WASHINGTON — The Federal Reserve Board ordered Citigroup (NYSE: C) to make several improvements to its anti-money-laundering programs, charging that the company "lacked effective systems of governance and internal controls" to monitor its compliance with the Bank Secrecy Act.
The Fed's 10-page consent order against Citi is yet another chapter in a catalog of AML-related mishaps for the largest institutions. Though the enforcement action provided little detail on the exact findings by the central bank, it follows other actions taken by other regulators against two of Citi's subsidiaries: Citibank, of Sioux Falls, S.D., and Banamex USA, which is based in California. The order originates from findings last year by the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency.
Citigroup was ordered to take several steps to correct flaws in its AML oversight, including ensuring that it serves as a "source of strength" to its subsidiaries, enhancing board oversight of its BSA compliance program and making improvements to its compliance risk management.
"Within 60 days of this order, Citigroup shall submit an acceptable written plan to the … [Federal Reserve Bank of New York] to continue to improve the governance, structure, and operations of the compliance risk management program with regard to BSA/AML Requirements and the regulations issued by the Office of Foreign Assets Control of the United States Department of the Treasury," the order said.
Under the 10-page consent order filed by the Fed, Citi and its affiliated subsidiaries will be required to take appropriate steps to remedy deficiencies in the firm's BSA/AML compliance program.
In a statement, Citi said it "has made substantial progress in strengthening its" BSA and AML compliance based on issues raised by the other last year. "Citi continues to take the appropriate steps to address remaining requirements and build a strong and sustainable program," it said.
The Fed said the company "lacked effective systems of governance and internal controls to adequately oversee the activities of the banks with respect to legal, compliance, and reputational risk related to the banks' respective BSA/AML compliance programs."
The order said the enforcement action does not serve as an "admission or denial" by Citi of any allegations, but rather is for the purpose of settling the matter without any formal proceedings.
Citi agreed to use its financial and managerial resources as a source of strength for each of its banks and ensure that each subsidiary complies with the Fed's consent order. The company is also required to submit two reports within 60 days and complete a review of the effectiveness of its compliance program within 90 days to the New York Fed. In the first report, Citi's board of directors is required to submit to the New York Fed a plan on the improvements it will make to overall BSA compliance.
The plan, the Fed said, should address: funding for personnel, systems and resources needed to operate a BSA/AML compliance risk management program; policies to encourage a proactive approach to identifying, communicating and managing compliance risks across the firm; and measures to ensure the resolution of a BSA/AML-related audit.
The second submission will outline steps for executing on improvements to the governance, structure and operations of the firm's compliance risk management. For example, Citi must address what the optimum structure and composition is of Citi's compliance committee to provide the best firmwide oversight. The company also must outline the duties and responsibilities of the heads of compliance for each global business lines.
The enforcement action also requires Citi to complete a self-review evaluating the effectiveness of its firmwide compliance program and prepare a report of its findings and recommendations for further improvements.
Separately, Citi's board of directors will have 120 days to submit a plan to the New York Fed describing future actions Citi will take to continue to strengthen the management and oversight of BSA and AML compliance.
At the end of each quarter, Citi will have 30 days to submit a progress report to supervisors detailing its actions to comply with the consent order.