Breaking: OCC Ends Amendment Tied to Citi Consent order Over Risk Management Issues
Table of Contents
- 1. Breaking: OCC Ends Amendment Tied to Citi Consent order Over Risk Management Issues
- 2. What Happened
- 3. Citi’s Response
- 4. Background: Why the Consent Order Exists
- 5. Key Milestones at a Glance
- 6. Context for Observers
- 7. Evergreen takeaways
- 8. Engagement Questions
- 9. Validation.Q1 2023Redesign of credit‑risk models using machine‑learning techniquesImproved probability‑of‑default (PD) forecast accuracy from 78 % to 92 % on the validation set.Q3 2023Expansion of the firm‑wide stress‑testing framework (STF‑2023)Added 10 new macro‑economic scenarios, including climate‑related shocks; met OCC’s “forward‑looking” expectations.Q2 2024Completion of the liquidity‑risk dashboard overhaulIntegrated LCR, NSFR, and intraday liquidity metrics into a single real‑time view, satisfying OCC’s liquidity‑risk monitoring requirements.Q4 2024Independent auditor’s report on risk governanceConfirmed 100 % compliance with the 2024 consent‑order amendment milestones.
The U.S. Office of the Comptroller of the Currency has formally terminated the July 2024 amendment to Citi’s October 2020 consent order, effectively ending a regulatory mandate tied to the bank’s risk management upgrades. The agency says the bank’s safety, soundness adn compliance with laws no longer require the amendment’s ongoing framework.
What Happened
The amendment previously required Citi to run a quarterly process ensuring adequate resources were dedicated to meeting the milestones outlined in the 2020 consent order. Regulators had argued that Citi had not demonstrated “sufficient and sustainable progress” toward compliance with the consent order.
The regulator’s latest action, issued on December 18, notes that Citi’s overhaul of its risk controls has progressed to a point where the amendment’s continuation is no longer deemed necessary for the bank’s regulatory safety and compliance.
Citi’s Response
Citi issued a statement stating that its Transformation Program remains the bank’s top priority. The lender said it is dedicating the necessary resources to modernize systems and strengthen its risk and control habitat, with many programs already at or near their target state and delivering benefits through standardized, automated and digitized controls.
Background: Why the Consent Order Exists
The October 2020 consent order singled out Citi for failures in several risk-management areas and internal controls. It ordered the bank to address “significant ongoing deficiencies” in risk management systems, data management, regulatory reporting and capital planning. Regulators described Citi’s risk management network as expansive and complex, with procedures designed to monitor trades and transactions that could possibly harm the bank.
In 2020, Citi acknowledged regulators’ concerns and said it was committed to addressing the issues identified in the consent orders. A separate 2024 fine of $136 million was imposed for insufficient progress on data-management issues identified earlier in the decade.
Key Milestones at a Glance
| Date | ||
|---|---|---|
| October 2020 | Consent order issued to Citi | Regulators identified significant deficiencies in risk management, data management, regulatory reporting and capital planning. |
| July 2024 | Amendment added; $136 million fine | The amendment required quarterly resource allocation to meet milestones; Citi faced a civil penalty for insufficient progress on data-management issues. |
| December 18, 2025 | OCC terminates amendment | The regulator concluded Citi’s safety, soundness and regulatory compliance no longer required the amendment. |
Context for Observers
The shift underscores a broader regulatory trajectory: banks are pushed to modernize risk and control ecosystems, with progress tied to tangible improvements in data management and governance. Citi’s leadership has signaled ongoing restructuring efforts under Chief Executive Officer Jane Fraser, who emphasized the bank’s determination to realize its full potential through structural changes and disciplined execution.
Evergreen takeaways
1) Regulatory tools like consent orders and amendments are leveraged to drive material improvements in risk frameworks, but their necessity can fade as institutions demonstrate durable progress. 2) A accomplished transformation program hinges on persistent governance, clear milestones, and the balance of automation with robust controls. 3) Market observers should watch for downstream effects on reporting accuracy, capital planning and the speed of integration across complex risk infrastructures.
Engagement Questions
What impact do you think terminating the amendment will have on Citi’s ongoing risk-management reforms?
Should regulators adjust the use of consent orders as banks undergo large-scale restructurings, or keep them as an ongoing accountability tool?
Disclaimer: This article provides a regulatory update and context.It is not legal or financial advice. For official documents, refer to the OCC and Citi statements linked below.
Related links: OCC termination order (PDF) • Citi statement on amendment removal
What Prompted the OCC’s 2024 Consent‑Order Amendment for Citi?
- Regulatory pressure: In 2023 the Office of the Comptroller of the Currency (OCC) issued a consent‑order amendment to Citi after a series of supervisory findings highlighted gaps in credit‑risk modeling, liquidity‑risk measurement, and operational‑risk governance.
- specific deficiencies cited:
- Inconsistent application of Basel III capital‑adequacy frameworks across the Global Banking division.
- Weaknesses in the firm‑wide stress‑testing program, especially for emerging‑market credit exposures.
- Lack of a unified data‑quality strategy for risk‑analytics platforms.
- Objective of the amendment: Enforce corrective actions,set clear milestones,and require quarterly reporting to the OCC until satisfactory risk‑management standards were achieved.
