April 24, 2015
OKLAHOMA FIREFIGHTERS PENSION & RETIREMENT SYSTEM, Plaintiff,
CITIGROUP INC., Defendant.
Submitted: January 22, 2015
Michael J. Barry, Esquire, Nathan A. Cook, Esquire, and Justin K. Victor, Esquire of Grant & Eisenhofer, P.A., Wilmington, Delaware, Attorneys for Plaintiff.
Stephen P. Lamb, Esquire and Meghan M. Dougherty, Esquire of Paul, Weiss, Rifkind, Wharton & Garrison LLP, Wilmington, Delaware; Brad S. Karp, Esquire, Bruce Birenboim, Esquire, Susanna M. Buergel, Esquire, and Caitlin E. Grusauskas, Esquire of Paul, Weiss, Rifkind, Wharton & Garrison LLP, New York, New York; and Jane B. O'Brien, Esquire of Paul, Weiss, Rifkind, Wharton & Garrison LLP, Washington, DC, Attorneys for Defendant.
NOBLE, Vice Chancellor
Plaintiff seeks to inspect certain books and records of Defendant Citigroup Inc. ("Citigroup" or the "Company") in order to investigate possible mismanagement and breaches of fiduciary duty by Citigroup's directors and officers in connection with events at two of Citigroup's subsidiaries. Citigroup argues that Plaintiff has not established a credible basis to infer possible mismanagement or wrongdoing by the Company's fiduciaries. Further, assuming that Plaintiff has stated a proper purpose, Citigroup contends that the scope of inspection demanded is overbroad.
On June 27, 2014, this case was tried on a paper record before a Master in Chancery. The Master issued a draft bench report recommending that the Court find that Plaintiff has stated a proper purpose for inspection, but narrowing the scope of documents sought by Plaintiff's demand.
Citigroup took timely exceptions to the draft report. After the parties briefed those exceptions, the Master issued her final report and recommendation (the "Final Report"), confirming her conclusion that Plaintiff had established a proper purpose for inspection. She did, however, again narrow the scope of documents that she deemed Plaintiff should be entitled to inspect.
On October 7, 2014, Citigroup filed its Notice of Exception to the Master's Final Report. The parties briefed Citigroup's exceptions and presented argument before this Court. This is the Court's ruling on the Company's exceptions.
Citigroup, a Delaware corporation, is a diversified financial services holding company headquartered in New York, New York. Its businesses provide a range of financial products, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Plaintiff Oklahoma Firefighters Pension & Retirement System has held Citigroup stock since December 31, 2007.
On March 17, 2014, Plaintiff made a written demand (the "Demand") on Citigroup pursuant to 8 Del. C. § 220 ("Section 220"). The Demand sought books and records relating to recently-disclosed adverse events involving two of Citigroup's subsidiaries: Banco Nacional de Mexico, S.A. ("Banamex") and Banamex USA. More specifically, Plaintiff aims to investigate a recent fraud at Banamex (the "Banamex fraud") and Banamex USA's compliance with the Bank Secrecy Act (the "BSA") and anti-money laundering ("AML") requirements under federal laws and banking regulations.
A. The Banamex Fraud
Banamex, an indirect wholly-owned Citigroup subsidiary, is one of the Company's largest foreign consumer banks, accounting for approximately 10% of the Company's global profits. Citigroup views Banamex as "an integral part of [Citigroup's] global network and a source of great pride . . . ." "Banamex is . . . subject to the same risk, control, anti-money-laundering and technology standards and oversight which are required throughout the [Company]." Citigroup's Co-President, Manuel Medina-Mora, holds the title of "Chairman, Mexico" and oversees Citigroup's Mexican business.
On February 28, 2014, Citigroup disclosed that a recent fraud had been discovered at Banamex:
As of December 31, 2013, Citi, through [Banamex], had extended approximately $585 million of short-term credit to Oceanografia S.A. de C.V. ("OSA"), a Mexican oil services company, through an accounts receivable financing program. OSA has been a key supplier to Petróleos Mexicanos ("Pemex"), the Mexican state-owned oil company. Pursuant to the program, Banamex extended credit to OSA to finance accounts receivables due from Pemex. As of December 31, 2013, Banamex also had approximately $33 million in either outstanding loans made directly to OSA or standby letters of credit issued on OSA's behalf.
