shall work cooperatively with the Monitor to resolve the matter to the satisfaction of the Monitor.

5. If the matter cannot be resolved, at the request of the Monitor, TD Bank shall promptly provide written notice to the Monitor and FinCEN. Such notice shall include a general description of the nature of the information, documents, records, facilities, or current or former employees that are being withheld, as well as the legal basis for withholding access. FinCEN reserves the right to seek to compel access to such information, documents, records, facilities, or employees.

91

Monitor’s Coordination with TD Bank and Review Methodology

6. In carrying out the Mandate, to the extent appropriate under the circumstances, the Monitor should coordinate with TD Bank’s personnel, including in-house counsel, compliance personnel, internal auditors, and the SAR Lookback and AML Program Consultants engaged to complete the SAR Lookback and AML Program Reviews set forth in Sections VI.B and VI.C, respectively, of the Consent Order on an ongoing basis. In carrying out the Mandate, the Monitor shall propose the selection of the AML Program Consultant and review the Bank’s engagement of the SAR Lookback Consultant, and maintain the right to veto the engagement of a proposed independent consultant that the Monitor deems unsuitable to complete the SAR Lookback and AML Program Reviews.⁹¹ The Monitor may rely on the product of TD Bank’s processes, including but not limited to studies, reviews, sampling and testing methodologies, audits, and analyses conducted by or on behalf of TD Bank, as well as TD Bank’s internal resources (e.g., legal, compliance, and internal audit), which can assist the Monitor in carrying out the Mandate, provided that the Monitor has confidence in the quality of those resources. In this regard, the Monitor may consider the SAR Lookback and AML Program Reviews, as well as any other independent consultants that TD Bank voluntarily engages to assist in its compliance with the BSA.

7. Subject to the specific requirements set forth in Sections VI.B and VI.C of the Consent Order to oversee the SAR Lookback and AML Program Reviews, the Monitor’s reviews should use a risk-based approach, and thus, the Monitor is not expected to conduct a comprehensive review of all business lines, all business activities, or all markets. In carrying out the Mandate, the Monitor should consider, for instance, risks presented by: (i) the particular markets in which TD Bank offers its products and services, including the locations of TD Bank’s customers; (ii) the types of products and services that TD Bank offers its customers; (iii) the status

92

and strength of TD Bank’s controls to identify and report suspicious transactions; (iv) the customer identification and verification policies applied to TD Bank’s customers; (v) the number, type, and frequency of alerts that have been triggered by types or groups of customers and how TD Bank has handled those alerts; (vi) the sufficiency of the AML-related personnel and resources within the compliance function; and (vii) the status and strength of TD Bank’s geofencing controls, including to identify TD Bank customers effecting transactions in high-risk jurisdictions.

8. In undertaking the reviews described below to carry out the Mandate, the Monitor shall formulate conclusions based on, among other things: (a) inspection of relevant documents, including TD Bank’s current policies and procedures; (b) on-site observation of selected systems and procedures of TD Bank at sample sites, including transaction monitoring, record-keeping, and internal audit procedures; (c) meetings with and interviews of relevant current and, where appropriate, former directors, officers, employees, business partners, agents, and other persons at mutually convenient times and places; and (d) the SAR Lookback and AML Program Reviews.

Monitor’s Written Work Plans

9. To carry out the Mandate, during the Term of the Monitorship, the Monitor shall conduct an initial scoping review (First Review) and prepare a first report (First Report), followed by at least four follow-up reviews and reports as described in Paragraphs 12–17 below. With respect to the First Report, after consultation with TD Bank and FinCEN, the Monitor shall prepare the first written work plan within 60 days of being retained, and TD Bank and FinCEN shall provide comments within 30 days of receipt of the written work plan. The first written work plan must describe the proposed parameters, high-level timelines, and key dependencies associated with the SAR Lookback and AML Program Reviews, including the scope of such undertakings and the Monitor’s proposed oversight of the SAR Lookback and AML Program Consultants. With

93

respect to each follow-up report, after consultation with TD Bank and FinCEN, the Monitor shall prepare a written work plan at least 30 days prior to commencing a review, and TD Bank and FinCEN shall provide comments within 20 days after receipt of the written work plan. Any disputes between TD Bank and the Monitor with respect to any written work plan shall be decided by FinCEN in its exclusive discretion.

10. All written work plans shall identify with reasonable specificity the activities the Monitor plans to undertake in execution of the Mandate, including a written request for documents, as applicable. The Monitor’s work plan for the first review shall include such steps as are reasonably necessary to conduct an effective first review in accordance with the Mandate, including by: (i) developing an understanding, to the extent the Monitor deems appropriate, of the facts and circumstances surrounding any violations of the BSA that occurred before the date of the Consent Order; and (ii) using that understanding to recommend changes to the scope of the SAR Lookback and AML Program Reviews. In developing an understanding of TD Bank’s historical violations of the BSA, the Monitor is to rely, to the extent possible, on available information and documents provided by TD Bank. The Monitor need not conduct its own inquiry into the historical events that gave rise to the Consent Order except as otherwise necessary to fulfill the Mandate.

First Review

11. The First Review shall commence no later than 90 days from the date of the engagement of the Monitor (unless otherwise agreed by FinCEN). The Monitor shall issue a written report (First Report) within 90 days of commencing the first review, setting forth: (i) the scope of the AML Program and SAR Lookback Reviews, including applicable requirements set forth in Sections VI.B and VI.C of the Consent Order; and (ii) any other work designed to enhance

94

TD Bank’s program for ensuring compliance with the BSA. The Monitor should consult with TD Bank concerning the Monitor’s findings and recommendations on an ongoing basis and should consider TD Bank’s comments and input to the extent the Monitor deems appropriate. The Monitor may also choose to share a draft of their reports with TD Bank prior to finalizing them. The Monitor’s reports need not recite or describe comprehensively TD Bank’s history or compliance policies, procedures, and practices, but rather may focus on those areas with respect to which the Monitor wishes to make recommendations, if any, for improvement or which the Monitor otherwise concludes merit particular attention. The Monitor shall provide its reports to TD Bank senior management and contemporaneously transmit copies to:

Associate Director, Enforcement and Compliance Division

Financial Crimes Enforcement Network

P.O. Box 39, Vienna, Virginia 22183

Examiner-in-Charge

Comptroller of the Currency

3000 Atrium Way, Suite 400B, Mount Laurel, New Jersey 08054

Deputy Associate General Counsel

Board of Governors of the Federal Reserve System

20^th & C Streets, N.W., Washington, D.C. 20551

Senior Vice President and General Counsel

Senior Vice President and Lending Officer

Federal Reserve Bank of Philadelphia

10 Independence Mall, Philadelphia, Pennsylvania 19106

After consultation with TD Bank, the Monitor may extend the time period for issuance of the first report for a brief period of time with prior written approval of FinCEN.

95

Follow-Up Reviews

12. A follow-up, implementation plan review (Second Review) shall commence no later than 90 days after the AML Program Consultant has made its recommendations to TD Bank (unless otherwise agreed by FinCEN). The Monitor shall issue a written second report (Second 95 Report) within 60 days of commencing the Second Review, setting forth the Monitor’s assessment and, if necessary, making recommendations in the same fashion as set forth in Paragraph 11, with respect to TD Bank’s plan to execute the Implementation Plan. After consultation with TD Bank, the Monitor may extend the time period for issuance of the Second Report for a brief period of time with prior written approval of FinCEN.

