Op risk data: Japan’s giant bitcoin break-in makes a monster loss

In focus: Citi feels the fickle (fat) finger of fate

It was early May 2022 when a trader in Citigroup’s London office made a now-notorious multi-billion-dollar fat-finger error while executing a trade on European exchanges. It threw markets into turmoil and prompted trading stops across Europe.

On the morning of May 2, 2022, a trader on Citi’s Delta One trading desk had begun booking a basket of equities to hedge some of the bank’s exposure to an index. But Citi’s usual index decomposition tools and other external data feeds for benchmark pricing were unavailable, and the trader had to manually populate the relevant fields.

When the trader mistakenly entered the intended value of the basket – $58 million – into the field denoting the number of units, it created instead a basket of 58 million units with a total notional size of $444 billion.

Due to a second data feed being unavailable, the index value of the basket was then erroneously displayed as negative $58 million. Expecting to see this figure, the trader hit ‘execute’.

Fifteen minutes later, the trader realised the error, and, after several attempts, managed to cancel it at 9:10am BST. But much of the damage was done. Central internal controls suspended orders to an approximate value of $165 billion. $1.4 billion in notional had already been filled on European exchanges.

Markets in London were closed that day for a national bank holiday, but European markets were immediately affected, sparking a flash crash. Several indexes, including in Denmark, Norway, Germany, Italy and France, dropped because of a sudden rush of selling at around 10:00 BST, but later recovered.

An error in a Swedish krona conversion meant that Stockholm-listed shares were among the worst affected by the event. The OMX Stockholm 30 equity benchmark index fell by 7.9%, before recovering to close 1.9% lower. Following the sudden and steep declines, trading was briefly suspended in several European markets that morning.

Fallout (Boy!)

The bank suffered a loss of $48 million on the erroneous trades, but the matter didn’t end there. By May 2024, Citi had paid more than £61.6 million ($78.5 million) in penalties to the UK’s Financial Conduct Authority and Prudential Regulation Authority for manifold failures in its trading system controls.

The PRA and the FCA revealed that the incident was primarily caused by material and long-standing deficiencies in Citi’s trading controls, which the PRA had been highlighting to Citi since April 2018. The bank’s own internal audit function also continually flagged trading-control weaknesses. Citi had experienced multiple other trading incidents that were caused by internal control failures prior to the May 2022 incident.

First, the bank did not implement effective or appropriate ‘hard blocks’ on inappropriate trading activity. For example, despite being in place for its US entities, the London desk did not have the hard block that acted as the primary preventative control for erroneous basket-size entries, nor the price tolerance hard-block control that protected against fat-finger errors and volatility caused by the low-liquidity environment characteristic of a UK bank holiday. Furthermore, soft limits within its trade-order management system were easily overridden, and there were no consistent reviews of trading-block breach alerts. A trading incident at Citi in May 2021 revealed that these specific trading blocks could be inadvertently deactivated and remain undetected for months.

Threshold limits in Citi’s trade-order management system were inappropriately calibrated and often left unreviewed. Control testing for trading block thresholds were only at a system level, and the bank did not conduct scenario tests of a trading ‘flow’ across multiple systems in order to prevent large and critical errors from reaching external venues. The firm was also overly reliant on manual processes and workarounds, such as manual procedures in spreadsheets, for key processes such as trade pricing, booking and rebalances.

Real-time monitoring of internal desk orders was also inadequate and exacerbated by understaffing and resourcing issues. The first line of defence’s monitoring system filtered out the majority of alerts, delayed escalating issues and often went ignored. The May 2022 incident was escalated, but ignored by relevant personnel for four hours. Other first-line responsibilities, such as alert protocols and messaging to risk-owners, were belated or inefficient.

Finally, the regulators identified multiple governance issues. Equities management did not impose adequate governance structures, failed to hold trading activity to internal policy standards, and insufficiently managed trading blocks and their limit thresholds.

Despite knowledge of these deficiencies since early 2018, as well as a fine of £43.9 million from the PRA in November 2019 for systems and controls failings, Citi failed to remediate the issues that led to the May 2022 incident fully or in a timely manner. The bank was fined a further £12.6 million by the FCA in August 2022 for failures regarding the monitoring of trading activity.

Since the May 2022 incident, however, Citi has undertaken significant remedial measures that focus on trading controls and booking-model controls. It also included tactical adjustments to its controls in the days following the incident to prevent a similar event from recurring.