Citi’s Recidivist Rule-Breaking and Incompetence Shows Persistence of Too Big/Complex to Fail Problem
Remember how lots of people, from Elizabeth Warren to Trump, and many before them, have called for breaking up the big banks? And that that hasn’t happened? We’ll use the latest round of regulatory wet-noodle lashing of Citigroup, the poster child of “too big to fail,” to help illuminate the supposed impediments to breaking up Big Tech.
We’re now seeing a rehash of the “too complex to break up” assertions with the antitrust debates over Big Tech in the EU and even now in Congress. For instance, from tonight’s Wall Street Journal:
Days before, Facebook Inc. produced its own document contending that breaking it up would be a “nonstarter” for a number of reasons, including that the company’s constituent parts are already too complicated and interconnected for any of them—Instagram, WhatsApp, its ad business—to be spun off as individual companies or walled off as separate divisions.
“After many years of hard and costly work, Instagram and WhatsApp are now integrated into the same bespoke infrastructure that Facebook built from the ground up,” the company says in its report.
I will defer to big corporate IT experts, but I have a lot of trouble buying the claim that it’s oh so hard to unscramble acquisitions, particularly with respect to any company acquired not all that long ago. In fact, you can regard the Facebook quote as a coded admission. Generally speaking, it’s much harder to combine businesses with substantial IT estates than separate them. As we’ve pointed out, a lot of otherwise attractive deals in the banking industry don’t get done because the tech platforms of the two companies are incompatible.
So this isn’t a matter of “can’t be done”. Super rich and supposedly loaded with top Silicon Valley “talent” tech titans suddenly want you believe that they lack the money and the chops to do the job.
I also question the “too hard to separate” claim with respect to Google and YouTube. Yes, it would cost money to hive off these operations, but divorces are expensive. Another claim is in divesting major businesses, the tech platform company would assert it was having to give valuable intellectual property to the company it excised. Even if true, 1. the divested company could pay licensing fees for say three to five years and 2. if this intellectual property were really oh so valuable, the divested company would have strong incentives to protect it too.
Moreover, this “Oh we are so integrated” claim conveniently ignores the elephant in the room: Amazon Web Services, its cloud business. The cloud business is separate from the retail sales business from a commercial standpoint and any claims they can’t be separated should be regarded with prejudice. The real issue for Amazon is the cloud business is hugely profitable and the retail business, not much and not regularly (being cash flow positive due to paying merchants more slowly than it gets paid by consumers is a potential point bloody-minded regulators like the EU could attack).
If you were following the bank version “too big/too complex to break up” topic back in the crisis/post crisis period, you’ll remember that there were various schemes that fell short of that but intended not to have big sick banks wind up being bailed out, but instead be able to fail without doing systemic harm. We explained long-form why these schemes wouldn’t work. The core problem is that big banks operate internationally on a normal business basis, but failure and bankruptcy is a national process.
Mind you, there are other ways to deal with the “too big/too complex to fail” problem with banks, which is prohibition. They need to be kept from doing risky and stupid things. For starters, the baseline regulatory assumption should be not that “everything which is not prohibited is allowed” to “everything that is not allowed is prohibited.”
So let’s return to Citigroup’s latest foibles. On the one hand, one can argue that it’s not the worst behaved bank. Josh Rosner described at length a few years ago about how JP Morgan had far and away the largest rap sheet of any big bank. And from a sheer outrage standpoint, it’s hard to beat pilfering deposits, which is what Wells Fargo did as part of its fake accounts scandal.
On the other, Citigroup is the bank that’s had multiple near death experiences, which means regulators should have incentives and the means to keep their boots on Citi’s neck and get it to shape up. Remember how Citi nearly went bust in the early 1990s and was rescued by Al-Waleed? After having overdone it on Latin American debt, Citi took a flier on commercial developments in the late 1980s, and wound up with a lot of junior debt on see-through buildings. The rumor back then was that Citi had 200 bank examiners going over its real estate portfolios.
And in the financial crisis, Citi was the biggest player in SIVs (structured investment vehicles) and even worse, later revealed it held about $40 billion in CDO exposure it hadn’t reported. Oopsie!