13. Within 60 days after receiving the Monitor’s Second Report, TD Bank shall finalize its plan to implement within 180 days all recommendations in the report, unless, within 30 days after receiving the report, TD Bank notifies in writing the Monitor and FinCEN concerning any recommendations that TD Bank considers unduly burdensome, inconsistent with applicable law or regulation, impractical, excessively expensive, or otherwise inadvisable. With respect to any such recommendation, TD Bank need not incorporate that recommendation into the plan to implement all recommendations but shall propose in writing to the Monitor and FinCEN an alternative policy, procedure, or system designed to achieve the same objective or purpose. As to any recommendation on which TD Bank and the Monitor do not agree, such parties shall attempt in good faith to reach an agreement within 30 days after TD Bank serves the written notice.

14. In the event TD Bank and the Monitor are unable to agree on an acceptable alternative proposal, TD Bank shall promptly consult with FinCEN. FinCEN, after consultation with DOJ, OCC, and Federal Reserve as appropriate, may consider the Monitor’s recommendation and TD Bank’s reasons for not adopting the recommendation in determining whether TD Bank has fully complied with its obligations under the Consent Order. Pending such determination, TD Bank shall not be required to implement any contested recommendation(s).

96

15. The Monitor shall undertake a follow-up, validation review (Third Review) no later than 60 days after the date by which all SARs have been filed as required by the SAR Lookback Review. The Monitor shall issue a third report within 180 days of commencing the review, which shall focus on: (i) validating the work that TD Bank undertook to satisfy all recommendations resulting from the AML Program and SAR Lookback Reviews; and (ii) remediating any new issues that the Monitor identifies during the course of the Third Review, including, but not limited to, the required elements of the Consent Order. The recommendations of the Third Report shall follow the same procedures described in Paragraphs 13–14.

16. Following the Third Review, the Monitor shall complete a final, certification review (Fourth Review) to determine whether the Monitor is able to certify that TD Bank’s AML program, including its policies and procedures and internal controls, is reasonably designed and implemented to prevent and detect violations of the BSA. The Fourth Review and resulting report, including, if applicable, the accompanying certification, shall be completed and delivered consistent with the requirements set forth in Paragraph 11 no later than 30 days before the end of the Term.

Monitor’s Discovery of Potential or Actual Misconduct

17. Except as set forth below in paragraphs (18), (19), and (20), should the Monitor discover during the course of their engagement that any director, officer, employee, agent, third-party vendor, or consultant of TD Bank may have engaged in unlawful activity in violation of the BSA (Potential Misconduct), the Monitor shall immediately report the Potential Misconduct to TD Bank’s BSA Officer for further action, unless the Potential Misconduct was already so disclosed. The Monitor also may report Potential Misconduct to FinCEN at any time and shall report Potential Misconduct to FinCEN upon request.

97

18. In some instances, the Monitor should immediately report Potential Misconduct directly to FinCEN and not to TD Bank. The presence of any of the following factors militates in favor of reporting Potential Misconduct directly to FinCEN and not to TD Bank, namely, where the Potential Misconduct: (i) poses a risk to public health, safety, or the environment; (ii) involves senior management of TD Bank; (iii) involves obstruction of justice; or (iv) otherwise poses a substantial risk of harm.

19. If the Monitor believes that any Potential Misconduct has occurred or may constitute a criminal or civil violation (Actual Misconduct), the Monitor shall immediately report Actual Misconduct to FinCEN. When the Monitor discovers Actual Misconduct, the Monitor shall disclose the Actual Misconduct directly to FinCEN, and, in such cases, disclosure of the Actual Misconduct to the BSA Officer of TD Bank should occur as FinCEN and the Monitor deem appropriate under the circumstances.

20. The Monitor shall address in their reports the appropriateness of TD Bank’s response to disclosed Potential Misconduct or Actual Misconduct, whether previously disclosed to FinCEN or not. Further, if TD Bank or any entity or person working directly or indirectly for or on behalf of TD Bank withholds information necessary for the performance of the Monitor’s responsibilities and the Monitor believes that such withholding is without just cause, the Monitor shall also immediately disclose that fact to FinCEN and address TD Bank’s failure to disclose the necessary information in their reports.

21. Neither TD Bank nor anyone acting on its behalf shall take any action to retaliate against the Monitor for any such disclosures or for any other reason.

Meetings During Term of Monitorship

22. The Monitor shall meet with FinCEN within 30 days after providing each report to FinCEN to discuss the report, to be followed by a meeting between FinCEN, the Monitor, and TD Bank. DOJ, OCC and the Federal Reserve may choose to attend such meetings but will not be required to do so.

98

23. At least annually, and more frequently if appropriate, representatives from TD Bank and FinCEN will meet together to discuss the monitorship and any suggestions, comments, or improvements TD Bank may wish to discuss with or propose to FinCEN, including with respect to the scope or costs of the monitorship. DOJ, OCC, and the Federal Reserve may choose to attend such meetings but will not be required to do so.

Contemplated Confidentiality of Monitor’s Reports

24. The reports will likely include proprietary, financial, confidential, and competitive business information. Moreover, public disclosure of the reports could discourage cooperation or impede pending or potential government investigations and thus undermine the objectives of the monitorship. For these reasons, among others, the reports and the contents thereof are intended:

(i) to be made available to only FinCEN, DOJ, OCC, and Federal Reserve, and (ii) to remain non-public, except as otherwise agreed to by the parties in writing, or except to the extent that FinCEN determines in its exclusive discretion that disclosure would be in furtherance of FinCEN’s discharge of duties and responsibilities, or is otherwise required by law.

99

Exhibit 99.5

October 10, 2024                   

Loretta E. Lynch, Esq.

Paul, Weiss, Rifkind, Wharton & Garrison LLP

1285 Avenue of the Americas

New York, NY 10019

Nicolas Bourtin, Esq.

Aisling O’Shea, Esq.

Sullivan & Cromwell LLP

125 Broad Street

New York, New York 10004

PLEA AGREEMENT

Pursuant to Rule 11(c)(l)(C) of the Federal Rules of Criminal Procedure, the United States of America, by and through the Department of Justice, Criminal Division, Money Laundering and Asset Recovery Section (“MLARS”), and the United States Attorney’s Office for the District of New Jersey (“the USAO-DNJ”) (collectively the “Offices”), and the Defendant, TD BANK, N.A. (the “Defendant,” “TDBNA,” or the “Bank”), by and through its undersigned attorneys, and through its authorized representative, pursuant to authority granted by the Defendant’s Board of Directors, hereby submit and enter into this plea agreement (the “Agreement”). The Toronto-Dominion Bank (“TD Bank Group”), the Defendant’s global parent company, and TD Group US Holdings LLC (“TDGUS”), the intermediate holding company and U.S. parent, which are not defendants in this matter, also agree, pursuant

1

to the authority granted by their Boards of Directors, to certain terms and obligations of the Agreement as described below. TD Bank U.S. Holding Company (“TDBUSH”), the Defendant’s direct parent, is concurrently entering a guilty plea pursuant to authority granted by its Board of Directors. The Defendant, its parents, and all TD Bank Group’s subsidiaries, affiliates, and operations are collectively referred to as “TD “ or the Group. The terms and conditions of this Agreement are as follows:

Term of the Defendant’s Obligations Under the Agreement

1. Except as otherwise provided in Paragraph 10 below regarding the Defendant’s cooperation obligations, the Defendant’s obligations under the Agreement shall last and be effective for a period beginning on the date on which the Information is filed and ending five years from the later of the date on which the Information is filed or the independent compliance monitor is retained by Defendant (the “Term”).

