Citigroup has submitted a comprehensive multiyear plan to the Federal Reserve and the Office of the Comptroller of the Currency outlining steps to fix weaknesses in its risk management and internal controls, two sources familiar with matter said.
The plan, which was given to regulators this week, aims to address a 2020 directive from the Fed demanding that the bank correct several “longstanding deficiencies” in its internal controls. The Office of the Comptroller of the Currency (OCC) imposed a $400 million fine on Citi in 2020, citing similar concerns.
The document lays out a multiyear roadmap to rectify problems by the end of 2027 or early 2028, the sources said. The program includes more detailed steps that the bank will take in the year ahead as it prioritizes fixing its highest risk areas, one of the people said.
The plan outlines how Citi aims to improve its risk infrastructure, data quality and internal governance, the two sources said. The Wall Street Journal reported earlier this week that Citigroup was due to submit the plan on Thursday. Reuters is reporting on its submission, expected length and other details that have not previously been revealed.
About 30,000 people, or 13% of the bank’s 231,000 employees, are working on the improvements, one of the people said. It has also sought help from outside consultants, the people said.
Citi hopes to make substantial progress to fix its compliance weaknesses faster than is outlined in the plan, potentially allowing it to get out of the penalty box more quickly, the people said.
Citigroup said it has invested significant time and resources into its transformation efforts over the last two years, laying the groundwork for faster and better execution, according to a spokesperson.
“We have taken decisive actions to simplify our firm and we will continue to act with urgency to modernize the bank for the digital age and strengthen our risk and control environment,” the company said in a statement. “We are completely committed to the sustainability of this effort and to executing at the level expected of us.”
The 2020 Fed consent order does not specifically bar the bank from doing any particular businesses, but the OCC requires the bank to seek its permission before making significant new acquisitions.
The OCC also has authority to implement additional business restrictions or require changes in senior management and the bank’s board if the bank not make timely, sufficient progress in complying with the order.
Regulators are expected to provide feedback on the plan over the next few weeks and determine whether the bank needs to make changes.
Gaps in Citigroup’s internal controls were highlighted by a botched transfer of nearly $900 million to lenders of struggling cosmetics firm Revlon two years ago. In May, an erroneous trade by Citigroup caused a so-called flash crash in European stocks.
Jane Fraser, Citigroup’s chief executive officer, has made it her top priority to fix the regulatory problems. Fraser, the first woman to run a major Wall Street bank, inherited a litany of long-standing problems when she took over from Michael Corbat, who ran the company from 2012 to early 2021.
She has already announced plans to exit Russia in a bid to pare down risky assets and cull consumer businesses in 13 other countries to focus on multinational companies and wealthy clients.
The bank has been beefing up its teams in risk and compliance, hiring rival bankers and former auditors to address the long-standing concern that the bank’s risk infrastructure lags bigger rivals such as JPMorgan & Chase , which is seen as a market leader, one of the people said.
Citigroup promoted Tom Anderson to become its new chief compliance officer earlier this year after he joined from JPMorgan in 2021.
Citigroup is also ramping up spending on technology that it can use to evaluate its risks and prevent future mistakes, the company said earlier this year.