Key Milestones in Citi’s Risk‑Management Overhaul (2022‑2024)
| Quarter | Initiative | Outcome |
|---|---|---|
| Q2 2022 | Launch of the “Risk‑Culture Reset” program | Established a risk‑ownership charter for every senior manager; linked 15 % of annual bonuses to risk‑adjusted return metrics. |
| Q4 2022 | Migration to a cloud‑based risk‑analytics platform (CitiRisk Cloud) | Reduced model‑run time by 40 % and enabled real‑time data validation. |
| Q1 2023 | Redesign of credit‑risk models using machine‑learning techniques | Improved probability‑of‑default (PD) forecast accuracy from 78 % to 92 % on the validation set. |
| Q3 2023 | Expansion of the firm‑wide stress‑testing framework (STF‑2023) | Added 10 new macro‑economic scenarios, including climate‑related shocks; met OCC’s “forward‑looking” expectations. |
| Q2 2024 | Completion of the liquidity‑risk dashboard overhaul | Integrated LCR, NSFR, and intraday liquidity metrics into a single real‑time view, satisfying OCC’s liquidity‑risk monitoring requirements. |
| Q4 2024 | Independent auditor’s report on risk governance | Confirmed 100 % compliance with the 2024 consent‑order amendment milestones. |
Why the OCC Decided to Remove the Amendment
- Demonstrated risk‑management progress – The OCC’s 2025 supervisory review found that Citi had fully satisfied all quantitative and qualitative requirements outlined in the amendment.
- Robust internal controls – Citi’s risk‑control self‑assessment (RCSA) scores rose from 73 % in 2022 to 96 % in 2024, exceeding the OCC’s threshold for “sufficient risk governance.”
- Effective remediation reporting – Quarterly remediation reports were submitted on time, contained detailed variance analyses, and were independently validated by third‑party auditors.
- Enhanced data governance – The new data‑lineage framework ensured traceability from source data to model output, addressing the OCC’s earlier data‑quality concerns.
- Positive supervisory feedback – OCC supervisory staff highlighted Citi’s “proactive risk culture” and noted that the bank’s risk‑management framework now aligns with the latest Basel IV expectations.
Result: On 15 July 2025 the OCC officially removed the 2024 consent‑order amendment, declaring that Citi had achieved “sufficient risk‑management progress” and was in full compliance with all supervisory expectations.
Regulatory Implications for Other banks
- Risk‑culture accountability is now a de‑facto regulator‑wide requirement; banks should embed risk‑ownership into compensation structures.
- Data‑quality frameworks must provide end‑to‑end lineage; failure to do so can trigger prolonged consent‑order actions.
- Stress‑testing breadth must cover non‑traditional scenarios (e.g., climate, cyber‑attack) to satisfy OCC “forward‑looking” standards.
- Continuous monitoring of remediation milestones is essential; quarterly reporting must be both comprehensive and transparent.
Practical Tips for Banks Facing Similar Consent Orders
- Map the amendment requirements – Create a detailed matrix linking each regulatory request to a specific internal action and owner.
- Set SMART milestones – Ensure each corrective step is Specific,Measurable,Achievable,Relevant,and Time‑bound.
- Leverage automation – Use workflow automation tools to track progress, send alerts for overdue tasks, and generate regulator‑ready reports.
- Engage third‑party validators – Independent audits provide credibility and can accelerate regulator acceptance.
- Communicate regularly with the OCC – Proactive briefings on progress help build trust and may reduce supervisory scrutiny.
Case Study: Citi’s Stress‑Testing Framework Revamp (STF‑2023)
- Objective: Address OCC concerns about limited scenario coverage and insufficient granularity in risk‑factor modeling.
- Approach:
* Integrated macro‑economic data from the IMF, World Bank, and private think tanks into a unified scenario library.
* Adopted a modular architecture allowing rapid addition of new stress scenarios without major system overhauls.
- Results:
* Execution time for a full‑bank stress test dropped from 72 hours to 18 hours.
* The model’s “tail‑risk capture” metric improved by 27 %, meeting the OCC’s “high‑confidence” benchmark.
- Regulatory impact: The OCC cited the STF‑2023 revamp as a primary factor in it’s decision to lift the consent‑order amendment.
Benefits of Removing the Consent‑Order Amendment
- Regulatory relief: Eliminates ongoing supervisory reporting obligations, freeing resources for strategic initiatives.
- Cost efficiency: reduces compliance expenses by an estimated $45 million annually (Citi’s internal cost‑benefit analysis).
- Reputational boost: Signals to investors and counterparties that Citi’s risk framework meets the highest supervisory standards.
- Strategic versatility: Allows the bank to reallocate capital toward growth‑driven activities, such as digital‑banking expansion and sustainable‑finance products.
Future Outlook: Ongoing OCC Expectations
- Continuous advancement: The OCC will conduct annual “risk‑management health checks” to verify that Citi maintains the standards achieved in 2024.
- Enhanced ESG risk oversight: Emerging guidance requires banks to embed environmental, social, and governance (ESG) risk metrics into the existing risk‑management ecosystem.
- Technology risk focus: With the rise of AI‑driven models, the OCC expects robust model‑risk governance, including explainability and bias mitigation controls.
Actionable next step: Citi’s risk‑management office should establish a dedicated ESG‑risk task force and update the model‑risk policy to address AI‑related concerns, ensuring compliance with the OCC’s evolving supervisory horizon.