On February 11, 2014, Citi learned that OSA had been suspended from being awarded new Mexican government contracts. Upon learning of this suspension, Citi, together with Pemex, commenced detailed reviews of their credit exposure to OSA and of the accounts receivable financing program over the past several years. As a consequence of those reviews, on February 20, 2014, Pemex asserted that a significant portion of the accounts receivables recorded by Banamex in connection with the Pemex accounts receivable financing program were fraudulent and that the valid receivables were substantially less than the $585 million referenced above.
The Banamex fraud caused Citigroup to adjust downward its fourth quarter and full year 2013 financial results by $235 million after tax. Citigroup's net income fell from $13.9 billion to $13.7 billion. Citigroup's Chief Executive Officer ("CEO"), Michael Corbat, described the Banamex fraud as "significant" and suggested that "the impact to [Citigroup's] credibility [would be] hard to calculate." The Company fired at least twelve employees, including four high-ranking executives in Mexico.
Moody's Investors Service ("Moody's") downgraded its ratings for Banamex to "reflect the severity of the fraud revealed in March and the subsequent revelations about the deficiencies in Banamex's risk management and auditing functions that permitted this fraud to occur." Moody's questioned whether structural and cultural risk management and governance issues at Banamex were broader than initially thought.
B. Banamex USA's BSA/AML Compliance
Banamex USA is a California-based Citigroup subsidiary. It is a deposit-taking bank that provides retail banking and money-transfer services to customers doing business in Mexico and the United States. In its Annual Report on Form 10-K, filed on March 3, 2014, Citigroup disclosed that it and Banamex USA had received grand jury subpoenas issued by the United States Attorney's Office for the District of Massachusetts (the "U.S. Attorney's Office") relating to compliance with BSA and AML requirements under federal laws and banking regulations. Banamex USA had also received a subpoena (addressing its BSA/AML programs) from the Federal Deposit Insurance Corporation (the "FDIC").
The U.S. Attorney's Office was reportedly investigating "whether [Banamex USA] . . . failed to alert the government to suspicious banking transactions along the U.S.-Mexico border that in some cases involved suspected drug-cartel members . . . ." Concerns stemmed from Citigroup's failure to "submit . . . suspicious-activity reports flagging the questionable transactions . . . ." The BSA requires banks to notify federal authorities of any suspicious activity on cash transactions over $10, 000.
The government subpoenas came on the heels of a series of consent orders (the "Consent Orders") that Citigroup had entered into with various regulators in 2012 and 2013 regarding BSA/AML compliance. The first order, on April 4, 2012, was with the Office of the Comptroller of the Currency (the "OCC"). The OCC had investigated Citibank, N.A. ("Citibank"), another Citibank subsidiary, and concluded that Citibank's BSA/AML compliance program was deficient. According to the OCC, Citibank had
failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements due to an inadequate system of internal controls and ineffective independent testing. [Citibank] did not develop adequate due diligence on foreign correspondent bank customers and failed to file Suspicious Activity Reports ("SARs") related to its remote deposit capture/international cash letter instrument activity in a timely manner.
Later in 2012, Banamex USA entered into a consent order with the FDIC and the California Department of Financial Institutions. Neither admitting nor denying legal violations, Banamex USA agreed to address, among other issues, the "(i) overall integrity and effectiveness of the BSA/AML compliance program, including policies, procedures, and processes; (ii) BSA/AML risk assessment; (iii) BSA reporting and recordkeeping requirements . . . [and] (vii) personnel adherence to [Banamex USA's] BSA/AML policies, procedures, and processes . . . ."
