Citi's role in 'flash crash' reinforces perils of manual transactions

Whoever said, “it’s going to get worse before it gets better” has certainly, agonizingly watched the same group of people repeatedly make the same mistake.

News last week that the Office of the Comptroller of the Currency (OCC) lifted a consent order against Citi may have led outside observers to believe the bank’s much-maligned internal controls — at least in connection to anti-money laundering efforts — have turned a corner, validating the billions of dollars Citi has poured into updating its payments infrastructure.

However, Monday’s “flash crash” that rippled through European exchanges — followed by the revelation that a Citi trader was determined to be at the center of the incident — reinforced the perils of manual input.

“This morning one of our traders made an error when inputting a transaction,” a Citi spokeswoman told The Wall Street Journal and Reuters in a statement late Monday. “Within minutes, we identified the error and corrected it.”

But the damage was done — and then compounded by machine-originated sell orders.

The error, on a trade of a basket of shares that included several Swedish names, launched a mass sell-off that tanked the OMX Stockholm 30 Index by nearly 8% in five minutes. A similar index in Denmark fell 6% in that time. Belgium’s BEL20 lost 5%. The Dutch AEX index fell 3%. France’s CAC40 lost 3%. At one point, €300 billion had evaporated, according to Bloomberg.

“The problem is not the mistake per se, but all the algorithms and stops that were triggered,” John Plassard, a director at the banking group Mirabaud, told the wire service. “It shows the market is always vulnerable to human error.”

Stock market operator Euronext temporarily halted trading to reduce the flash crash’s impact on markets, a spokesman told The Wall Street Journal. Nasdaq said it employed circuit breakers.

The affected indexes would recover by day’s end to within 1% to 2% of pre-crash value. But Nasdaq, for one, said it would not cancel any trades made on the Nordic markets, according to Bloomberg.

“Our first priority was to exclude technical issues in our systems, and our second priority was to exclude an external attack on our systems,” David Augustsson, a spokesman for Nasdaq Stockholm, told the wire service. “It is very clear to us that the cause of this move in the market is a very substantial transaction made by a market participant.”

Impact was likely deepened, however, because the U.K. celebrated a public holiday Monday, meaning European stock markets had roughly 20% less liquidity than usual.

Citi has suffered by its own hands before. A bank employee in August 2020 was manually adjusting a payment on a loan owed by cosmetics company Revlon, and mistakenly transferred the full payoff amount, with interest — roughly $900 million — to Revlon’s creditors years ahead of schedule, using Citi’s money rather than Revlon’s.

A handful of creditors returned (less than half of) the money to Citi. But several refused, noting it had already been disbursed elsewhere. A protracted legal battle ensued, and a federal judge ruled against Citi, citing discharge for value — the principle that a creditor can keep a payment from a debtor if it didn’t realize it was sent in error and didn’t make any misrepresentations.

The toll on Citi wasn’t limited to the $504 million it lost in the August 2020 transaction. The OCC fined the bank $400 million two months later, citing persistent issues in risk management, data governance and internal controls.

While the money Citi lost in 2020 was its own, the expense in Monday’s flash crash was other people’s. (It should be noted, too, that the 2020 transaction was contained within Citi’s payment structure, but Monday’s wave of losses — however momentary — happened outside of it.)

Citi is in talks with regulators and exchanges about Monday’s incident, a person familiar with the situation told Bloomberg.

At Citi’s March investor day, CEO Jane Fraser emphasized the importance of continued improvement with regard to risk and controls, calling them “non-negotiables,” according to the Financial Times.

Citi can take heart that it’s not alone in perpetuating multimillion-dollar human-caused errors. Santander in December issued $175 million in duplicate payments to 75,000 people and companies on behalf of 2,000 corporate clients. Barclays registered with the Securities and Exchange Commission (SEC) in August 2019 to sell up to $20.8 billion in exchange-traded notes (ETNs) tied to stock volatility and oil, then halted share creation in those products in March when it realized it exceeded that limit nearly once over.

As automation assumes more of a role in finance, some banks bemoan the loss of human touch in relation to their customers. Monday’s flash crash, however, demonstrates one way in which a human touch can prove costly.