top of page

Citi to address unresolved data management issues after FDIC's order

Federal banking regulators claim that Citigroup has successfully addressed significant compliance issues discovered as part of a 2020 enforcement action, but that data management issues still need to be addressed.

In a letter dated Nov. 22 to the board chair and CEO of Citigroup, representatives from the Federal Reserve Board and Federal Deposit Insurance Corporation (FDIC) stated that the bank had successfully addressed enterprise-wide risk management, compliance, and internal control weaknesses that had been brought to light when it was assessed a $400 million fine by the Office of the Comptroller of the Currency (OCC) in October 2020.

The letter stated that Citigroup had "satisfactorily addressed the shortcoming the agencies identified," but the authorities also underlined that the bank's data management procedures still require improvement.

The OCC came to the conclusion in October 2020 that Citibank engaged in "unsafe and unsound" banking practices that resulted in "long-standing deficiencies" in the development and upkeep of "an enterprise-wide risk management and compliance risk management program; internal controls; or a data governance program commensurate with the bank’s size, complexity, and risk profile." In a resolution plan for 2019 that it presented to banking regulators, the bank had pledged to remedy the problems.

The bank's "ability to recognize the occurrence and severity of financial distress, facilitate provision of support to material legal entities in accordance with the firm’s secured support agreement, and enable the firm to evaluate and initiate bankruptcy proceedings in a timely fashion" may be impacted by the regulators' discovery of "serious weaknesses" in data integrity and the bank's data management practices, according to the letter.

The letter required Citigroup to create a gap analysis remediation plan, which should specify the steps the bank will take to remedy its data management shortcomings and include an estimated time frame for completion. By January 31, 2023, the proposal must be submitted to the authorities. The plan will next be examined by the regulators to see if the bank's data management program's current flaws qualify as deficiencies.

"Resolvability is about capabilities, not just passing a paper test. The agencies’ determination regarding Citigroup reflects and reinforces this," according to a statement from Acting Comptroller of the Currency Michael Hsu. Hsu also spoke as a representative of the FDIC board.

Citigroup stated that it is "pleased that we have addressed the shortcoming identified in the 2019 resolution plan" and that it has made "significant investments in our data integrity and data management" in a statement on Nov. 23.

“We will leverage that work to remediate the shortcoming identified today, as we acknowledge there is much more work to do,” according to the bank.


72 views0 comments


bottom of page