September 30, 2014
Oklahoma Firefighters Pension & Retirement System
Submitted: August 13, 2014
In this inspection action under 8 Del. C. § 220, a stockholder seeks books and records relating to events that are the subject of investigations at subsidiaries or divisions of a publicly traded company. The company argues the evidence on which the stockholder relies is not sufficient to state a credible basis to infer possible mismanagement or wrongdoing and that, even if the stockholder stated a proper purpose, the scope of the inspection demanded exceeds what is necessary and essential to accomplish that purpose. After trial on a paper record, I issued an oral report recommending that the Court find that the stockholder had stated a proper purpose for the inspection and that the Court therefore order inspection, but only as to a portion of the books and records sought in the demand. The company took exception to that draft report and the parties submitted briefs addressing those exceptions. What follows is my final report.
Except as noted, the following facts are not in dispute. On March 17, 2014, Oklahoma Firefighters Pension & Retirement System (the "Plaintiff") made a books and records demand (the "Demand") on Citigroup Inc. ("Citigroup") under 8 Del. C. § 220. Plaintiff is an Oklahoma-based retirement system that provides retirement allowances and other benefits to firefighters in Oklahoma. Citigroup is a Delaware corporation headquartered in New York, NY. Citigroup's shares are traded on the New York Stock Exchange and Plaintiff has been a stockholder of Citigroup since December 31, 2007.
The Demand sought to inspect books and records relating to recently-disclosed events involving two of Citigroup's wholly owned subsidiaries: Banco Nacional de Mexico, S.A. ("Banamex") and Banamex USA. Banamex is an indirect wholly-owned subsidiary of Citigroup and is one of Citigroup's largest consumer banks outside the United States. Citigroup purchased Banamex in 2001 and Banamex now accounts for approximately 10% of Citigroup's global profits. Citigroup's Co-President, Manuel Medina-Mora, also holds the title "Chairman, Mexico" and is charged with overseeing Citigroup's franchise in Mexico. Banamex's United States division, Banamex USA, is a Citigroup subsidiary based in California. Banamex USA provides retail banking and money-transfer services to customers in Mexico and the United States.
Plaintiff seeks eight categories of books and records for the stated purpose of investigating:
(a) mismanagement by the directors and/or officers of Citigroup in connection with the matters discussed in the grounds supporting th[e] demand …; (b) the possibility of breaches of fiduciary duty by directors and/or officers of Citigroup in connection with the matters discussed in the grounds supporting th[e] demand …; [and] (c) the independence and disinterest of the Board, and to determine whether a presuit demand is necessary or would be excused prior to commencing any derivative action on behalf of the Company.
The Demand recounted recent events at both Banamex and Banamex USA that Plaintiff contends form a credible basis from which the Court may infer possible mismanagement or wrongdoing. The grounds for Plaintiffs inspection generally may be divided into two categories: (1) the recent discovery of, and investigations into, fraud at Banamex, and (2) a money-laundering investigation at Banamex USA.
1. Allegations of fraud at Banamex
In February of this year, Citigroup publicly disclosed the recent discovery of fraud at Banamex. Citigroup's press release explained:
As of December 31, 2013, Citi, through Banco Nacional de Mexico ("Banamex"), had extended approximately $585 million of short-term credit to Oceanografia S.A. de C.V. ("OSA"), a Mexican oil services company, through an accounts receivable financing program. OSA has been a key supplier to Petróleos Mexicanos ("Pemex"), the Mexican state-owned oil company. Pursuant to the program, Banamex extended credit to OSA to finance accounts receivables due from Pemex. As of December 31, 2013, Banamex also had approximately $33 million in either outstanding loans made directly to OSA or standby letters of credit issued on OSA's behalf.
On February 11, 2014, Citi learned that OSA had been suspended from being awarded new Mexican government contracts. Upon learning of this suspension, Citi, together with Pemex, commenced detailed reviews of their credit exposure to OSA and of the accounts receivable financing program over the past several years. As a consequence of these reviews, on February 20, 2014, Pemex asserted that a significant portion of the accounts receivables recorded by Banamex in connection with the Pemex accounts receivable financing program were fraudulent and that the valid receivables were substantially less than the $585 million referenced above.
