Enforcement Action: Citibank Europe plc fined €1,330,000

08 October 2018 Press Release

Central Bank of IrelandCitibank Europe plc fined €1,330,000 and reprimanded by the Central Bank of Ireland in respect of breaches of its Code of Practice on Lending to Related Parties

The Central Bank of Ireland (the Central Bank) has fined Citibank Europe plc (Citibank or the Firm) €1,330,000 and reprimanded it for six breaches of the Code of Practice on Lending to Related Parties 2010, and the Code of Practice on Lending to Related Parties 2013 (collectively, the Code).  The Firm has admitted the breaches.

The Code requires credit institutions, including banks and building societies, to have the proper systems, controls, independent oversight and regulatory reporting processes in place to support their related party lending.  Credit institutions are required to obtain prior approval of their Board, or a subcommittee of the Board, before entering into or varying loan transactions with related parties including directors, senior managers, significant shareholders of the firm and other connected parties.  The Code also requires credit institutions to introduce measures for reporting internally and to the Central Bank within specified timeframes. 

The Central Bank’s investigation found that Citibank breached certain provisions of the Code from its introduction in 1 January 2011 to 14 September 2016.  The breaches varied in duration; the shortest being 1 year 5 months, the longest, 4 years 6 months. Citibank’s breaches include:

  • failure to have the necessary policies and processes in place to give effect to the Code;
  • failure to report certain related party exposures to the Central Bank;
  • failure to report certain deviations from the requirements of the Code to the Central Bank within prescribed time limits; and
  • failure to obtain approval of its own Related Party Lending Committee prior to granting or varying certain loans to related parties.

Seána Cunningham, the Central Bank’s Director of Enforcement and Anti Money Laundering, has commented as follows: 

“The Related Party Lending Code was introduced to create a formal framework for credit institutions to prevent abuses and address possible conflicts of interest by requiring all related party lending to be at arm’s length and subject to management oversight and regular reporting to the Central Bank.

The Code imposes a set of clear requirements on credit institutions.  The Central Bank’s investigation found that Citibank failed to put in place the necessary governance, policies and procedures to implement the regime until 2 years and 8 months after the Code came into effect. Those deficiencies were followed by breaches of reporting and loan approval requirements. The breaches are admitted by the Firm. Citibank has fallen far short of the Central Bank’s expectations in this regard, which is wholly unacceptable.

We require the boards and management of regulated entities to take their regulatory responsibilities seriously and to fully implement all applicable regulatory requirements.”

Background

The Firm was incorporated on 9 June 1988.  It is a credit institution licensed under Section 9 of the Central Bank Act, 1971.  The Firm is directly supervised by the ECB, which referred this case to the Central Bank in June 2017. 

On 9 September 2016, the Firm informed the Central Bank that it had identified breaches of the Code in its reporting of related party loans to senior managers.  These came to light in the aftermath of a merger of Citibank and a UK affiliate (Citibank International Limited (CIL)) in January 2016, bringing into the Firm a number of European branches of CIL. 

Following this, the Central Bank requested further information about Citibank’s related party lending processes.

In response, the Firm identified not only the reporting issue referred to above, but failures to implement the policies required under the Code, instances of unapproved lending to senior management, and a prolonged and serious error in its reporting, under the Code, of loans to related parties which were affiliates. The Central Bank then commenced an enforcement investigation into the circumstances surrounding these failures.

The investigation established that for a period of 2 years 8 months the Firm did not have the necessary policies and processes in compliance with the Code.  These policies and processes are important to ensure that loans or any variation of loans to related parties were granted with the necessary management oversight and supervision. The Firm’s inaccurate reporting meant that the Central Bank did not have the necessary visibility to monitor the Firm’s exposures to related parties for the purposes of the Code.

The investigation found no evidence that loans were granted to a related party on more favourable terms than loans to a non-related party.

Prescribed contraventions

The Central Bank’s investigation identified six breaches of the Code between 1 January 2011 to 14 September 2016, which vary in duration from 1 year 5 months to 4 years 6 months, namely: 

  1. Failure to obtain approval of the Related Party Lending Committee prior to granting or varying the terms of a loan to a related party

    Section 6 (b) of the Code imposes an obligation on a firm to ensure that all loans to a related party, or any variations to the terms of a loan to a related party, are subject to individual prior approval by the Board or a subcommittee thereof.  The Code requires that any such sub-committee reports directly to the Board, and the Firm was in breach of this provision until September 2013.

    The investigation found that between April 2014 and 18 October 2016, the Firm failed to seek or obtain prior approval of the Board or the Related Party Lending Committee prior to advancing and/or varying the terms of credit card loans to 3 individuals who were related parties.

  2. Failure to have adequate policies and processes in place

    Section 6 (f) of the Code imposes, amongst other matters, that the Firm should ensure that it has “policies and processes” in place and that such policies and processes are “adhered to”.

    The investigation found that between 1 January 2011 and 10 September 2013, the Firm failed to put in place the necessary policies and processes to identify, monitor and report individual loans to related third parties.

    In addition, until March 2012, the Related Party Lending Committee limited its definition of “Senior Management” to directors only which was in breach of the broader definition contained in the Code, which clearly sets out that it includes “Members of management of the institution or person who report directly to the board of directors or the chief executive (howsoever described) of the credit institution”.

