Citi hit with pair of enforcement actions, fined $400M
WASHINGTON — Bank regulators formally ordered Citigroup to improve its risk management and internal controls following years of concerns that the megabank has let too many errors slip through the cracks.
The Office of the Comptroller of the Currency on Wednesday announced a $400 million fine against the company's primary banking subsidiary and said it will require Citi to seek the agency's nonobjection before making new acquisitions. In an accompanying enforcement action, the Federal Reserve said it will require the bank to conduct a “gap analysis” of its risk management framework and internal controls system to determine what enhancements need to be made.
The actions follow a Fed consent order against Citi in 2013, which identified deficiencies in the bank’s anti-money-laundering compliance program, and a separate consent order the Fed issued against Citi in 2015 related to its compliance and control infrastructure.
Those deficiencies have not yet been “adequately remediated,” the Fed said in Wednesday’s order.
More recently, Citi has been scrutinized over an accidental $900 million payment it made to lenders of the cosmetics company Revlon that came to light in August. Citi is currently locked in a legal battle in an attempt to recover that money.
As the mistaken payment raised further questions about Citi’s internal controls, CEO Michael Corbat last month abruptly announced his retirement, which will take effect in February. Jane Fraser, Citi's president and CEO of the global consumer bank, will succeed him and become the first woman to lead a major U.S. bank.
A formal crackdown by the regulators was widely expected following a report in The Wall Street Journal saying the Fed and the OCC were preparing an enforcement action.
Under the Fed's order, Citi will also have to submit a plan to bolster its data quality management program and compliance risk management program, and it will need to submit a plan within 120 days describing what actions the company's board of directors will take to hold senior management accountable for improvements.
The OCC will also require Citi “to take broad and comprehensive corrective actions to improve risk management, data governance and internal controls,” and will also retain the authority to impose additional restrictions and require changes in senior management or on the board, the agency said in a press release.