Banks Tighten Controls After Insider Fraud and Laundering Guilty Pleas 

Two recent guilty pleas involving former TD Bank employees underscore how quickly an employee with access and intent can turn everyday banking tools into a high-speed pipeline for dirty money.

So warns Bradley Arant Boult Cummings in a recent post that points to the U.S. Department of Justice’s broader scrutiny of insider-enabled money laundering in the wake of the bank’s October 2024 resolution. In that earlier case, the firm notes, the government said TD Bank pleaded guilty to conspiracy to commit money laundering and agreed to pay more than $1.8 billion to resolve the DOJ investigation, with total penalties of roughly $3.09 billion when combined with actions by the Federal Reserve, Office of the Comptroller of the Currency and Financial Crimes Enforcement Network (FinCEN).

The post adds that prosecutors traced multiple schemes through the bank, including a network that allegedly laundered more than $470 million through bulk cash deposits and then moved funds through checks and wires.

The individual cases are a reminder of how insider misconduct can scale. In one, the Bradley Arant writes that Oscar Marcel Nunez-Flores, a New Jersey-based employee, pleaded guilty to conspiring to launder money and to taking bribes, admitting he helped move more than $26 million from the U.S. to Colombia through accounts he opened and managed. The post says he opened dozens of accounts, often using shell company names and sometimes without any customer present, and issued more than 600 debit cards later used for more than 120,000 ATM withdrawals in Colombia.

In another, former assistant store manager Wilfredo Aquino pleaded guilty to a money laundering conspiracy tied to a larger network, with prosecutors alleging he helped open nominee accounts, processed bulk cash and issued official checks connected to deposits.

The law firm’s point is not that training does not matter. It is that training alone is not a control. The post puts it bluntly: “a frontline employee who knowingly circumvents controls can neutralize even well-designed compliance frameworks.” When an insider is willing to bend the rules for cash, gift cards or favors, standard checklists can become speed bumps.

So what does guarding against insider fraud look like in practice?

Related: Deepfake Scams Put Banks at Risk of Customer Fraud Lawsuits 

Bradely Arant recommends starting by designing controls for insider risk, not just external criminals. The post urges banks to map insider threat scenarios and build them into risk assessments, control testing and monitoring. In plain terms, that means asking: What would it look like if an employee were bribed? What behaviors would show up in the data?

Next, tighten the moments where an employee has the most discretion. The firm calls out account openings without the customer physically present, recommending documented exceptions, higher-level approval and after-the-fact review when risk signals rise. It also points to card issuance and usage analytics, such as flags for unusual concentrations of cards issued by a single employee and patterns like high-velocity foreign ATM withdrawals.

Then, watch for the “paperwork fraud” that insiders can normalize. The post highlights monitoring for shell companies and nominee-account patterns by looking for shared addresses, incorporators or overlapping agents, and treating thin or synthetic profiles as higher risk. And it recommends stronger controls around bulk cash and official checks, especially when cash is rapidly converted into checks or wires.

Finally, make accountability real. The firm argues for pairing targeted training with deterrents and signals that can reveal improper benefits, while reinforcing personal liability through enforcement examples like these prosecutions.

The takeaway is simple: insider fraud is not just a people problem. It is a design problem. Banks that treat insiders as a “rare exception” risk learning the hard way that one compromised employee can outrun an entire control framework.