EDITOR NOTE: For its failure to bolster its security and risk management systems, Citigroup is being fined $400 million. It’s also required, as before, to take corrective action toward improving its data governance, risk management, and internal controls. The bank has been accused of allowing too many errors “slip through the cracks,” from deficiencies in its anti-money laundering efforts to that embarrassing incident of an accidental $900 million payment to lenders of Revlon last summer. It’s likely that such a tendency toward missteps may not be uncommon character traits among large banks; not as long as they’re profiting--the bottom line. Bear in mind, however, that these’ risk-lax financial institutions are the ones holding your money.
Bank regulators formally ordered Citigroup to improve its risk management and internal controls following years of concerns that the megabank has let too many errors slip through the cracks.
The Office of the Comptroller of the Currency on Wednesday announced a $400 million fine against the company's primary banking subsidiary and said it will require Citi to seek the agency's nonobjection before making new acquisitions. In an accompanying enforcement action, the Federal Reserve said it will require the bank to conduct a “gap analysis” of its risk management framework and internal controls system to determine what enhancements need to be made.
The actions follow a Fed consent order against Citi in 2013, which identified deficiencies in the bank’s anti-money-laundering compliance program, and a separate consent order the Fed issued against Citi in 2015 related to its compliance and control infrastructure.
Those deficiencies have not yet been “adequately remediated,” the Fed said in Wednesday’s order.
More recently, Citi has been scrutinized over an accidental $900 million payment it made to lenders of the cosmetics company Revlon that came to light in August. Citi is currently locked in a legal battle in an attempt to recover that money.
As the mistaken payment raised further questions about Citi’s internal controls, CEO Michael Corbat last month abruptly announced his retirement, which will take effect in February. Jane Fraser, Citi's president and CEO of the global consumer bank, will succeed him and become the first woman to lead a major U.S. bank.
A formal crackdown by the regulators was widely expected following a report in The Wall Street Journal saying the Fed and the OCC were preparing an enforcement action.
Under the Fed's order, Citi will also have to submit a plan to bolster its data quality management program and compliance risk management program, and it will need to submit a plan within 120 days describing what actions the company's board of directors will take to hold senior management accountable for improvements.
The OCC will also require Citi “to take broad and comprehensive corrective actions to improve risk management, data governance and internal controls,” and will also retain the authority to impose additional restrictions and require changes in senior management or on the board, the agency said in a press release.
Originally posted on American Banker