What is a monitorship and when is one imposed on a bank?
Quick answer
A monitorship is an independent oversight arrangement where a court or federal regulator appoints a third-party monitor to verify a bank's compliance with a consent order or deferred prosecution agreement. Banks typically receive monitorships after serious, systemic AML or BSA violations. The monitor reports to the regulator, not the bank. The bank pays all costs. ---
The full answer
A monitorship is an independent oversight mechanism imposed on a bank after serious, systemic compliance failures. A court or federal regulator appoints a third-party monitor to verify the bank's adherence to a consent order, deferred prosecution agreement (DPA), or non-prosecution agreement (NPA). The monitor reports to the regulator, not the bank. The bank pays all costs.
This isn't the first step in enforcement. It's usually the last, or close to it. What happens when a bank fails an AML exam describes the earlier rungs: findings letters, matters requiring attention (MRAs), consent orders. A monitorship arrives when those tools haven't worked, or when the underlying violations were serious enough to warrant criminal resolution.
Three agencies impose most U.S. bank monitorships. The Department of Justice attaches them to DPAs and NPAs for BSA and FCPA violations. The OCC imposes them through formal agreements when a bank has missed prior remediation milestones. FinCEN uses them alongside DOJ actions in cases of willful blindness.
The HSBC case is the benchmark. In December 2012, HSBC agreed to a five-year DPA after the DOJ found it had processed at least $881 million in Sinaloa Cartel and FARC drug proceeds, and had stripped identifying information from SWIFT messages to avoid OFAC screening. A DOJ-appointed independent compliance monitor was installed. The monitorship ran until December 2017. HSBC paid approximately $100 million in monitoring costs, separate from the $1.92 billion settlement. (DOJ press release, December 2012)
In October 2024, TD Bank became the first U.S. bank to plead guilty to BSA conspiracy charges. Its $3.09 billion settlement included a monitorship after DOJ and FinCEN found the bank had failed to monitor over $18.3 trillion in customer activity between 2018 and 2023. Three money laundering networks moved over $670 million through its accounts. The OCC simultaneously imposed an asset cap blocking U.S. expansion until the monitor certifies satisfactory remediation. (DOJ press release, October 2024)
Monitorships typically run two to five years, with possible extensions. Binance's November 2023 settlement with DOJ and FinCEN, totaling $4.3 billion, includes a five-year monitorship after the exchange processed transactions for sanctioned entities and operated without basic AML controls.
Why this matters
For compliance officers and CISOs, the risk isn't the monitorship itself. It's the pattern that produces one.
Every monitorship on record followed years of exam findings and consent orders that didn't hold. DOJ and FinCEN don't impose monitorships for one-off violations. They impose them when the exam record shows repeated failures, when management has misrepresented remediation progress, or when the scheme's structure suggests the institution knew and looked away.
The failure modes are detectable before they compound. Chronic SAR filing backlogs appear in examination reports and MRA letters. High false positive rates in transaction monitoring signal that alert logic isn't calibrated to actual risk. Stale customer risk ratings mean the institution doesn't know its own book. These findings accumulate across cycles.
Examiners focus on whether CDD and EDD processes are functioning at onboarding and periodic review, and on whether the bank applies FinCEN's suspicious activity standards consistently at the alert review level. When these gaps persist after prior supervisory feedback, the agency's position hardens.
TD Bank illustrates the operational consequence clearly. The settlement didn't just impose a monitorship; it paired the monitorship with an asset cap. That combination, financial penalty plus operational restriction held in place by an independent monitor, is what boards and executives fear most. The monitorship is the mechanism that keeps the cap from lifting.
What triggers a regulatory exam is the upstream question. By the time a monitorship is under discussion, the institution is already several exam cycles into a documented failure pattern. The DOJ's Corporate Enforcement Policy, revised in 2023, formalizes the criteria: monitors are appropriate when there's a demonstrable need for independent verification, when the company has a poor remediation track record, or when the nature of the offense creates ongoing recurrence risk. For banks with clean exam histories and functioning controls, those criteria are hard to meet.
Can AI be used for AML transaction monitoring? is a practical question in this context. Modernizing monitoring capabilities before exam findings accumulate is one of the few reliable ways to stay off the path toward a DPA. Regulators have explicitly encouraged risk-based, technology-assisted approaches. The technology doesn't eliminate human accountability for who files the SAR or how escalation decisions are made, but it does address the alert volume and false positive problems that show up in examination findings year after year.
Related questions
- What happens when a bank fails an AML exam?
- What triggers a regulatory exam?
- How long do banks have to file a SAR?
- What is the penalty for a missed CTR?
- Can AI be used for AML transaction monitoring?
Related concepts and regulations
- What is the difference between CDD and EDD?
- How does FinCEN define suspicious activity?
- What percentage of AML alerts are false positives?
- How often should customer risk ratings be refreshed?
- Who files a SAR: the MLRO or the compliance officer?