“OCC”) announced that it had assessed a $400 million civil penalty against Citibank, N.A. regarding alleged deficiencies in it enterprise-wide risk management and data governance programs and its internal controls. In particular, the OCC found violations of 12 CFR Part 30, Appendix D (“...
3. Timely and accurate financial, operational and regulatory reports; 4. Adequate procedures to safeguard and manage assets; and 5. Compliance with applicable laws and regulations. B. Internal audit system. An institution should have an internal audit system that is appropriate to the size of the...