News Release 2020-132 | October 7, 2020
WASHINGTON—The Office of the Comptroller of the Currency (OCC) today assessed a $400 million civil money penalty against Citibank, N.A, of Sioux Falls, South Dakota, related to deficiencies in enterprise-wide risk management, compliance risk management, data governance, and internal controls.
The OCC took these actions based on the bank’s unsafe or unsound banking practices for its long-standing failure to establish effective risk management and data governance programs and internal controls. This failure also resulted in a violation of 12 CFR Part 30, Appendix D, “OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches.”
The agency also issued a cease and desist order requiring the bank to take broad and comprehensive corrective actions to improve risk management, data governance, and internal controls. The order requires the bank to seek the OCC’s non-objection before making significant new acquisitions and reserves the OCC’s authority to implement additional business restrictions or require changes in senior management and the bank’s board should the bank not make timely, sufficient progress in complying with the order.
The Federal Reserve Board took a separate but related action against Citigroup, the bank’s holding company.
The OCC penalty will be paid to the U.S. Treasury.