Then, on March 21, 2013, Citigroup entered into a consent order with the Board of Governors of the Federal Reserve System (the "Federal Reserve"). This order referenced the previous two and stated the Federal Reserve's conclusion that "Citigroup lacked effective systems of governance and internal controls to adequately oversee the activities of the Banks with respect to legal, compliance, and reputational risk related to the Banks' respective BSA/AML compliance programs . . . ." Citigroup's board of directors (the "Board") agreed to enhance its risk management program with regard to BSA/AML compliance.
A. Legal Standard
This Court reviews the Master's factual findings and legal conclusions de novo.
Through Section 220, "[a]ny stockholder, in person or by attorney or other agent, shall, upon written demand under oath stating the purpose thereof, have the right . . . to inspect for any proper purpose . . . [t]he corporation's . . . books and records . . . ." A stockholder seeking inspection must demonstrate its proper purpose by a preponderance of the evidence.
To investigate waste and mismanagement, which is a proper purpose, a stockholder "must present some credible basis from which the court can infer that waste or mismanagement may have occurred." However, the stockholder is "not required to prove by a preponderance of the evidence that waste and [mismanagement] are actually occurring." "Both the stated purpose and the underlying need for information necessarily derive from an absence of conclusive facts, and such a standard would beg the ultimate question at issue."
"Delaware courts routinely reject the conclusory allegation that because illegal behavior occurred, internal controls must have been deficient, and the board must have known so." Nonetheless, the Court is not ruling on a motion to dismiss, but a Section 220 demand, where "the 'credible basis' standard sets the lowest possible burden of proof. The only way to reduce the burden of proof further would be to eliminate any requirement that a stockholder show some evidence of possible wrongdoing."
B. Plaintiff's Purposes for Inspection
Plaintiff intends to investigate mismanagement and possible breaches of fiduciary duty by Citigroup's directors and officers in connection with the Banamex fraud and Banamex USA's BSA/AML compliance. Plaintiff seeks to investigate, in contemplation of derivative litigation, the disinterest of the Board to determine whether presuit demand would be excused.
C. Investigating the Banamex Fraud Is a Proper Purpose
Citigroup's Risk Management and Finance Committee (the "Risk Management Committee") is a standing committee of its Board. The Risk Management Committee oversees the Company's risk management, including its risk appetite, its risk policies, its exposure to operational risk, and the qualifications and background of senior risk officers. The Risk Management Committee reviews management's design, implementation, and maintenance of an effective risk program. It also reports to the Board regarding the Company's risk profile and risk management policies and practices. To fulfill its charge, the committee receives regular management reports and may request information to investigate matters within the scope of its duties. The Board also maintains an Audit Committee, which further oversees risk assessment and risk management.
Plaintiff intends to test whether it has viable Caremark claims against Citigroup's fiduciaries for failing to fulfill their oversight responsibilities. According to Citigroup, while the Banamex fraud was unfortunate, its occurrence only supports an inference of mismanagement or wrongdoing at Banamex, not at Citigroup. Caremark claims are among the hardest to plead successfully. For that reason, this Court has analogized the practice of immediately filing a complaint asserting such claims after a negative corporate event to purchasing a lottery ticket. Most claims are unlikely to survive a motion to dismiss, but filing is cheap and the payoff, for the "winning ticket, " is potentially large.
The Court therefore encourages stockholders to pursue a Section 220 demand instead of bringing a premature complaint.
[O]nce you have those books and records, you can make an intelligent decision about whether or not to sue, because it may well be that the board is not involved in the underlying misconduct and, therefore, the board is the appropriate corporate actor to determine what if anything should be done on behalf of the company as a result of the corporate trauma . . . .
Second and perhaps equally important, if you learn that the board was somehow implicated and therefore is not the institutionally competent actor, you can actually plead a complaint that might survive Rule 23.1.
Here, the record would not likely support fiduciary duty claims capable of surviving a motion to dismiss. However, the relevant question is whether the record establishes a credible basis, the "lowest burden of proof, " to support a conclusion that Plaintiff's demand is based on more than mere suspicion and conjecture. Of course, it may turn out "that the board is not involved in the underlying misconduct and, therefore, the board is the appropriate corporate actor to determine what if anything should be done on behalf of the company . . . ."
