These fines are fundamentally stupid: yes, Citi's IT fucked up, but the fault is with the regulators for having such braindead reporting requirements to begin with.
Instead of something sensible like "you trade, you report", the regulators have set up a patchwork of formats, inclusion criteria and target agencies that pretty much ensures that lapses like this occur. Turning Frank-Dodd into workable code is fucking hard: I spent a couple of years pushing that boulder up the slope until I ragequit a couple of months ago.
The regulators should be ingesting data in one place and running analytics on a data lake. The banks are so sick of spending money dealing with the lack of regulatory technical competence that they'll probably happily pony up a couple of billion dollars between them to set up the surveillance system for the Feds; doing it once is cheaper in the long run than repeating the same set of mistakes at every bank on the Street.
The banks are sick of this, but just like the grass that doesn't want to be eaten by the cows, they also depend on this complicated regulation to keep our competitors.
I'm not sure complicated reporting is how banks are maintaining margins. They're diverting billions into complying with these requirements, for very little gain.
And anyone entering their business would have to as well. The large banks are happy to have these regulations in some ways as it makes it hard for midsized banks to grow and compete with them.
> Citigroup failing to send information on 26,810 transactions in over 2,300 such requests.
26810 requests, do you think they made more than $7m on this?
It's about proportional fines. Just because they're a giant company doesn't mean we should find then $1b for forgetting to put a handicapped parking space at one of their offices.
There is a school of thought that punitive fines should be a proportion of company value/earnings rather than an absolute dollar figure to exact an equal amount of discomfort.
I think Finnish speeding fines are a percent of income.
There is a school of thought that punitive fines should be a proportion of company value/earnings rather than an absolute dollar figure to exact an equal amount of discomfort.
In the infamous McDonald's coffee lawsuit, this was actually the motivation behind the initial large damage award. The jury attempted to award punitive damages equal to two days' worth of McDonald's coffee revenue.
(obligatory note here for the many people who have heard false information about that case: the coffee spilled in a car, yes, but the car was motionless, in a parking space, and the person who spilled it was not the driver, and was found partially at fault for the spill; she suffered severe burns requiring hospitalization and skin grafts, which is not generally what one expects from coffee; it was found McDonald's served its coffee significantly hotter than other chains, in a temperature range making burns more likely, and was aware of the fact that it could cause severe burns because this wasn't the first case, and in fact McDonald's was aware of hundreds of cases of burns resulting from its coffee; the initial damage award was significantly reduced by the judge; search for Liebeck v. McDonald's for more details)
Only because the fine is based on your income doesn't mean it has to be draconic. Quite the opposite. They can actually be less draconic than fixed amount fines. If you earn minimum wage a speeding ticket can be a complete disaster. If you are a tech worker you will barely notice the ticket.
25-to-life is indeed excessive, but if some people had 25 year lifespans and others had 2500 year lifespans, "3 strikes and you're 10-25% of your lifespan" is actually quite reasonable.
I think I see what you're getting at: punishments or penalties for offences that are arguably disproportionate to the crime.
On the other hand I think there is a gulf of difference between "3 strikes" laws and punitive damages being awarded against a company for an arguably frivolous lawsuit.
The former will disproportionally target people who are relatively disadvantaged, e.g. people living in poverty or drug addicts, and ruin their lives.
The latter (in this case) targeted a multinational corporation, with the damages being around 0.01% of its annual profit or less. McDonald's can survive that. Even if a person or two in the chain of command get fired, there's a gulf of difference between losing your job and getting locked up for 25 years.
I know you're not talking specifically about mcd coffee suit, but there's nothing arguable about that one; because there's still some measure of belief that it was frivolous here's a quote taken from the wikipedia article[0]:
> Liebeck was taken to the hospital, where it was determined that she had suffered third-degree burns on six percent of her skin and lesser burns over sixteen percent. She remained in the hospital for eight days while she underwent skin grafting. During this period, Liebeck lost 20 pounds (9 kg, nearly 20% of her body weight), reducing her to 83 pounds (38 kg). After the hospital stay, Liebeck needed care for 3 weeks, provided by her daughter. Liebeck suffered permanent disfigurement after the incident and was partially disabled for two years.
What? Absolutely not. I'm just saying that it sounds reasonable to believe that burns increase with temperature, as opposed to being high in a range of temperatures and lower below and above that range. Figure 4 in your first link agrees with this common-sense guess.
Even if fines were in proportion to company value/earnings, they would also need to be in proportion to the violation. Not every violation is equally as egregious.