FDIC chair Shiela Bair, in her book Bull by the Horns, revealed that she had wanted to declare Citi insolvent. But she had access to the data of only part of Citi’s operations. The Treasury and Fed withheld what they had, and told her that if she put Citi down, they’d pillory her for taking such drastic action based on obviously incomplete information.
Of course, if the information the other regulators had back then would have shown Citi to be healthy, you think they would have shared it with Bair.
Bair nevertheless did score a partial victory. She forced Citi to considerably shrink its balance sheet and scope of operations.
With this history, you’d think regulators would keep a particularly close eye on Citi. But the Beltway isn’t big on institutional memory.
The Office of the Controller of the Currency just fined Citibank $400 million for being a really poorly run bank. The Fed also sanctioned Citigroup, the holding company, for being generally lousy and for violating past promises to stop laundering money, but the Fed’s punishment was more on the order of having Citi write ten thousand times on a blackboard, “I’m a very bad bank and I promise to do better.”
Oh, and probably more consequential to Citi is a ban on making new acquisitions until the regulators think Citi has sufficiently fixed its controls.
I’m not making that up. It sounds a lot like CalPERS, which is truly alarming for an institution of Citi’s scale and ability to generate financial black holes.
The OCC took these actions based on the bank’s unsafe or unsound banking practices for its long-standing failure to establish effective risk management and data governance programs and internal controls….
The agency also issued a cease and desist order requiring the bank to take broad and comprehensive corrective actions to improve risk management, data governance, and internal controls. The order requires the bank to seek the OCC’s non-objection before making significant new acquisitions and reserves the OCC’s authority to implement additional business restrictions or require changes in senior management and the bank’s board should the bank not make timely, sufficient progress in complying with the order.
In other words, this action was a sighting shot. The normally bank-friendly OCC has warned it could go as far as ousting top executives and board members if Citi doesn’t get its house in order.
Even allowing for the fact that risk control at banks is designed to be eyewash, the OCC Cease and Desist Order makes it sound as if no one at Citi is controlling much of anything. For instance:
(4)The OCC has identified the following deficiencies, noncompliance with 12 C.F.R. Part 30, Appendix D, or unsafe or unsound practices with respect to the Bank’s data quality and data governance, including risk data aggregation and management and regulatory reporting:
(a)failure to establish effective front-line units, independent risk management, internal audit, and control functions as required by 12 C.F.R. Part 30, Appendix D;
(b)inability to develop and execute on a comprehensive plan to address data governance deficiencies, including data quality errors and failure to produce timely and accurate management and regulatory reporting; and
(c)inadequate reporting to the Board on the status of data quality and progress in remediating identified deficiencies.
The OCC added that senior management and board oversight were inadequate.
WHEREAS, the most recent supervisory assessment of Citigroup issued by the Federal Reserve Bank of New York (“Reserve Bank”) identified significant ongoing deficiencies in implementation and execution by Citigroup with respect to various areas of risk management and internal controls, including for data quality management and regulatory reporting, compliance risk management, capital planning, and liquidity risk management;
WHEREAS, Citigroup has not adequately remediated the longstanding enterprise-wide risk management and controls deficiencies previously identified by the Federal Reserve, including in the areas described above and those addressed in (i) the Consent Order issued by the Board of Governors on March 21, 2013 to remediate outstanding deficiencies in Citigroup’s anti-money laundering compliance program and (ii) the Consent Order issued by the Board of Governors on May 20, 2015 to remediate outstanding deficiencies in Citigroup’s compliance and control infrastructure relating to its foreign exchange program and designated market activities.
As Benjamin Lawsky demonstrated when he led the New York State Department of Financial Services, any foreign bank caught out money laundering, and particularly being a recidivist, got hit with serious fines. By contrast, the Fed is giving Citigroup lots of homework, including putting some items on the board’s desk:
Within 120 days of this Order, Citigroup’s board of directors shall submit a written plan acceptable to the Director of the Division of Supervision and Regulation that describes the actions it will take to execute its oversight of the matters identified in this Order. The plan shall include the following four items:
(a) actions that the board of directors will take to hold senior management accountable for executing effective and sustainable remediation plans by committed deadlines;
(b) actions the board of directors will take to ensure senior management improves, and thereafter maintains, effective and independent enterprise-wide risk management, and that internal audit findings are effectively remediated;
(c) actions that the board of directors will take to ensure that senior management incentive compensation is consistent with risk management objectives and measurement standards; and
(d) actions that the board of directors will take to ensure effective reporting to the board of directors that will enable it to oversee management’s execution of the matters identified in this Order.