The Defendant’s Agreement

2. Pursuant to Federal Rule of Criminal Procedure 11(c)(1)(C), the Defendant agrees to waive its right to grand jury indictment and to plead guilty to a one-count criminal Information charging the Defendant with conspiring to: (1) fail to maintain an adequate anti-money laundering (“AML”) program, contrary to Title 31, United States Code, Sections 5318(h) and 5322, (2) fail to file accurate Currency Transaction Reports (“CTRs”), contrary to Title 31, United States Code, Sections 5313 and 5324, and (3) launder monetary instruments, contrary to Title 18, United States Code, Section 1956(a)(2)(B)(i), in violation of Title 18, United States Code, Section 371. The Defendant further agrees to persist in that plea through sentencing and, as set forth below, to cooperate fully with the Offices in their investigation into the conduct described in this Agreement and the Statement of Facts attached hereto as Attachment A (“Statement of Facts”).

2

3. The Defendant understands that to be guilty of this offense, the following essential elements of the offense must be satisfied:

3

4

4. The Defendant understands and agrees that this Agreement is between the Offices and the Defendant and does not bind any other division or section of the Department of Justice or any other federal, state, local, or foreign prosecuting, administrative, or regulatory authority. Nevertheless, the Offices will bring this Agreement and the nature and quality of the conduct, cooperation, and remediation of the Defendant, its direct or indirect affiliates, subsidiaries, branches, and joint ventures, to the attention of other prosecuting, law enforcement, regulatory, and debarment authorities, if requested by the Defendant.

5. The Defendant agrees that this Agreement will be executed by an authorized corporate representative. The Defendant further agrees that a resolution duly adopted by the Defendant’s Board of Directors in the form attached to this Agreement as Attachment B (“Certificate of Corporate Resolutions”) authorizes the Defendant to enter into this Agreement and take all necessary steps to effectuate this Agreement on behalf of the Defendant, and that the signatures on this Agreement by the Defendant and its counsel are authorized by the Defendant’s Board of Directors.

6. The Defendant agrees that it has the full legal right, power, and authority to enter into and perform all of its obligations under this Agreement.

5

7. The Offices enter into this Agreement based on the individual facts and circumstances presented by this case, including:

a. The nature and seriousness of the offense conduct, as described in the Statement of Facts, including: (a) the Defendant’s pervasive and systemic failure to maintain an adequate AML compliance program, including its failure to substantively update its transaction monitoring program from at least 2014 to 2022, its failure to monitor trillions of dollars of transactions from at least 2014 to 2024, and its failure to implement an appropriate AML compliance training program and adequately address insider risk, all of which resulted in Bank customers, sometimes aided by five Bank insiders, laundering approximately $671 million through accounts maintained by the Defendant and created vulnerabilities that allowed the Defendant’s employees to open and maintain accounts for money laundering networks that moved $39 million in proceeds through the Defendant; (b) the Defendant’s filing of 564 materially inaccurate CTRs, involving more than $412 million in currency transactions, which omitted the identity of an individual that the Defendant knew conducted the transactions and thereby impeded law enforcement; and (c) the Defendant’s conspiracy to commit money laundering, which involved five Bank employees opening accounts and conducting other account-related activities in exchange for payments that facilitated the laundering of over $39 million in criminal proceeds from the United States to Colombia;

b. The pervasiveness of the offense, which involved the Defendant’s prioritization of growth and the customer experience over compliance; implementation of a flat-cost year-over-year spending paradigm, including in its AML program, despite changing and growing AML risks; and the involvement of employees at all levels of the Defendant, ranging from store-level employees who accepted payments to open or maintain accounts involved in money laundering to senior executive management, including AML leadership, who understood the Defendant’s failure to adapt its AML program to address evolving risks and the impact of the flat-cost spending paradigm for the AML program, and repeatedly failed to update and remediate the AML program, despite the Bank’s consistent growth and expansion of its business in the United States;

6

c. The Defendant did not receive credit for voluntary self-disclosure pursuant to the Criminal Division Corporate Enforcement and Voluntary Self-Disclosure Policy (“Criminal Division CEP”) or pursuant to the United States Sentencing Guidelines (“U.S.S.G.” or “Sentencing Guidelines”) § 8C2.5(g)(1) because it did not voluntarily and timely disclose to the Offices the conduct described in the Statement of Facts;

d. The Defendant received credit pursuant to U.S.S.G. § 8C2.5(g)(3) because it demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct. The Defendant also received cooperation credit pursuant to the Criminal Division CEP because, after becoming aware of the Offices’ investigation, TD Bank cooperated with the investigation by, among other things: reviewing voluminous evidence produced in response to subpoenas, informal requests, and, in some cases, voluntarily identifying key information related to AML failures, money laundering, and insider activity, including information about the individuals involved in the conduct described in the Statement of Facts, which allowed the government to preserve and obtain relevant evidence; making regular and detailed factual presentations to the Offices; working with the Offices and the Bank’s regulators to ensure the production of relevant documents to the Offices; making numerous witnesses available for interviews, including witnesses located outside of the United States, and deconflicting with the Offices concerning interviews; providing relevant information related to its internal investigation, including summaries of information received from internal interviews; identifying numerous incidents of potentially suspicious activity; reviewing hundreds of hours of Bank surveillance video and identifying portions of interest to the Offices; providing detailed analyses prepared by external consultants concerning money laundering through accounts at the Defendant and the involvement of Bank employees in that conduct; and taking steps to swiftly preserve and produce records and information related to employees involved in misconduct, including by securing their worksites

7

to prevent the destruction of evidence. However, the Defendant’s cooperation was limited in some respects, including: failing to inform the Offices of concerns expressed to the Defendant, during the course of its internal investigation, by a third-party financial services company concerning the Colombian money laundering activity and failing to identify to the Offices a well-known and significant transaction monitoring gap that, since at least 2008, allowed the Defendant to process trillions of dollars of Automated Clearing House (“ACH”) and other types of transactions per year without monitoring or reporting. Additionally, the Defendant rejected requests by the government to voluntarily keep certain accounts open related to two of the three money laundering networks identified in the Statement of Facts. Therefore, the Offices determined that a discount of 20 percent of the sentence of a fine was appropriate pursuant to the Criminal Division CEP;

e. The Offices evaluated potential collateral consequences to innocent third parties, including the Defendant’s employees, investors, and customers, most of whom played no role in the criminal conduct, see Principles of Federal Prosecution of Business Organizations, Justice Manual § 9-28.1100, as well as the remedial measures the Defendant has taken, its stated commitment to enhance its AML compliance program, and its agreement to retain an independent compliance monitor, each of which is addressed in greater detail below;

f. The Defendant has engaged and will continue to engage in significant remedial measures, which are not yet complete or fully tested, including: (i) implementing new transaction monitoring scenarios to address longstanding, known gaps in its transaction monitoring system; (ii) enhancing policies and procedures related to the identification of parties involved in conducting transactions, the collection of the conductors’ identifying information, and reporting of conductors in CTRs; (iii) terminating, separating, and/or sanctioning certain employees, including AML executives, involved in the conduct; and (iv) improving the overall AML compliance function and increasing its investments in its program, including by hiring competent and experienced AML compliance employees and executives and making significant investments in technology and AML systems;

