How to you know your compliance program isn't working? For banking giant Citigroup, the answer includes a $400 million loss to fraud and being on the receiving end of two subpoenas.

Citigroup revealed this week that it, and its Mexican subsidiary,  Banco Nacional de Mexico, also known as Banamex, received subpoenas over recently detailed bad loans and allegations they ran afoul of anti-money laundering regulations and the Bank Secrecy Act. The catalyst is the revelation, in February, that Banamex USA was defrauded by as much as $400 million by Mexican oil-services company, Oceanografia SA de CV. Loans secured by Ocenografia were found to be written against non-existent assets. In a separate filing with the Securities and Exchange Commission, Citigroup said it would revise quarterly and annual revenues“impacted by an estimated $235 million after-tax ($360 million pretax) charge” resulting from the fraud.

In a disclosure with the SEC, Citigroup acknowledged a grand jury subpoena issued by the U.S. Attorney's Office for the District of Massachusetts, “concerning, among other issues, policies, procedures and activities related to compliance with Bank Secrecy Act and anti-money laundering requirements under applicable federal laws and banking regulations.” Banamex USA similarly received a subpoena from the Federal Deposit Insurance Corporation related to its BSA/AML programs. “Citigroup is cooperating fully with these inquiries,” the bank wrote.

The scrutiny is all-the-more problematic for a bank repeatedly warned of compliance lapses by regulators in recent years. In 2012, Banamex USA entered into a consent order with the FDIC to improve its internal controls for money laundering. A consent order that same year, with the Office of the Comptroller of the Currency, was similarly designed to remedy deficiencies in Citibank's BSA/AML compliance program. Requirements demanded by the OCC included, "developing a stronger process for monitoring client relationships on a global basis." At that time, Citigroup outlined steps it was taking as a result of that agreement, including increases in funding and staffing, as well as developing “processes to conduct special and separate reviews of certain high risk customers on a global basis.”

In 2013, yet another consent order, this time with the Federal Reserve, also demanded beefed up controls and “ensuring that compliance risk is effectively managed across Citigroup, including within and across business lines, support units, legal entities, and jurisdictions in which Citigroup and its subsidiaries operate.”

Topics