Oh, and Citi has to talk to the Fed often about its progress.
Now, you can blame the disconnect between the pretty serious-sounding deficiencies and more-bark-than -bite regulatory action to the business-friendly Trump Administration. Or you could attribute it to the lack of high profile stories of harm resulting from these gaping control failures. The Fed and OCC may be telling themselves they got to Citi before it did a Wells Fargo to itself.
However the other reason for soft gloves treatment is that Citi is a bomb that can’t be disarmed. Citi controls a unique payments system that is critical for all but the very largest companies doing business overseas. The really big boys can afford to have multiple foreign banks in their major offshore markets. For the others, a system called GTS provides essential plumbing. As we explained in 2010, when the press and pundits were still debating what to do about Citi:
GTS [Global Transaction Services] is a big cash management/information service. It is also a bread and butter earner for Citi. Per the Journal:
Otis Otih, the treasurer of candy maker Mars Inc., uses GTS to handle most payments to employees and vendors of Mars operations in 68 countries. “Citibank is the only truly, truly global company for us — I don’t see any alternative,” he says.
As an example of what the unit allows multinationals to do, an Asian subsidiary of a European company can deposit funds with Citigroup locally and the money will instantly show up on the ledger of the parent a continent away. The system makes it easier for corporate treasurers to manage their finances, and many corporate and government clients outsource a wide range of other finance work to GTS….
Executives told officials with the Treasury Department and the Fed that GTS’s technology and presence in more than 100 countries made it too dangerous for the U.S. to let Citigroup collapse….
While Citigroup is primarily known for its retail banking and credit-card businesses, the GTS unit is increasingly integral to the parent company’s functioning. Clients that move funds through GTS leave a lot of cash on deposit at the unit, which funnels the money to other parts of Citigroup for lending or other uses. GTS’s deposit-gathering muscle has grown more important since the financial crisis began, now providing about 40% of Citigroup’s $800 billion of deposits.
Yves here. GTS is a big piece of what makes Citi a difficult to disarm bomb. One of the swords of Damocles that the big bank had over the officialdom is that, prior to the crisis, it had $500 billion of uninsured foreign deposits. If Citi looked wobbly, sensible depositors would withdraw funds, and that could quickly morph into a run. Moreover, the any other international bank with meaningful cross border deposits could come under scrutiny…
The Journal argues that GTS is essential to Citi. This is rubbish. GTS is a sophisticated payments system and a source of low-cost deposits. It may provide a foot in the door, and help deepen some relationships, but let us face it, cash management and payments systems are at best assistant treasurer relationships at big companies. Proof of the pudding: it is a no-brainer that companies like Goldman, Morgan Stanley, Barclays, and UBS are doing complex, high margin transactions at companies that are also using GTS.
As we explained in later posts, due to crisis liquidity measures, Citi’s dependence on GTS-supplied deposits plunged. There was a window when it would have been feasible to force GTS to be spun out but the officialdom lacked either the alertness or the will to recognize that.
Back to Big Tech. Is anything that Big Tech does as societally as valuable as even Citi’s GTS service? Amazon is squeezing many of its vendors on price, copying their products, and abusing its warehouse workers. If Amazon were forced to break up its retail operations (by product lines? by spinning off its warehouse and logistics operations) American commerce would not go dark. If Google’s search engine were to go dark for a month, consumers would uses Bing and DuckDuckGo and Qwant. And who would be hurt if Facebook died, other than its employees and advertisers who go along with being cheated by its obviously bogus audience metrics?
There’s nothing even close to the “don’t touch that dial” concerns with meddling with major banks on the tech titan front. But far too many policy-makers and politicians are cowed by their donations and their undeserved Master of the Universe reputations.