Opinion
20 Civ. 9132 (LAP)
03-24-2023
OPINION & ORDER
Loretta A. Preska, Senior United States District Judge:
Before the Court is the Rule 12(b)(6) motion to dismiss the Consolidated Amended Class Action Complaint filed by Citigroup Inc. (“Citigroup”), three Citigroup officers (the “Officer Defendants”), and seventeen Citigroup directors (the “Director Defendants”). Lead Plaintiff Public Sector Pension Investment Board (“PSP” or “Lead Plaintiff”), and Named Plaintiff Anchorage Police & Fire Retirement System (“Anchorage”) (together “Plaintiffs”)-on behalf of a putative class of purchasers of Citigroup's securities-oppose the motion. For the reasons below, the motion is GRANTED, and the CAC is DISMISSED without prejudice.
Consolidated Amended Class Action Complaint (“CAC”), dated Apr. 20, 2021 [dkt. no. 72].
Michael L. Corbat, John C. Gerspach, and Mark A. L. Mason.
Ellen M. Costello, Grace E. Dailey, Barbara J. Desoer, John C. Dugan, Duncan P. Hennes, Peter B. Henry, Franz B. Humer, S. Leslie Ireland, Lew W. Jacobs, IV, Renee J. James, Eugene M. McQuade, Michael E. O'Neill, Anthony M. Santomero, James S. Turley, Deborah C. Wright, Alexander R. Wynaendts, and Ernesto Zedillo Ponce de Leon.
(See Defendants' Motion to Dismiss, dated June 4, 2021 [dkt. no. 115]; Defendants' Memorandum of Law in Support of Their Motion to Dismiss the Consolidated Class Action Complaint (“Defs.' Br.”), dated June 4, 2021 [dkt. no. 116]; Defendants' Reply Memorandum of Law in Further Support of Their Motion to Dismiss the Consolidated Class Action Complaint (“Defs.' Reply”), dated Aug. 18, 2021 [dkt. no. 127]; Declarations of Sharon L. Nelles (“Nelles Decls.”), dated June 4 and Aug. 18, 2021 [dkt. nos. 117, 128].) Collectively, the Court will call Citigroup, the Officer Defendants, and the Individual Defendants “Defendants.” When referring to the Officer Defendants and the Director Defendants the Court will use “Individual Defendants.”
(See Opposition to Defendants' Motion to Dismiss the Complaint (“Opp. Br.”), dated July 19, 2021 [dkt. no. 123].)
I. Background
The CAC alleges securities fraud claims under 15 U.S.C. § 78j(b) and Rule 10b-5 against Citigroup, the Officer Defendants, and the Director Defendants, as well as controlperson claims under section 20(a) against the Officer Defendants. (CAC ¶¶ 28-51, 575-586.)
A. The Parties
1. Corporate Defendant
Citigroup is a Delaware corporation that provides financial services and products to consumers, corporations, governments, and institutions around the world, with “over $2.2 trillion in total assets [and] approximately 200 million customer accounts.” (CAC ¶ 29.)
2. Officer Defendants
Michael Corbat was CEO and Director of Citigroup from 2012 through February 26, 2021. (Id. ¶ 31.) Corbat also served as a Director of Citibank from June 2020 through February 26, 2021. (Id.) Plaintiffs allege that Corbat's sudden departure in February 2021 resulted from enforcement orders against Citigroup for allegedly longstanding and unremediated deficiencies in internal controls and risk management systems. (Id.)
John Gerspach was CFO of Citigroup from July 2009 through February 22, 2019. (Id. ¶ 32.) In this role, Gerspach reported directly to Corbat during the Class Period and chaired or cochaired several management committees related to governance and oversight. (Id.)
Gerspach's successor is Defendant Mark Mason, who has been with Citigroup since 2001 and has served as Citigroup's CFO since February 23, 2019. (Id. ¶ 33.) As CFO, Mason chairs or co-chairs several management committees related to governance and oversight. (Id.)
Plaintiffs allege that the Officer Defendants were provided advance or contemporaneous copies of-and possessed the power and authority to approve and control the contents of-Citigroup's reports to the SEC, press releases, and presentations alleged by Plaintiffs to be false and misleading, yet failed to prevent their issuance or to cause them to be corrected. (Id. ¶ 34.)
3. Director Defendants
Plaintiffs name seventeen current and former directors of Citigroup, in addition to Gerspach.
Ellen Costello has served since 2016 as a Director of Citigroup and Citibank and as a member of Citigroup's Audit Committee. (Id. ¶ 35.) Ms. Costello has served as a member of Citigroup's Risk Management Committee since 2018. (Id.)
Grace Dailey has served since 2019 as a Director of Citigroup and a member of Citigroup's Audit and Risk Management Committees. (Id. ¶ 36.) In 2020, Ms. Dailey briefly served as a Director of Citibank. (Id.) Prior to joining Citigroup, Ms. Dailey had a thirty-five-plus-year career at the OCC, culminating in her role as Senior Deputy Comptroller for Bank Supervision Policy and Chief National Bank Examiner. (Id.)
Barbara Desoer, a current Director and former CEO of Citibank, has served since 2019 as a Director of Citigroup and a member of Citigroup's Risk Management Committee. (Id. ¶ 37.) Ms. Desoer served on Citigroup's Audit Committee from 2019 to 2020. (Id.)
John Dugan has since 2017 served as a Director of Citigroup and since 2019 as Chairman of the Citigroup Board. (Id. ¶ 38.) Mr. Dugan has served on Citigroup's Audit and Risk Management Committees since joining the board in 2017. (Id.) From 2005 to 2010, Mr. Dugan served as the Comptroller of the Currency and a director of the FDIC. (Id.)
Duncan Hennes has since 2013 served as a Director of both Citigroup and Citibank. (Id. ¶ 39.) Mr. Hennes has since 2015 served a member of Citigroup's Risk Management Committee, since 2019 as Chair of Citigroup's Risk Management Committee and since 2019 as a member of Citigroup's Audit Committee. (Id.)
Peter Henry has served since 2015 as a Director of Citigroup and as a member of Citigroup's Audit Committee. (Id. ¶ 40.) Mr. Henry served as a Director of Citibank in 2015 and part of 2016. (Id.)
Franz Humer served as a Director of Citigroup from 2012 to April 2019, a member of Citigroup's Risk Management Committee from 2015 through 2018, and a Director of Citibank from 2012 to 2013. (Id. ¶ 41.)
S. Leslie Ireland has served since 2017 as a Director of Citigroup, since 2020 as a member of Citigroup's Risk Management Committee, and since 2017 as a Director of Citibank. (Id. ¶ 42.)
Lew Jacobs has served since 2018 as a Director of Citigroup and member of Citigroup's Audit Committee and since 2020 as a member of Citigroup's Risk Management Committee. (Id. ¶ 43.)
Renee James has served since 2016 as a Director of Citigroup and member of Citigroup's Risk Management Committee. (Id. ¶ 44.)
Eugene McQuade, a former director, Vice Chairman, and CEO of Citibank, served from 2015 to April 2020 as a Director of Citigroup, from 2015 through 2019 as a member of Citigroup's Risk Management Committee, and in 2019 as a member of Citigroup's Audit Committee. (Id. ¶ 45.)
Michael O'Neill served from 2009 to January 2019 as a Director of Citigroup, from 2012 to January 2019 as the Chairman of the Citigroup Board, from 2016 to 2018 as a member of Citigroup's Risk Management Committee, and in 2015 as a member of Citigroup's Audit Committee. (Id. ¶ 46.) Mr. O'Neill served as a Director of Citibank from 2009 to 2012. (Id.)
Anthony Santomero served from 2009 to April 2019 as a Director of Citigroup and from 2015 through 2018 as Chair of Citigroup's Risk Management Committee and a member of Citigroup's Audit Committee. (Id. ¶ 47.) Mr. Santomero served as a Director of Citibank from 2009 to 2019. (Id.)
James Turley has served since 2013 as a Director of Citigroup and since 2015 as Chair of Citigroup's Audit Committee and member of Citigroup's Risk Management Committee. (Id. ¶ 48.) Mr. Turkey has also served since 2013 as a Director of Citibank. (Id.)
Deborah Wright has served since 2017 as a Director of Citigroup and as a member of Citigroup's Audit Committee. (Id. ¶ 49.) Mrs. Wright has also served as a Director of Citibank since 2019. (Id.)
Alexander Wynaendts has served since 2019 as a Director of Citigroup and as a member of Citigroup's Risk Management Committee. (Id. ¶ 50.)
Ernesto Zedillo Ponce de Leon has served since 2010 as a Director of Citigroup and since 2015 as a member of Citigroup's Risk Management Committee. (Id. ¶ 51.)
B. Class Period Events
The Class Period runs from January 15, 2016 to October 12, 2020. The CAC catalogues statements made in various contexts over approximately four years and asserts that these statements constitute a broad narrative of appropriate investment in and compliance with risk management requirements. Plaintiffs assert that these statements were misleading because Citigroup was aware that its regulators held a contrary view and that, instead of investing adequately in risk management, Citigroup made the deliberate choice to cut costs in hopes of improving its efficiency ratio (expenses/revenue) and thereby boosting its stock price. (Id. ¶ 238.) Plaintiffs allege that when Mr. Corbat took office in 2012, he vowed to rein in expenses and streamline Citigroup but emphasized that investments in risk management and internal controls would not be impacted. (Id. ¶¶ 92, 121-130, 402, 404, 408.) But, according to Plaintiffs, by the start of 2020 Citigroup had numerous outstanding compliance- and technology-related issues and Corbat was criticized for being “reluctant to spend the money or dedicate enough people to fix a problem the right way.” (Id. ¶¶ 158-159.)
