The chief risk officer at Citigroup is set to depart from his role in the wake of a $400 million enforcement action that ordered the firm to overhaul its risk management and compliance programs.
Bradford Hu will leave Citigroup at the end of this year, according to an internal memo at the firm seen by Compliance Week. Hu has been with Citi since 2008, assuming the chief risk officer position in January 2013. The decision to leave Citigroup is his, the memo indicated.
Hu’s departure coincides with the bank’s recent announcement that Jane Fraser will succeed Michael Corbat as CEO upon the latter’s retirement in February.
“We respect [Hu’s] decision to align his own timing with the CEO transition and his desire for the function to reset as Jane leads the management team on the firm-wide transformation that lies ahead,” Corbat and Fraser said in the memo. “Brad has been an outstanding CRO.”
Last month, the Office of the Comptroller of the Currency (OCC) fined Citigroup $400 million for failing to address “significant” risk and compliance failures. The OCC and the Federal Reserve each issued orders outlining steps the bank should take to rectify “long-standing” deficiencies in generating and evaluating its customer data, as well as weaknesses and deficiencies in its risk management programs and internal controls.
“For several years, the Bank has failed to implement and maintain an enterprise-wide risk management and compliance risk management program, internal controls, or a data governance program commensurate with the Bank’s size, complexity, and risk profile,” the OCC wrote in its consent order. The agency also identified a number of “unsafe and unsound” practices in those areas and concluded the bank is not adequately monitoring its compliance with federal banking regulations.
The OCC ordered the bank to beef up its risk and compliance program to “ensure a robust staffing model that provides for ongoing monitoring of the Bank’s aggregate staffing for the risk management related functions in the front-line units, independent risk management functions, and internal audit function, including addressing the number, skill, and expertise gaps, and dual roles and matrix reporting as identified.” Citigroup said in a statement it was “disappointed” in the OCC and the Fed’s findings and pledged to spend $1 billion over several years to transform its risk and control environment.
Hu’s replacement was not named in Monday’s memo, and the firm will consider both internal and external candidates for the chief risk officer position. Hu’s staying through the end of the year will help ensure a smooth transition, Corbat and Fraser noted.