Citibank 2015 Annual Report Download - page 135

Download and view the complete annual report

Please find page 135 of the 2015 Citibank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 332

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332

117
COMPLIANCE, CONDUCT AND LEGAL RISK
COMPLIANCE RISK
Compliance Risk Appetite Framework
Citi’s compliance risk appetite framework outlines Citi’s compliance risk
appetite, how Citi manages its adherence to its compliance risk appetite and
how Citi evaluates the effectiveness of its controls for managing compliance
risks. This framework is comprised of three pillars:
Setting risk appetite: Citi establishes its compliance risk appetite by setting
limits on the types of business in which Citi will engage, the products
and services Citi will offer, the types of customers which Citi will service,
the counterparties with which Citi will deal, and the locations where
Citi will do business. These limits are guided by Citi’s mission and value
proposition and the principle of responsible finance, Citi’s adherence to
relevant standards of conduct, as well as to relevant and applicable laws,
rules, regulations, and Citi’s internal policies.
Adhering to risk appetite: Citi manages adherence to its compliance risk
appetite through the execution of its compliance program, which includes
governance arrangements, a policy framework, customer onboarding
and maintenance processes, product development processes, transaction
and communication surveillance processes, conduct- and culture-
related programs, monitoring regulatory changes, and new products,
services, and complex transactions approval processes. At Citi, it is the
responsibility of each employee to escalate breaches of the compliance risk
appetite in a timely manner.
Evaluating the effectiveness of risk appetite controls: Each business
and Compliance evaluate the effectiveness of controls for managing
compliance risk through the manager’s control assessment (MCA)
process—a process through which managers at Citi identify, monitor,
measure, report on, and manage risks. Citi also relies on compliance risk
assessments; a policy framework; compliance testing and monitoring
processes; compliance metrics related to key operating risks, key risk
indicators, and control-effectiveness indicators; and Internal Audit
examinations and reports.
Compliance Program
Compliance aims to operate Citi’s compliance risk appetite— and
thus minimize, mitigate or manage compliance risks— through Citi’s
compliance program. To achieve this mission, Compliance seeks to:
Understand the regulatory environment, requirements and
expectations to which Citi’s activities are subject. Compliance
coordinates with Legal and other independent control functions,
as appropriate, to identify, communicate and document key
regulatory requirements.
Assess the compliance risks of business activities and the state of
mitigating controls, including the risks and controls in legal entities
in which activity is conducted. To facilitate the identification and
assessment of compliance risk, Compliance works with the businesses and
other independent control functions to review significant compliance and
regulatory issues and the results of testing, monitoring, and internal and
external exams and audits.
Define Citi’s appetite, in conjunction with Citigroup’s Board of
Directors and senior management, for prudent compliance and
regulatory risk consistent with its culture of compliance, control and
responsible finance. As noted above, Citi has developed a compliance
risk appetite framework that is designed to minimize, mitigate or manage
compliance risk.
Develop controls and execute programs reasonably designed to
promote conduct that is consistent with Citi’s compliance risk appetite
and promptly detect and mitigate behavior that is inconsistent with
this appetite. Compliance has product-related compliance functions,
namely the corporate compliance group and compliance programs
for Global Consumer Banking and the Institutional Clients Group.
Compliance also has regional programs together with thematic groups
and programs, such as the conduct, governance and emerging risk
management group and programs that focus on anti-bribery and
corruption, ethics, privacy and sanctions. Each of these functions,
programs and groups aims to mitigate Citi’s exposure to conduct that is
inconsistent with Citi’s compliance risk appetite.
Detect, report on, escalate and remediate key compliance and
franchise risks and control issues; test controls for design and
operating effectiveness, promptly address issues, and track
remediation efforts. Compliance designs and implements policies,
standards, procedures, guidelines, surveillance reports and other solutions
for use by the business and Compliance to promptly detect, address and
remediate issues, test controls for design and operating effectiveness, and
track remediation efforts.
Engage with the Citigroup Board, business management, operating
committees and Citi’s regulators to foster effective global governance.
Compliance provides regular reports on emerging risks and other
issues and their implications for Citi, as well as the performance of the
compliance program, to the Citigroup Board of Directors, including the
Audit and Ethics and Culture Committees, as well as other committees
of the Board. Compliance also engages with business management on
an ongoing basis through various mechanisms, including governance
committees, and supports and advises the businesses and other global
functions in managing regulatory relationships.
Advise and train Citi personnel across businesses, functions, regions
and legal entities in how to comply with laws, regulations and
other relevant standards of conduct. Compliance helps promote a
strong culture of compliance and control by increasing awareness and
capability across Citi on key compliance issues through training and
communication programs. A fundamental element of Citi’s culture is
the requirement that Citi conduct itself in accordance with the highest
standards of ethical behavior. Compliance plays a key role in developing
company-wide initiatives designed to further embed ethics in Citi’s