Although Plaintiffs identify approximately sixty statements as actionable, Plaintiffs' contentions are, at bottom, that two October 2020 consent orders between Citibank and its primary regulators-the Office of the Comptroller of the Currency (“OCC”) and the Federal Reserve (“Fed”) (collectively, the “October 2020 Orders”)-render dozens of prior statements about Citigroup's risk management false or misleading. The Court sets forth the alleged misstatements and relevant events below in roughly chronological order.
1. Alleged Misstatements in 2016
On the morning of January 15, 2016, Citigroup issued a press release announcing its earnings for 4Q 2015 in which Mr. Corbat stated: “We have made sustainable investments not only in our capital planning process but also in the risk, control and compliance functions, which are critical to maintaining our license to do business. We have undoubtedly become a simpler, smaller, safer and stronger institution.” (CAC ¶ 310 (“Alleged Misstatement 1”).) The same day, on Citigroup's earnings conference call, Mr. Corbat remarked: “We've also made the necessary investments in our compliance, risk, and control functions which are critical to maintaining our license to do business.” (CAC ¶ 312 (“Alleged Misstatement 2”).)
The underlined portions are the statements that Plaintiffs identify as misleading.
On February 26, 2016, Citigroup issued its 2015 Annual Report in which it stated that:
• “Citi manages its risks through each of its three lines of defense: (i) business management, (ii) independent control functions and (iii) Internal Audit. The three lines of defense collaborate with each other in structured forums and processes to bring various perspectives together and to steer the organization toward outcomes that are in clients' interests, create economic value and are systemically responsible.” (CAC ¶ 315 (“Alleged Misstatement 3”) (quoting 2015 Annual Report at 65).)
• “[Citigroup's] Compliance organization is designed to protect Citi not only by managing adherence to applicable laws, regulations, and other standards of conduct, but also by promoting business behavior that is consistent with Citi's mission and value proposition, the principle of reasonable finance and Citi's compliance risk appetite.” (CAC ¶ 317 (“Alleged Misstatement 4”) (quoting 2015 Annual Report at 66).)
• “Citi's Internal Audit function independently reviews activities of the first two lines of defense based on a risk-based audit plan and methodology approved by the
Audit Committee of the Citigroup Board of Directors. Internal Audit also provides independent assurance to the Citigroup Board of Directors, the Audit Committee of the Board, senior management and regulators regarding the effectiveness of Citi's governance and controls designed to mitigate Citi's exposure to risks and to enhance Citi's culture of compliance and control.” (CAC ¶ 319 (“Alleged Misstatement 5”) (quoting 2015 Annual Report at 67).)
• “Citigroup's Board of Directors oversees Citi's risktaking activities. To do so, directors review risk assessment and reports prepared by Risk, Compliance, Human Resources, Legal, Finance and Internal Audit and exercise independent judgment to question, challenge, and when necessary, oppose recommendations and decisions made by senior management that could cause Citi's risk profile to exceed its risk appetite or jeopardize the safety and soundness of the firm.” (CAC ¶ 321 (“Alleged Misstatement 6”) (quoting 2015 Annual Report at 68).)
• “Citi manages adherence to its compliance risk appetite through the execution of its compliance program, which includes governance arrangements, a policy framework, customer onboarding and maintenance processes, product development processes, transaction and communication surveillance processes, conduct- and culture-related programs, monitoring regulatory changes, and new products, services and complex transactions approval processes.” (CAC ¶323 (quoting 2015 Annual Report at 118-119) (“Alleged Misstatement 7”).)
• “Extensive compliance requirements can result in increased reputational and legal risks, as failure to comply with regulations and requirements, or failure to comply as expected, can result in enforcement and/or regulatory proceedings.”
Citi is Subject to Extensive Legal and Regulatory Proceedings, Investigations and Inquiries That Could Result in Significant Penalties and Other Negative Impacts on Citi, Its Business and Results and Operations.” (CAC ¶ 325 (“Alleged Misstatement 8”) (quoting 2015 Annual Report at 62).)
(See also CAC ¶ 337 (quoting 2016 Annual Report at 65); CAC ¶ 366 (quoting 2017 Annual Report at 67); CAC ¶ 383 (quoting 2018 Annual Report at 60); CAC ¶ 415 (quoting 2019 Annual Report at 59).) In multiple Annual Reports from 2016 through 2019, Citigroup made identical or substantively similar statements that Plaintiffs identify as separate alleged misstatements. The Court will set forth each alleged misstatement in full when it was made for the first time and identify the additional times the alleged misstatement was made in a footnote, as it has done here. The Court will not reproduce the alleged misstatement in full each time and where appropriate will discuss the identical or substantively similar statements as a group.
(See also CAC ¶ 339 (quoting 2016 Annual Report at 65).)
(See also CAC ¶ 341 (quoting 2016 Annual Report at 66); CAC ¶ 370 (quoting 2017 Annual Report at 68); CAC ¶ 387 (quoting 2018 Annual Report at 61).)
(See also CAC ¶ 343 (quoting 2016 Annual Report at 62).)
(See also CAC ¶ 347 (quoting 2016 Annual Report at 113-114).)
(See also CAC ¶ 349 (quoting 2016 Annual Report at 61); CAC ¶ 376 (quoting 2017 Annual Report at 63); CAC ¶ 395 (quoting 2018 Annual Report at 56 and further identifying the statement that “[a] failure to resolve any identified deficiencies could result in increased regulatory oversight and restrictions” as misleading); CAC ¶ 427 (quoting 2019 Annual Report at 54-55 and further identifying the statement that “there are heightened regulatory scrutiny and expectations in the U.S. and globally for large financial institutions, as well as their employees and agents, with respect to, among other things, governance, risk management practices and controls” and that “[a] failure to comply with these requirements and expectations or resolve any identified deficiencies could result in increased regulatory oversight and restrictions” as misleading).)
On April 26, 2016, Citigroup held its Annual Shareholder Meeting for 2016 during which Mr. O'Neill remarked: “I thought we had no significant control lapses unlike the year before where again the pay of Mike and his direct report was adjusted downward because of those.” (CAC ¶ 327 (“Alleged Misstatement 9”).)
On November 16, 2016, Mr. Gerspach presented at the Bank of America Future of Financials Conference and the following exchange between an analyst and Gerspach occurred:
ERIKA NAJARIAN: “So, just to follow-up on that. John, a few big bank management teams are asked this question. As you're thinking about budgeting for 2017 and the budget that is for risk and compliance, is it too early to ratchet back that budget?”
JOHN GERSPACH: “No. I'd say, we're very, I think Jamie captured it well. Which is that what we're seeing now is a plateauing of the budget that's going into risk and compliance. So, you're not seeing that same rate of growth. But similar to what Jamie was talking about, now as we think about what's the next phase, the next phase isn't necessarily just wholesale, pull the expenses out, it's actually taking some of those technology budgets and then figuring out, and also doing some process reengineering, and figuring out how to lower the cost that we have. Still do the same things, but at a lower cost.”(CAC ¶¶ 329-30 (“Alleged Misstatement 10”).)
2. Alleged Misstatements in 2017
On February 24, 2017, Citigroup issued its 2016 Annual Report. In addition to the alleged misstatements identified above, the 2016 Annual report stated that:
• “Citi's firm-wide Risk Governance Framework consists of the policies, procedures, and processes through which Citi identifies, measures, manages, monitors, reports, and controls risks across the firm.” (CAC ¶ 333 (“Alleged Misstatement 11”) (quoting 2016 Annual Report at 64).)
• “The Risk Governance Framework has been developed in alignment with the expectations of the Office of the Comptroller of the Currency (OCC) Heightened Standards. It is also aligned with the relevant components . . . of the Federal Reserve's Enhanced Prudential Standards for Bank Holding Companies and Foreign Banking Organizations.” (CAC ¶ 335 (“Alleged Misstatement 12”) (quoting 2016 Annual Report at 64).)
• “To anticipate, mitigate and control operational risk, Citi has established policies and a global framework for assessing, monitoring and communicating
operational risks and the overall effectiveness of the internal control environment across Citigroup.” (CAC ¶ 345 (“Alleged Misstatement 13”) (quoting 2016 Annual Report at 113).)
(See also CAC ¶ 362 (quoting 2017 Annual Report at 66) (same but substituting “Company” for “firm”).)
(See also CAC ¶ 364 (quoting 2017 Annual Report at 66); CAC ¶ 381 (quoting 2018 Annual Report at 59).)
(See also CAC ¶ 374 (quoting 2017 Annual Report at 115); CAC ¶ 391 (quoting 2018 Annual Report at 106); CAC ¶ 423 (quoting 2019 Annual Report at 104).)
On April 13, 2017, Citigroup held an earnings call for the First Quarter of 2017 during which the following exchange between a Guggenheim analyst and Mr. Gerspach occurred:
ERIC WASSERSTROM: “But in terms of the cost associated with complying with the changes and the regulatory environment there, has that diminished at all?”
JOHN GERSPACH: “Well, when we talked about regulatory costs in the past, it wasn't necessarily focused on Asia, it was more focused globally with a lot of it here in the U.S. And I'd say that cost is still running high, but it's plateaued. And that's given us now the opportunity to shift some of the investment more away from just doing regulatory work and put investment dollars towards supporting the businesses which has been great.”(CAC ¶ 351 (“Alleged Misstatement 14”).)