It would be inappropriate to infer possible mismanagement by Citigroup's Board or senior management merely because wrongdoing occurred at Banamex and the Board has oversight responsibility. If Plaintiff's showing ended there, the record would merely indicate that improper behavior may have occurred despite Citigroup's internal controls. An inference that those controls were deficient, in a sense capable of establishing a credible basis for a Caremark claim, would be overreaching.
However, before the Banamex fraud was revealed, there were red flags indicating issues at the subsidiary. Plaintiff argues that Citigroup's Board either was, or should have been, aware of the warning signs. The Banamex fraud was not merely a blip on Citigroup's radar. Banamex is "an integral part of [Citigroup's] global network and a source of great pride . . . ." It accounts for approximately 10% of Citigroup's annual profits and the fraud was material enough to Citigroup to cause it to restate its financial results. Citigroup took broad remedial actions to address the fraud and its fallout. One might commend Citigroup for the actions it took once the Banamex fraud was revealed. Conversely, one might also question, if the event was so significant to Citigroup, how the Company allowed it to occur in the first place.
Citigroup's CEO confirmed that "[t]here were telltales [of the Banamex fraud] along the way . . . ." "[E]mployees missed signs of trouble they should have recognized and elevated to superiors." Perhaps, the failures to report up the ladder indicate a lack of adequate controls. Additionally, debt ratings firms Fitch and Standard & Poor's both stopped rating Oceanografia, Banamex's counterparty to the Banamex fraud loans, in 2010, citing insufficient financial information.Citigroup did not review its credit exposure to Oceanografia until February 11, 2014, upon learning that Oceanografia had been suspended from being awarded new Mexican government contracts.
These circumstances raise questions over whether proper risk management and detection systems were in place, or were properly followed. One can reasonably infer that if the Risk Management and Audit Committees were functioning properly, then a system would have existed to detect, prevent, or minimize the Banamex fraud. That the fraud involved an accounts-receivable credit line, a core component of the bank's business, is further cause for concern. Notably, Banamex is subject to the same oversight standards which are required throughout the Company.
Citigroup is a sprawling multi-billion dollar corporation. That wrongdoing occurred at one of its subsidiaries falls far short of indicating failures on behalf of its fiduciaries. Nonetheless, given the nature and magnitude of the Banamex fraud, there is at least a credible basis to infer deficiencies at Citigroup, and Plaintiff is entitled to investigate. This conclusion does not ignore the corporate separateness of Citigroup and Banamex, but recognizes the Board's role in overseeing its important subsidiary.
D. Investigating Banamex USA 's BSA/AML Compliance Is a Proper Purpose
The Court agrees with the Master that "the issue of Banamex USA's BSA/AML compliance is a closer case" than the Banamex fraud. The Consent Orders, standing alone, would not satisfy the credible basis threshold. Further, that Citigroup and Banamex USA subsequently received subpoenas relating to BSA/AML issues does not, in the abstract, allow the inference that Citigroup failed to implement the Consent Orders properly.
Citigroup correctly observes that the fact that a corporation is "one of many companies in many industries caught up in the dragnet of a federal investigation . . . does not support an inference of possible wrongdoing." In isolation, Citigroup's receipt of subpoenas regarding BSA/AML issues does not adequately suggest mismanagement or wrongdoing by its fiduciaries.
However, there is evidence that the subpoenas were not merely the consequence of Citigroup's being "caught up in the dragnet of a federal investigation." The subpoenas were issued shortly after Citigroup entered the Consent Orders, which arose from findings by the OCC, the FDIC, and the Federal Reserve that Citigroup and certain of its subsidiaries, including Banamex USA, did not maintain adequate controls for compliance with BSA/AML requirements.Banamex USA, which is overseen by Citigroup, is now under investigation for an apparent failure to report suspicious banking transactions. The Consent Orders addressed BSA reporting requirements, which include suspicious activity reporting. The government investigation is thus targeted at Citigroup and Banamex USA, and at least part of the government's reason for investigating is known. The government's rationale relates directly to events at Banamex USA that one might expect not to occur if the Consent Orders had been properly implemented.
