Citigroup fined $400m over ‘long-standing’ problems with risk controls
The US investment bank has been fined for failing to establish effective risk management and internal controls
New York — Citigroup will pay a $400m (R6.6bn) US penalty and must seek the government’s sign-off for major acquisitions after regulators chided the bank for several persistent problems with its risk controls.
Citigroup was fined by the Office of the Comptroller of the Currency (OCC) for what the agency called an ongoing “failure to establish effective risk management and data governance programmes and internal controls”, according to a Wednesday statement. The OCC also demanded that Citigroup seek its approval before “significant new acquisitions” and reserved the right to require changes in senior management if the company doesn’t act quickly to address its shortcomings.
At the same time, the Federal Reserve issued a cease-and-desist order that directs the lender to “correct practices previously identified by the Board in the areas of compliance risk management, data quality management, and internal controls”.
The orders were “broadly anticipated” in the wake of the recent management changes, including the pending departure of CEO Michael Corbat, according to Credit Suisse Group analyst Susan Katzke, who noted that incremental spending to comply with regulators’ wishes should be mitigated by the bank’s recent gains in productivity.
The OCC’s unusually forceful rebuke restricts the lender’s ability to freely make even small acquisitions of nonbank companies or credit card portfolios. Anything beyond “hedging, market making and securitisation transactions” has to get advance approval from the agency, according to the order. If the bank doesn’t move quickly to fix its problems, the OCC threatened more actions — including the removal of top executives.
Still, the punishments fall short of what Wells Fargo faced in the wake of its sales-practices scandal. That misconduct prompted the Fed to institute an unprecedented growth cap on the company.
The Fed gave Citigroup a series of deadlines to analyse and report back on how it’s repairing multiple issues. Within 120 days, the Fed said the bank’s board of directors must submit a report detailing how it will hold senior management accountable and how executive compensation will be “consistent with risk management objectives.”
The orders mean the bank will be embarking on another round of costly, years-long investments in its risk infrastructure and controls just as Jane Fraser takes the helm as CEO in February.
“Citi has significant remediation projects under way to strengthen our controls, infrastructure and governance,” the bank said in a statement. ‘While we have made progress in each of these areas, we recognise that substantial improvement is still required to meet the standards we have set for ourselves and that our regulators expect of us.”
The bank noted it’s made structural changes to better comply with the regulators’ orders, including by hiring Karen Peetz as its new chief administrative officer to “steer these programs to completion.” The Fed’s order also requires Citigroup to make its general counsel in charge of compliance. The firm’s chief compliance officer now reports to Corbat.
The Fed mandated that Citigroup conduct a so-called gap analysis of its companywide risk management framework and controls. While the bank has already pledged that it would spend $1bn on improving those systems this year, the order says the lender will need to use the analysis to determine how to improve processes around three key areas: capital planning, liquidity risk management and compliance risk management.
Citigroup for years has been plagued by issues with its core operating systems, which were cobbled together through several acquisitions.
The Fed’s latest order comes more than seven years after the regulator first dinged Citigroup for failures in its firm-wide risk management programs, especially as it related to the company’s compliance with Bank Secrecy Act and anti-money laundering requirements. In 2014, Citigroup was rebuffed in the Fed’s annual stress test after the regulator found defects in the company’s ability to project losses and to assess all business risks.
“Citigroup has not adequately remediated the long-standing enterprise-wide risk management and controls deficiencies previously identified by the Federal Reserve,” the Fed said in its order on Wednesday.
The admonishments from regulators come just weeks after Citigroup mistakenly sent $900m to lenders of the cosmetics giant Revlon. The bank ultimately chalked the wayward payment up to employee error, noting it was in the middle of transitioning to new software for its syndicated loan business.
The ensuing legal battle was an embarrassment for the bank as many of the lenders balked at Citigroup’s pleas to return the funds. For regulators, who began scrutinising the mistaken payment within days, the incident was illustrative of broader problems at the bank.
“We appreciate the urgency of the tasks at hand and we are committed to fulfilling our obligations to all of our stakeholders,” Citigroup said in the statement.
Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.
Please read our Comment Policy before commenting.