Citibank: Multiple Failure of Compliance as the Hammer Drops

by Thomas Fox

FailureWhat is the cost of the failure to perform appropriate due diligence on a regular basis? What red flags should you look for when considering doing business with a customer, party in the sales channel or entity in the supply chain? All of these questions and more continue to swirl around Citigroup and its Mexican subsidiary Banamex over the ongoing investigation into allegations of fraud at Citi’s Mexico bank unit.

Citi had come to grief when there was a reported $400MM loss in Banamex involving the Mexican marine energy services company Oceanografía SA de CV. The problems arose after Banamex had extended $585MM in short-term credit to a company that Citi itself had warned its own bond investors was “from time to time subject to various accusations, including accusations of corrupt practices.” Oceanografía provided construction, maintenance and vessel-chartering services to the Mexican national energy company, Pemex’s exploration and production subsidiary. But Oceanografía’s fortunes, changed sharply in February of this year after it became the subject of a new government review that resulted in a suspension of Pemex contracts to Oceanografía for the next 20 months. Banamex had previously advanced as much $585 million to Oceanografía through an accounts receivable program, which would advance money to Oceanografía to provide services to Pemex. Pemex would then pay back Banamex, verifying invoices provided by Oceanografía to confirm that the work had been completed. In other words, Banamex was relying on Pemex’s ability to pay back the bank. But all of this ended when Pemex suspended its contracts with Oceanografía.

In a Wall Street Journal (WSJ) article, entitled “Citi Says Signs of Mexico Fraud Weren’t Escalated”, Christina Rexrode reported that Citi Chief Executive Officer (CEO) Michael Corbat told investors that employees “missed signs of trouble they should have recognized and elevated to superiors.” In a talk to investors Corbat was quoted as saying “There were telltales along the way” and he promised that “the bank would work on motivating and encouraging employees to raise their concerns when they notice potential problems.” But the problems ran deeper and were perhaps more systemic than simply the failure to escalate. Rexrode reported “People inside the bank have said the unit was allowed to operate as its own fiefdom, with New York employees struggling to get information about how the unit operated.” However, “A Citigroup spokesman said in a statement that “Banamex is absolutely subject to the same risk, control, anti-money-laundering and technology standards and oversight which are required throughout the company.””

These statements come on the heels of the dramatic firing of 11 Banamex employees just two weeks earlier. After meeting with the Citi Board of Directors, Corbat flew to Mexico City and terminated 11 employees. In an article in the New York Times (NYT), entitled “Citi Fires 11 More in Mexico Over Fraud”, Michael Corkery and Elisabeth Malkin reported that “Among those fired were four of the bank’s top executives in Mexico: its head of corporate banking, head institutional risk officer, head of trade finance and head of trade and treasury solutions. Some of the employees had worked at Banamex for as long as two decades and were not involved in the fraud directly. The bank fired many because they had not taken steps to detect the fraud or had ignored warning signs about the client.”

But apparently Citi expects there to be more disciplinary actions stemming form the matter. In an article in the Financial Times (FT), entitled “Citi fires 11 staff in Mexico unit”, Jude Webber, Camilla Hall and Kara Scannell reported that Corbat said in a memo to staff “Before our investigation concludes, we expect that several other employees, both inside and outside of Mexico, may receive forms of disciplinary action as well.” Two persons who may yet face such disciplinary action are “Manuel Medina-Mora, a Citi executive who oversees the Mexican operations and had his pay docked by $1.1m in March, or Javier Arrigunaga, Banamex chief executive.” Additionally, and perhaps more ominously for Citi, both the F.B.I. and prosecutors from the United States attorney’s office in Manhattan are investigating “Whether Citigroup willfully ignored possible warning signs”.

