$135.6m fines prompt Citi to modernize infrastructure, controls

The Federal Reserve and Office of the Comptroller of the Currency fined Citigroup a combined $135.6 million on Wednesday for violating a 2020 cease and desist order pertaining to deficiencies in enterprise-wide risk management, compliance risk management, data governance, and internal controls. 

Both federal regulators indicated in separate statements that Citi failed to “meet remediation milestones and make sufficient and sustainable progress towards compliance with the 2020 Order.” It shined a light on Citi as the bank is looking to change the way its infrastructure, risk and controls operate.

During Citi’s 2024 second quarter earnings call on Friday, both CEO Jane Fraser and CFO Mark Mason addressed the fine and doubled down on making the necessary internal changes.

Our transformation is addressing decades of underinvestment in large parts of Citi’s infrastructure and in our risk and control environment

Jane Fraser, Citigroup

“Addressing these areas is the primary goal of our transformation, our number one priority,” Fraser said. “It is a multi-year effort to modernize our infrastructure, unify disparate tech platforms and automate processes and controls.” She had previously laid out modernization and transformation goals for Citi at the beginning of the year.

“Our transformation is addressing decades of underinvestment in large parts of Citi’s infrastructure and in our risk and control environment,” she said. This has included what Fraser called “an absence of enforced enterprise-wide standard and governance.”

Tech investments

She admitted that Citi is behind in data quality management but would look to meet the guidelines for remediation set forward by the OCC. The OCC is the primary regulator for Citibank NA, which Fraser said holds about 70% of Citigroup’s assets. The Federal Reserve regulates Citigroup, the primary holding company.

The original October 2020 penalty against Citi from the OCC was $400 million.

“I can assure you, the investments we have been making are starting to come together to reduce risk, improve controls, and deliver very tangible outcomes,” Fraser said. She highlighted tech investments that have already targeted workflows across the bank, including the time it takes to book a loan, automated controls for traders to reduce errors, moving risk analytics to a cloud-based infrastructure and increasing the resiliency of platforms to reduce downtime.

Citi has also worked to reduce its datacenters and retire platforms, and decrease platform numbers across asset classes, Mason said. “We’ve moved from 39 corporate loan platforms to south of 20, we’ve got 20 cash equities platforms down to one and we’ve reduced the six reporting ledgers down to one,” he said.

But he acknowledged that work within data regulatory reporting is still needed. “If you think about Citi, we’ve got 11,000 global total reg reports,” he said. For example, Form 2052A, a liquidity report required by the Fed, can have 750,000 lines of data, Mason said. “It’s important that we’re efficiently collecting it from multiple systems with standards and governance that ensures it’s of the quality that we want it to be without needing manual activity supporting it.”