The $400 million penalty was levied by the Office of the Comptroller of the Currency (OCC) "based on the bank’s unsafe or unsound banking practices for its long-standing failure to establish effective risk management and data governance programmes and internal controls".

The agency alongside the Federal Reserve also issued a cease and desist order, requiring the bank to take prompt action to improve risk management, data governance, and internal controls.

In 2013, Citigroup entered into a consent agreement with the Fed to clean up its anti-money-laundering compliance programme, and in 2015 was ordered to stregthen compliance and control in foreign exchange activities.

In a statement, Citi says: “We are disappointed that we have fallen short of our regulators’ expectations, and we are fully committed to thoroughly addressing the issues identified in the Consent Orders.

“Citi has significant remediation projects underway to strengthen our controls, infrastructure and governance."

The bank says that it has committed $1 billion in spending this year to fix its structural deficiencies.

“These projects are each multi-year and have received significant investment," states the bank. "However, while we have made progress in each of these areas, we recognize that substantial improvement is still required to meet the standards we have set for ourselves and that our regulators expect of us. We have thus redoubled our efforts and have made transforming our risk and control environment a strategic priority."

In recent months, Citi has been fined $4.5 million by the Commodity Future Trading Commission (CFTC) for a design flaw which led to the deletion of millions of audio files, including recordings which had been subpoenaed.

The bank is also in the midst of running multiple lawsuits to recover funds sent in error to creditors of the struggling cosmetics company Revlon. Citi says defective software dating from the 1990s was the cause of the $1 billion wire transfer screw up.