What red flags did Citi miss and for how long? One clue was reported in the NYT article, which noted that Oceanografía “is known among Mexican investors as politically connected but financially troubled. Credit rating firms in the United States, corporate bond investors and Mexican lawmakers have raised concerns about Oceanografía. In 2009, United States ratings firm Fitch warned about Oceanografía’s high leverage and poor cash flow generation. Fitch eventually withdrew its ratings because the company was not supplying enough information. In 2008, Standard & Poor’s noted that Mexico’s congress had investigated accusations of improper deals between Oceanografía and Pemex, though no wrongdoing was proved. Still, Oceanografía grew to become one of Banamex’s 10 largest corporate clients. The fraud erased 19 percent of the unit’s banking profits last year.”

These troubles were seemingly magnified in Mexico when the CEO of Oceanografía, Amado Yáñez Osuna, was arrested and charged with violating Mexican banking laws. In a WSJ article, entitled “Oil-Tinged Graft Scandal Roils Mexico, Laurence Iliff and Amy Gutherie reported “The arrest deepens a scandal that has sent shock waves across Mexico’s political landscape. That put a spotlight on long-simmering allegations that the country’s former ruling National Action Party, known as PAN, used Pemex to favor Oceanografía and other contractors during the party’s 12 years in power, which ended with the 2012 election of President Enrique Peña Nieto of the Institutional Revolutionary Party (PRI).” Further, during those “12 years, Oceanografía’s contracts with the oil monopoly swelled from a few million dollars a year to hundreds of millions of dollars, according to a review of the contracts by The Wall Street Journal. Most of the contracts were obtained in public bids, although some were assigned directly without bids, including one contract for about $65 million in the final months of the Calderón administration.”

The case took a far more ominous turn when authorities when Mexican authorities announced last week that they had issued arrest warrants for multiple Banamex executives. In an article in the FT entitled, “Mexico issues fresh set of Banamex arrest warrants” Jude Webber reported that “Mexico has issues more arrest warrants – including an unspecified number for staff at Citigroup’s Banamex unit – a day after detaining the owner of the oil services company at the centre of a $400m alleged fraud scandal that has rocked the bank since its disclosure there months ago.” In an article in the NYT entitled, “Mexico Authorizes Arrests In Fraud at Citigroup Unit” Elisabeth Malkin and Michael Corkery reported, “Attorney General Jesús Murillo Karam of Mexico confirmed on Friday that the authorities were seeking the former executives. He declined to say how many were involved.” Yes, there are warrants, but I won’t say who,” Mr. Murillo Karam told reporters.” Apparently not even Citigroup knows whose arrests may be imminent.

What are the lessons for the compliance practitioner? Three keys points are controls, escalation and oversight. What type of internal controls, or lack thereof, allowed one company to obtain such credit on what were basically receivables financing? What about allowing the Banamex unit to basically run its own show with little to no oversight from the corporate headquarters? Corkery and Malkin reported, “Citigroup is keen to demonstrate to regulators and investigators in the United States and in Mexico that it is cracking down on its employees for not catching the fraud. But the breadth of the punishment could also suggest that the bank, despite assurances that the fraud is confined this case, has had widespread problems with controls and oversight across its Mexican unit.” Moreover, in his memo to staff, Corbat said, ““we are reviewing our controls and processes in Mexico and strengthening any area we think falls short of our global standards or best practices.”” Corbat also noted Citi was looking at ways to encourage employees to increase escalation of issues earlier.

Moreover with these now imminent arrests of Banamex executives, Citi may be facing more serious charges in the US. Leaving aside the inane argument of a ‘rogue business unit’ it may be that the US parent choose not to look too closely at its high-flying and very profitable Mexican subsidiary. If, as it seems from the newspaper accounts, that Oceanografía was well known for the business tactic of under-bidding for contract and then making up the differences in cost overruns, this may not bode well for the Banamex executives or Citigroup. Likewise if there was one company that Banamex did business with, which engaged in such behavior, there may other similarly situated companies once a detailed investigation of the Citigroup unit is concluded.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.