The $400 million difference between the accounts receivable recorded by Banamex and those found to be valid after Citigroup's review was charged to operating expenses. That charge required Citigroup to adjust downward both its fourth quarter and full year 2013 financial results by an estimated $235 million after tax. This adjustment lowered Citigroup's 2013 net income from $13.9 billion to $13.7 billion.
In April 2014, Citigroup announced that it had uncovered a second fraud at Banamex, although the scale of the fraud was comparatively small, involving less than $30 million in loans. Citigroup also disclosed that Banamex's indirect parent expected to reduce its first-quarter net profit by $112 million due to reserves it set aside in connection with the fraud. These reserves were in addition to Citigroup's reduction of its fourth quarter and full year 2013 financial results and stemmed from Citigroup's belief that, since its original announcement in February, it was now even less likely to recover the funds it lent to Oceanografia.
One Banamex employee was fired almost immediately upon discovery of the fraud and 11 additional employees were fired after Citigroup's internal investigation. The firings included several top executives in Mexico, specifically the head of corporate banking, the head institutional risk officer, the head of trade finance, and the head of treasury solutions. According to news reports, the firings included employees who "had not taken steps to detect the fraud or had ignored warning signs about the client." The New York Times also reported that "[w]hether Citigroup willfully ignored possible warning signs is the subject of an investigation by the F.B.I. and prosecutors from the United States [A]ttorney's [O]ffice in Manhattan." Several other news articles have reported that the investigations are aimed at determining, among other things, whether Citigroup lacked proper controls to prevent the fraud from occurring.
Citigroup's CEO, Michael Corbat, candidly acknowledged that the financial impact of the fraud was significant, but that the impact to Citigroup's credibility arguably was more damaging than the financial costs. Mr. Corbat also publicly stated that "there were „telltales' along the way that employees should have alerted bosses or compliance officials about." In June, the Wall Street Journal reported that it had reviewed a confidential document from Mexico's National Banking and Securities Commission regarding the commission's investigation of the Banamex-Oceanografia case. According to the article, the commission found "weaknesses in Banamex's internal controls; errors in loan origination and administration; and deficiencies in contracts, risk administration and internal audit functions." In the wake of the fraud and investigations, Moody's downgraded Banamex's deposit and debt ratings, explaining that the downgrade "took into account the uncertainty surrounding Banamex's risk profile that derives from a number of ongoing investigations and reviews by federal and financial authorities both in Mexico and the U.S., as well as Citigroup's and Banamex's internal reviews."
Although no public reports directly have linked Citigroup's board of directors with the allegations of inadequate controls and deficiencies in reporting structure, Citigroup's Board of Directors (the "Board") maintains a standing "Risk Management and Finance Committee" charged with assisting the Board in oversight of Citigroup's risk management framework, including the "significant policies and practices used in managing credit, market, operation and certain other risks." The Risk Management and Finance Committee reports to the Board about the company's risk profile and its policies and practices to manage risk. Citigroup's Audit Committee also is charged with oversight of Citigroup's risk assessment and risk management processes and its control environment.
2. BSA/AML Compliance at Banamex USA
In addition to the fraud at Banamex, Plaintiff's Demand also references a money-laundering investigation involving Banamex USA. In its annual report issued on March 3, 2014, Citigroup reported that Citigroup and Banamex USA had received grand jury subpoenas issued by the United States Attorney's Office for the District of Massachusetts concerning compliance with the Bank Secrecy Act ("BSA") and anti-money laundering ("AML") requirements under federal law and banking regulations. The subpoenas followed a series of consent orders Citigroup entered into with various regulators in 2012 and 2013 regarding BSA/AML compliance.
The first such consent order was entered in April 2012 between Citigroup and the Comptroller of the Currency. The Office of the Comptroller of the Currency ("OCC") conducted an examination of Citibank, N.A., Sioux Falls, South Dakota and identified "deficiencies in the Bank's overall program for [BSA/AML] compliance." The OCC found that the bank had
failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements due to an inadequate system of internal controls and ineffective independent testing. The Bank did not develop adequate due diligence on foreign correspondent bank customers and failed to file Suspicious Activity Reports ("SARs") related to its remote deposit capture/international cash letter instrument activity in a timely manner.
