Why Swap Dealer Surveillance Exists and Who It Protects

Swap dealers are institutions that trade in financial derivatives called swaps. Swaps are contracts between two parties that exchange cash flows based on interest rates, currencies, commodities, or other financial variables. They are used to manage risk, but they can also be used to manipulate markets, commit fraud, and move money in ways that are nearly invisible to the public. That is precisely why federal law requires registered swap dealers to monitor the business communications of their employees.

• Under Section 4s(h)(1)(B) of the Commodity Exchange Act and CFTC Regulation 23.602(a), every registered swap dealer must establish and maintain a system to supervise all activities related to its business and must do so diligently. “Diligently” is a legal standard, not a suggestion.
• TD Bank has been provisionally registered with the CFTC as a swap dealer since December 31, 2012. It has been subject to these supervisory requirements for over a decade. The violations at issue began in January 2018, more than five years into that registration.
• Electronic communications surveillance is the mechanism that allows a bank’s compliance team to catch traders making illegal deals, colluding, front-running client orders, or committing other misconduct. If that surveillance system has gaps, those gaps are gaps in the safety net for everyone exposed to that dealer’s trading activity.
• The CFTC does not require that actual misconduct be found in order to cite a failure to supervise. The existence of a broken surveillance system is itself the violation, because the law assumes the system exists to prevent misconduct that would otherwise go undetected.
• The Messaging Platform referenced throughout the CFTC order is described only as “a third-party electronic messaging platform.” The specific platform is not named in the source document. TD Bank permitted personnel to use it for business communications since at least 2013.

How a Vendor Encryption Change Became a Five-Year Blind Spot

This failure was not caused by a single catastrophic event. It was caused by a sequence of small decisions, skipped checks, and institutional indifference that compounded over years into a fundamental breakdown in oversight.

• Since at least 2013, TD Bank allowed swap dealer personnel to use a third-party messaging platform for business communications. During the relevant period, the bank used a third-party automated surveillance tool to monitor those messages. The system depended on a weekly encrypted file from the vendor that identified all Messaging Platform accounts, including newly created ones.
• On July 1, 2016, the vendor changed how it encrypted that weekly file. TD Bank recognized it needed to update its automated decryption process. While working on that update, the bank switched to updating its account list manually as a temporary measure. This kept surveillance running for the next eighteen months.
• On January 24, 2018, TD Bank stopped the manual updates. The CFTC order does not explain why this happened, who authorized stopping them, or whether anyone noticed. The bank did not have any monitoring, alert, or supervisory check in place that would detect the absence of these manual updates. The surveillance gap began that day.
• Any new Messaging Platform account created after January 24, 2018 was generally not ingested into the surveillance tool. As more employees joined and opened new accounts, the number of unsurveilled people grew steadily. This continued for nearly two years before the bank attempted any fix.
• In October 2019, TD Bank finally deployed an updated automated process intended to address the July 2016 encryption change. The bank verified that the new process could successfully decrypt the weekly vendor file. It did not verify that its internal account list was actually being updated. It did not verify that messages from new accounts were being ingested for surveillance. A second, undescribed technical change by the vendor was preventing the automated process from functioning correctly, and the bank walked away without detecting it.
• For three more years, from October 2019 to March 2023, TD Bank believed its surveillance was restored. It was not. Approximately 375 swap dealer Associated Persons had their Messaging Platform communications go completely unsurveilled for the duration of that entire period and the period before.
• In March 2023, TD Bank finished installing a new, separate surveillance tool that operated independently of the broken automated process. This new tool began capturing all Messaging Platform messages. Three months later, in June 2023, a comparison between the new tool’s data and the old system’s records revealed the gap.

The Non-Financial Ledger: What a Surveillance Gap Actually Costs

There is a way that regulators talk about failures like this one, and it is stripped of everything human. A “surveillance gap.” A “failure to ingest.” A “deficient internal monitoring process.” These phrases are accurate and they are also designed, perhaps not intentionally but effectively, to make what happened feel like a clerical error in a server room. It was not.

Swap markets are not abstract. They are the machinery that sets prices on interest rates, currencies, and commodities. When a bank the size of TD Bank operates a swap dealer desk, the traders on that desk have the ability to move significant sums of money, make or break deals that affect municipalities, pension funds, and corporations, and in the worst cases, engage in fraud, market manipulation, or collusion that harms counterparties who will never know what happened to them.

