by Stephen Cutler, Lee Meyerson, Keith Noreika, Adam Cohen, and Spencer Sloan
On October 7, the Office of the Comptroller of the Currency assessed a $400 million civil money penalty against Citibank, N.A. related to deficiencies in enterprise-wide risk management, compliance risk management, data governance and internal controls, and issued a cease and desist order requiring Citibank to take comprehensive corrective actions. Concurrently, the Federal Reserve issued a separate cease and desist order requiring Citibank’s parent, Citigroup Inc., to enhance its firm-wide risk management and internal controls as a result of Citigroup’s failure to adequately remediate “longstanding enterprise-wide risk management and control deficiencies” previously identified by the Federal Reserve in consent orders from 2013 and 2015.