Although Citigroup did not admit or deny any of the OCC's findings, it agreed to implement corrective action, including strengthening internal controls and reporting mechanisms. The order also required the Board to maintain a Compliance Committee responsible for monitoring and coordinating the Bank's adherence to the consent order.
In August 2012, Citigroup entered into a consent order with the Federal Deposit Insurance Corporation ("FDIC") and the California Department of Financial Institutions ("CDFI") relating to those agencies' investigation of Banamex USA, Century City, California and that bank's BSA/AML program. This consent order again required Citigroup's Board to improve internal controls, risk management, and oversight of BSA/AML compliance. In March 2013, Citigroup entered into a consent order with the Federal Reserve, in which the Federal Reserve stated:
as evidenced by the deficiencies in [BSA/AML compliance] … that led to the issuance of the OCC and FDIC Consent Orders (collectively, the "Consent Orders"), Citigroup lacked effective systems of governance and internal controls to adequately oversee the activities of the Banks with respect to legal, compliance, and reputational risk related to the Banks' respective BSA/AML compliance programs.
Among other things, the Federal Reserve consent order required Citigroup's Board to review the effectiveness of Citigroup's firmwide BSA/AML compliance and adopt a plan to "continue ongoing enhancement to the [b]oard's oversight of Citigroup's firmwide compliance risk management program with regard to BSA/AML Requirements."
According to news reports, the recent investigation launched by the United States Attorney's Office will examine whether Banamex USA lacked proper BSA/AML safeguards. The New York Times reported in April that prosecutors suspect that drug money was flowing through an account at Banamex USA. The Wall Street Journal later reported that the subpoenas sought information regarding whether Banamex USA failed to report suspicious banking transactions involving suspected drug-cartel members, including problems that were discovered during a review conducted by consultants from Ernst & Young who were hired to implement new BSA/AML controls.
In addition to agreeing in the various consent orders to oversee reforms to Citigroup's BSA/AML compliance, Citigroup's Board has charged the Audit Committee with overseeing Citigroup's compliance with legal and regulatory requirements. Within that oversight function, the Audit Committee specifically is charged with reviewing and discussing with management, at least annually, the effectiveness of Citigroup's anti-money laundering compliance program and recommending to the Board material changes to that program.
3. The Demand, Citigroup's response, and the draft report
In response to Plaintiff's Demand, Citigroup took the position that Plaintiff had not stated a proper purpose for the inspection and – even if Plaintiff's purpose was proper, the scope of the requested inspection was overly broad. On June 27, 2014, I conducted a trial by paper record and issued a draft report from the bench recommending that the Court find that Plaintiff had stated a proper purpose to inspect certain books and records, but that the Court order a more narrow inspection as to both topic and timeframe than Plaintiff demanded.
More specifically, as to proper purpose, I concluded that Plaintiff had stated a credible basis to infer possible mismanagement or wrongdoing by the Board or senior management at Citigroup regarding the fraud at Banamex. I also concluded that Plaintiff had stated a credible basis for a limited investigation of Banamex USA's BSA/AML compliance, although it was a "much closer case." Although I found that Plaintiff had not stated a credible basis to infer wrongdoing regarding the events underlying the 2012 and 2013 consent orders Citigroup entered into, I held that Citigroup had stated a credible basis to infer possible mismanagement or wrongdoing regarding how Citigroup implemented the controls and compliance programs to which it agreed.