8

g. The Defendant had an inadequate AML compliance program, including its policies, procedures, and controls related to transaction monitoring, identification of suspicious activity, insider risk, and employee training (collectively, the “AML Compliance Program”) during the period of the conduct described in the Statement of Facts; the Defendant has begun to enhance and committed to continue enhancing its AML Compliance Program, including, among other things, ensuring that its AML Compliance Program satisfies the minimum elements set forth in Attachment C to this Agreement;

h. The Defendant has agreed to retain an independent compliance monitor (the “Monitor”) for a period of three years (the “Term of the Monitorship”) to oversee the Defendant’s compliance remediation and enhancement and has agreed to comply with the monitorship requirements, as further described in Attachment D to this Agreement. The Offices may extend the Term of the Monitorship through the Term of the Agreement in their sole discretion. The Offices may also extend the Term of the Monitorship in the event of a breach of the Agreement;

i. The Defendant has no prior criminal history, but it was subject to regulatory enforcement actions by the Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and the Office of the Comptroller of the Currency (“OCC”) in September 2013 related to the Defendant’s insufficient AML controls, some of which relate to the conduct described in the Statement of Facts, as well as civil resolutions with the U.S. Securities and Exchange Commission in 2013 for unrelated conduct;

9

j. The Defendant has agreed to cooperate with the Offices in any investigation or prosecution as described in Paragraph 10 below;

k. The Defendant’s parent company, TDBUSH, has also agreed to plead guilty and pay a criminal penalty of $1,434,013,478.40;

l. The Defendant’s global parent company, TD Bank Group, and U.S. parent company, TDGUS, have agreed to ensure that the Group cooperates with the Offices in any investigation or prosecution as described in Paragraph 10 below that the Defendant and TDBUSH meet their disclosure and compliance obligations under the Agreements, including Attachment C, by certifying to such in Attachments E and F to this Agreement and executing Attachment G to this Agreement;

m. Various components of the Group, including the Bank and TDBUSH, have agreed to enter into concurrent resolutions with the OCC, the Federal Reserve Board of Governors (the “FRB”), and FinCEN relating to certain conduct described in the Statement of Facts; and

n. Accordingly, based on consideration of (a) through (m) above, the Offices believe that a guilty plea to Count One of the Information, a criminal fine of $500,000, and forfeiture of $452,432,302 are sufficient but not greater than necessary to achieve the purposes described in 18 U.S.C. § 3553.

8. The Defendant agrees to abide by all terms and obligations of this Agreement as described herein, including, but not limited to, the following:

10

c. to appear, through its duly appointed representatives, as ordered for all court appearances, and obey any other ongoing court order in this matter, consistent with all applicable U.S. and foreign laws, procedures, and regulations;

d. to commit no further crimes;

e. to be truthful at all times with the Court;

f. to pay the applicable fine and special assessment;

g. to consent to and to pay the applicable forfeiture amount;

h. to cooperate fully with the Offices as described in Paragraph 10;

i. to remediate and enhance its AML Compliance Program, as described in Paragraphs 24 and 25 and Attachment C; and

j. to retain an independent compliance Monitor to oversee implementation of the Defendant’s compliance remediation and enhancement as described in Attachment D.

9. Except as may otherwise be agreed by the parties in connection with a particular transaction, the Defendant agrees that in the event that, during the Term, the Defendant undertakes any change in corporate form, including if it sells, merges, or transfers business operations that are material to the Defendant’s consolidated operations, or to the operations of any subsidiaries, branches, or affiliates involved in the conduct described in the Statement of Facts, as they exist as of the date of this Agreement, whether such transaction is structured as a sale, asset sale, merger, transfer, or other change in corporate form, it shall include in any contract for sale, merger, transfer, or other change in corporate form a provision binding the purchaser, or any successor in interest thereto, to the obligations described in this Agreement. Prior to such transaction, the purchaser or successor in interest must agree in writing that the terms and obligations of this Agreement are applicable in full force to the purchaser or successor in interest. The Defendant agrees that

11

the failure to include these provisions in the transaction contract will make any such transaction null and void. The Defendant shall provide notice to the Offices at least thirty days prior to undertaking any such sale, merger, transfer, or other change in corporate form. The Offices shall notify the Defendant prior to such transaction (or series of transactions) if they determine that the transaction(s) will have the effect of circumventing or frustrating the purposes of this Agreement, as determined in the sole discretion of the Offices; the Defendant agrees that such transaction(s) will not be consummated. In addition, if at any time during the Term, the Offices determine in their sole discretion that the Defendant has engaged in a transaction(s) that has the effect of circumventing or frustrating the purposes of this Agreement, the Offices may deem it a breach of this Agreement pursuant to Paragraphs 31-34. Nothing herein shall restrict the Defendant from indemnifying (or otherwise holding harmless) the purchaser or successor in interest for penalties or other costs arising from any conduct that may have occurred prior to the date of the transaction, so long as such indemnification does not have the effect of circumventing or frustrating the purposes of this Agreement, as determined by the Offices.

10. The Group shall continue to cooperate fully with the Offices in any and all matters relating to the conduct, individuals, and entities described in this Agreement and the Statement of Facts as well as any other conduct, individuals, and entities under investigation by MLARS or the USAO-DNJ at any time during the Term, until the later of the date upon which all investigations and prosecutions arising out of such conduct are concluded, or the end of the Term. At the request of the Offices, the Group shall also cooperate fully with any other component of the Department of Justice and other domestic or foreign law enforcement and regulatory authorities and agencies in any investigation of the Defendant, its parents, subsidiaries, or its affiliates, or any of its present or former officers, directors, employees, agents, and consultants, or any other party, in any and all matters relating to the

12

conduct described in this Agreement and the Statement of Facts and other conduct at any time during the Term. The Defendant’s cooperation pursuant to this Agreement is subject to applicable law and regulations, including bank secrecy, data privacy and national security laws, as well as valid claims of attorney-client privilege or attorney work product doctrine; however, the Defendant must provide to the Offices a log of any information or cooperation that is not provided based on an assertion of law, regulation, or privilege, and the Defendant bears the burden of establishing the validity of any such assertion. The Defendant agrees that its cooperation pursuant to this Agreement shall include, but not be limited to, the following:

a. The Defendant represents that it has truthfully disclosed all factual information with respect to its activities, those of its parents, subsidiaries, and affiliates, and those of its present and former directors, officers, employees, agents, and consultants relating to the conduct described in this Agreement and the Statement of Facts, as well as any other conduct under investigation by the Offices at any time about which the Defendant has any knowledge. The Group further agrees that it shall timely and truthfully disclose all information with respect to its activities, those of its parents, subsidiaries, and affiliates, and those of its present and former directors, officers, employees, agents, and consultants, including any evidence, allegations, and internal or external investigations about which the Offices may inquire. This obligation of truthful disclosure includes, but is not limited to, the obligation of the Group to provide to the Offices, upon request, any document, record, or other tangible evidence about which the Offices may inquire, including evidence that is responsive to any requests made prior to the execution of this Agreement.

b. Upon request of the Offices, the Group shall designate knowledgeable employees, directors, officers, agents, consultants, or attorneys to provide to the Offices the information and materials described in Paragraph 10 above on behalf of the Group. It is further understood that the Group must at all times provide complete, truthful, and accurate information.

