Citigroup is contending with the fallout from $136 million in surprise fines by regulators who are faulting the megabank for failing to clean up its compliance risk management and internal controls systems.
The Federal Reserve and the Office of the Comptroller of the Currency said Wednesday that Citi hasn't moved fast enough to correct certain deficiencies in its risk management programs or to meet certain milestones in a years-old remediation plan.
As a result of the alleged violations of the October 2020 consent orders, the Fed and the OCC assessed civil money penalties of $60.6 million and $75 million, respectively.
The OCC is also requiring Citi to file a board-approved plan within 30 days that outlines a process by which the bank will determine if "sufficient resources" are being directed toward "achieving timely and sustainable compliance," the agency said in an amendment to its original order.
In a separate order, the Fed warned that Citi could face "additional penalties or additional affirmative corrective actions" if there is a "material failure to remediate the violations."
In a research note published Thursday, analyst Vivek Juneja at JPMorgan Securities wrote that the latest round of fines "raises the question whether the team responsible for this fix needs a change."
"This is a negative indictment of management," Juneja wrote. "There is clearly frustration on the part of regulators, given that these issues have been under work for many years."
Shares in Citi, which is scheduled to report its second-quarter earnings on Friday, closed down 1.9% on Thursday.
The regulatory fines should not impact Citigroup's ability to pay dividends or buybacks, analysts say. The company announced last month that it plans to hike its quarterly dividend from 53 cents to 56 cents. It did not commit to restarting share buybacks, saying that it would assess that decision on a quarter-by-quarter basis.
The joint enforcement actions mark the latest round of regulatory trouble for Citi, which has long struggled with risk management and internal controls. In connection with the OCC's 2020 consent order with Citi, the agency assessed a $400 million civil money penalty against the bank.
Wednesday's fines come after the Federal Reserve Bank of New York conducted a review last year that found "ongoing deficiencies" in Citi's data quality management and "ineffective compensating controls" to lessen associated risks, according to the Fed. The review also determined that Citi's plan to improve its data quality management program as laid out in one of the 2020 consent orders was not "adequate," the Fed said in an order Wednesday.
Similarly, the OCC said that Citi has "failed to make sufficient and sustainable progress" toward complying with the agency's 4-year-old consent order, and that its "continuing noncompliance" with the enforcement action "constitutes unsafe or unsound practices." In addition, Citi "lacks processes to monitor the impact of data quality concerns on regulatory reporting," the OCC said in its latest order.
In a press release, acting Comptroller of the Currency Michael Hsu said that Citi "must see through its transformation and fully address in a timely manner its longstanding deficiencies."
"While the bank's board and management have made meaningful progress overall, including taking necessary steps to simplify the bank, certain persistent weaknesses remain," Hsu said.
In agreeing to pay the fines, Citi did not admit or deny the findings, the two regulators said.
The regulators' actions on Wednesday are not the first sign of concern about how quickly Citi has been moving. Last year, the Fed set certain deadlines by which the bank was to make changes to the way it measures certain risks, according to a Reuters article that cited unnamed sources.
The $2.4 trillion-asset bank also failed exams by the OCC that were meant to determine whether Citi was advancing on data integrity as much as it said it was, according to the Reuters story.
In response to the latest fines, Fraser said in a statement Wednesday that Citi has "intensified [its] focus and increased [its] investment" over the past several months in certain areas where the company has not made progress quickly enough, such as data quality management.
"We will get these areas where they need to be, as we have done in other areas of the transformation," Fraser said. "We're committed to spending what is necessary to address our consent orders … [and] we're confident we have the financial resources to support both our transformation and investment in our businesses [and] meet our strategic and financial goals."
Citi has been spending heavily to improve its risk management systems. The company has said that between 2021 and 2023,it spent $7.4 billion on technology, consultants and compensation related to the risk management overhaul, as well as on other efforts to modernize the bank.
Analyst Mike Mayo of Wells Fargo Securities likened the fines to a "bad report card" for Citi.
"They're passing a lot of classes, but they're failing data and regulatory reporting," Mayo said in an interview. He noted that Citi's board chair, John Dugan, is a former comptroller of the currency, and questioned why there seems to be a gap in communicating with regulators.
"They should at least be speaking the same language," Mayo said.
Juneja questioned whether the fines would impact special "transformation" bonuses to be paid to certain members of the executive management team and others involved in the overhaul. In August 2021, the board's compensation committee approved a performance-based bonus program to incentivize "effective execution" of the consent order programs.
Fraser is excluded from the bonus program. But the rest of the executive management team and about 250 other employees are eligible to participate, the company has said.
Piper Sandler's Scott Siefers, another analyst who follows Citi, said he doesn't think Citi is at a point where it needs to replace those executives who are running the overhaul. Fraser, along with Chief Financial Officer Mark Mason and other Citi executives "have been very candid" about areas in which the company is doing well and those where it "needs to run harder," Siefers said.
"This is a negative headline, I don't want to gloss over that," Siefers said. "But most investors, particularly those who know the story well, understand this is going to be a long process."
Update
This story has been updated to add commentary from analysts.
Annualized inflation increased to 2.7% in November from 2.6% the previous month, providing further evidence that the economy remains strong despite restrictive monetary policy.
President-elect Donald Trump may opt to bypass Democratic suggestions for minority party seats on the Federal Deposit Insurance Corp.'s board of directors, setting up potential conflicts with Senate leadership over regulatory appointments.
The top executives at some of the nation's largest banks spoke Tuesday about their expectations for the second Trump administration. Deregulation, capital rules, tariffs and inflation were all prominent topics.
The merger pairs the fintech's consumer lending platform with Gen Digital's identity-protection services, such as Norton, LifeLock and ReputationDefender.