U.S. Regulators Prepare to Reprimand Citigroup for Failing to Improve Risk Systems
15 Sep 2020

Federal regulators are preparing to reprimand Citigroup Inc. for failing to improve its risk-management systems—an expansive set of technology and procedures designed to detect problematic transactions, risky trades and anything else that could harm the bank.

The expected rebuke from the Office of the Comptroller of the Currency and the Federal Reserve accelerated planning for Chief Executive Michael Corbat’s retirement, according to people familiar with the matter. Regulators didn’t ask Mr. Corbat to step down, the people said. Rather, he came to believe that an expensive, multiyear systems overhaul designed to address regulators’ concerns was best left in the hands of his successor, Jane Fraser, they said.

Citigroup on Thursday said Mr. Corbat will retire in February, surprising analysts and investors who expected him to remain in the job for a few more years.

A consent order likely would require Citigroup to develop and execute a plan to fix its risk systems, the people said. Such formal regulatory actions sometimes come with fines or stricter oversight, but it isn’t clear what, if any, punishment would be imposed, they said.

“We are completely committed to improving our risk and control environment,” a Citigroup spokeswoman said, citing the bank’s efforts to strengthen controls, infrastructure and governance. “However, while we have made significant and demonstrable progress in each of these areas, we recognize that we are not yet where we need to be and that has to change.”

Citigroup’s shares closed down 5.6% to $48.15 after The Wall Street Journal reported the expected regulatory action. The KBW Nasdaq Bank Index rose 1.8%.

For years, regulators have privately pressed Citigroup and Mr. Corbat to fix the bank’s risk systems, according to people familiar with the matter. A public rebuke would significantly ratchet up the pressure. The Fed and the OCC have many tools at their disposal to address problems out of the public eye. A consent order indicates that those methods didn’t achieve the desired results.

Regulators have faulted Citi’s management for not giving priority to the risk-management overhaul, the people said. A recent high-profile flub, Citigroup’s accidental $900 million payment to creditors of cosmetics company Revlon Inc., was seen as evidence of weaknesses in the system, the people said.

Mr. Corbat, who has run the bank since 2012, had been expected to retire sometime around 2022. Citigroup last year elevated Ms. Fraser to president and put her in charge of its consumer bank, a move that established her as the front-runner to succeed Mr. Corbat.

Mr. Corbat was quietly planning a 2021 exit but hadn’t discussed the exact timing with Ms. Fraser or the board, some of the people said. Over the Labor Day weekend, he decided he would retire after closing out 2020, in part because of the work needed to address regulators’ concerns, the people said.

In memos to Citigroup staff Thursday, both Mr. Corbat and Ms. Fraser acknowledged that the bank needs to transform its internal systems for risk and compliance.

Mr. Corbat is widely credited with sharpening the bank’s focus and reducing its sprawl during his eight years as CEO. Yet the bank has long struggled to convince regulators that it was moving fast enough to address their concerns.

The Federal Reserve in 2014 gave Citigroup a failing grade on its annual stress test, citing the bank’s ability to assess risk in its capital planning. The bank revamped its risk models and hired more compliance employees. It hasn’t failed the test since.

Citigroup is still operating under consent orders from 2012 and 2013 that required it to improve its anti-money-laundering processes. The OCC fined it in 2017 for failing to comply with the 2012 order.

At issue now is the infrastructure underpinning its broader risk systems, a legacy of a string of deals in the 1990s that transformed the bank into a financial supermarket.

For instance, many of Citigroup’s various businesses—commercial banking, credit cards, corporate-advisory services, to name a few—run on their own independent systems that have their own methods for tracking customers and transactions. There are hundreds of identification systems inside the bank. A customer doing business with several parts of the bank could have different identification codes for each one.

By David Benoit and Ben Eisen, The Wall Street Journal, 14 September 2020

Read more at The Wall Street Journal

RiskScreen: Eliminating Financial Crime with Smart Technology

Advance your CPD minutes for this content, by signing up and using the CPD Wallet