Citigroup is stripping chief operating officer Anand Selva of his full responsibility for data compliance after the bank was hit with $136 million in fines for its failure to address long-standing deficiencies in risk management and data governance.
The FT has the scoop, citing four people familiar with the changes. According to the report Selva will share responsibility for data compliance with Tim Ryan, the former accountant and top PwC partner who joined Citi in June.
The move follows a string of compliance failures by Citi dating as far back as 2020, when the Office of the Comptroller of the Currency (OCC) issued a cease and desist order accompanied by a hefty $400 million fine over serious deficiencies in the bank's enterprise-wide risk management, compliance, data governance, and internal controls.
At the time, Citi blamed defective software dating from the 1990s as the cause of a $1 billion wire transfer screw up that precipitated the OCC's investigation.
In May, the bank was again fined £62mn for failing to catch a $1.4bn trading error that briefly shook European markets.
The latest $136 million penalty was levied in June following the inaccurate reporting of tens of billions of dollars of loans to regulators.
Despite drafting thousands of new staff, the bank has consistently missed milestones and shown a lack of sustainable progress amid persistent weaknesses in data governance.
The changes at the top makes Ryan, the bank’s chief technology officer, the third senior Citi executive in three years to oversee the task of fixing the bank’s data problems.
To top it all, Citi is currently fighting a lawsuit lodged by a former employee who claims the bank terminated her contract for allegedly refusing to provide regulators with false information. The employee, Kathleen Martin, filed the lawsuit in New York district federal court, alleging that COO Selva instructed her to hide “critical information” from the OCC on Citi’s data governance metrics to keep the bank from “looking bad”.
The metrics Martin was allegedly asked to falsify refers to the 2020 consent order from the OCC, which instructed the bank to put an end to deficiencies in their risk management and data governance controls.