Central Bank of Ireland fines Citibank €1.33m over Lending breaches

8th October 2018

Citibank Europe has been fined €1,330,000 and reprimanded by the Central Bank of Ireland in respect of six breaches of its Code of Practice on Lending to Related Parties.

The Code requires credit institutions, including banks and building societies, to have the proper systems, controls, independent oversight and regulatory reporting processes in place to support their related party lending.  Credit institutions are required to obtain prior approval of their Board, or a subcommittee of the Board, before entering into or varying loan transactions with related parties including directors, senior managers, significant shareholders of the firm and other connected parties.  The Code also requires credit institutions to introduce measures for reporting internally and to the Central Bank within specified timeframes.

The Central Bank’s investigation found that Citibank breached certain provisions of the Code from its introduction in 1 January 2011 to 14 September 2016.  The breaches varied in duration; the shortest being 1 year 5 months, the longest, 4 years 6 months. Citibank’s breaches include:

  • failure to have the necessary policies and processes in place to give effect to the Code;
  • failure to report certain related party exposures to the Central Bank;
  • failure to report certain deviations from the requirements of the Code to the Central Bank within prescribed time limits; and
  • failure to obtain approval of its own Related Party Lending Committee prior to granting or varying certain loans to related parties.

Seána Cunningham, the Central Bank’s Director of Enforcement and Anti Money Laundering, has commented as follows “The Related Party Lending Code was introduced to create a formal framework for credit institutions to prevent abuses and address possible conflicts of interest by requiring all related party lending to be at arm’s length and subject to management oversight and regular reporting to the Central Bank. The Code imposes a set of clear requirements on credit institutions.  The Central Bank’s investigation found that Citibank failed to put in place the necessary governance, policies and procedures to implement the regime until 2 years and 8 months after the Code came into effect. Those deficiencies were followed by breaches of reporting and loan approval requirements. The breaches are admitted by the Firm. Citibank has fallen far short of the Central Bank’s expectations in this regard, which is wholly unacceptable.”

“We require the boards and management of regulated entities to take their regulatory responsibilities seriously and to fully implement all applicable regulatory requirements.”

The Central Bank’s investigation identified six breaches of the Code between 1 January 2011 to 14 September 2016.

  1. Failure to obtain approval of the Related Party Lending Committee prior to granting or varying the terms of a loan to a related party

Section 6 (b) of the Code imposes an obligation on a firm to ensure that all loans to a related party, or any variations to the terms of a loan to a related party, are subject to individual prior approval by the Board or a subcommittee thereof.  The Code requires that any such sub-committee reports directly to the Board, and the Firm was in breach of this provision until September 2013.

The investigation found that between April 2014 and 18 October 2016, the Firm failed to seek or obtain prior approval of the Board or the Related Party Lending Committee prior to advancing and/or varying the terms of credit card loans to 3 individuals who were related parties.

  1. Failure to have adequate policies and processes in place

Section 6 (f) of the Code imposes, amongst other matters, that the Firm should ensure that it has “policies and processes” in place and that such policies and processes are “adhered to”.

The investigation found that between 1 January 2011 and 10 September 2013, the Firm failed to put in place the necessary policies and processes to identify, monitor and report individual loans to related third parties.

In addition, until March 2012, the Related Party Lending Committee limited its definition of “Senior Management” to directors only which was in breach of the broader definition contained in the Code, which clearly sets out that it includes “Members of management of the institution or person who report directly to the board of directors or the chief executive (howsoever described) of the credit institution”.

  1. Failure to implement a written process, approved in advance by the Board whereby all related party lending is subject of ongoing monitoring by senior management

Section 6 (g) of the Code requires a firm to ensure that all  “related party lending shall be subject to a written process, approved in advance by the Board, of ongoing monitoring by senior management”.

The investigation found that between 1 January 2011 and 10 September 2013, the Firm had not adopted the necessary written processes.

  1. Failure to ensure that there is an obligation on senior management to report to the Board, on at least a quarterly basis, any deviation from a policy, process or limit required by the Code

Section 6 (h) of the Code provides that a firm should “ensure that there shall be in place an obligation on senior management to report to the Board, on at least a quarterly basis, for timely action by the Board, any deviation from a policy, process or limit required by this Code. Furthermore, the institution shall, within 5 business days, report any such deviation to the Central Bank, advising of the background and the proposed remedial action”.

The investigation found that between 1 January 2011 to 10 September 2013, the Related Party Lending Committee had not adopted a policy or process to give effect to this requirement.

  1. Failure to report related party exposures to the Central Bank on a periodic basis and in a format specified from time to time by the Central Bank

Section 7 (a) of the Code provides that a firm shall report “related party exposures to the Central Bank on a periodic basis and in a format specified from time to time by the Central Bank pursuant to Section 117(3)(a) of the Central Bank Act 1989”.

The investigation found that between 1 January 2011 and Q3 2016 (5 years 6 months), the Firm failed to report certain related party exposures. In particular:

  • Between Q1 2012 and Q3 2016 (4 years 6 months), the Firm failed to accurately report its related party exposures to certain natural persons in its quarterly reports to the Central Bank.
  • Between Q1 2011 and Q2 2013 (2 years 3 months), the Firm failed to accurately report its related party exposures to legal persons in its quarterly reports to the Central Bank.
  1. Failure to inform the Central Bank within five business days in writing of proposals for correcting errors which a credit institution considers may have occurred by reference to the Code.

Section 7 (b) of the Code provides that “where a credit institution considers that there may have been an error in its conduct by reference to the requirements of this Code (including without limitation reporting requirements imposed in respect of this Code) the credit institution shall within 5 business days inform the Central Bank in writing of its proposals for correcting any such error as may have occurred”.

The investigation found that between Q2 2013 to 2 December 2016, the Firm breached this requirement by not informing the Central Bank in writing within 5 business days of becoming aware of errors in its conduct or its proposals for correcting them.  In respect of certain incidents in which the Firm breached this section, the reports were made in excess of three years after the Firm became aware of the issues and endeavoured to correct them.

The Central Bank is satisfied that Citibank has taken the necessary steps to rectify the deficiencies that gave rise to the breaches. The Central Bank confirms its investigation into the Firm in respect of this matter is closed.