Citibank Know Your Customer Worst: The Impact of Aml and Security Issues on Financial Stability

Citibank's Know Your Customer (KYC) policies have been marred by Anti-Money Laundering (AML) and security issues that threaten financial stability.

In 2019, Citibank was fined $70 million by the New York State Department of Financial Services for failing to implement effective AML controls, allowing over 5,000 suspicious transactions to go unchecked.

Citibank's lax AML measures have allowed hackers to infiltrate their systems, compromising sensitive customer data.

The bank's security issues have led to a loss of customer trust, with many opting to take their business elsewhere.

Citigroup suffered a huge sell order error in 2022, causing a flash-crash in European stock markets that lasted for a few minutes.

The bank paid $78 million to U.K. regulators to settle that incident.

Eighteen months after Citigroup's original 2020 consent order, this mistake still happened.

Jane Fraser, Citigroup's CEO, promised to improve the bank's risk management, internal control, and compliance practices, but it's unclear if she's made enough progress.

Fraser hired Rob Casper, a former JPMorgan chief data officer, to help with Citigroup's data governance issues, but he lasted only two years.

Kathleen Martin, his successor, was fired and is now suing Citigroup, alleging she was instructed to lie to regulators about the bank's risk management and data governance efforts.

The bank's current chief data officer is Japan Mehta, who has been with Citigroup in various technology leadership roles since 2018.

Citi Bank has strict Anti-Money Laundering (AML) regulations that must be followed to prevent financial crimes.

To comply with these regulations, Citi may request various documents or information from customers, including copies of Constitutive and Authority Documents, evidence of ownership, and confirmation of account ownership.

These requirements vary depending on the location of the account, the customer's place of incorporation, and the form of the customer entity involved.

In some jurisdictions, Citi may need to formally identify shareholders, directors, and persons operating the accounts on behalf of the customer, requiring personal identification information.

The specific documentation requests will be based on the customer's location and entity type, and may include details of senior officers and authorized representatives.

Citi cannot complete account openings until all AML/KYC requirements have been fully satisfied.

Here are some examples of the types of information Citi may request:

Citibank's security measures are a perfect example of how not to protect customers. The bank's scattered systems, which include a username and password combo, debit card number and PIN combo, passphrase, and hidden account number, are meant to be secure but end up being a hassle for users.

The combination of these systems is what makes them so inconvenient. For instance, Citibank will lock out online access if the debit card and PIN haven't been validated, requiring users to provide the offline debit card number and PIN, as well as the hidden account number that can't be accessed online.

This is where things get really frustrating. Citibank will send out cards and PINs in separate mailings without asking or indicating to the user that they need to activate anything to keep banking online. This can lead to users being locked out when they ignore the unnecessary paraphernalia or if the mailings get lost.

The resolution to this issue is equally infuriating. PIN numbers, which are randomly generated by Citibank, can only be mailed out, not reset over the phone. This means users have to wait for a FedEx overnight shipping, which has strict restrictions: it has to be signed, delivered to the home address, and cannot be picked up at a FedEx location.

Here are the specific restrictions on FedEx shipping:

Essentially, if you can't stay home for a day waiting for an envelope with 4 random numbers in it, you cannot actually reset your PIN and thus cannot log onto the website.