U.S. authorities are sanctioning Wall Street giant Citigroup Inc. for an array of compliance and governance failures.

The U.S. federal banking regulator, the Office of the Comptroller of the Currency (OCC), imposed a US$400-million civil penalty against Citibank, N.A, citing deficiencies in the bank’s risk management, governance, and internal controls.

“The OCC took these actions based on the bank’s unsafe or unsound banking practices for its long-standing failure to establish effective risk management and data governance programs and internal controls,” the regulator said.

The agency also issued a cease and desist order requiring the bank to correct the deficiencies.

At the same time, the Federal Reserve Board took its own enforcement action against the bank’s parent company, Citigroup Inc., which also requires the firm to fix these failings.

In response to the regulators’ action, Citi issued a statement indicating that it is “fully committed to thoroughly addressing the issues identified” in the enforcement orders.

“Citi has significant remediation projects underway to strengthen our controls, infrastructure and governance,” the bank said in its statement.

“These projects are each multi-year and have received significant investment. However, while we have made progress in each of these areas, we recognize that substantial improvement is still required,” the bank said.

“We have thus redoubled our efforts and have made transforming our risk and control environment a strategic priority,” the bank added.