As to the scope of the inspection, by the time of trial Plaintiff had narrowed its request to four categories of books and records: (1) board and committee meeting materials, (2) meeting preparation materials, (3) director and officer communications, and (4) policies and procedures regarding detection and prevention of fraud and risk management. Within each category, Plaintiff demanded responsive documents regarding the following topics: (a) the extension of credit by Banamex to Oceanografia, (b) Banamex USA's compliance or non-compliance with BSA/AML requirements, (c) fraud detection and prevention and risk management, and (d) compliance or non-compliance with the Bank Secrecy Act and/or anti-money laundering requirements. Plaintiff sought documents from 2008 through the date of the inspection. I recommended that the Court order inspection of (1) board and committee meeting materials, (2) materials containing talking points, scripts, or other summaries of remarks or reports that were delivered at a board or committee meeting, and (3) policies and procedures, but only to the extent those books and records related to the following topics: (a) the Banamex fraud, (b) the BSA/AML matters at Banamex USA, (c) Citigroup's fraud detection and prevention efforts, and (d) Citigroup's BSA/AML compliance. I concluded that Plaintiff had not - at this point - shown that director and officer communications were necessary and essential to its stated purpose, and therefore recommended that the Court deny Plaintiff's request for inspection of communications. Finally, I recommended that the Court order inspection of books and records relating to the Banamex fraud from January 2011 up to the date of the order and books and records relating the Banamex USA issue from January 2012 to the date of the order.
Citigroup filed timely exceptions to that recommendation and the parties submitted targeted additional briefing limited to those exceptions. Plaintiff did not take exception to my draft report. For the reasons that follow, I adopt my draft report as my final report, as modified herein.
In its exceptions, Citigroup argues that the evidence cited by Plaintiff does not provide a credible basis from which the Court may infer possible mismanagement or wrongdoing on the part of Citigroup's Board or senior management. In addition, Citigroup further contends that - even if Plaintiff stated a proper purpose - the books and records that were the subject of my draft report are not necessary and essential to the stated purpose. Plaintiff did not take exception to any aspect of my oral ruling. In response to Citigroup's exceptions, Plaintiff argues the evidence establishes a credible basis under Delaware law and contends the books and records for which I recommended inspection "go to the heart of Plaintiff's purpose" and are essential to Plaintiff's investigation.
A. Plaintiff states a proper purpose for inspection regarding both the Banamex fraud and Banamex USA's BSA/AML compliance.
Citigroup first contends that the evidence Plaintiff cites regarding the Banamex fraud - which Citigroup describes as a "discrete, unfortunate event" - relates only to events that occurred at Banamex, not Citigroup. Citigroup asserts that there is no nexus linking the Citigroup Board or senior management to any alleged wrongdoing, and that the only evidence presented at trial shows that Citigroup's CEO and its Board acted promptly to investigate and address the fraud when it was discovered. As a result, Citigroup posits that I improperly concluded that the evidence supported an inference of possible mismanagement at Citigroup, and in so finding I ignored the corporate separateness of Banamex and Citigroup. As to Banamex USA and its BSA/AML compliance, Citigroup argues "[t]he only factor supporting the Court's ruling that there is a credible basis to infer wrongdoing or mismanagement by Citigroup's Board or senior management is the fact that Citigroup received subpoenas."
The familiar standard under Section 220(b) requires a stockholder seeking to inspect books and records to demonstrate a "proper purpose" for the inspection. A proper purpose is one "reasonably related to such person's interest as a stockholder." It is settled law that investigation of corporate waste, mismanagement, or wrongdoing is a proper purpose to demand inspection. Mere suspicion, however, or a subjective belief of wrongdoing, without more, is not sufficient to state a proper purpose. Instead, a stockholder whose stated purpose is investigation of mismanagement must provide "some evidence" to suggest a "credible basis" from which this Court may infer "possible" mismanagement, waste, or wrongdoing may have occurred.
This credible basis standard has been described as the "lowest possible burden of proof" under Delaware law. The standard falls far short of requiring a stockholder to prove by a preponderance of the evidence that mismanagement or wrongdoing actually has occurred. The burden is not insubstantial, however, as it is designed to strike a balance between granting stockholders access to corporate records and protecting corporations and their stockholders from wasteful fishing expeditions based on mere curiosity.
