Federal banking regulators on Wednesday fined
$400 million and ordered the nation’s third-largest bank to fix its risk-management systems, citing “significant ongoing deficiencies.”
In a consent order agreed to by the New York bank’s board, the Federal Reserve faulted Citigroup for falling short in “various areas of risk management and internal controls” including data management, regulatory reporting and capital planning. The Office of the Comptroller of the Currency, in a separate consent order, said the fine was punishment for the bank’s “longstanding failure” to remedy problems in its risk and data systems.
The Wall Street Journal earlier reported that the Fed and the OCC were planning to reprimand Citigroup for failing to improve its risk-management systems—an expansive set of technology and procedures designed to detect problematic transactions, risky trades and anything else that could harm the bank.
“We are disappointed that we have fallen short of our regulators’ expectations, and we are fully committed to thoroughly addressing the issues identified in the Consent Orders,” the bank said. “Citi has significant remediation projects under way to strengthen our controls, infrastructure and governance.”
The public rebuke marks a major escalation of regulators’ efforts to get Citigroup to fix its risk systems. For years, the Fed and the OCC have privately pushed Citigroup Chief Executive Michael Corbat to give priority to an overhaul of the systems. Their decision to issue consent orders requiring the changes indicates the pressure they were exerting behind the scenes wasn’t enough.
The reprimand, in the works for several months, accelerated planning for Mr. Corbat’s retirement. Mr. Corbat, who said last month that he would step down in February, felt the expensive, multiyear overhaul was best left in the hands of his successor, Jane Fraser, the Journal previously reported.
The punishment, while substantial, is gentler than the rebuke Wells Fargo & Co. got for weaknesses in its risk-management systems brought to light by its 2016 fake-account scandal. The OCC in early 2018 fined the bank more than $1 billion, and the Fed imposed an unprecedented growth cap on the bank.
At issue at Citigroup is the infrastructure underpinning its systems meant to identify risk and protect customer data.
Many of Citigroup’s various businesses, for example, run on their own independent systems that have their own methods for tracking customers and transactions. There are hundreds of identification systems inside the bank. A customer doing business with multiple parts of the bank could have different identification codes for each one.
Regulators have long fretted that the hodgepodge of systems, a legacy of a string of deals in the 1990s that turned Citigroup into a financial powerhouse, could make the bank vulnerable to costly and potentially damaging missteps. A recent high-profile error—Citigroup’s accidental $900 million payment to creditors of cosmetics company
—gave credence to their concerns.
The consent orders from the OCC and Fed leave Citigroup with a lengthy to-do list. The regulators ordered the bank to form a new board committee to oversee the risk overhaul and to develop plans for holding management accountable.
The OCC order requires Citigroup to seek approval for any acquisition and gives the regulator power to order the bank to replace managers or directors. The Fed and the OCC already broadly exercise veto power over big purchases.
In its order, the OCC called out Citigroup’s procedures for reporting problems within the bank to the board of directors and its leaders’ lack of “clearly defined roles and responsibilities.” It said the bank failed to comply with “multiple laws and regulations,” including the Fair Housing Act.
The risk-management overhaul is expected to be an expensive undertaking. Chief Financial Officer Mark Mason has said the bank would spend $1 billion on the work this year alone.
Analysts have said that a pricey overhaul and enhanced regulatory scrutiny would weigh on the bank’s profitability, which already lags behind that of its peers. They also said a regulatory reprimand could raise fresh concerns that the bank remains too big to manage, spurring a breakup.
The task of satisfying regulators’ demands largely will fall to the bank’s incoming CEO. Ms. Fraser, currently Citigroup’s president and the head of its consumer bank, has been tapped numerous times to tackle the bank’s thorniest problems.
Write to David Benoit at [email protected]
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8