> I think Finnish speeding fines are a percent of income.
Yes and no. Lesser infractions are static amounts, larger ones are based on day fines, they determine the amount of days -> units for the fine based on the severity of the infraction and the units are used as a multiplier against your daily income for your fine.
I've thought long and hard about this for many years. Punitive damages - eg jail time or financial punishment should be removed from our system except in cases where people are unfit to be in society (like murders' etc).
What should happen - all of the management at Citgroup should have to attend a 5 day training provided by the SEC showing how they can fix the reporting problems they have. How it causes problems to society. How it is dishonest - and how it wastes taxpayers dollars.
I'm betting having that happen to Citigroup 2 or 3 times a year would really make them think about following the rules.
Plus - its positive reinforcement instead of negative (punative) damage.
same goes for Switzerland, but as common sense suggests, there is and should be some threshold based on severity. below is static fine, above it things get more interesting/intense.
some (a lot) people would like to see banks burn, in same way common folks enjoyed public decapitations of ruling classes in french revolution. not judging, hard topic on its own, probably depends on where you are positioned in your life.
For me it's not as much about fining them as it is holding the correct people responsible (not just throwing some junior engineer under the bus as usually happens) and making sure it cannot happen again or gets noticed much more quickly
Large companies have more employees and will have more violations, maybe proportional to their size, whereas a rich person should not have more speeding tickets than a poor person and should arguably pay more per violation.
That may have been true back in the 20th century, but not anymore--Apple and Walmart have market caps on the same order of magnitude, but one employs far more employees than the other. Besides, if you have more $ per employee, that just means each violation will cost more money/damage.
The other thing is with a company the size of citigroup (250,000 employees), it is statically impossible not to have:
- incompetent and/or careless employees and managers
- dishonnest employees
- computer bugs, glitches, clerical errors
If you take down a large corporation every time you find any of these, there will be no corporation left within a year. Just small companies that were statistically lucky to have neither of those that particular year.
Name me a program, any program (other than Hello World) where no bug has never been found!
They had this bug for more than a decade. They should have systems in place to look for these things.
People make mistakes, but these mistakes should be caught before they get into production. And the ones that still make it into production should be hunted.
Should we discuss about all the 15 years old bugs that are found in Windows, Linux and MacOS which are well into production (and many of them critical bugs that affect the core of the product)? Has a software company ever been fined or held liable for bugs in its products? In fact too often, bug fixes are paid updates.
Financial companies are held to extraordinary standards, and in my opinion it's a game they cannot win.
This is not a minor bug, this is a bug that caused data to be misrepresented. If you want to compare it to OS bugs, then you need to look at silent data corruption: how many data corruption bugs have gone undetected in operating systems for 15 years?
You mean a server OS leaking kernel memory to any external connection doing something special with TLS without leaving any audit trail that this happened is a minor bug?
this is unbelievably naive comment... do you work in IT? 15 year old bugs are nothing special, with known ones having workarounds implemented (often buggy), or just some completely new happening on broken data feed, unexpected values etc. the list is endless
Who said anything about being evil? If my car manufacturer has a bug in their manufacturing process and I die in a ball of fire as a result, they weren't being evil (they didn't intentionally kill me), but it doesn't change the fact that they screwed up and are going to have to make amends.
Citigroup screwed up. Now they have to pay a fine. If they get off the hook for free, how is that fair to their competitors, who also had to do this rather tedious reporting?
Citigroup was $7 BILLION for their mortgage fraud. [1] I think that can be considered a "real consequence." This was a far less severe infraction, and the fine was correspondingly much lower.
I was thinking the exact same thing. They should have a really thorough investigation and they need to make sure that NO ONE knew about this bug at any point in the past 15 years.
If Citygroup has a habit of hiring and fostering employees who turn a blind eye and keep their mouths shut, then they should be punished severely.
Instead of something sensible like "you trade, you report", the regulators have set up a patchwork of formats, inclusion criteria and target agencies that pretty much ensures that lapses like this occur. Turning Frank-Dodd into workable code is fucking hard: I spent a couple of years pushing that boulder up the slope until I ragequit a couple of months ago.
The regulators should be ingesting data in one place and running analytics on a data lake. The banks are so sick of spending money dealing with the lack of regulatory technical competence that they'll probably happily pony up a couple of billion dollars between them to set up the surveillance system for the Feds; doing it once is cheaper in the long run than repeating the same set of mistakes at every bank on the Street.