On June 1, 2017, Citigroup presented at the Bernstein 2017 Strategic Decisions Conference. The following exchange between a Bernstein analyst and Mr. Corbat occurred:
JOHN MCDONALD: “And just wrapping up the conversation about efficiency, you've done a lot of investment spending, you've done some big projects upgrading major systems in the Investment Bank, the Global Consumer Bank, and currently investing $1 billion in Mexico. Where are you on kind of these big projects? Are you kind of at the tail end of the major big projects you set upon the last couple of years? Where are you in that cycle of spend?”
CORBAT: “From an infrastructure perspective, we've got, really if not all, certainly most of the systems or
base systems that we need . . . . But again, we've spent all the energy and effort in terms of creating these systems that have the ability to come back and communicate centrally.”(CAC ¶ 353 (“Alleged Misstatement 15”).)
During Citigroups' Investor Day conference on July 25, 2017, Mr. Corbat remarked:
When I think of Citi, the word that comes to my mind is “pride.” I have to tell you how proud I am of the progress we've made and how we've executed through tough decisions in terms of our capital, our balance sheet and our business model. We have been rebuilding our credibility, our relationships with our regulators and, very importantly, a culture that's based on ethics and execution. And our progress, it can be seen not just through the robustness of our businesses, but also through the investments that we've made in controls - to improve processes across risk, compliance and audit - which gives us our licenses to run and to grow our business....
“I also hope people recognize how we've strengthened our risk management by the dogs that haven't barked.”(CAC ¶ 355(“Alleged Misstatement 16”).) Mr. Gespach separately stated at the same event:
"Our efficiency ratio at 59% is at, or better, than each of our peer institutions. Our ROA remains somewhat below the group. Our growth in tangible book value per share is fairly comparable. We exceeded our nearest banking peers in payout ratio at 86% and we are poised to continue leading the way over the next 12 months with a capital return plan equal to nearly 130% of consensus income expectations. We've generated these results while operating above every one of our regulatory requirements.”(CAC ¶ 357 (("Alleged Misstatement 17”).)
Plaintiffs no longer challenge that this portion of this statement is false or misleading. (Opp. Br. at 33 n.24.)
3. Alleged Misstatements in 2018
On January 4, 2018, The Wall Street Journal published an article titled, “Citi Fined for Failing to Fix Money-Laundering Controls.” The article reported that the OCC had issued a $70 million penalty after finding that Citibank had failed to comply with its 2012 Consent Order. The article included the following statement attributed to Citigroup:
"‘Citi is committed to taking all necessary and appropriate steps to remedy the concerns identified by the OCC,' a spokesman said. ‘We have made substantial investments to enhance our [anti-money-laundering] programs and we maintain a commitment to developing an industry-leading program to help to protect the integrity of the financial system.'”(CAC ¶ 359 ("Alleged Misstatement 18”).)
On February 23, 2018, Citigroup issued its 2017 Annual Report. In addition to the alleged misstatements identified above, the 2017 Annual report stated that:
• "Independent Compliance Risk Management (ICRM) organization is designed to protect Citi by overseeing senior management, the businesses, and other control functions in managing compliance risk, as well as promoting business conduct and activity that is consistent with Citi's mission and value proposition.” (CAC ¶ 368 ("Alleged Misstatement 19”) (quoting 2017 Annual Report at 67).)
• "Citigroup's Board of Directors oversees Citi's risktaking activities and holds management accountable for adhering to the risk governance framework. To do so, directors review reports prepared by the businesses, Risk, Independent Compliance Risk Management, Internal Audit and others, and exercise sound independent
judgment to question, probe and challenge recommendations and decisions made by management.” (CAC ¶ 372 (“Alleged Misstatement 20”) (quoting 2017 Annual Report at 69).)
(See also CAC ¶ 385 (quoting 2018 Annual Report at 60).)
(See also CAC ¶ 389 (quoting 2018 Annual Report at 62); CAC ¶ 421 (quoting 2019 Annual Report at 60).)
4. Alleged Misstatements in 2019
On February 22, 2019, Citigroup issued its 2018 Annual Report. In addition to the alleged misstatements identified above, the 2018 Annual report stated that:
• “Citi's Company-wide risk governance framework consists of the policies, standards, procedures and processes through which Citi identifies, assesses, measures, manages, monitors, reports and controls risks across the Company.” (CAC ¶ 379 (“Alleged Misstatement 21”) (quoting 2018 Annual Report at 59).)
• “Citi follows the following CRM [Compliance Risk Management] Framework process steps: Establishing, maintaining and adhering to policies, standards and procedures for the management of compliance risk, in accordance with policy governance requirements; Developing and providing training to support the effective execution of roles and responsibilities related to the identification, control, reporting and escalation of matters related to compliance risks . . .; Independently testing and monitoring that Citi is operating within the Compliance Risk Appetite; Identifying instances of non-conformance with Laws, regulations, rules and breaches of internal policies; Escalating through the appropriate channels, which may include governance forums, the results of monitoring, testing, reporting or other oversight activities that may represent a violation of law, regulation, policy or other significant compliance risk and take reasonable action to see that the matter is appropriately identified, tracked and resolved, including through the issuance of corrective action plans against the first line of defense.” (CAC ¶ 393
(“Alleged Misstatement 22”) (quoting 2018 Annual Report at 107-108).)
(See also CAC ¶ 413 (quoting 2019 Annual Report at 58).)
(See also CAC ¶ 425 (quoting 2019 Annual Report at 105-106).)
On March 6, 2019, Citigroup filed its 2019 Proxy Statement on Form 14A with the SEC. The filing included a “Letter from the Board of Directors to our Shareholders,” which stated in part:
“Management also made progress on the regulatory front last year, which we believe is critical to the firm's success. . . . In addition, Citi made headway on a range of heightened regulatory requirements that all large banks have faced in the wake of the financial crisis. Nevertheless, your Board will continue to pay close attention to - and expect management to make continued progress on - regulatory matters in 2019 and beyond.
As it should be for a global firm like Citi, prudent risk management was top of mind for both management and the Board in 2018. Our three lines of defense -the business lines, the control functions, and internal audit - dove deeply and, where necessary, took proactive steps in critical risk areas . . . The Board and our Risk Committee engage deeply in the oversight of risk management practices in these and other areas, always recognizing that, while Citi is in the business of taking risk, these risks must be understood, measured, monitored, and controlled.”(CAC ¶ 398 (“Alleged Misstatement 23”).)
On March 19, 2019, Citigroup issued a press release titled “Citi Resolves Regulatory Review of Mortgage Program Implementation” in response to reports of a $25 million fine imposed on Citibank for violations of the Fair Housing Act. In the press release, Citibank stated that it had conducted a "comprehensive” review and "[strengthened processes and controls to help ensure correct implementation going forward.” (CAC ¶ 400 (“Alleged Misstatement 24”).)
On July 15, 2019, at Citigroup's earnings call for the Second Quarter of 2019, Mr. Corbat stated: "we won't change our commitment to safety and soundness and to making investments necessary to strengthen our infrastructure and control environment.” (CAC ¶ 402 ("Alleged Misstatement 25”).) During that same call, Mr. Mason stated that:
"[l]ooking ahead, we will maintain this expense discipline relative to the revenue environment while continuing to make essential investments in the franchise, including investments in infrastructure and controls, but we do expect expenses to be lower on a sequential basis from the first half to the second half of the year.”(CAC ¶ 402 ("Alleged Misstatement 26”).)
On September 9, 2019, Mr. Mason presented at the Barclays Global Financial Services Conference, at which Mr. Mason said:
"[O]ne thing that I want to reiterate is that we cannot compromise investing in core parts of our franchise that allow for us to have a competitive advantage. . . . [W]e can't compromise the investments that are required in our infrastructure and in our controls to ensure safety and soundness.”(CAC ¶ 404 ("Alleged Misstatement 27”).)
On October 11, 2019, following the OCC's $30 million fine issued to Citibank for "deficient process and controls” related to violations of real estate holding rules, Citi released a statement published in media reports (including Reuters) stating: “[s]ince identifying the issue, we have strengthened controls, processes and procedures to ensure the timely disposition of these assets.” (CAC ¶ 406 (“Alleged Misstatement 28”).)
On October 15, 2019, Citigroup held its earnings call for the Third Quarter of 2019. On that call, Mr. Corbat stated that: “we remain committed to investing in the products in which we see the best growth opportunities as well as in our own infrastructure for the purpose of safety and soundness.” (CAC ¶ 408 (“Alleged Misstatement 29”).)
5. Alleged Misstatements in 2020
On January 21, 2020, American Banker published an article titled “Citibank Fined Nearly $18 Million For Flood Insurance Violations,” which stated that “a Citi spokesman said the company was ‘pleased to have the matter resolved.'” (CAC ¶ 410 (“Alleged Misstatement 30”).)
On February 21, 2020, Citigroup issued its 2019 Annual Report. In addition to the alleged misstatements identified above, the 2019 Annual report stated that:
• “Independent Compliance Risk Management organization is an independent risk management function that is designed to oversee and credibly challenge products, functions, jurisdictional activities and legal entities in managing compliance risk, as well as promoting business conduct and activity that is consistent with Citi's mission and value proposition and the compliance risk appetite.” (CAC ¶ 417
(“Alleged Misstatement 31”) (quoting 2019 Annual Report at 59).)
• "The role of Internal Audit is to provide independent and timely assurance to the Citigroup and Citibank Boards, the Audit Committees of the Boards, senior management and regulators regarding the effectiveness of governance, risk management and controls that mitigate current and evolving risks and enhance the control culture within Citi.” (CAC ¶ 419 ("Alleged Misstatement 32”) (quoting 2019 Annual Report at 60).)
