The $136 million in fines imposed Wednesday on Citigroup came on top of a $400 million civil money penalty that the Office of the Comptroller of the Currency assessed back in 2020.
Benjamin Girette/Bloomberg
Citigroup has agreed to pay a total of $136 million for violating a pair of consent orders that require the megbank to clean up its compliance risk management and internal controls systems.
The Federal Reserve Bank and the Office of the Comptroller of the Currency said Wednesday that Citi hasn’t moved fast enough to correct certain deficiencies in its risk management programs or to meet certain milestones in a years-old remediation plan.
As a result of violations of the October 2020 consent orders, the Fed and the OCC assessed civil money penalties of $60.6 million and $75 million, respectively.
Last year, the Federal Reserve Bank of New York conducted a review that found “ongoing deficiencies” in Citi’s data quality management and “ineffective compensating controls” to lessen associated risks, according to the Fed. The review also determined that Citi’s plan to improve its data quality management program as laid out in one of the 2020 consent orders was not “adequate,” the Fed said in an order Wednesday.
Similarly, the OCC said that Citi has “failed to make sufficient and sustainable progress” toward complying with the agency’s four-year-old consent order, and that its “continuing noncompliance” with the enforcement action “constitutes unsafe or unsound practices.” In addition, Citi “lacks processes to monitor the impact of data quality concerns on regulatory reporting,” the OCC said in its latest order.
In agreeing to pay the fines, Citi did not admit or deny the findings, the two regulators said.
The joint enforcement actions mark the latest round of regulatory trouble for Citi, which has long struggled with risk management and internal controls. In connection with the OCC’s 2020 consent order with Citi, the agency assessed a $400 million civil money penalty against the bank.
The regulators’ actions on Wednesday are not the first sign of concern about how quickly Citi has been moving. Last year, the Fed set certain deadlines by which the bank was to make changes to the way it measures certain risks, according to a Reuters article that cited unnamed sources.
The $2.4 trillion-asset bank also failed exams by the OCC that were meant to determine whether Citi was advancing on data integrity as much as it said it was, according to the Reuters story.
In response to the latest fines, Fraser said in a statement Wednesday that Citi has “intensified [its] focus and increased [its] investment” over the past several months in certain areas where the company has not made progress quickly enough, such as data quality management.
“We will get these areas where they need to be, as we have done in other areas of the transformation,” Fraser said. “We’re committed to spending what is necessary to address our consent orders … [and] we’re confident we have the financial resources to support both our transformation and investment in our businesses [and] meet our strategic and financial goals.”
Citi has been spending heavily to improve its risk management systems. The company has said that between 2021 and 2023, it spent $7.4 billion on technology, consultants and compensation related to the risk management overhaul, as well as on other efforts to modernize the bank.
The OCC said the penalty it issued Wednesday will serve as an amendment to its 2020 consent order. In a press release, acting Comptroller Michael Hsu said Citi “must see through its transformation and fully address in a timely manner its longstanding deficiencies.”
“While the bank’s board and management have made meaningful progress overall, including taking necessary steps to simplify the bank, certain persistent weaknesses remain,” Hsu said.