TL;DR: Global organisations faced £1.23 billion in KYC/AML penalties in H1 2025. TD Bank's £3 billion fine was not really about money laundering. It was about a verification system that could not answer basic questions when regulators asked. This is a breakdown of what KYB regulations actually demand at the system level, where most implementations break, and the architecture decisions that hold up under scrutiny.
We have spent six years building compliance infrastructure, and the thing I have learned is that regulations do not care about your architecture. They care about outcomes. You can have clean code and still fail an audit if your system cannot retrieve evidence when someone asks for it.
That is exactly what happened to TD Bank.
The incident that defines the requirement
TD Bank's £3 billion penalty came with operational restrictions, leadership changes, and decade-long compliance monitoring. When regulators asked about beneficial ownership structures, the bank's fragmented KYB processes could not provide coherent answers. The data existed somewhere. They just could not assemble it into a story that held together.