On April 15, 2020, Citigroup reported earnings for the First Quarter of 2020 and posted a presentation to the Company's website titled "First Quarter 2020 Earnings Review,” stating that "[d]espite a challenging environment, [Citigroup] delivered . . . strong risk management” and that Citigroup's "Priorities” were to "[f]ocus on risk management and building a stronger company for the future.” (CAC ¶ 429 ("Alleged Misstatement 33”).)
On September 10, 2020, Citigroup issued a press release titled "Citi CEO Michael Corbat Announces Plans to Retire in February 2021” in which Mr. Corbat said:
"We completed our transformation from the financial crisis and emerged a simpler, safer and stronger institution. . . . As the world's most global bank, safety and soundness always have to be a foundation of our institution. We have launched significant investments in our infrastructure as part of our push to make strengthening our risk and control environment a strategic priority for the firm.”(CAC ¶ 431 ("Alleged Misstatement 34”).)
6. Alleged Accounting and Regulatory False Statements and Omissions
Beyond the alleged false statements identified above, Plaintiffs also assert that Citigroup engaged in accounting fraud by violating the Generally Accepted Accounting Principles (“GAAP”). (Id. ¶ 435.) The CAC alleges that, over the course of the Class Period, Citigroup should have spent between $3.66 billion and $4.1 billion in order to comply with its risk management obligations and that it should have known that this loss was probable but nonetheless failed to include this alleged “loss contingency” in its filings. (Id. ¶ 447-50.) Plaintiffs further claim that Citigroup violated Item 303 of Regulation S-K, which establishes an affirmative duty on a reporting entity to describe “any known trends or uncertainties that have had or that are reasonably likely to have a material favorable or unfavorable impact on net sales or revenues or income from continuing operations,” as it failed to disclose the extent of its alleged underinvestment in its risk and control systems and the impact that fixing those systems would have on Citigroup's income. (Id. ¶¶ 455, 459.) Finally, Plaintiffs allege that Citigroup falsely represented that its internal controls over financial reporting (“ICFR”) and disclosure controls and procedures (“DCP”) were effective. (Id. ¶¶ 488-90, 518-19.)
7. The October 2020 Orders and Other Alleged Regulatory Action
The CAC alleges that federal regulators repeatedly pressured Mr. Corbat and the Citigroup Board to address longstanding deficiencies in Citigroup's risk systems and internal controls throughout the Class Period. (Id. ¶ 237.) Pursuant to both of their guidelines, the Fed and the OCC must submit regular reports to Citigroup summarizing any deficiencies that it has found based on outstanding Matters Requiring Immediate Attention (“MRIA”) and Matters Requiring Attention (“MRA”). (Id. ¶¶ 66-68, 79.) The Fed requires the Citigroup Board to respond in “writing detailing corrective action taken or planned.” (Id. ¶ 69.) The OCC submits a Report of Examination (“ROE”) to the Citigroup Board and requires that all directors sign it to indicate that they have personally reviewed it. (Id. ¶ 79.) Beyond the formal reports, the Fed and OCC met with Mr. Corbat and the Citigroup and Citibank Boards numerous times throughout the Class Period. (Id. ¶ 253.) Based on the foregoing, Plaintiffs infer that the Fed and OCC “consistently alerted” Mr. Corbat and the Citigroup and Citibank Board “to Citigroup's longstanding deficiencies, noncompliance, or unsafe or unsound practices” (id. ¶ 253), but do not identify what specific matters were contained in the ROEs or what the Fed or OCC discussed with Corbat and the Citigroup and Citibank Boards.
In October 2020 Citibank entered into consent orders with the OCC and the Fed. The Fed found that Citigroup had “not adequately remediated the longstanding enterprise-wide risk management and control deficiencies previously identified by the Federal Reserve,” including deficiencies that dated back to 2013. (Id. ¶ 163.) The OCC similarly found that Citibank had “longstanding deficiencies and unsafe or unsound practices in the areas of risk management, [and] internal controls,” and that “[f]or several years” Citibank “failed to implement and maintain an enterprise wide risk management and compliance risk management program . . . commensurate with the Bank's size, complexity, and risk profile.” (Id. ¶ 270.) The OCC concluded that Citibank engaged in “a pattern of misconduct” and “continuous noncompliance” and issued a civil monetary penalty (“CMP”) along with one of its October 2020 Orders. (Id. ¶¶ 18283, 220.)
II. Procedural History
The original putative class action complaint was filed on October 30, 2020, by The City of Sunrise Firefighters' Pension Fund against Citigroup and the Officer Defendants. (Dkt. No. 1.) Two separate putative class actions subsequently were filed by two other institutional investors. (See City of Sterling Heights General Employees' Retirement System v. Citigroup, et al., No. 20-cv-9573; Lim v. Citigroup, et al., No. 20-cv-10360.) After certain parties moved to consolidate and to be appointed lead plaintiff, the plaintiff in City of Sterling Heights voluntarily dismissed its claims without prejudice, maintaining its right to participate in the case as an absent class member. (Dkt. no. 64 in 20-cv-9573.) On February 4, 2021, the Court consolidated the remaining actions-City of Sunrise and Lim- styled as In re Citigroup Securities Litigation, and the Court appointed Public Sector Pension as lead plaintiff. (Dkt. no. 66.).
A consolidated amended complaint was filed on April 20, 2021. As discussed, there are three classes of defendants in the CAC: (i) the corporate defendant Citigroup; (ii) the Officer Defendants Michael L. Corbat, John C. Gerspach, and Michael A. L. Mason; and (iii) the Director Defendants. III. Legal Standards
A. Fed.R.Civ.P. 12(b)(6), Fed.R.Civ.P. 9(b), & the Private Securities Litigation Reform Act (“PSLRA”)
To survive a Rule 12(b)(6) motion to dismiss, Plaintiff must plead sufficient facts “to state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). “A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). That “standard is not akin to a ‘probability requirement,' but it asks for more than a sheer possibility that a defendant has acted unlawfully.” Palin v. N.Y. Times Co., 940 F.3d 804, 810 (2d Cir. 2019). Evaluating “whether a complaint states a plausible claim for relief” is “a context-specific task that requires the reviewing court to draw on its judicial experience and common sense.” Iqbal, 556 U.S. at 679.
When considering a motion to dismiss, the Court “accept[s] as true all factual allegations and draw[s] from them all reasonable inferences.” Dane v. UnitedHealthcare Ins. Co., 974 F.3d 183, 188 (2d Cir. 2020). It is not required, however, “to credit conclusory allegations or legal conclusions couched as factual allegations.” Id. (ellipsis omitted). “Accordingly, threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.” Nielsen v. Rabin, 746 F.3d 58, 62 (2d Cir. 2014) (cleaned up). “While legal conclusions can provide the framework of a complaint, they must be supported by factual allegations.” Iqbal, 556 U.S. at 679.
“A claim under Section 10(b) . . . sounds in fraud and must [also] meet the pleading requirements of Rule 9(b) of the Federal Rules of Civil Procedure and of the PSLRA.” Plumbers & Pipefitters Nat. Pension Fund v. Orthofix Int'l N.V., 89 F.Supp.3d 602, 607 (S.D.N.Y. 2015) (citation omitted). Under Rule 9(b) and the PSLRA, the complaint must (i) “specify the statements that the plaintiff contends were fraudulent,” (ii) “identify the speaker,” (iii) “state where and when the statements were made, and” (iv) “explain why the statements were fraudulent.” ATSI Commc'ns, Inc. v. Shaar Fund, Ltd., 493 F.3d 87, 99 (2d Cir. 2007); accord 15 U.S.C. § 78u-4(b)(1)(B).
B. Section 10(b) & Rule 10b-5
To state a claim under Section 10(b) and Rule 10b-5, a plaintiff must plead six elements: (i) “a material misrepresentation or omission by the defendant;” (ii) “scienter;” (iii) “a connection between the misrepresentation or omission and the purchase or sale of a security;” (iv) “reliance upon the misrepresentation or omission;” (v) “economic loss; and” (vi) “loss causation.” Halliburton Co. v. Erica P. John Fund, Inc., 573 U.S. 258, 267 (2014). The first and second are particularly relevant to this litigation.
1. Material Misrepresentations or Omissions
“To support a claim of securities fraud, the stated or omitted fact must be material.” Constr. Laborers Pension Tr. for S. Cal. v. CBS Corp., 433 F.Supp.3d 515, 531 (S.D.N.Y. 2020). “An alleged misrepresentation is material if there is a substantial likelihood that a reasonable person would consider it important in deciding whether to buy or sell shares of stock.” Singh v. Cigna Corp., 918 F.3d 57, 63 (2d Cir. 2019) (quotation marks omitted). “In judging whether an alleged omission was material in light of the information already disclosed to investors, the [C]ourt considers whether there is a substantial likelihood that the disclosure of the omitted material would have been viewed by the reasonable investor as having significantly altered the total mix of information already made available.” Chapman v. Mueller Water Prods., Inc., 466 F.Supp.3d 382, 396-97 (S.D.N.Y. 2020) (cleaned up).
