Citibank has agreed to pay a $400 million fine and overhaul its internal data protection, compliance and risk management controls to settle enforcement actions taken by two US regulators.
The fine was issued by the US Treasury’s Office of the Comptroller of the Currency in parallel with a separate action by the Federal Reserve Board. The Office said that the fine was based on Citibank’s "longstanding failure to establish effective risk management and data governance programs and internal controls.”
The OOC said that the issues dated back to 2013 but had not been adequately addressed.
Meanwhile, the Federal Reserve said that it was taking action against Citigroup, the bank’s holding company, for its alleged failure to take "prompt and effective actions to correct practices previously identified by the board in the areas of compliance risk management, data quality management and internal controls”, among other reasons.
The company was not ordered to pay a separate fine, but has been issued a cease-and-desist order requiring it to submit plans for how it will improve internal compliance and risk management controls.
In a statement, Citibank said that it was committed to improving its standing with the regulators and would commit $1 billion to risk management-related programmes this year.
[ymal]
"We are disappointed that we have fallen short of our regulators' expectations, and we are fully committed to thoroughly addressing the issues identified in the Consent Orders," Citibank said. "The entire management team is committed to achieving operational excellence and a best-in-class risk and control environment."
The regulators’ actions come less than a month after Citigroup announced the retirement of Michael Corbat, who has served as the company’s chief executive since 2012. He will be replaced by Jane Fraser, the group’s current president and chief executive of global banking, who will be the first woman to lead a major US bank.