Citi was fined $135.6 million by U.S. regulators for failing to make sufficient progress in correcting deficiencies in risk management and data governance four years after the cease-and-desist order.
The Office of the Comptroller of the Currency (OCC) modified the cease-and-desist order and fined Citi $75 million. The Federal Reserve Board has imposed a $60.6 million fine for violating its 2020 enforcement action.
The OCC issued the original order fining Citi $400 million for failing to address deficiencies in enterprise risk management, compliance risk management, data governance and internal controls.
This was based “on the bank’s unsafe or unsound banking practices and its long-standing failure to establish effective risk management and data governance programs and internal controls.”
The order came after Citi entered into a consent agreement with the Fed in 2013 to clean up its anti-money laundering compliance program, and in 2015 it was ordered to strengthen compliance and controls over foreign exchange activities.
The order required the bank to take immediate action to improve risk management, data management and internal controls.
However, the change now comes after the bank “failed to meet recovery milestones and make sufficient and sustained progress,” according to the OCC.
Acting Comptroller of the Currency Michael Hsu says: “While the Bank’s board and management have made significant progress overall, including taking necessary steps to simplify the Bank, certain persistent weaknesses remain, particularly with respect to data.” Today’s change requires the Bank to refocus its efforts on taking the necessary corrective actions and ensuring that adequate resources are allocated for this purpose.”