13

c. The Group shall use its best efforts to make available for interviews or testimony, as requested by the Offices, present and former officers, directors, employees, agents, and consultants of the Defendant. This obligation includes, but is not limited to, sworn testimony before a federal grand jury or in federal trials, as well as interviews with domestic or foreign law enforcement and regulatory authorities. Cooperation under this Paragraph shall include identification of witnesses who, to the knowledge of the Group, may have material information regarding the matters under investigation.

d. With respect to any information, testimony, documents, records, or other tangible evidence provided to the Offices pursuant to this Agreement, the Group consents to any and all disclosures, subject to applicable law and regulations, by the Offices to other governmental authorities including United States authorities and those of a foreign government of such materials as the Offices, in their sole discretion, shall deem appropriate.

11. In addition to the cooperation obligations provided for in Paragraph 10 of the Agreement, during the Term, should the Defendant learn of any evidence or allegation of conduct by the Defendant, its affiliates, or their employees that may constitute a violation of federal criminal law, the Defendant shall promptly report such evidence or allegation to the Offices in a manner and form consistent with local law. Thirty days prior to the expiration of the Term, the Defendant, TDBUSH, TDGUS, and the Group, by the executives identified in Attachment E to this Agreement, will certify to the Offices, in the form of executing Attachment E to this Agreement, that the Defendant and its parents and affiliates have met their disclosure obligations pursuant to this Paragraph. Each certification will be deemed a material statement and representation by the Defendant to the executive branch of the United States for purposes of 18 U.S.C. §§ 1001 and 1519, and it will be deemed to have been made in the judicial district in which this Agreement is filed.

14

12. The Defendant agrees that any fine, forfeiture, or restitution imposed by the Court will be due and payable as specified in Paragraph 21 below, and that any forfeiture or restitution imposed by the Court will be due and payable in accordance with the Court’s order. The Defendant further agrees to pay the mandatory special assessment of $400 within ten business days from the date of sentencing.

The United States’ Agreement

13. In exchange for the guilty plea of the Defendant and the complete fulfillment of all its obligations under this Agreement, the Offices agree they will not file additional criminal charges against the Defendant or any of its direct or indirect affiliates, parent companies, subsidiaries, or joint ventures relating to the conduct described in the Statement of Facts, the Information filed pursuant to this Agreement. The Offices, however, may use any information related to the conduct described in the Statement of Facts against the Defendant: (a) in a prosecution for perjury or obstruction of justice; (b) in a prosecution for making a false statement; (c) in a prosecution or other proceeding relating to any crime of violence or terrorism-related offense; or (d) in a prosecution or other proceeding relating to a violation of any provision of Title 26 of the United States Code. This Agreement does not provide any protection against prosecution for any future conduct by the Defendant or any of its direct or indirect affiliates, parent companies, subsidiaries, joint ventures, officers, directors, employees, agents, or consultants, whether or not disclosed by the Defendant pursuant to the terms of this Agreement. This Agreement does not provide any protection against prosecution of any individuals, regardless of their affiliation with the Defendant. The Defendant agrees that nothing in this Agreement is intended to release the Defendant from any and all of the Defendant’s tax liabilities and reporting obligations for any and all income not properly reported and/or legally or illegally obtained or derived.

15

Factual Basis

14. The Defendant is pleading guilty because it is guilty of the charge contained in the Information. Certain of the facts are based on information obtained from third parties by the United States through its investigation and described to the Defendant. The Defendant has reviewed and verified the factual allegations. The Defendant admits, agrees, and stipulates that the factual allegations set forth in the Information and the Statement of Facts are true, accurate, and correct, that it is responsible for the acts of its officers, directors, employees, and agents described in the Information and Statement of Facts, and that the Information and Statement of Facts accurately reflect the Defendant’s criminal conduct. The Defendant stipulates to the admissibility of the Statement of Facts in any proceeding by the Offices, including any trial, guilty plea, or sentencing proceeding, and will not contradict anything in the attached Statement of Facts at any such proceeding.

The Defendant’s Waiver of Rights, Including the Right to Appeal

15. Federal Rule of Criminal Procedure 11 (f) and Federal Rule of Evidence 410 limit the admissibility of statements made in the course of plea proceedings or plea discussions in both civil and criminal proceedings, if the guilty plea is later withdrawn. The Defendant expressly warrants that it and the Group and TDGUS, as represented in Attachment G, have discussed these rules with their counsel and understand them. Solely to the extent set forth below, the Defendant voluntarily waives and gives up the rights enumerated in Federal Rule of Criminal Procedure 11 (f) and Federal Rule of Evidence 410. The Defendant agrees that, effective as of the date the Defendant signs this Agreement, it will not dispute the Statement of Facts set forth in this

16

Agreement, and that the Statement of Facts shall be admissible against the Defendant in any criminal case involving MLARS and/or the USAO-DNJ and the Defendant, as: (a) substantive evidence offered by the government in its case-in-chief and rebuttal case; (b) impeachment evidence offered by the government on cross-examination; and (c) evidence at any sentencing hearing or other hearing. In addition, the Defendant agrees not to assert any claim under the Federal Rules of Evidence (including Rule 410 of the Federal Rules of Evidence), the Federal Rules of Criminal Procedure (including Rule 11 of the Federal Rules of Criminal Procedure), or the United States Sentencing Guidelines (including U.S.S.G. § 1B1.1(a)) that the Statement of Facts should be suppressed or is otherwise inadmissible as evidence (in any form). Specifically, the Defendant understands and agrees that any statements the Defendant makes in the course of its guilty plea or in connection with the Agreement are admissible against the Defendant for any purpose in any U.S. federal criminal proceeding if, even though the Offices have fulfilled all of their obligations under this Agreement and the Court has imposed the agreed-upon sentence, the Defendant nevertheless withdraws its guilty plea.

16. The Defendant is satisfied that the Defendant’s attorneys have rendered effective assistance. The Defendant understands that by entering into this Agreement, the Defendant surrenders certain rights as provided in this Agreement. The Defendant waives its right to discovery. The Defendant further understands that the rights of criminal defendants include the following:

17

(c) the right to be represented by counsel—and if necessary, have the court appoint counsel—at trial and at every other stage of the proceedings;

(d) the right at trial to confront and cross-examine adverse witnesses, to be protected from compelled self-incrimination, to testify and present evidence, and to compel the attendance of witnesses; and

(e) pursuant to Title 18, United States Code, Section 3742, the right to appeal the sentence imposed.

