Today, July 10, 2024, the Board of Governors said that Citigroup was ordered to pay a civil money penalty of $60,625,620 for various violations involving deficiencies. Citigroup agreed to the payment without making any admissions.
According to the Federal Reserve’s documents, the chronology of issues raised about Citigroup Inc. (“Citigroup”), which is a registered bank holding company that owns and controls Citibank, N.A., Sioux Falls, South Dakota (“Citibank”), a national bank, and various nonbank subsidiaries, are as follows:
- On October 7, 2020, Citigroup consented to an Order to Cease and Desist issued by the Board of Governors (the “2020 Order”) based on significant ongoing deficiencies in implementation and execution by Citigroup with respect to various areas of risk management and internal controls, including for data quality management and regulatory reporting, compliance risk management, capital planning, and liquidity risk management.
- The 2020 Order required Citigroup, among other things, to submit a plan to enhance its data quality management program, including data governance, and actions to ensure that appropriate compensating controls across Citigroup are implemented and maintained until the end state is achieved and functioning as intended.
- On October 7, 2020, Citibank consented to the issuance of a Consent Order by the Office of the Comptroller of the Currency (the “OCC”) to remedy deficiencies in its risk management, internal controls, and data governance and to the assessment of a $400 million civil money penalty (the “OCC Orders”).
- An examination conducted by the Federal Reserve Bank of New York (“Reserve Bank”) in 2023 found that Citigroup had ongoing deficiencies in data quality management and ineffective compensating controls to mitigate associated risks.
- An examination conducted by the Reserve Bank in 2023 regarding Citigroup’s remediation efforts related to the 2020 Order (the “2020 Order execution exam”) found that Citigroup’s progress in executing its plan to enhance its data quality management program under paragraph 4 of the 2020 Order, or toward the implementation of appropriate compensating controls has not been adequate.
The Federal Reserve added:
As a result of the deficiencies described above, Citigroup violated the 2020 Order through delays in completing milestones included in its approved plan to enhance its data quality management program and through inadequate measures for managing and controlling its data quality risks until the plan is implemented in full.
The Federal Reserve concluded:
… the 2020 Order violations described above warrant the assessment of a civil money penalty by the Board of Governors against Citigroup under section 8(i)(2)(B) of the Federal Deposit Insurance Act, as amended (the “FDI Act”) (12 U.S.C. § 1818(i)(2)(B)).
… the material failure to remediate the violations described herein may require additional and escalated formal actions by the Board of Governors against Citigroup, including additional penalties or additional affirmative corrective actions pursuant to section 8(b) of the FDI Act (12 U.S.C. § 1818(b)) or other applicable authorities.
… Citibank has consented to the issuance of a separate civil money penalty and amendment to the OCC Orders for related deficiencies at Citibank.
The Federal Reserve said this action was taken because “it is the common goal of the Board of Governors, the Reserve Bank, and Citigroup that Citigroup operates in a safe and sound manner and in compliance with all applicable federal and state laws, rules, and regulations and orders.”
