Hiding in plain sight: The key to fix Citigroup’s regulatory woes

Citigroup has struggled to adequately train employees in risk, compliance and data roles, according to the bank’s own assessment, shedding light on why it is taking it years to fix regulatory issues even as billions are spent on an overhaul.

Citi’s analysis, a portion of which was seen by Reuters and has not been previously reported, shows the bank has been grappling with a shortage of skilled personnel, finding at times that it did not have the right training and assessment tools to fix its regulatory challenges. The bank, which has for the past four years been operating under two regulatory reprimands, called consent orders, must resolve these problems for the decrees to be lifted.

In one place, for example, the analysis cites “insufficient compliance risk management skills” among staff directly dealing with such issues. The sections of the analysis seen by Reuters did not address why Citi had not been able to fix these issues. They were laid out in a December 2023 spreadsheet tracking Citi’s progress on various aspects of the consent orders.

Separately, four sources familiar with the matter said the situation was further complicated when CEO Jane Fraser launched a massive exercise in September 2023 to simplify the bank, firing thousands of people and reducing the number of management layers there.

In the process, some staff involved in issues related to the consent orders were also let go, according to the sources.

Reuters could not independently determine whether the layoffs set back the bank’s overall efforts to resolve the consent orders. Without providing specifics, Citi denied this, saying that “cherry picking numbers will paint a misleading picture.”

“We continue to invest heavily in talent and training to ensure we have the right people and expertise in critical areas such as data, risk, controls and compliance,” the bank said in a statement. It added that it proactively assesses “the evolving skills needed so that we can hire” and enhance skills accordingly.

In response to questions posed by Reuters, Citi said further that it has invested billions of dollars in its “transformation,” a project to address risks, controls and data management — issues raised in the 2020 consent orders from the U.S. Federal Reserve and the Office of the Comptroller of the Currency. The analysis seen by Reuters was done in response to the Fed’s consent order.

Citigroup said it had about 13,000 people dedicated to the project to overhaul its controls and systems, with thousands more supporting the effort across the bank. The bank has about 229,000 employees overall.

The Federal Reserve and the Office of the Comptroller of the Currency declined to comment.

CEO Jane Fraser has said previously that resolving Citi’s regulatory problems is a top priority. Regulators have said the bank’s widespread risk and data flaws they have identified speak to its financial safety and soundness. The bank was put in the penalty box after it mistakenly sent nearly $900 million of its own funds in August 2020 to creditors of cosmetics company Revlon.

In July, the Fed and the OCC once again reprimanded and fined the bank. The OCC said Citi had “failed to make sufficient and sustainable progress” in complying with its consent order. The OCC also required it to enact a new quarterly process to ensure it devoted enough resources to meet compliance milestones. As of mid-July, the plan had not been agreed with regulators.

Last month, the company announced its technology head Tim Ryan would take on data management efforts alongside Chief Operating Officer Anand Selvakesari.

Hard problems

The bank’s analysis shines a light on why the problems are proving to be intractable. In one section, for example, the bank said its staff’s technical skills, including on data governance — policies that set out how data is handled — needed to be improved. But then it also noted that when it came to data governance, its training curriculum did not sufficiently address “skills identified as needing enhancement.”

It also identified areas such as data analytics and digital literacy as needing improvement.

For critical roles in compliance, the bank found it had not spelled out the skills that were needed to succeed. It also said it did not have an adequate assessment of whether employees had the right skills sets for those functions.

Citi did not comment on the specific issues raised in its analysis.

Citi layoffs

The sources familiar with the bank’s operations said Fraser’s layoffs led to the removal of some of the people involved in regulatory work.

In risk management, for example, the bank laid off or redeployed 67 people out of a group of 441, according to a Citi document that lists some of the roles affected in one of the rounds of layoffs.

Some of the sources said the layoffs disrupted work because employees feared for their jobs and loss of managers at times meant lack of direction. But Citi challenged this view, saying it was careful to not let the layoffs affect work on consent orders.

“The facts speak for themselves, but cherry-picking numbers will paint a misleading picture of the significant resources dedicated to this effort,” the bank said. “Our approach was disciplined and methodical, and prioritized protecting our ability to deliver on our regulatory commitments and accelerate this important work.”

—Lananh Nguyen and Tatiana Bautzer, Reuters