The surveillance system that TD Bank allowed to break, and then failed to notice was broken for five years, is the mechanism that is supposed to catch that kind of conduct. It is the backstop. It exists because human beings in high-pressure, high-reward financial environments have a documented history of using unsupervised communication channels to do things that hurt other people. The entire post-2008 regulatory framework for swap dealers is built on the hard lesson that what you cannot see, you cannot stop.

Approximately 375 people at TD Bank were communicating on a messaging platform, conducting business related to swap dealing, and those communications were going nowhere. For five years, no compliance officer was reading those messages. No automated flagging system was scanning them for keywords associated with price manipulation or front-running or collusion. Those 375 people knew, or should have known, that their communications were subject to monitoring under TD Bank’s own stated policies. What they may not have known, because TD Bank apparently did not know either, was that the monitoring had stopped.

The bank’s own order acknowledges that it is now in the process of reviewing all of those messages retroactively, covering the period from September 13, 2016 through September 27, 2023. That retroactive review must be completed and reported to the CFTC within 180 days of the order. The order also requires TD Bank to tell the CFTC how many alerts were generated, how many were escalated, and whether any of them implicate violations of law or regulation. The public version of that report, if it is ever made public, does not exist yet as of the source document’s date of August 13, 2024.

That is the real cost that cannot be put in a metric card. For five years, if something happened in those communications, it happened in the dark. The fine is $4 million. What happened in the dark is still being counted.

Legal Receipts: What TD Bank Admitted in Writing

These are verbatim quotes from CFTC Docket No. 24-13, the consent order TD Bank signed. These are not allegations. TD Bank admitted each finding is true.

“On January 24, 2018, TD Bank stopped updating its internal list of accounts manually. This meant that messages from new Messaging Platform accounts for TD Bank personnel created after January 24, 2018 were generally not ingested into TD Bank’s surveillance tool and were not surveilled. Over time, as the number of new Messaging Platform accounts grew, the number of APs that had Messaging Platform messages that went unsurveilled also grew.”

“TD Bank verified that its updated process successfully decrypted the weekly file identifying new accounts. However, TD Bank did not verify that its internal record of Messaging Platform accounts was updated as expected, or that messages from new accounts created after January 24, 2018 were ingested for surveillance or were in fact surveilled. TD Bank therefore did not detect that there had been another technical change by its vendor that prevented TD Bank’s automated process from functioning properly.”

“During most of the Relevant Period, TD Bank’s internal monitoring aimed at identifying gaps in its surveillance primarily consisted of a single automated report that reflected the aggregate volume of data that its surveillance tool ingested each day. Although this report could be used to identify if the volume of data ingested for surveillance changed significantly, it was insufficient to alert TD Bank to a gap in its surveillance that grew over time or that a particular step in its surveillance process was not functioning as expected.”

“Despite the ongoing and long-term nature of the various issues affecting TD Bank’s surveillance process, TD Bank did not escalate any of its surveillance technology issues to a more senior oversight body until after it discovered its years-long failure in June 2023.”

Societal Impact Mapping

Public Health of Financial Markets

Surveillance failures at swap dealers do not produce headlines the way oil spills or product recalls do. The harm accumulates in systems that most people never see, but whose dysfunction eventually reaches ordinary people through the markets, pension funds, and financial institutions that touch their lives.

• Swap markets underpin a significant portion of global finance. Interest rate swaps, currency swaps, and credit default swaps are used by banks, corporations, municipal governments, and pension funds to manage exposure to price and rate changes. Misconduct in these markets, if undetected, can distort pricing and transfer wealth from less-informed counterparties to those exploiting informational advantages.
• The CFTC’s supervision regulations exist specifically because swap dealer employees with unsupervised communication channels have, in documented prior cases at other institutions, used those channels to coordinate manipulation, share confidential client information, or conduct front-running. TD Bank’s unsurveilled channel covered approximately 375 people for over five years. Whether any of them engaged in prohibited conduct is precisely what the retroactive review ordered by the CFTC is intended to determine.
• The integrity of financial markets depends on the credible threat of detection. When a major institution’s surveillance is broken, that threat disappears for the people inside it. Even if no misconduct occurred, the five-year absence of effective monitoring represents a structural vulnerability in market oversight that benefits no one except those with something to hide.
• TD Bank is not a small actor. It is one of the ten largest banks in North America by assets. Its swap dealer desk operates in markets that connect institutional investors, corporate treasurers, and sovereign entities. A surveillance gap of this scale at an institution of this size is a public health issue for the financial system, not a paperwork problem.