“Certain categories of statements are immaterial as a matter of law, such as ‘puffery,' opinions, and forward-looking statements accompanied by adequate cautionary language.” Barilli v. Sky Solar Holdings, Ltd., 389 F.Supp.3d 232, 250 (S.D.N.Y. 2019). “Puffery encompasses statements that are too general to cause a reasonable investor to rely upon them,” In re Vivendi, S.A. Sec. Litig., 838 F.3d 223, 245 (2d Cir. 2016) (cleaned up), such “as a company's statements of hope, opinion, or belief about its future performance,” Steamfitters Loc. 449 Pension Plan v. Skechers U.S.A., Inc., 412 F.Supp.3d 353, 363 (S.D.N.Y. 2019), aff'd, 826 Fed.Appx. 111 (2d Cir. 2020). Likewise, “a sincere statement of pure opinion is not an untrue statement of material fact, regardless [of] whether an investor can ultimately prove the belief wrong.” Omnicare, Inc. v. Laborers Dist. Council Const. Indus. Pension Fund, 575 U.S. 175, 186 (2015) (quotation marks omitted). In that vein, “the Court of Appeals has repeatedly held to be nonactionable expressions of corporate optimism.” In re Bristol-Myers Squibb Sec. Litig., 312 F.Supp.2d 549, 557 (S.D.N.Y. 2004).
In addition to materiality, “[a]n alleged statement or omission must also be false or misleading.” Constr. Laborers, 433 F.Supp.3d at 531. “The test for whether a statement is materially misleading . . . is not whether the statement is misleading in and of itself, but whether the defendants' representations, taken together and in context, would have misled a reasonable investor.” Vivendi, 838 F.3d at 250 (quotation marks omitted). In other words, whether a statement is “misleading,” is “evaluated not only by literal truth, but by context and manner of presentation.” Singh, 918 F.3d at 63 (cleaned up). Critically, a statement must be contemporaneously false: “A statement believed to be true when made, but later shown to be false, is insufficient.” In re Lululemon Sec. Litig., 14 F.Supp.3d 553, 571 (S.D.N.Y. 2014). To establish the falsity of an opinion, a plaintiff must plead that (i) “the speaker did not hold the belief she professed,” (ii) any “supporting fact[s] she supplied” with her opinion “were untrue,” or (iii) the speaker omitted facts whose omission makes the statement misleading to a reasonable investor. Omnicare, 575 U.S. at 186; see also Tongue v. Sanofi, 816 F.3d 199, 209-10 (2d Cir. 2016) (applying Omnicare to claims brought under Section 10(b) and Rule 10b-5).
Moreover, “an omission is actionable under the securities laws only when the corporation is subject to a duty to disclose the omitted facts.” Stratte-McClure v. Morgan Stanley, 776 F.3d 94, 101 (2d Cir. 2015). Section “10(b) and Rule 10b-5(b) do not,” however, “create an affirmative duty to disclose any and all material information”: “Disclosure is required . . . only when necessary to make statements made, in the light of the circumstances under which they were made, not misleading.” Matrixx Initiatives, Inc. v. Siracusano, 563 U.S. 27, 44 (2011) (cleaned up). “This inquiry, unlike other duty-to-disclose scenarios, merges with the question of whether the omitted fact is material.” Constr. Laborers, 433 F.Supp.3d at 531.
2. Scienter
Claims under Section 10(b) and Rule 10b-5 must allege “that the defendant acted with scienter, a mental state embracing intent to deceive, manipulate, or defraud.” Tellabs, Inc. v. Makor Issues & Rights, Ltd., 551 U.S. 308, 319 (2007) (quotation marks omitted). The PSLRA mandates that a complaint “state with particularity facts giving rise to a strong inference that the defendant acted with the required state of mind.” 15 U.S.C. § 78u-4(b)(2)(A). Under that standard, “[a] complaint will survive . . . only if a reasonable person would deem the inference of scienter cogent and at least as compelling as any opposing inference one could draw from the facts alleged.” Tellabs, 551 U.S. at 324. That necessary inference of scienter, taking “into account plausible opposing inferences,” “must be more than merely ‘reasonable' or ‘permissible'-it must be cogent and compelling, thus strong in light of other explanations.” Id. at 323-24.
For an individual, “the scienter requirement is met where the complaint alleges facts showing either: 1) a motive and opportunity to commit the fraud; or 2) strong circumstantial evidence of conscious misbehavior or recklessness.” Emps.' Ret. Sys. of Gov't of the Virgin Is. v. Blanford, 794 F.3d 297, 306 (2d Cir. 2015) (quotation marks omitted). A generalized motive, like the desire to maintain the appearance of corporate profitability or increase compensation, is insufficient. Chill v. GE, 101 F.3d 263, 268 (2d Cir. 1996). “Where motive is not apparent[,] the strength of the circumstantial allegations must be correspondingly greater.” Schiro v. Cemex, S.A.B. de C.V., 396 F.Supp.3d 283, 300 (S.D.N.Y. 2019). For corporations, “the pleaded facts must create a strong inference that someone whose intent could be imputed to the corporation acted with the requisite scienter.” Teamsters Loc. 445 Freight Div. Pension Fund v. Dynex Cap. Inc., 531 F.3d 190, 195 (2d Cir. 2008).
C. Section 20(a)
Section 20(a) of the Exchange Act provides for what is commonly known as “control person” liability:
Every person who, directly or indirectly, controls any person liable under any provision of [the Exchange Act] or of any rule or regulation thereunder shall also be liable jointly and severally with and to the same extent as such controlled person to any person to whom such controlled person is liable ....15 U.S.C. § 78t(a). “To establish a prima facie case of control person liability, a plaintiff must show (1) a primary violation by the controlled person, (2) control of the primary violator by the defendant, and (3) that the defendant was, in some meaningful sense, a culpable participant in the controlled person's fraud.” ATSI, 493 F.3d at 108.
IV. Discussion
The Complaint brings two securities fraud claims: Count I alleges a violation of Rule 10b-5 against Citigroup and the Individual Defendants, and Count II alleges a Section 20(a) violation against the Officer Defendants as control persons.
Defendants argue that the CAC should be dismissed because it: (i) fails to identify any actionable misstatements or omissions and (ii) does not plead a strong inference of scienter. The Court agrees.
A. Whether the Challenged Statements Contain Actionable Misrepresentations or Omissions
Defendants argue that all of the alleged misstatements and omissions fall into one of two buckets that make them non-actionable: (i) statements that are immaterial as a matter of law and (ii) statements that were not false when spoken and were not rendered false by the 2020 Consent Orders. The Court again agrees.
1. Alleged Misrepresentations and Omissions
Plaintiffs identify approximately sixty statements as actionable. These statements can be broken down into four rough categories: (i) Statements Regarding Investments in Risk Management and the Design and Functioning of Citigroup's Risk Management System (Alleged Misstatements 1-7, 10-14, 19-22, 2527, 29, 31-32, and 34); (ii) Statements Regarding Regulatory Compliance and Progress (Alleged Misstatements 9, 15-18, 23-24, 28, 30, and 33); (iii) Risk Warnings (Alleged Misstatement 8); and (iv) Alleged Accounting and Regulatory False Statements and Omissions. The Court addresses each family of statements in turn.
i. Statements Regarding Investments in Risk Management and the Design and Functioning of Citigroup's Risk Management System
Nearly every statement in this category is immaterial. Plaintiffs assert that Citigroup made “meticulously detailed” representations regarding its investments in and design of risk management and internal controls that “gave comfort” to investors. (Opp. Br. at 3, 32.) But Plaintiffs' “meticulously detailed” characterization does not withstand scrutiny. In reality, the CAC strings together what are mostly routine, generic, and vague statements regarding Citigroup's investments and risk management policies and procedures, several of them forward-looking, that Plaintiffs have plucked from various communications across four years and attempted to transform from general to specific by grouping them together. The following examples are representative:
• Citigroup made “sustainable” “necessary,” “essential,” and “significant” investments in risk, control, and compliance. (CAC ¶ 310, 312, 402,
• Citigroup was and would remain “commit[ted]” to making the necessary investments in these areas and would not “compromise” on this important area. (Id. ¶¶ 404, 408,
• Citigroup “manages its risks” through “three lines of defense [that] collaborate with each other in structured forums and processes to bring various perspectives together and to steer the organization toward outcomes that . . . are systemically responsible.” (CAC ¶¶ 315, 337, 366, 383, 415.)
• Citigroup's “compliance organization is designed to protect Citi . . . by managing adherence to applicable laws [and] regulations.” (CAC ¶¶ 317, 339.)
• “Citi's firm-wide Risk Governance Framework consists of the policies, procedures, and processes through which Citi identifies, measures, manages, monitors,
reports, and controls risks across the firm.” (CAC ¶¶ 333, 362.)
• “Citi's Company-wide risk governance framework consists of the policies, standards, procedures and processes through which Citi identifies, assesses, measures, manages, monitors, reports and controls risks across the Company.” (CAC ¶¶ 379, 413.)
The statements regarding investments and commitments are nothing more than “simple and generic assertions” regarding Citigroup's “commitment to regulatory compliance” and intention “to allocate significant resources” to said compliance. Singh v. Cigna Corp., 918 F.3d 57, 64 (2d Cir. 2019) (cleaned up).
Such statements are not materially misleading absent significantly more detailed “assurances of actual compliance.” Id. at 64 (cleaned up). Though Citigroup generally stated that it was spending the appropriate amount on these issues and would continue to do so, there is insufficient detail in any of the identified statements to be construed as an “assurance of actual compliance” or that the investments would forestall regulatory action in perpetuity. No bank would declare that it was not investing in and would not continue to invest in regulatory compliance or risk management. No reasonable investor would rely on such vague statements, lacking any meaningful detail, that it was doing so as an assurance of compliance. ECA & Local 134 IBEW Joint Pension Tr. of Chi. v. JP Morgan Chase Co., 553 F.3d 187, 206 (2d Cir. 2009) (“No investor would take such [general] statements seriously in assessing a potential investment, for the simple fact that almost every . . . bank makes these statements.”).
