Global banking organisation Citigroup has been ordered to pay a £12.5 million fine in the United Kingdom for lax internal controls.
It is the latest headache for the board of a company that, despite its global prominence, continues to be plagued by reprimands from watchdogs for falling short of official standards.
The fine was handed down by Britain’s Financial Conduct Authority (FCA) which, in recent times, has promised a more rigid hand in dealing with instances of misconduct.
Citigroup had been under a legal obligation to supervise trading activities properly in order to prevent any unfair leverage in the market. The FCA determined that it had not met its obligation, meaning a lack of adequate supervision from within its top ranks.
“By failing to properly implement the MAR [Market Abuse Regulation – the UK law relevant to this case] trade surveillance requirements, Citigroup Global Markets could not effectively monitor its trading activities for certain types of insider dealing and market manipulation,” the regulator said in a statement.
What was the damage?
For 18 months, Citigroup entertained “significant gaps” in its ability to detect market abuse risks, the FCA said, describing its implementation of British law as “flawed”.
FCA Executive Director Mark Steward criticised the bank for “not pulling its full weight in this partnership [between the FCA and market participants], impacting market integrity and the overall detection of market abuse.”
Where have the Citigroup directors fallen short?
Firstly, the directors have fallen short in their duty to the British economy.
MAR stipulates that every company must monitor orders and trades associated with their business and keep a firm eye for any signs of foul play in the markets. Citigroup did not do this, according to the FCA.
The directors’ second mistake was the time they allowed to lapse before taking action. The FCA took particular issue because the MAR has been in place since 2016, yet it took a year and a half for vulnerabilities in Citigroup’s defences to be eliminated.
This, in particular, is a sign that organisations must act quickly when they spot vulnerabilities like this. Allowing them to persist for long periods, aside from opening the organisation up to fraud for longer, will likely attract more anger from authorities when they uncover the wrongdoing.
The broader context for Citigroup
Citigroup is no stranger to reprimands from national regulators.
In 2019, it was handed a £44 million fine for mistakes in the reporting of its capital and liquidity levels. The Bank of England described these breaches as “persistent” and a reason why the fine was so large.
Meanwhile, in the US, Citigroup landed a $400 million penalty from two national regulators for “unsafe and unsound banking practices” that opened the organisation up to money launderers.
And just this month, a lawsuit was filed against Citigroup’s board in the US state of New York. In this case, shareholders alleged that the bank’s controls and risk management were to blame for repeated fines and sought compensation for what they said was billions of dollars in damages.
In summary: an example of what not to do
Boards and management should note that repeated legal breaches will come back to haunt an organisation. Therefore, knowledge of local law is vital from the start.
Regulators and watchdogs have repeatedly vowed to get stricter with fines and other penalties, so to keep investors happy, it would be wise to avoid them.
Cooperation can benefit
Meanwhile, boards should also note that cooperation with regulators will likely lessen the impact of their penalties if and when they begin investigating alleged wrongdoing.
In Citigroup’s case with the FCA, the fine could have been almost £18 million, but was slashed by 30% after the organisation committed itself to resolve internal deficiencies.