Citi has been fined $135.6 million by US regulators for failing to make enough progress on fixing risk management and data governance deficiencies four years on from a cease and desist order.
The Office of the Comptroller of the Currency (OCC) has amended the cease and desist order and fined Citi $75 million. The Federal Reserve Board has added a $60.6 million fine for violation of its 2020 enforcement action.
The OCC issued the original order and hit Citi with a $400 million fine for failing to correct deficiencies in enterprise-wide risk management, compliance risk management, data governance, and internal controls.
That was "based on the bank’s unsafe or unsound banking practices for its long-standing failure to establish effective risk management and data governance programmes and internal controls".
The order came after Citi, in 2013, entered into a consent agreement with the Fed to clean up its anti-money-laundering compliance programme, and in 2015 was ordered to strengthen compliance and control in foreign exchange activities.
The order required the bank to take prompt action to improve risk management, data governance, and internal controls.
However, the amendment now comes after what the OCC calls the bank’s "failure to meet remediation milestones and make sufficient and sustainable progress".
Acting Comptroller of the Currency Michael Hsu says: “While the bank’s board and management have made meaningful progress overall, including taking necessary steps to simplify the bank, certain persistent weaknesses remain, in particular with regard to data. Today’s amendment requires the bank to refocus its efforts on taking necessary corrective actions and ensuring appropriate resources are allocated for this purpose.”