Federal banking regulators have slapped Citigroup (NYSE:C) with a $400 million civil penalty for what they call its "long-standing" failure to address and enhance firmwide controls related to compliance, data, and risk management.
The fine came from the U.S. Office of the Comptroller of the Currency (OCC), which regulates national banks. The OCC also issued a cease-and-desist order, mandating that the bank receive the OCC's "non-objection" before making important acquisitions such as portfolio or business acquisitions. The order also gives the OCC the right to implement further restrictions or prescribe changes regarding senior management or the bank's board.
The OCC's order was accompanied by a separate order from the Federal Reserve that is being issued in concurrence.
Following the abrupt announcement in September that CEO Michael Corbat would retire sooner than expected, multiple media outlets reported that regulators were preparing to reprimand the bank for its failure to address long-standing issues.
The news also came after BuzzFeed dropped a big investigative report on the failure of the banking industry and regulators to prevent money laundering by criminals, terrorists, and Ponzi schemes through the global banking system.
But the last straw may have come earlier this year when Citigroup accidentally sent $900 million to several lenders of the cosmetics brand Revlon in a mistake that was ultimately caused by what the bank called a "clerical error" and "out-of-date" software.
The Fed in its order said Citigroup has failed to address issues raised in consent orders dating back to 2013 and 2015.
The bank will now have to come up with several plans for how to better manage its data, guard against risk, and improve its money laundering compliance program, among other improvements to internal controls.
The orders will likely result in more spending, adding to the bank's annual expenses. Citigroup CFO Mark Mason recently said at the Barclays Global Financial Services Conference that the bank is spending $1 billion this year alone to update the bank's "risk and control environment."