Citigroup argues, correctly, I believe, that the mere fact that wrongdoing occurred at a subsidiary is not a credible basis to infer mismanagement by the board or senior management of a parent company. Citigroup, however, understates the nature of the evidence supporting the Demand. Although Citigroup describes the Banamex-Oceanografia fraud as a "discrete" event isolated to Banamex, the evidence shows (i) the subsidiary in question accounts for approximately ten percent of Citigroup's annual profits, (ii) the event was significant enough to cause Citigroup to restate its financials, (iii) Citigroup's internal investigation led to the termination of twelve Banamex employees, including four top executives, (iv) the "discrete" event and the associated investigations led Moody's to downgrade the subsidiary's deposit and debt ratings, (v) several news reports have indicated that the investigations uncovered weaknesses in Banamex's internal controls, including compliance, risk administration, and audit functions, and (vi) these internal controls that may be either insufficient or not properly monitored fell within the oversight responsibility of both Citigroup's Risk Management and Finance Committee and its Audit Committee. In addition, the Co-President of Citigroup also holds the title "Chairman, Mexico" and is responsible for overseeing Citigroup's operations in Mexico, providing an additional link between the issues and Banamex and Citigroup's senior management. The scope of the fraud at the subsidiary, the significance of the subsidiary to the parent company's profits, the public reports indicating that investigations uncovered deficiencies in internal controls, and the fact that one of the parent company's senior executives oversees the subsidiary and the parent company's board and its committees are responsible for overseeing the controls in question provides, in my view, "some evidence" of a credible basis to infer possible mismanagement or misconduct by Citigroup's Board or senior management. Of course, that showing falls well short of "demonstrating that anything wrong occurred, " but it is sufficient to permit Plaintiff to inspect targeted books and records.
To conclude, as Citigroup urges, that a stockholder must have specific and concrete evidence of possible wrongdoing or mismanagement by the board or senior management before the Court may permit a Section 220 inspection would both ignore the very low burden of proof required by the credible basis standard and would threaten to render meaningless the Delaware courts' repeated urging that stockholder plaintiffs seek books and records before filing class or derivative complaints so they may prepare factually accurate and legally sufficient pleadings. Although Citigroup disclaims any effort to turn this proceeding into a trial on the merits of Plaintiffs possible derivative claims, Citigroup essentially seeks that result by implying that Plaintiff must have specific, tangible evidence that Citigroup's Board or senior management was complicit in the fraud at Banamex. That argument ignores the inferences that this Court can - and must - draw under the credible basis standard, and would discourage the very behavior this Court has sought to encourage among would-be derivative or class plaintiffs. The evidence Plaintiff has put forward regarding the Banamex fraud is sufficient to infer possible mismanagement or wrongdoing by Citigroup's Board or senior management, and therefore the Demand states a proper purpose to inspect books and records relating to the fraud.
Citigroup also argues that the evidence Plaintiff relies on as a basis to investigate BSA/AML compliance at Banamex USA is insufficient under the credible basis standard both generally and because there is not a sufficient nexus to Citigroup's board or senior management. Although I agree that the issue of Banamex USA's BSA/AML compliance is a closer case, I believe the evidence presented by Plaintiff crosses the credible basis threshold. Specifically, the findings by the OCC, FDIC, and Federal Reserve that certain Citigroup branches, including Banamex USA, had insufficient controls relating to the Bank Secrecy Act and anti-money laundering requirements under federal law and banking regulations, the Citigroup Board's undertaking in three recent consent orders to improve compliance and controls in that area, followed by recent subpoenas that reportedly seek to investigate whether Banamex USA failed to report suspicious banking transactions, taken as a whole, state a credible basis for the limited inspection I recommended in the draft report.
Citigroup argues this case is no different from Louisiana Municipal Police Employees' Retirement System v. Lennar Corp., where this Court held that lawsuits filed by employees of the company in 2007 and 2009, along with two press reports that the Department of Labor was investigating labor practices of numerous companies in the industry, including the defendant company, were not sufficient to state a credible basis of possible mismanagement or wrongdoing. Lennar, however, is distinguishable on its facts. Although the consent order alone would not permit an inference of possible mismanagement and wrongdoing, the Board's commitment to strengthen its BSA/AML controls, followed shortly by another investigation targeted directly at Citigroup and reports that the controls remain inadequate, meets the low burden of proof required of a stockholder under Section 220 and brings this case outside the minimal allegations in Lennar. In addition, the audit committee's responsibility to oversee AML compliance and the entire Board's commitment in the consent orders to strengthen BSA/AML compliance provide the necessary connection between Citigroup's Board and the allegations of misconduct or mismanagement at Banamex USA.
