Citigroup Ordered to Strengthen AML Compliance Amid Federal Scrutiny

Citigroup Inc., one of the largest banking institutions in the United States, has been ordered to significantly overhaul its anti-money laundering (AML) compliance programs following deficiencies uncovered by federal regulators. A consent order, issued jointly by the Federal Reserve, the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC), requires Citigroup to implement sweeping reforms across its subsidiaries to address critical lapses in its oversight and governance.

Citigroup’s global operations, including its ownership of Citibank, N.A. in South Dakota and Banamex USA in California, are governed by stringent U.S. anti-money laundering laws. The Bank Secrecy Act (BSA) and its associated regulations mandate that financial institutions monitor and report suspicious activities to prevent the illicit flow of funds. However, recent investigations revealed that both Citibank and Banamex USA had failed to maintain effective AML programs, leading to violations of BSA requirements.

The findings were so significant that both Citibank and Banamex USA consented to enforcement actions, agreeing to remedy their compliance failures. For Citibank, the OCC issued a consent order, while Banamex USA faced similar action from both the FDIC and the California Department of Financial Institutions.

Governance Gaps and Compliance Weaknesses

The regulatory actions against Citigroup highlight serious governance shortcomings. Citigroup’s sprawling network of subsidiaries, which includes nonbank entities and international branches, lacked effective systems of oversight. These systems were necessary to ensure compliance with the BSA/AML requirements across all lines of business. The Federal Reserve Board, acting as Citigroup’s main supervisory body, found that the bank had inadequate internal controls to properly manage the legal, compliance, and reputational risks tied to its AML obligations.

In response, Citigroup’s board of directors authorized Chief Compliance Officer Kevin L. Thurm to enter into a consent order with the Federal Reserve. This agreement waives Citigroup’s rights to a formal hearing and legal contest, signaling the bank’s commitment to resolving the matter without litigation. As part of the order, Citigroup is required to take several steps to strengthen its AML programs and ensure compliance with federal law.

One of the most significant demands is for Citigroup to act as a “source of strength” to both Citibank and Banamex USA. This means the bank must utilize its financial and managerial resources to support its subsidiaries in addressing the identified deficiencies. Citigroup’s board is also tasked with submitting an acceptable plan within 60 days to enhance its firmwide compliance risk management program, with a particular focus on BSA/AML compliance. This plan must outline actions taken since the consent orders and detail how Citigroup will improve its governance of compliance risks across all its business lines and jurisdictions.

In addition to strengthening board oversight, the consent order demands a comprehensive review of Citigroup’s entire AML program. This includes examining the roles and responsibilities of compliance officers, reassessing staffing needs, and ensuring effective communication of compliance obligations throughout the organization.

The review, to be completed within 90 days, will also address how Citigroup monitors suspicious activity, investigates compliance breaches, and reports findings to regulators. Citigroup must also ensure that its nonbank subsidiaries, which assist in transaction monitoring, meet all regulatory requirements for AML compliance.

Progress Reports and Continuous Oversight

Citigroup is required to submit quarterly progress reports to the Federal Reserve, detailing the actions taken to achieve compliance with the order. These reports will include timelines for implementing specific remedial measures and updates on the effectiveness of these actions.

Citigroup’s compliance failures underscore the challenges faced by large, complex financial institutions in managing the regulatory risks associated with global operations. The consent order highlights the importance of robust internal controls, effective governance, and comprehensive risk management frameworks in maintaining compliance with AML laws.

For Citigroup, the road to full compliance is now paved with regulatory expectations and ongoing oversight. The bank’s ability to implement the required changes and strengthen its compliance programs will determine whether it can restore its standing with federal regulators and prevent future enforcement actions.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.