The descriptions of Citigroup's risk management “policies and procedures” are equally “simple and generic.” Singh, 918 F.3d at 64. Plaintiffs identify general statements about how Citigroup “manages its risks,” (CAC ¶¶ 315, 337, 366, 383, 415) that it has systems “designed to protect Citi” (CAC ¶¶ 317, 339, 368, 385) and “policies, procedures, and processes” to control risk (CAC ¶¶ 333, 362), and a “risk governance framework” that consists of “policies, standards, procedures, and processes.” (CAC ¶¶ 379, 413). But these are exactly the types of “routine representations” of “risk-management practices” that “almost every . . . bank makes” and which are inactionable. ECA, 553 F.3d at 206; Menaldi v. Och-Ziff Capital Mgmt. Grp. LLC, 277 F.Supp.3d 500, 513 (S.D.N.Y. 2017) (finding inactionable similar “milquetoast corporate-speak”). Such “[v]ague positive statements regarding” Citigroup's “risk management strategy” “are ‘too general to cause a reasonable investor to rely upon them' and therefore are ‘precisely the type of puffery that this and other circuits have consistently held to be inactionable.'” Stichting Depositary APG Developed Mkts. Equity Pool v. Synchrony Fin. (In re Synchrony Fin. Sec. Litig.), 988 F.3d 157, 170 (2d Cir. 2021) (quoting ECA, 553 F.3d at 206); Greco v. Qudian Inc., No. 1:20-cv-577-GHW, 2022 U.S. Dist. LEXIS 165369, at *41 (S.D.N.Y. Sept. 13, 2022) (finding “general statements regarding . . . attempts to remain compliant with regulations” that did not assert full “complian[ce] with all regulations, or that” the company “has never faced regulatory issues” were “non-actionable puffery”).
The closest Plaintiffs come to identifying a statement with the requisite level of detail is Citigroup's statement that “[t]he Risk Governance Framework has been developed in alignment with the expectations of the Office of the Comptroller of the Currency (OCC) Heightened Standards. It is also aligned with the relevant components . . . of the Federal Reserve's Enhanced
Prudential Standards for Bank Holding Companies and Foreign Banking Organizations.” (CAC ¶¶ 335, 364, 381; Opp. Br. at 31.) But even references to “alignment” with specifically identified standards are not guarantees of conformity and are too general and aspirational to be actionable. See, e.g., In re Sanofi Sec. Litig., 155 F.Supp.3d 386, 401-02 (S.D.N.Y. 2016) (finding similar statements regarding “maintenance of an ‘effective compliance organization'” that is “consistent with the legislative framework,” and “aligned with the industry's best practices” not actionable); Banco Safra S.A.-Cayman Islands Branch v. Andrade Gutierrez Int'l S.A., No. 16-CV-9997 (JMF), 2018 WL 1276847, at *4 (S.D.N.Y. Mar. 8, 2018) (finding “statement that [company] ‘aligns its corporate practices to standards issued by international entities,'” was “both ‘too general' and too ‘aspirational' to support a securities-fraud claim”).
Meyer v. Jinkosolar Holdings Co., 761 F.3d 245 (2d Cir. 2014), which Plaintiffs rely on to frame their theory of the case, is not to the contrary. The alleged misstatements in Jinkosolar were significantly more specific than those at issue here. There, the defendant stated that, as part of its environmental compliance program, it had “installed pollution abatement equipment at [its] facilities to process, reduce, treat, and where feasible, recycle the waste materials before disposal” and that it had “environmental teams at each of [its] manufacturing facilities” on duty twenty-four hours a day “to monitor waste treatment and ensure that [these] waste emissions comply with [Chinese law].” Id. at 247 (third alteration in original). These statements were actionable misrepresentations because “the description of pollution-preventing equipment and 24-hour monitoring teams gave comfort to investors that reasonably effective steps were being taken to comply with applicable environmental regulations,” comfort which would mislead investors “if in fact the equipment and 24-hour team were then failing to prevent substantial violations of the Chinese regulations,” as was alleged to be the case. Id. at 251. The specificity of the disclosures in Jinkosolar made them actionable. That “specificity . . . is not present here.” Diehl v. Omega Protein Corp., 339 F.Supp.3d 153, 163 (S.D.N.Y. 2018) (same); Menaldi, 277 F.Supp.3d at 513 (distinguishing Jinkosolar on the basis that the statements at issue were “far more generalized” than those in Jinkosolar).
The Court's conclusion is buttressed by the repeated and specific cautions that Citigroup provided in its Annual Reports. For example, Citigroup cautioned that it and Citibank were under “heightened regulatory scrutiny and expectations” from the Federal Reserve, OCC, and other regulators, and that part of that scrutiny involved monitoring of Citigroup's and Citibank's “governance and risk management practices.” (Ex. 4, Nelles Decls. at 62.) Citigroup further cautioned that, “[a]t any given time, Citi is defending a significant number of legal and regulatory proceedings and is subject to numerous governmental and regulatory examinations, investigations and other inquiries.” (Ex. 7, Nelles Decls. at 61.) Citigroup also warned investors that these proceedings “may result in adverse judgments, settlements, fines, penalties, restitution, disgorgement, injunctions or other relief” (Ex. 12, Nelles Decls. at 283), and that “Citi can be subject to enforcement proceedings not only because of violations of law and regulation, but also due to a failure, as determined by its regulators, to have adequate policies and procedures, or to remedy deficiencies on a timely basis” (Ex. 21, Nelles Decls. at 55). These warnings cautioned investors that regulators could disagree with the Company's policies and procedures and defeat any assertion that Defendants made “specific, confident assurances of compliance” that that would give reasonable investors the comfort Plaintiffs claim. In re Qudian Inc. Sec. Litig., 2020 WL 3893294, at *3 (S.D.N.Y. July 10, 2020). Based on the foregoing, the Court finds that Alleged Misstatements 17, 11-13, 19-22, 25-27, 29, 31-32, and 34 are immaterial.
It is proper for the Court to take judicial notice of documents which are quoted and referred to by the CAC-and “to consider them in adjudicating the Motion to Dismiss, examining the documents only to determine what statements they contain rather than to prove the truth of the documents' contents.” Frankfurt-Tr. Inv. Lux. AG v. United Techs. Corp., 336 F.Supp.3d 196, 205 (S.D.N.Y. 2018).
Even if the Alleged Misstatements identified above were not immaterial, Plaintiffs have failed to allege the falsity of any of the statements in this category. “A violation of Rule 10b-5 cannot occur unless an alleged material misrepresentation or omission was false at the time it was made.” C.D.T.S. v. UBS AG, 2013 WL 6576031, at *3 (S.D.N.Y. Dec. 13, 2013) (“Without contemporaneous falsity there is no fraud.”). And “plaintiffs may not plead fraud by hindsight.” Slayton v. Am. Exp. Co., 604 F.3d 758, 776 (2d Cir. 2010) (citing Shields v. Citytrust Bancorp, Inc., 25 F.3d 1124, 1129 (2d. Cir. 1994)). That is, “[c]orporate officials need not be clairvoyant; they are only responsible for revealing those material facts reasonably available to them. Thus, allegations that defendants should have anticipated future events and made certain disclosures earlier than they actually did do not suffice to make out a claim of securities fraud.” Novak, 216 F.3d 300, 309 (2d Cir. 2000) (citations omitted). Critically, “a corporation is not required to disclose a fact merely because a reasonable investor would very much like to know that fact.” Dalberth v. Xerox Corp., 766 F.3d 172, 183 (2d Cir. 2014). Rather, a company is only obligated to disclose additional facts if doing so was necessary to make their statements “not misleading.” Matrixx, 563 U.S. at 44.
Plaintiffs argue that statements related to Citigroup's investments in risk compliance (CAC ¶¶ 310, 312, 402, 431), its commitment to this area (id. ¶¶ 402, 404, 408, 431), and its statements that risk and compliance costs were “plateauing” or had “plateaued” (id. ¶¶ 329, 351) were materially false and misleading because the October 2020 Orders concluded that Citigroup had failed to implement a sound system of internal controls and risk management (CAC ¶¶ 311, 313) and thus, Plaintiffs conclude, the “necessary,” “essential,” “significant,” etc. investments were not made and the risk managements costs only plateaued because Citigroup was not making those investments (Opp. Br. at 33-34). Plaintiffs allege that at the time of the October 2020 Orders, Citigroup's compliance issues had been ongoing “[f]or years” and were “long past due” (CAC ¶¶ 153-54, 158; see Opp. Br. at 9) and cite facts suggesting that at unidentified points in time, Citigroup was aware that its regulators considered unspecified aspects of Citigroup's risk management systems to require modification, that the OCC and Fed subsequently issued the October 2020 Orders finding that Citigroup's risk management system as it stood in 2020 was insufficient and required remediation, and that compliance with the 2020 Orders would be costly. (CAC ¶¶ 119, 159, 213, 311(a)(v), (c), 313, 403(c)(e)(f), 405(b)-(e), 409(a), (d)-(f).)
