Federal banking regulators have imposed a combined $136 million in fines on Citigroup Inc. and its subsidiary Citibank, N.A. for ongoing deficiencies in risk management, internal controls, and data governance.

Regulators Slap Citigroup with $136 Million in Fines for Risk Management Failures

The Federal Reserve Board levied a $60.6 million civil money penalty against Citigroup, while the Office of the Comptroller of the Currency (OCC) assessed a $75 million fine. These actions stem from the banking giant's failure to adequately address longstanding issues identified in enforcement orders issued by both regulators in October 2020, when the institution already paid $400 million.

"Citibank must see through its transformation and fully address in a timely manner its longstanding deficiencies," said Acting Comptroller of the Currency Michael J. Hsu. "While the bank's board and management have made meaningful progress overall, including taking necessary steps to simplify the bank, certain persistent weaknesses remain, in particular with regard to data."

The Federal Reserve's penalty follows a 2023 examination that found Citigroup had made insufficient progress in enhancing its data quality management program and implementing appropriate compensating controls to mitigate associated risks. These shortcomings constitute violations of the 2020 cease and desist order, which mandated significant improvements in Citigroup's risk management and internal control practices.

The OCC's amended enforcement action requires Citi to prioritize remediation work, including through the allocation of sufficient resources. The regulator cited the bank's failure to meet remediation milestones and make sufficient and sustainable progress towards compliance with the 2020 order.

Both regulators emphasized the need for Citigroup to accelerate its efforts to address these longstanding issues. The penalties underscore the ongoing challenges faced by one of the world's largest financial institutions in modernizing its risk management and data systems.

Jane Fraser, the CEO of Citigroup, addressed the imposed penalties in a statement on Wednesday, saying, "We've always said that progress wouldn't be linear, and we have no doubt that we will be successful in getting our firm where it needs to be in terms of our transformation. We're committed to spending what is necessary to address our consent orders.

Citigroup has consented to the orders without admitting or denying any allegations. The penalties will be remitted to the US Department of the Treasury. The regulators warned that further material failures to remediate these violations could result in additional penalties or corrective actions under the Federal Deposit Insurance Act.

Algo Trading Violations

These are not the only penalties that Citigroup has received in recent months. Several weeks ago, Germany's financial regulator, BaFin, imposed a €12.975 million ($13.82 million) fine on Citigroup Global Markets Europe AG for breaching obligations related to algorithmic trading under the country's securities trading laws.

A month earlier, Citigroup Global Markets Limited (CGML) received a combined fine of £61.6 million from the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA). This significant penalty was due to a trading system failure that resulted in the firm inadvertently selling $1.4 billion worth of equities across European exchanges.