The South Dakota-based bank was found to have “deficiencies” in enterprise-wide and compliance risk management, as well as its data governance and internal controls.
As well as paying a hefty fine to the US Treasury, Citi will also have to seek the OCC’s “non-objection” before finalising “significant new acquisitions”.
What now?
On the OCC’s orders, Citi has to come up with a “thorough redesign of data architecture, re-engineering of processes, and modernisation of system applications and information technology infrastructure”.