B. The scope of the inspection
Having established a proper purpose for its inspection, Plaintiff bears the additional burden of showing that the books and records it seeks are "necessary and essential" to the stated purpose. The Delaware Supreme Court recently explained:
Documents are "necessary and essential" pursuant to a Section 220 demand if they address the "crux of the shareholder's purpose" and if that information "is unavailable from another source." Whether documents are necessary and essential "is fact specific and will necessarily depend on the context in which the shareholder's inspection demand arises."
To reiterate, I recommended in my draft report that the Court order Citigroup to produce for inspection (1) board and committee minutes and materials provided to the board or committees, (2) meeting preparation materials as defined above, and (3) policies and procedures, but only to the extent those books and records related to the following topics: (a) the Banamex fraud, (b) the BSA/AML matters at Banamex USA, (c) Citigroup's fraud detection and prevention efforts, and (d) Citigroup's BSA/AML compliance. In its exceptions to the final report, Citigroup argues that the third and fourth topics are "impermissibly vague and, in certain respects, erroneous and overbroad, " and must be narrowed or altogether eliminated in order to prevent a fishing expedition.
Citigroup first argues that "fraud detection and prevention" is both vague and overly broad given Plaintiff's stated purpose and Citigroup's size and the diversity of its business operations. Citigroup instead argues that books and records relating to the first topic – the Banamex fraud – is sufficient to satisfy Plaintiff's stated purpose. I disagree that the first topic is sufficient because it could be read as limited to documents specifically addressing the Banamex-Oceanografia matter, rather than documents more broadly addressing controls and procedures that may have governed Banamex. Upon further reflection, however, I agree that a topic covering "Citigroup's fraud detection and prevention" is both unwieldy and beyond the scope of Plaintiff's purpose. I therefore revise my draft report on this point and recommend that the Court order inspection of the three categories of books and records to the extent they relate to Banamex's fraud detection and prevention, rather than the broader topic of Citigroup's fraud detection and prevention.
Citigroup further argues that the fourth topic, Citigroup's BSA/AML compliance, also is overbroad in light of my finding that Plaintiff only stated a credible basis to infer possible mismanagement or wrongdoing regarding how Citigroup implemented the controls and compliance programs required by the consent orders, and my conclusion that Plaintiff had not stated a credible basis sufficient to permit broader inspection into the issues or events that may have formed the basis for the consent orders. In making this argument, however, Citigroup ignores two facts: (1) I did not require Citigroup to produce all documents regarding BSA/AML compliance, but only those three categories of documents discussed above, and (2) I imposed a date limitation that further narrowed the scope of the inspection. Unlike the "fraud detection and prevention" issue discussed above, Citigroup has not argued that the topic of BSA/AML compliance is so broad that it will encompass inspection of numerous documents wholly unrelated to Banamex USA's compliance with those laws and regulations. Because I believe the limitations on the categories of documents and the date range appropriately limit the scope of this topic to what is necessary and essential to Plaintiffs stated purpose, and because Citigroup does not persuasively argue that this topic otherwise is overly broad or vague, I have not revised my draft report on this topic.
For the foregoing reasons, I recommend that the Court order Citigroup to permit Plaintiff to inspect (1) board and committee minutes and materials provided to the board or committees, (2) materials containing talking points, scripts, or other summaries of remarks or reports that were delivered at a board or committee meeting, and (3) policies and procedures, but only to the extent those books and records relate to the following topics: (a) the Banamex fraud, (b) the BSA/AML matters at Banamex USA, (c) Banamex's fraud detection and prevention efforts, and (d) Citigroup's BSA/AML compliance. This is my final report and exceptions may be taken in accordance with Rule 144.
Abigail M. LeGrow Master in Chancery