Therefore, Plaintiff "has cobbled together sufficient evidence, taken as a whole, to satisfy the threshold credible evidence standard." One could reasonably infer that Citigroup either incorrectly implemented the Consent Orders or failed to carry out appropriately the actions those orders contemplated. Plaintiff has a proper purpose to investigate Citigroup's implementation of the controls and compliance programs that it agreed to under the Consent Orders.
E. Proper Scope of Inspection
An inspection under Section 220 "is not open-ended; it is restricted to inspection of the books and records needed to perform the task. Accordingly, inspection is limited to those documents that are necessary, essential, and sufficient for the shareholders' purpose." This Court "has wide latitude in determining the proper scope of inspection." In exercising this discretion, the Court limits inspection to "documents reasonably required to satisfy the purpose of the demand." Circumscribing an appropriate scope "is [a] fact specific [exercise] and will necessarily depend on the context in which the shareholder's inspection demand arises." "[T]he stockholder should be given enough information to effectively address the problem. . . ."
The Master's Final Report recommends production of
(1) board and committee minutes and materials provided to the board or committees, (2) materials containing talking points, scripts, or other summaries of remarks or reports that were delivered at a board or committee meeting, and (3) policies and procedures, but only to the extent those books and records relate to the following topics: (a) the Banamex fraud, (b) the BSA/AML matters at Banamex USA, (c) Banamex's fraud detection and prevention efforts, and (d) Citigroup's BSA/AML compliance.
The Master limited the documents subject to her recommendation with two separate timeframes: January 2011 until the date of an order for Banamex fraud-related documents, and January 2012 until the date of an order for documents relating to Banamex USA's BSA/AML compliance.
Citigroup's only exception to the Master's recommended scope, given the Court's finding of proper purpose, is that production of documents relating to "Citigroup's BSA/AML compliance" would exceed what is necessary, essential, and sufficient to investigate Plaintiff's BSA/AML concerns. Citigroup contends that this topic of inspection should be narrowed because Plaintiff's proper purpose regarding BSA/AML compliance is limited to investigating the implementation of the Consent Orders and not more generally into what may have led to the orders.
However, the scope recommended by the Master is appropriately tailored to allow Plaintiff to investigate its potential claims while mitigating the burden on Citigroup. The first Consent Order was entered into on April 4, 2012. The Master recommended inspection regarding "Citigroup's BSA/AML compliance" of documents from January 2012 to the date of the order. This timeframe appropriately allows Plaintiff to investigate Citigroup's implementation of the Consent Orders. Not only did the Master place time constraints on the documents to be produced, but she only recommended production of three categories of documents, as described in the Final Report.
"Citigroup's BSA/AML compliance" does not describe a vague category of documents. It embodies a class of documents potentially instructive on the issue of the Company's implementation of the controls and compliance programs contemplated by the Consent Orders. While it is unavoidable that some documents within this category's scope may not ultimately advance Plaintiff's proper purpose, production of this category is necessary to allow Plaintiff to investigate fully BSA/AML compliance. Documents concerning Citigroup's BSA/AML compliance are targeted toward investigating whether the Consent Orders were properly implemented. Narrowing the scope of inspection further than the Master has already done risks rendering Plaintiff's investigation incomplete.
Plaintiff has established a proper purpose to investigate mismanagement and possible breaches of fiduciary duty by Citigroup's fiduciaries in connection with the Banamex fraud and Banamex USA's BSA/AML compliance. The Master appropriately limited the scope of Plaintiff's demand to categories of documents that are necessary and essential for Plaintiff's purpose.
After a de novo review of the issues raised, Citigroup's exceptions to the Master's Final Report are denied. The Court approves and adopts the Final Report and the recommendations contained therein.
Counsel are requested to confer and to submit an implementing form of order.