A broker-dealer subsidiary of TD Bank agreed to pay a $600,000 penalty levied by the Financial Industry Regulatory Authority (FINRA) for allegedly failing to review millions of employee emails as required by the self-regulatory organization’s rules.

TD Private Client Wealth failed to establish and maintain a supervisory system reasonably designed to achieve compliance with its obligation to review correspondence and internal communications, said FINRA in its disciplinary action published Monday.

The details: From February 2013 through July 2022, TD Private Client Wealth’s written procedures failed to establish steps to add the email accounts of new employees to the review queue, according to FINRA. As a result, nearly 50 percent of new employees were not placed into the queue within five days of their hiring, and some employees went years without being added.

“Due to the lack of reasonable written procedures, there were miscommunications between multiple departments about whether the email accounts had been placed into the queue and misunderstandings about which department was responsible for carrying out particular steps required to place an account into the queue,” FINRA said. “As a result, the firm failed to review approximately 3.5 million emails, from 691 employee email accounts, for varying periods of time during the relevant period.”

TD Private Client Wealth violated FINRA’s rules requiring firms review incoming and outgoing electronic correspondence and internal communications relating to their securities business, according to the organization.

Compliance considerations: FINRA further faulted the firm for deficiencies in its verification procedures, which included ad hoc and manual practices deemed “not reasonable given the volume of employees (860) the firm onboarded during the relevant period.”

TD Private Client Wealth also allegedly failed to address red flags that employee email accounts were missing from the review queue. When the compliance team flagged accounts not being reviewed, there was no follow-up to ensure the information technology team promptly addressed the matter, according to FINRA.

“Further, the firm did not reasonably investigate why the email accounts were missing and whether any other email accounts were missing until after FINRA commenced its investigation,” the organization said.

Firm response: “Based on our rigorous internal review, TD Private Client Wealth is enhancing its policies and procedures to ensure more timely and appropriate email review,” said the firm in an emailed statement. “We continually work to strengthen our internal controls to meet our regulatory obligations.”