However, nowhere in the Complaint do Plaintiffs allege facts showing that Citigroup did not, in fact, make the described investments in risk, control, and compliance as of the time the above statements were made. See In re Banco Bradesco S.A. Sec. Litig., 277 F.Supp.3d 600, 648 (S.D.N.Y. 2017) (“Plaintiff has not alleged that . . . management did not, in fact, conduct the evaluations described in those statements.”). To be sure, Plaintiffs conclude that Citigroup did not make the described investments by reasoning backward from the existence of the October 2020 Orders and positing that the existence of the regulatory actions in 2020 shows that Citigroup never made the requisite investment in its risk management systems at any point over the preceding four years. (See, e.g., CAC ¶ 313(a) (“The ‘necessary investments,' at a minimum, had to be sufficient to avoid the findings in Article II of the OCC Remediation Order ....”).) But setting aside the conclusions and looking to the actual factual allegations, the fact that Defendants were subject to the October 2020 Orders, whether due to lack of investment or for other reasons, does not mean that Citigroup was not investing in its risk management system at the times the challenged statements were made or that the investments were inadequate at that time. See, e.g., Woolgar v. Kingstone Cos., 477 F.Supp.3d 193, 230 (S.D.N.Y. 2020) (“Plaintiff has failed to allege how Defendants' knowledge of a material weakness as of September 30, 2019 . . . demonstrates that any Defendant was aware of a weakness during the Class Period.”).
As to the risk management systems, Plaintiffs do not argue that the CAC adequately alleges that the designs and procedures Defendants described did not exist or were misdescribed. (Opp. Br. at 27, 30.) Rather, Plaintiffs argue that these statements were misleading because Citigroup failed to disclose that “regulators had determined for years that those systems suffered significant deficiencies” such that they were, in Plaintiffs' words, “inoperable,” and that describing these systems at all “created a misleading impression because they did not meet minimum regulatory requirements.” (Opp. Br. at 27, 30 (citing CAC ¶¶ 163-64, 176-83).) In support of this argument, Plaintiffs again attempt to use the October 2020 Orders to carry a weight they will not bear. For example, though the Fed Order did identify “significant ongoing deficiencies” in “various areas of risk management and internal controls,” it states that those deficiencies were observed in the “most recent supervisory assessment of Citigroup.” (Ex. 24, Nelles Decl. at 1.) Similarly, the Fed's reference to “longstanding enterprise-wide risk management and controls deficiencies previously identified” (id. at 2) does not support the contention that Citigroup's risk management systems were inoperable throughout the Class Period, much less establish that any of the Defendants knew that Citigroup's risk management systems were so deficient that any reference to or description of them was misleading.
Similarly, the OCC's conclusion in 2020 that “for several years, the Bank has failed to implement and maintain an enterprise-wide risk management and compliance risk management program, internal controls, or a data governance program commensurate with the Bank's size, complexity, and risk profile” and engaged in “unsafe or unsound practices that were part of a pattern of misconduct” and “violations of law and regulation and continuous noncompliance” with OCC regulations, (Ex. 25, Nelles Decls. at Art. II; see also Opp. Br. at 2, 29) does not tell the Court when this view was formed or communicated to any Defendant.
Nor is the Court persuaded that the existence of a regulatory system by which regulators communicate multifarious inadequacies to large banks like Citigroup, the occurrence of various meetings between regulators and Citigroup, or the fact that the OCC and Fed consent orders contain language suggesting that certain deficiencies persisted over an unspecified period of time, (CAC ¶¶ 66-68, 79, 163, 182-83, 220, 253, and 270), can stand in for particularized factual allegations raising an inference that the specific challenged statements were misleading by omission when made. The CAC never identifies what specific matters were contained in the ROEs or what the Fed or OCC discussed with Mr. Corbat and the Citigroup and Citibank Boards such that the Court can infer that, at the time the challenged statements were made, there was further information pertinent to those statements that Citigroup had a duty to disclose, such as a contemporaneous communication from the regulators stating that Citigroup's investments in risk management were inadequate or informing Citigroup that its risk management systems were functionally nonexistent. Teamsters, 531 F.3d at 196 (no inference of fraud where plaintiff failed to “identif[y] any reports or statements that would have . . . demonstrated the falsity of the allegedly misleading statements”); Woolgar, 477 F.Supp.3d at 232 (S.D.N.Y. 2020) (claims dismissed where the complaint “d[id] not set forth specific, contradictory information of which Defendants were aware”). Indeed, Plaintiffs do not identify the date of any particular communication or, even generally, that in a particular year the OCC and Fed conveyed a particular concern to Defendants. The Court is cognizant that Plaintiffs “need not plead dates, times, and places with absolute precision,” In re Flag Telecom. Ltd., Sec. Litig., 352 F.Supp.2d 429, 467 (S.D.N.Y. 2005), but the CAC contains no precision. The Court cannot infer that Citigroup should have disclosed more information on a specific topic at a particular time without factual allegations identifying with some level of specificity what contradictory information Citigroup had and when it had it.
The Court therefore concludes that Alleged Misstatements 17, 10-14, 19-22, 25-27, 29, 31-32, and 34 are not actionable because Plaintiffs have not adequately alleged that the statements were false at the time they were made or identified any specific information available to the Defendants at the time the statements were made that should have been disclosed contemporaneously but was not. San Leandro Emergency Med. Group Profit Sharing Plan v. Philip Morris Cos., Inc., 75 F.3d 801, 812-13 (2d Cir. 1996) (finding no inference of fraud where plaintiff failed to articulate contemporaneous facts that were inconsistent with defendants' public statements).
ii. Statements Regarding Regulatory Compliance and Progress
The statements in this category are more disparate but no less inadequate. The Court addresses Alleged Misstatements 15 and 17 first. When read in the context in which they were made, neither of these statements has anything to do with risk management systems, and they are not adequately alleged to be false. Alleged Misstatement 15, that “[f]rom an infrastructure perspective [Citigroup] got really if not all, certainly most of the systems or base systems” that it needed was made in response to a question about systems, in 2017, related to “big projects” in the “Investment Bank, the Global Consumer Bank” and investments in Mexico designed to improve “efficiency,” such as more technologically advanced ATMs. (Ex. 9, Nelles Decls. at 3.) It was not a representation concerning infrastructure related to risk management more broadly, and the CAC does not allege that the infrastructure related to those projects was not substantially complete.
Alleged Misstatement 17 is similarly unrelated to the allegations in the CAC. In Alleged Misstatement 17, Mr. Gespach stated that Citigroup was “operating above every one of our regulatory requirements.” (CAC ¶ 357.) But this was a very specific representation concerning Citigroup's “Common Equity Tier 1” ratio of capital to assets, which was in fact above the “current regulatory requirement of just 10%.” (Ex. 10, Nelles Decls. at 1-2; Ex. 32, Nelles Decls. at 2.) It was not a representation that Citigroup exceeded every regulatory requirement to which it was subject, and no reasonable investor would have understood it to be. There are no allegations in the CAC suggesting that Citigroup was not in compliance with this regulatory requirement at the time the statement was made.
Turning to Alleged Misstatement 9, Mr. O'Neill's statement that he “thought” Citigroup “had no significant control lapses unlike the year before” (CAC ¶ 327) is an inactionable opinion. The CAC does not allege that, at the time Mr. O'Neill made the statement in 2016, there had been a significant control lapse the year before or that Mr. O'Neill did not hold this opinion. Rather, Plaintiffs rely, again, on the existence of the October 2020 Orders to suggest that this statement was false or misleading. But the existence of the October 2020 Orders does not support an inference that in 2016 Mr. O'Neill did not believe that there had not been a significant control lapse the prior year or that he was aware that the OCC or Fed held a contrary view. Omnicare, 575 U.S. at 186; see also Tongue v. Sanofi, 816 F.3d 199, 209-10 (2d Cir. 2016).
Alleged Misstatement 16 is not adequately alleged to be false. In Alleged Misstatement 16, Mr. Corbat stated that Citigroup “ha[d] been rebuilding [its] relationship with regulators,” had made “progress” and had made “investments . . . in controls” meant “to improve processes across risk, compliance and audit.” (CAC ¶ 355.) Mr. Corbat also cautioned that “we recognize our job is not done.” (Ex. 10, Nelles Decls. at 1.) The statements regarding “progress” and “rebuilding” are clearly subjective and, at the risk of over repetition, the October 2020 Orders (and news reports that regulators, at unidentified times, identified unspecified deficiencies) do not render this 2017 statement false or misleading. Citigroup could well have been making progress and rebuilding in 2017 and still be subject to regulatory action in 2020, and nothing in the 2020 October Orders suggests otherwise. The portions of the statement concerning investments fail for the same reasons that the statements regarding investments failed above.
The representations in Alleged Misstatement 23 that Citigroup “made progress” and “headway” with regulatory requirements (CAC ¶ 398) fail for the same reasons. The representations that “prudent risk management was top of mind” and that Citigroup's “Board and . . . Risk Committee engage deeply” with “risk management practices” (id.) related to “Brexit,” “trade wars,” “underwriting standard,” “[c]yber risk” and “other areas” (Ex. 14, Nelles Decls. At 4) fail because they are immaterial “milquetoast corporate-speak,” Menaldi, 277 F.Supp.3d at 513, and “[v]ague positive statements regarding” Citigroup's “risk management strategy” that “are ‘too general to cause a reasonable investor to rely upon them.'” In re Synchrony Fin. Sec. Litig., 988 F.3d at 170 (quoting ECA, 553 F.3d at 206). The representations in Alleged Misstatement 33, that Citigroup “delivered . . . strong risk management” and was “[f]ocus[ed] on risk management” (CAC ¶ 429) are similarly vague and generic. See, e.g., In re Xinhua Fin. Media, Ltd. Sec. Litig., No. 07 CIV. 3994 LTS/AJP, 2009 WL 464934, at *8 (S.D.N.Y. Feb. 25, 2009) (finding “soft adjective[]” “strong” to be “nothing more than puffery, which is not actionable under the securities laws”).
