Another day and another huge monetary fine for a bulge-bracket investment bank. The offense in this instance? Market manipulation? Money laundering? Collusion? No, no, and no. Citigroup has been hit with a $400 million penalty for “several long-standing deficiencies” in its compliance program.

The Federal Reserve (Fed) and Office of the Comptroller of the Currency had finally lost its patience with Citigroup’s lack of urgency in addressing its failure to, “implement and maintain an enterprise-wide risk management and compliance risk management program, internal controls, or a data governance program commensurate with the Bank’s size, complexity, and risk profile.”

The straw that broke the camel’s back appears to be an “operational error” whereby the bank mistakenly sent Revlon creditors $900 million of its own funds back in August. To compound the embarrassment, Citi is now suing a number of lenders who are refusing to return the payments.

As is often the case, the size of the fine makes the headlines but the repercussions rarely end there. Citigroup chief executive Michael Corbat had already announced the acceleration of his retirement following the Revlon debacle and now chief risk officer, Brad Hu, has stepped down with immediate effect.

Jane Fraser will step in as Citigroup CEO in February 2021 while a new CRO is yet to be announced. What is clear is that whoever lands the role has a huge job on their hands to rebuild regulator trust. The bank has already pledged a $1 billion investment in its operational systems and Fraser has pledged the firm will, “…invest in our infrastructure, risk management and controls to ensure that we operate in a safe and sound manner.”

These changes will need to be implemented while under close regulatory scrutiny, with the Fed able to reject acquisitions sought by the bank and request changes at a board and executive level if necessary.