Citi details risk system triage

Register now

Citigroup says it’s crafting a deeply detailed plan to overhaul its risk management and internal controls program that will not only address gaps in the system, but try to figure out how those gaps got there.

In her first public appearance as chief administrative officer, Karen Peetz said Tuesday there’s “no question” Citi “fell short” in delivering in the area of risk and controls, so it is taking a wide view of the program and the deficiencies identified by federal regulators to ensure lasting change.

“We have been given the latitude to truly take a step back in answering the consent order requirements to say,What is our end state [and] how will we construct this to be an end-to-end solution instead of perhaps looking at something in too narrow of a fashion?’ ” Peetz said during the second day of Bank of America’s Future of Financials 2020 virtual conference.

“As a result, we’re going to be looking at root causes, what caused us to not be able to close some of these gaps in the past in a very positive way," she said. "We believe we can actually leapfrog to a future state that’s going to be a lot more resilient than it would be if we just kind of kept going along, business as usual.”

The $2.2 trillion-asset company, which has struggled with risk management and internal controls issues in the past, drew the attention of regulators once again when it accidentally paid $900 million in August to creditors of the cosmetics company Revlon. Executives have blamed the mistake on human error. Last month, the Federal Reserve and the Office of the Comptroller of the Currency hit Citigroup with enforcement actions and a $400 million civil money penalty for failing to correct long-standing risk-related problems.

Peetz, who was president of Bank of New York Mellon for three years starting in 2013, came out of retirement in June to take the newly created chief administrative officer role at Citigroup. A onetime commercial banker at JPMorgan Chase, Peetz is also a former member of the Wells Fargo board who chaired its risk committee at the height of Well’s phony-accounts scandal.

On Tuesday, she called her new job a “coordination role” that’s focused on improving engagement with regulators and leading risk and control changes across the company. She said her first assignment was to conduct a “listening tour” to meet with the members of the executive management team, every member of Citi’s board and its major regulators.

“I asked each of them the same two questions: ‘How did we get here? Why are we at this place?’ and then ‘What should we do about it?’” Peetz said. “And I would say that the ‘How did we get here?’ [question] had two components. There was a bit of a cultural component, which we're going to need to very much break down some of the silos that we had … [and] from a process perspective we often were solving smaller problems versus looking at the total picture.”

Peetz’s comments come one week after Citigroup said Chief Risk Officer Brad Hu would step down at the end of the year. A search for Hu’s replacement is underway, the company said.

To start making changes, Citi has created a “transformation oversight committee” led by Chairman John Dugan that includes high-ranking board members, Peetz said. Simultaneously, it has set up a steering committee led by incoming CEO Jane Fraser and program groups to handle risk and controls, data quality management, compliance risk management and capital planning and reporting.

In addition to those four areas — all of which were called out in the consent orders — the company is also tweaking internal culture in terms of accountability and governance, simplifying certain business operations to reduce the number of technology platforms and creating more efficient interactions with the board.

Peetz said the reaction to the overhaul initiative has been positive so far.

“We are finding people volunteering [to help]. Every day, I get an email from somebody who wants to be signed up for one of these programs,” she said. “And we are beginning to get the energy and the alignment that we absolutely need to do this differently starting now.”

Two questions that Peetz couldn’t answer Tuesday: How much will the transformation cost, and how long is it going to take? So far, outgoing CEO Michael Corbat and Chief Financial Officer Mark Mason have only disclosed that the company has spent about $1 billion this year to enhance infrastructure, risk and controls and that the process for such an overhaul will take years.

Peetz said there is a great sense of urgency to get the job done, no matter how long it takes.

“Job No. 1 now, until it’s over, is to get ourselves on the right path,” she said.

For reprint and licensing requests for this article, click here.
Enforcement Compliance Corporate governance Risk management Internal controls Women in Banking Karen Peetz OCC Federal Reserve Citigroup