Nonetheless, the Defendant knowingly waives the right to appeal or collaterally attack the conviction and any sentence at or below the statutory maximum described below (or the manner in which that sentence was determined) on the grounds set forth in Title 18, United States Code, Section 3742, or on any ground whatsoever except those specifically excluded in this Paragraph, in exchange for the concessions made by the Offices in this Agreement. This Agreement does not affect the rights or obligations of the United States as set forth in Title 18, United States Code, Section 3742(b). The Defendant hereby waives all rights, whether asserted directly or by a representative, to request or receive from any department or agency of the United States any records pertaining to the investigation or prosecution of this case, including without limitation any records that may be sought under the Freedom of Information Act, Title 5, United States Code, Section 552, or the Privacy Act, Title 5, United States Code, Section 552a. The Defendant waives all defenses based on the statute of limitations and venue with respect to any prosecution related to the conduct described in the Statement of Facts or the Information, including any prosecution that is not time-barred on the date that this Agreement is signed in the event that: (a) the conviction is later vacated for any reason; (b) the Defendant violates this Agreement; or (c) the plea is later withdrawn, provided such prosecution is brought within one year of any such vacatur of conviction, violation of the Agreement, or withdrawal of plea, plus the remaining time period of the

18

statute of limitations as of the date that this Agreement is signed. The Defendant further waives the right to raise on appeal or on collateral review any argument that the statutes to which the Defendant is pleading guilty are unconstitutional and/or the admitted conduct does not fall within the scope of the statutes. The Offices are free to take any position on appeal or any other post-judgment matter. The parties agree that any challenge to the Defendant’s sentence that is not foreclosed by this Paragraph will be limited to that portion of the sentencing calculation that is inconsistent with (or not addressed by) this waiver. Nothing in the foregoing waiver of appellate and collateral review rights shall preclude the Defendant from raising a claim of ineffective assistance of counsel in an appropriate forum.

Penalty

17. The statutory maximum sentence that the Court can impose for a violation of Title 18, United States Code, Section 371, as charged in the Information, is: a fine of up to $500,000 or twice the gross pecuniary gain or gross pecuniary loss resulting from the offense, whichever is greatest (Title 18, United States Code, Section 3571(c)(3)); five years’ probation (Title 18, United States Code, Section 3561(c)(1)); and a mandatory special assessment of $400 (Title 18, United States Code, Section 3013(a)(2)(B)); for the conspiracy to violate 31 U.S.C. §§ and 5313 and 5324, forfeiture of all property, real or personal, involved in the offense and any property traceable thereto (Title 31, United States Code, Section 5317(c)(1)(A)); and for the conspiracy to violate Title 18, United States Code, Section 1956(a)(2)(B)(i), the Court must impose forfeiture to the United States of any property, real or personal, which constitutes or is derived from proceeds traceable to the conspiracy to commit such offense (Title 18, United States Code, Section 981(a)(1)(C) and Title 28, United States Code, Section 2461).

19

18. The parties agree that the Court should impose the statutory maximum $500,000 fine on the Defendant. The parties further agree that the conspiracy to violate Title 31, United States Code, Sections 5313 and 5324 involved property in an amount of $412,876,589, which is the amount that must be forfeited to the United States. The parties also agree that the conspiracy to violate Title 18, United States Code, Section 1956(a)(2)(B)(i) involved property in an amount of $39,555,713, which is the amount that must be forfeited to the United States.

Sentencing Recommendation

19. The parties agree that, pursuant to United States v. Booker, 543 U.S. 220 (2005), the Court must determine an advisory sentencing guideline range pursuant to the United States Sentencing Guidelines. The Court will then determine a reasonable sentence within the statutory range after considering the advisory sentencing guideline range and the factors listed in Title 18, United States Code, Section 3553(a). The parties’ agreement herein to any guideline sentencing factors constitutes proof of those factors sufficient to satisfy the applicable burden of proof. The Defendant also understands that if the Court accepts this Agreement, the parties are in agreement that the Court is bound by the sentencing provisions in Paragraphs 17 and 18.

20. The Offices and the Defendant agree that a faithful application of the U.S.S.G. to determine the applicable fine range yields a total offense level of 38 based on U.S.S.G. §§ 2X1.1, 2S1.3, 3D1.2, and 3D1.3. The guideline calculation begins with a base offense level of 6 for the CTR-related conspiracy, U.S.S.G. §§ 2Xl.1(a) and 2Sl.3(a)(2); 28 levels are added based on the value of funds, U.S.S.G. § 2S1.3(a)(2); two levels are added because the Defendant knew or believed funds were proceeds of unlawful activity or were intended to promote unlawful activity, U.S.S.G. § 2S1.3(b)(1); and two levels are added because the Defendant was convicted of an offense under subchapter II of chapter 53 of title 31, United States Code and committed

20

the offense as part of a pattern of unlawful activity involving more than $100,000 in a 12-month period, U.S.S.G. § 2S1.3(b)(3). The sentence of a fine is calculated as follows:

Up to $500,000 or twice the gross pecuniary gain or gross pecuniary loss resulting from the offense, whichever is greatest (18 U.S.C. § 3571(c)(3))

21. Pursuant to Rule 11(c)(1)(C) of the Federal Rules of Criminal Procedure, the Offices and the Defendant agree that the following represents the appropriate disposition of the case:

a. Disposition. Pursuant to Fed. R. Crim. P. 11(c)(1)(C), the parties agree that the appropriate disposition of this case is as set forth herein, and agree to jointly recommend that the Court, at a hearing to be scheduled at an agreed upon time, impose a sentence requiring the Defendant to pay a criminal fine and criminal forfeiture, as set forth below.

21

b. Criminal Fine. Considering the $500,000 statutory maximum, the parties agree that the appropriate total criminal fine is $500,000 (“Total Criminal Fine”). The Defendant agrees that it shall pay the Total Criminal Fine to the Court no later than ten business days after entry of the judgment by the Court.

c. Criminal Forfeiture. The Defendant hereby admits that the facts set forth in the Statement of Facts establish that the sum of $452,432,302 (the “Money Judgment”) is forfeitable to the United States pursuant to Title 31, United States Code, Section 5317(c)(1), and Title 18, United States Code, Section 981(a)(1)(C) and Title 28, United States Code, Section 2461. The Offices will accept the Money Judgment in full satisfaction of criminal forfeiture. The Defendant admits the forfeiture allegation of the Information with respect to the second object of the conspiracy, agrees that it failed to file accurate CTRs involving property in the amount of $412,876,589, and agrees to forfeit to the United States, pursuant to Title 31, United States Code, Section 5317(c)(1), a sum of money equal to $412,876,589 in United States currency. The Defendant further admits the forfeiture allegation of the Information with respect to the third object of the conspiracy, agrees that the amount of proceeds traceable to such conspiracy is $39,555,713, and agrees to forfeit to the United States, pursuant to Title 18, United States Code, Section 981(a)(1)(C) and Title 28, United States Code, Section 2461, a sum of money equal to $39,555,713 in United States currency. The Offices agree that payments made by the Group in connection with its concurrent settlement of a related regulatory action brought by the FRB in the amount of $123,500,000 shall be credited against the Money Judgment. The Offices will accept a payment of $328,932,302 (the “Criminal Forfeiture Payment”) in full satisfaction of the Money Judgment.