Economic Inequality

The gap between what this failure cost TD Bank and what it costs everyone else is a direct illustration of how regulatory enforcement is calibrated for institutions, not for people.

• The civil monetary penalty imposed by the CFTC is $4 million. TD Bank’s net income for fiscal year 2022 was reported publicly at approximately $17.4 billion Canadian dollars. The $4 million fine, converted at approximate exchange rates, represents less than one-tenth of one percent of a single year’s profit for the institution. For a bank of TD’s size, this is not a deterrent. It is a rounding error.
• There is no restitution fund established by this order. There are no identified victims, no compensation mechanism, and no public accounting of whether anyone was harmed by what happened in those five years of unsurveilled communications. The order is a cease-and-desist combined with a fine, and the fine goes to the federal government, not to any counterparty who may have been disadvantaged.
• The CFTC’s legal standard for this violation requires no proof of underlying misconduct. The supervision failure is itself the violation. This means the fine was calculated based on the act of failing to watch, not on the consequences of failing to watch. If those consequences include financial harm to counterparties, those counterparties have no mechanism through this order to recover anything.
• For comparison, an individual trader fined by the CFTC for actual market manipulation typically faces penalties, disgorgement of profits, and trading bans that are existentially significant to that person’s career and finances. TD Bank, for a five-year systemic failure of its compliance infrastructure, pays $4 million and agrees to file a report.

The “Cost of a Life” Metric

What Now? Accountability Starts Here.

TD Bank signed a consent order admitting every finding. The bank has a compliance remediation to complete, a retroactive review to file with the CFTC, and a set of new internal controls it has committed to maintaining. None of that is automatic. Every step requires pressure, oversight, and public attention to actually happen as promised.

The Corporate Roles That Own This Failure

The CFTC order does not name individual executives or board members in this matter. The source document identifies only institutional responsibility. The following roles at TD Bank are structurally responsible for the compliance infrastructure that failed:

Regulatory Watchlist: Who Can Do More

• CFTC (Commodity Futures Trading Commission): The primary regulator here. The CFTC is required to receive TD Bank’s retroactive review report within 180 days of August 13, 2024. That deadline falls around February 2025. Members of the public can submit comments and access CFTC enforcement filings at cftc.gov/enforcement.
• OCC (Office of the Comptroller of the Currency): As a federally regulated bank, TD Bank operates under OCC oversight for its broader banking compliance. The OCC can impose independent supervisory action based on findings like these. Contact the OCC at helpwithmybank.gov.
• DOJ (Department of Justice): If the retroactive review ordered by the CFTC surfaces evidence of actual violations in those five years of unsurveilled communications, the DOJ has authority to pursue criminal referrals. The CFTC’s order explicitly preserves its right to pursue further enforcement based on what the retroactive review finds.
• SEC (Securities and Exchange Commission): Swap activity intersects with securities regulation in certain structures. If the retroactive review reveals securities law implications, the SEC has independent authority to act.
• FINRA (Financial Industry Regulatory Authority): For broker-dealer activities that may overlap with swap dealer operations, FINRA maintains supervisory jurisdiction and can pursue parallel enforcement.

What You Can Do: Grassroots and Direct Action

• File a formal comment with the CFTC about the adequacy of the $4 million fine relative to the five-year scope of the violation. The CFTC accepts public comments through its website. Comments about enforcement actions and penalty levels go on the public record and can influence future regulatory posture.
• If you work at a financial institution and observe compliance failures being managed downward rather than escalated, the CFTC operates a whistleblower program at cftc.gov/whistleblower that provides both legal protection and potential financial awards for information leading to successful enforcement. The SEC runs a parallel program.
• Follow and support organizations that track financial regulatory enforcement: Better Markets, Americans for Financial Reform, and the Project On Government Oversight (POGO) all publish analysis of enforcement actions and push for stronger penalties and structural reform. Their work depends on public attention and financial support.
• Ask your pension fund, credit union, or retirement account administrator whether they transact with TD Bank as a swap dealer counterparty. If they do, they have a legitimate basis to demand confirmation that TD Bank’s surveillance remediation has been completed as ordered by the CFTC before engaging in new derivative transactions.
• Share this story with anyone who manages financial compliance, works in a regulated industry, or believes that “too big to fail” and “too big to hold accountable” should not be synonyms.