  3. Failure to implement a written process, approved in advance by the Board whereby all related party lending is subject of ongoing monitoring by senior management

    Section 6 (g) of the Code requires a firm to ensure that all  “related party lending shall be subject to a written process, approved in advance by the Board, of ongoing monitoring by senior management”.

    The investigation found that between 1 January 2011 and 10 September 2013, the Firm had not adopted the necessary written processes.

  4. Failure to ensure that there is an obligation on senior management to report to the Board, on at least a quarterly basis, any deviation from a policy, process or limit required by the Code

    Section 6 (h) of the Code provides that a firm should “ensure that there shall be in place an obligation on senior management to report to the Board, on at least a quarterly basis, for timely action by the Board, any deviation from a policy, process or limit required by this Code. Furthermore, the institution shall, within 5 business days, report any such deviation to the Central Bank, advising of the background and the proposed remedial action”.

    The investigation found that between 1 January 2011 to 10 September 2013, the Related Party Lending Committee had not adopted a policy or process to give effect to this requirement.

  5. Failure to report related party exposures to the Central Bank on a periodic basis and in a format specified from time to time by the Central Bank

    Section 7 (a) of the Code provides that a firm shall report “related party exposures to the Central Bank on a periodic basis and in a format specified from time to time by the Central Bank pursuant to Section 117(3)(a) of the Central Bank Act 1989”.

    The investigation found that between 1 January 2011 and Q3 2016 (5 years 6 months), the Firm failed to report certain related party exposures.  In particular:

    • Between Q1 2012 and Q3 2016 (4 years 6 months), the Firm failed to accurately report its related party exposures to certain natural persons in its quarterly reports to the Central Bank.

       

    • Between Q1 2011 and Q2 2013 (2 years 3 months), the Firm failed to accurately report its related party exposures to legal persons in its quarterly reports to the Central Bank.

       

  6. Failure to inform the Central Bank within five business days in writing of proposals for correcting errors which a credit institution considers may have occurred by reference to the Code.

Section 7 (b) of the Code provides that “where a credit institution considers that there may have been an error in its conduct by reference to the requirements of this Code (including without limitation reporting requirements imposed in respect of this Code) the credit institution shall within 5 business days inform the Central Bank in writing of its proposals for correcting any such error as may have occurred”.

The investigation found that between Q2 2013 to 2 December 2016, the Firm breached this requirement by not informing the Central Bank in writing within 5 business days of becoming aware of errors in its conduct or its proposals for correcting them.  In respect of certain incidents in which the Firm breached this section, the reports were made in excess of three years after the Firm became aware of the issues and endeavoured to correct them.

Remediation

The Central Bank is satisfied that Citibank has taken the necessary steps to rectify the deficiencies that gave rise to the breaches.

Penalty Decision Factors

In deciding the appropriate penalty to impose, the Central Bank considered the following matters:

  • The need for an effective deterrent impact on the Firm and other regulated entities;
  • The extended period of time over which the repeated breaches occurred, spanning the period from 1 January 2011 to 14 September 2016. The six breaches vary in duration between 1 year 5 months and 4 years 6 months;
  • Previous enforcement action taken against the Firm;and

The co-operation of the Firm during the investigation and in settling at an early stage in the Central Bank’s Administrative Sanction Procedure.

 

The Central Bank confirms its investigation into the Firm in respect of this matter is closed.

Notes

  1. The fine reflects the application of the maximum percentage settlement discount of 30%, as per the Early Discount Scheme set out in the Central Bank’s “Outline of the Administrative Sanctions Procedure” which is here.
  2. The Code of Practice on Lending to Related Parties 2010, was effective from 1 January 2011, and the Code of Practice on lending to Related Parties 2013, which is here, (collectively the Code) was effective from 1 July 2013.
  3. The Code defines a Related Party as “A director, senior manager or significant shareholder of the credit institution or an entity in which the credit institution has a significant shareholding, as well as a connected person of any of the aforementioned persons.”The Code defines Connected Persons and Clients as “(a) a spouse, domestic partner, civil partner (within the meaning of the Civil Partnership and Certain Rights and Obligations of Cohabitants Act 2010) or child (whether natural or adopted) of a person; (b) two or more natural or legal persons who, unless it is shown otherwise, constitute a single risk because one of them, directly or indirectly, has control over the other or others; or (c) two or more natural or legal persons between whom there is no relationship of control as set out in point (b) but who are to be regarded as constituting a single risk because they are so interconnected that, if one of them were to experience financial problems, the other or all of the others would be likely to encounter repayment difficulties.”
  4. The Firm became subject to direct supervision in prudential matters by the European Central Bank (ECB) as of 1 January 2017.This was following a merger of the Firm with Citibank International Limited, when the classification became “significant” which pursuant to Articles 4 and 6 of the Council Regulation (EU) No 1024.2013 of 1 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (the SSM Regulation), brought the Firm within the direct supervision of the ECB.
  5. By decision dated 19 June 2017, the ECB requested the Central Bank under Article 18(5) of the SSM Regulation to open proceedings in respect of the Firm in relation to the prescribed contraventions of the Code. The prescribed contraventions fall within the ECB’s jurisdiction under the SSM Regulation in circumstances where the Code constitutes national implementation of Directive 2013/36/EU.
  6. This is the Central Bank’s 123rd Settlement since 2006 under its Administrative Sanctions Procedure, bringing total fines imposed by the Central Bank to over €64 million.