22

The Defendant agrees that it shall make the Criminal Forfeiture Payment by wire transfer pursuant to instructions provided by the Offices no later than ten business days after entry of the Money Judgment by the Court. It is further understood that any forfeiture of the Defendant’s assets shall not be treated as satisfaction of any fine, restitution, cost of imprisonment, or any other penalty the Court may impose upon the Defendant in addition to forfeiture. The Defendant consents to the entry of the Consent Preliminary Order of Forfeiture/Money Judgment annexed hereto as Attachment H and agrees that the Consent Preliminary Order of Forfeiture/Money Judgment shall be final as to the Defendant at the time it is ordered by the Court.

d. Mandatory Special Assessment. The Defendant shall pay to the Clerk of the Court for the United States District Court for the District of New Jersey within ten days of the date of sentencing the mandatory special assessment of $400.

e. Term of Probation. The parties agree to recommend that the Court impose a term of probation for the period of the Term of this Agreement, pursuant to Title 18, United States Code, Sections 3551(c)(l) and 3561(c)(l). The Defendant will continue on probation until it has served the full five years, unless the Court approves early termination of probation. The parties agree, pursuant to U.S.S.G. § 8D1.4, that the term of probation shall include as conditions the obligations set forth in Paragraphs 8(a)-(h), and Paragraphs 21(b), (c), and (e). A condition of probation shall be that the Defendant retain a Monitor, as provided in Paragraph 7(h). However, the condition of probation is limited to the retention of the Monitor—not oversight of the Monitor or the Company’s compliance with the Monitor’s recommendations. The Monitor will report to and be overseen by the Offices. The Monitor’s selection process, mandate, duties, review, and certification as described in Paragraphs 26-30 and Attachment D, and the Defendant’s compliance obligations as described in Paragraphs 24 and 25 and Attachment C, are not conditions of probation. In the event the Offices find, in their sole discretion pursuant to Paragraph 7(h), that there exists a change in circumstances sufficient to eliminate the need for the Monitor or extend the term of the Monitor during the term of probation, the parties will submit a joint motion to modify the special conditions of probation.

23

22. This Agreement is presented to the Court pursuant to Federal Rule of Criminal Procedure 11(c)(1)(C). The Defendant understands that, if the Court rejects this Agreement, the Court must: (a) inform the parties that the Court rejects the Agreement; (b) advise the Defendant’s counsel that the Court is not required to follow the Agreement and afford the Defendant the opportunity to withdraw its plea; and (c) advise the Defendant that if the plea is not withdrawn, the Court may dispose of the case less favorably toward the Defendant than the Agreement contemplated. The Defendant further understands that if the Court refuses to accept any provision of this Agreement, neither party shall be bound by the provisions of the Agreement.

23. The Defendant and the Offices waive the preparation of a Pre-Sentence Investigation Report (“PSR”) and intend to seek a sentencing by the Court within thirty days of the Rule 11 hearing in the absence of a PSR. The Defendant understands that the decision whether to proceed with the sentencing proceeding without a PSR is exclusively that of the Court. In the event the Court directs the preparation of a PSR, the Offices will fully inform the preparer of the PSR and the Court of the facts and law related to the Defendant’s case.

Compliance Program, Independent Compliance Monitor, and Reporting

24. The parties have agreed to the compliance, monitoring, and reporting requirements set forth in Attachments C and D. The Defendant represents that it will continue to implement and enhance its AML Compliance Program such that it meets, at a minimum, the elements set forth in Attachment C. Such programs shall be designed to detect and prevent violations of the BSA, laws prohibiting money laundering, and other laws

24

prohibiting illicit finance through the Defendant’s operations, as defined in Attachment C. Thirty days prior to the expiration of the Term, the Defendant, by its Chief Executive Officer and BSA Officer, TD Bank Group’s Chief Executive Officer and Chief AML Officer, and TDGUS’s Chief Executive Officer and Chief Risk Officer, will certify to the Offices, in the form of executing the document attached as Attachment F to this Agreement, that the Defendant has met its compliance obligations pursuant to this Agreement.

25. In order to address any deficiencies in its AML Compliance Program, the Defendant represents that it has undertaken, and will continue to undertake in the future, in a manner consistent with all of its obligations under this Agreement, a review of its existing compliance and ethics programs, policies, procedures, systems, and internal controls regarding compliance with the BSA, laws prohibiting money laundering, and other laws prohibiting illicit finance. Where necessary and appropriate, the Defendant agrees to adopt new controls or otherwise modify its AML Compliance Program in order to ensure that it develops and maintains an effective and risk-based AML program that incorporates relevant policies, procedures, and internal systems and controls designed to effectively detect and deter violations of the BSA, laws prohibiting money laundering, and other laws prohibiting illicit finance. The AML Compliance Program will include, at a minimum, the elements set forth in Attachment C. The Offices, in their sole discretion, may consider the reports by the independent Monitor appointed pursuant to Attachment D in assessing the Defendant’s AML Compliance Program.

25

26. Promptly after the Offices’ selection pursuant to Paragraph 28 below, the Defendant agrees to retain the Monitor. The Monitor’s duties and authority, and the obligations of the Defendant with respect to the Monitor and the Offices, are set forth in Attachment D, which is incorporated by reference into this Agreement. No later than thirty days after the execution of this Agreement, the Defendant shall submit a written proposal to the Offices identifying three Monitor candidates, and, at a minimum, providing the following:

27. The Monitor candidates or their team members shall have, at a minimum, the following qualifications:

26

28. The Offices retain the right, in their sole discretion, to choose the Monitor from among the proposed candidates, though the Defendant may express its preference(s) among the candidates. Monitor selections shall be made in keeping with the Department’s commitment to diversity and inclusion. If the Offices determine, in their sole discretion, that any of the candidates are not, in fact, qualified to serve as the Monitor, or if the Offices, in their sole discretion, are not satisfied with the candidates proposed, the Offices reserve the right to request that the Defendant nominate additional candidates. In the event the Offices reject any proposed Monitors, the Defendant shall propose additional candidates within twenty business days after receiving notice of the rejection so that three qualified candidates are proposed. This process shall continue until a Monitor acceptable to both parties is chosen. The Offices and the Defendant will use their best efforts to complete the selection process within sixty days of the execution of this Agreement. The Offices retain the right to determine that the Monitor should be removed, if in the Offices’ sole discretion, the Monitor fails to conduct the monitorship effectively, fails to comply with this Agreement, or no longer meets the qualifications outlined in Paragraph 27 above. If the Monitor resigns, is removed, or is otherwise unable to fulfill his or her obligations as set out herein and in Attachment D, the Defendant shall within twenty business days recommend a pool of three qualified Monitor candidates from which the offices will choose a replacement, following the Monitor selection process outlined above.

27

29. The Monitor’s term shall be three years from the date on which the Monitor is retained by the Defendant, subject to extension or early termination in the Offices’ sole discretion as described in Paragraph 7(h).

30. The Monitor’s powers, duties, and responsibilities, as well as circumstances that may support an extension of the Monitor’s term, are set forth in Attachment D. The Defendant agrees that the Defendant and its subsidiaries, parents, branches, and affiliates will not employ or be affiliated with the Monitor or the Monitor’s firm for a period of not less than three years from the date on which the Monitor’s term expires, nor will the Defendant and its subsidiaries, parents, branches, and affiliates discuss with the Monitor or the Monitor’s firm the possibility of further employment or affiliation during the Monitor’s term. Should the Defendant be required to retain an independent compliance monitor or similar person with responsibility for overseeing or evaluating the Defendant’s AML Compliance Program in connection with any parallel civil or regulatory resolution, the Defendant agrees to consult with the Offices regarding the selection of that person and before retaining that person to ensure, among other things, coordination with the Monitor pursuant to this Agreement. The Offices agree that the Monitor appointed pursuant to this Agreement may also serve in such a role.

28

Breach of Agreement

31. If the Defendant (a) commits any felony under U.S. federal law; (b) provides in connection with this Agreement deliberately false, incomplete, or misleading information; (c) fails to cooperate as set forth in Paragraph 10 of this Agreement; (d) fails to implement a compliance program at the Defendant as set forth in Paragraphs 24 and 25 of this Agreement and Attachment C and complete the monitorship as set forth in Paragraphs 7(h) and 26-30 of this Agreement and Attachment D; (e) commits any acts that, had they occurred within the jurisdictional reach of the United States, would be a violation of federal money laundering laws or the Bank Secrecy Act; or (f) otherwise fails specifically to perform or to fulfill completely each of the obligations under the Agreement, regardless of whether the Offices become aware of such a breach after the Term, the Defendant entity shall thereafter be subject to prosecution for any federal criminal violation of which the Offices have knowledge, including, but not limited to, the charge in the Information described in Paragraphs 2 and 3, which may be pursued by the Offices in the U.S. District Court for the District of New Jersey or any other appropriate venue. Determination of whether the Defendant or TD Bank has breached the Agreement and whether to pursue prosecution of the Defendant shall be in the Offices’ sole discretion. In determining a breach in the Offices’ discretion, the Offices will take into consideration, among other factors, whether the Defendant voluntarily disclosed any criminal violations, its cooperation in any investigation and remediation of the conduct, the severity and pervasiveness of the conduct, and the seniority of the employees involved. Any such prosecution may be premised on information provided by the Defendant or its personnel. Any such prosecution relating to the conduct described in the Information and the attached Statement of Facts or relating to conduct known to the Offices prior to the date on which this Agreement was signed that is not time-barred by the applicable statute of limitations on the date of the signing of this Agreement may be commenced against the Defendant, or the Group or TDGUS pursuant to Attachment G, notwithstanding the expiration of the statute of limitations, between the signing of this Agreement and the expiration of the Term plus one year. Thus,

29

by signing this Agreement, the Defendant agrees that the statute of limitations with respect to any such prosecution that is not time-barred on the date of the signing of this Agreement shall be tolled for the Term plus one year. The Defendant gives up all defenses based on the statute of limitations, any claim of pre-indictment delay, or any speedy trial claim with respect to any such prosecution or action, except to the extent that such defenses existed as of the date of the signing of this Agreement. In addition, the Defendant agrees that the statute of limitations as to any violation of federal law that occurs during the term of the cooperation obligations provided for in Paragraph 10 of the Agreement will be tolled from the date upon which the violation occurs until the earlier of the date upon which the Offices are made aware of the violation or the duration of the Term plus five years, and that this period shall be excluded from any calculation of time for purposes of the application of the statute of limitations.

32. In the event that the Offices determine there is a breach of this Agreement, the Offices agree to provide the Defendant with written notice of such breach prior to instituting any prosecution resulting from such breach. Within thirty days of receipt of such notice, the Defendant shall have the opportunity to respond to the Offices in writing to explain the nature and circumstances of such breach, as well as the actions the Defendant has taken to address and remediate the situation, which explanation the Offices shall consider in determining whether to pursue prosecution of the Defendant.

33. In the event that the Offices determine there has been a breach of this Agreement: (a) all statements made by or on behalf of the Defendant to the Offices or to the Court, including the Information and the Statement of Facts, and any testimony given by the Defendant before a grand jury, a court, or any tribunal, or at any legislative hearings, whether prior or subsequent to this Agreement, and any leads derived from such statements or testimony,

30

shall be admissible in evidence in any and all criminal proceedings brought by the Offices against the Defendant; and (b) the Defendant shall not assert any claim under the United States Constitution, Rule 11(f) of the Federal Rules of Criminal Procedure, Rule 410 of the Federal Rules of Evidence, or any other federal rule that any such statements or testimony made by or on behalf of the Defendant prior or subsequent to this Agreement, or any leads derived therefrom, should be suppressed or are otherwise inadmissible. The decision as to whether conduct or statements of any current director, officer, employee, or any person acting on behalf of or at the direction of the Defendant will be imputed to the Defendant for the purpose of determining whether the Defendant has violated any provision of this Agreement shall be made in the sole discretion of the Offices.

34. The Defendant acknowledges that the Offices have made no representations, assurances, or promises concerning what sentence may be imposed by the Court if the Defendant breaches this Agreement and this matter proceeds to judgment, including whether the statutory maximum for these offenses represents the maximum penalty that could be imposed in any future prosecution of Defendant. The Defendant further acknowledges that any such sentence is solely within the discretion of the Court and that nothing in this Agreement binds or restricts the Court in the exercise of such discretion or precludes the Offices from arguing for any higher sentence.

Public Statements by the Defendant

35. The Defendant expressly agrees that it shall not, through present or future parents, affiliates, attorneys, officers, directors, employees, agents, or any other person authorized to speak for the Defendant, make any public statement, in litigation or otherwise, contradicting the acceptance of responsibility by the Defendant set forth above or the facts described in the Information and Statement of Facts. Any such contradictory statement shall, subject to cure rights of the Defendant described below, constitute a breach of this Agreement, and the Defendant thereafter shall be subject to

31

prosecution as set forth in Paragraphs 31-34 of this Agreement. The decision as to whether any public statement by any such person contradicting a fact contained in the Information or Statement of Facts will be imputed to the Defendant for the purpose of determining whether it has breached this Agreement shall be made in the sole discretion of the Offices. If the Offices determine that a public statement by any such person contradicts in whole or in part a statement contained in the Information or Statement of Facts, the Offices shall so notify the Defendant, and the Defendant may avoid a breach of this Agreement by publicly repudiating such statement(s) within five business days after notification. The Defendant shall be permitted to raise defenses and to assert affirmative claims in other proceedings relating to the matters set forth in the Information and Statement of Facts provided that such defenses and claims do not contradict, in whole or in part, a statement contained in the Information or Statement of Facts. This Paragraph does not apply to any statement made by any present or former officer, director, employee, or agent of the Defendant in the course of any criminal, regulatory, or civil case initiated against such individual, unless such individual is speaking on behalf of the Defendant.

36. The Defendant agrees that if it or any of its direct or indirect subsidiaries or affiliates makes any affirmative public statement in connection with this Agreement, including via press release, press conference remarks, or a scripted statement to investors, the Defendant shall first consult the Offices to determine (a) whether the text of the release or proposed statements at the press conference are true and accurate with respect to matters between the Offices and the Defendant; and (b) whether the Offices have any objection to the release or statement.

32

Complete Agreement

37. This document, including its attachments, states the full extent of the Agreement between the parties. There are no other promises or agreements, express or implied. Any modification of this Agreement shall be valid only if set forth in writing in a supplemental or revised plea agreement signed by all parties.

AGREED:

FOR TD BANK, N.A.:

33

STATEMENT OF COUNSEL