Finally, Alleged Misstatements 18, 24, 28, and 30 all pertain to Citigroup's disclosure of various regulatory actions by the OCC and Citigroup's efforts to remedy the underlying issues. (CAC ¶¶ 359, 400, 406, 410.) Plaintiffs again rely on the October 2020 Orders to argue that these statements were false or misleading, and the effort is again unavailing. The October 2020 Orders do not cite to any ongoing violations related to the particular issues identified in the earlier settlements that render these statements false or misleading.
Thus the Court finds that the Alleged Misstatements in this category, 9, 15-18, 23-24, 28, 30, and 33, are not actionable for the reasons set forth above.
iii. Risk Warnings
Alleged Misstatement 8, regarding Citigroup's risk warnings, is also not actionable. “[C]autionary statements of potential risk have only rarely been found to be actionable by themselves.” In re FBR Inc. Sec. Litig., 544 F.Supp.2d 346, 360 (S.D.N.Y. 2008). Such warnings “are actionable half-truths when the company warns about a risk that could have an impact on its business when, in fact, that risk has already materialized.” Constr. Laborers Pension Tr. for S. California v. CBS Corp., 433 F.Supp.3d 515, 536 (S.D.N.Y. 2020). The CAC does not adequately allege that the risk had already materialized at the time Citigroup issued the risk warnings because they were issued prior to the October 2020 Orders. Even if there was an “increased risk” that Citigroup would face regulatory action of which Citigroup was aware, “[a]n increase in a risk does not mean the risk has already come to pass, such that a disclosure that simply identifies the risk would be misleading. It cannot be that every time a risk increases or decreases, a company must precisely quantify the increase or decrease in its disclosures identifying that risk.” Id. at 538 (citation omitted). Alleged Misstatement 8 is not misleading or untrue, and it is not actionable.
iv. Alleged Accounting and Regulatory False Statements and Omissions
Plaintiffs leave no stone unturned and assert misstatements based on (i) Accounting Standards Codification 450 (“ASC 450”), (ii) SEC Item 303, and (iii) SOX certifications. None of these theories saves Plaintiffs' claims.
ASC 450 requires a specific accrual for a loss contingency that is “probable” and for which “the amount of loss can be reasonably estimated.” (CAC ¶¶ 438, 441.) In Plaintiffs' view, Citigroup should have classified the amount of money that it ultimately estimated it would have to spend to comply with the October 2020 Orders as “loss contingencies” at least by the start of the Class Period. (CAC ¶ 450.) However, to plead an accounting theory of securities fraud, Plaintiffs must adequately allege that the “earlier impairment charge was so clearly required by accounting principles that the failure to take such a charge was fraudulent.” In re Loral Space & Commc'ns Ltd. Sec. Litig., 2004 WL 376442, at *17 (S.D.N.Y. Feb. 27, 2004). But Plaintiffs do not allege any concrete facts known to Defendants prior to the October 2020 Orders suggesting that generally accepted accounting principles “so clearly required” Citigroup to quantify risk management spending as a loss contingency. That, in hindsight, Citigroup was wrong about the necessary spending does not make its statements actionable misrepresentations. Burr v. Equity Bancshares, Inc., No. 19-CV-4346 (AJN), 2020 WL 6063558, at *6 (S.D.N.Y. Oct. 14, 2020); Charter Twp. of Clinton Police & Fire Ret. Sys. v. KKR Fin. Holdings LLC, No. 08 CIV. 7062 PAC, 2010 WL 4642554, at *19 (S.D.N.Y. Nov. 17, 2010).
SEC Item 303 requires disclosure of “known trends or uncertainties that have had or that are reasonably likely to have a material favorable or unfavorable impact on net sales or revenues or income from continuing operations.” 17 C.F.R. § 229.303(b)(2)(ii). Plaintiffs' Item 303 claim fails because, as set forth above, the CAC does not adequately allege that the alleged underinvestment in risk management or the eventual October 2020 Orders were “presently known” to the Defendants at the relevant times. In re Bank of Am. AIG Disclosure Sec. Litig., 980 F.Supp.2d 564, 584 (S.D.N.Y. 2013) . Further, as set forth above, Citigroup “provided disclosures regarding its risks that were company-specific and related to the direct risks it uniquely faced” and was not required to do more. Ong v. Chipotle Mexican Grill, Inc., No. 16 Civ. 141 (KPF), 2017 U.S. Dist. LEXIS 33170, 2017 WL 933108, at *11 (S.D.N.Y. Mar. 8, 2017); In re Sanofi Secs. Litig., 87 F.Supp.3d 510, (S.D.N.Y. 2015) (“These statements conveyed substantive information about the risk that ultimately materialized. As such, they were meaningful cautionary language, not mere boilerplate.”), aff'd sub nom. Tongue v. Sanofi, 816 F.3d 199 (2d Cir. 2016).
Finally, Plaintiff suggests that Individual Defendants' allegedly misleading SOX certifications are actionable because they falsely represented that its ICFR and DCPs were effective. (CAC ¶¶ 488-90, 518-19.) SOX certifications are “statement[s] of opinion,” which “contain an important qualification that the certifying officer's statements are true based on his or her knowledge.” In re AmTrust Fin. Servs., Inc. Sec. Litig., No. 17-CV-1545 (LAK), 2019 U.S. Dist. LEXIS 153297, 2019 WL 4257110, at *24 (S.D.N.Y. Sept. 9, 2019) (brackets omitted). Yet, Plaintiff offers nothing beyond conjecture to suggest that the Individual Defendants knew-at the time they signed their certifications-of any misrepresentations in Citigroup's financial statements or deficiencies in the Company's internal controls. Post-Class Period identification of control deficiencies and misstatements, without more, does not show otherwise. Lachman v. Revlon, Inc., 487 F.Supp.3d 111, 134 (E.D.N.Y. 2020) (“Plaintiffs fail to allege that [the company's] SOX certifications were materially false or misleading simply because a weakness in [the company's internal controls over financial reporting] was later discovered.”).
B. Whether Plaintiffs Have Adequately Pled Scienter
Defendants also move to dismiss Plaintiff's Section 10(b) and Rule 10b-5 claims because Plaintiffs failed to plead scienter. Recall that Plaintiffs may show scienter in one of two ways: (i) evidence that Individual Defendants had “a motive and opportunity to commit the fraud” or (ii) “strong circumstantial evidence of conscious misbehavior or recklessness.” Blanford, 794 F.3d at 306 (quotation marks omitted). Plaintiffs' allegations fall short under either theory, especially since, when evaluating scienter, “the [C]ourt must take into account plausible opposing inferences.” Tellabs, 551 U.S. at 323.
In terms of motive and opportunity, Plaintiffs argue that the Individual Defendants had motive because Mr. Corbat was motivated “to counter negative perceptions about Citigroup's efficiency ratio,” which was the ““sine qua non” of his tenure and “a source of enormous pressure.” (Opp. Br. at 21 (citing CAC ¶¶ 91, 97-115).) Initially, this argument pertains only to Mr. Corbat and not to the remaining Individual Defendants. Setting that aside, this alleged motive is not “concrete” or “personal” even as to Mr. Corbat. Teamsters, 531 F.3d at 196. This is just a roundabout way of saying that Mr. Corbat was motivated to keep his job by “maintain[ing] the appearance of corporate profitability.” Chill v. Gen. Elec. Co., 101 F.3d 263, 268 (2d Cir. 1996). Such a motive is common to all corporate officers and cannot support an inference of fraudulent intent. Id.; Kalnit v. Eichler, 264 F.3d 131, 140 (2d Cir. 2001).
Implicitly recognizing this, Plaintiffs instead focus on the Individual Defendants' purported recklessness, (see Opp. Br. at 18-22), which the Court of Appeals defines as “conduct which is highly unreasonable and which represents an extreme departure from the standards of ordinary care.” Novak, 216 F.3d at 308 (quotation marks omitted). To satisfy that standard, Plaintiffs point to four families of facts it avers circumstantially evidence scienter: (i) the OCC's $400 million CMP, (see Opp. Br at 18); (ii) Individual Defendants' alleged claims of involvement with risk management, (see id. at 19); (iii) Individual Defendants' knowledge of “core operations,” (see id. at 1920); and (iv) Mr. Corbat's and Hu's resignations (see Id. at 20). None of those allegations gives rise to the required strong inference of scienter.
Plaintiffs are incorrect that the OCC's CMP supports a finding of scienter by the Individual Defendants. Plaintiffs' argument is premised on the faulty proposition that OCC examiners only propose CMPs for “serious misconduct, including misconduct that is reckless, flagrant, willful, or knowing and [] because of its frequency or recurring nature, shows a general disregard for law or regulation” and that, therefore, the Individual Defendants must have behaved at least recklessly. (Opp. Br. at 18 (citing CAC ¶ 254).) This proposition is incorrect for a number of reasons. First, the OCC order is directed at Citigroup, not any of the Individual Defendants. It tells the Court little to nothing about the Individual Defendants' scienter to know that a penalty was assessed against Citigroup. Second, though OCC guidance states that examiners should impose fines in cases of “serious misconduct,” it never limits fines to “misconduct,” serious or otherwise, or states that fines should not be imposed unless there is serious misconduct. (Ex. 27, Nelles Decls. at 51.)
Third, even assuming that the OCC does impose CMPs only for “serious misconduct,” this “include[es],” and thus is not limited to, “misconduct that is reckless, flagrant, willful, or knowing” (id.), meaning that it need not be reckless as well. Indeed, the OCC order states that the monetary penalty was assessed pursuant to the authority provided by 12 U.S.C. section 1818(i). (Ex. 26, Nelles Decls. at 1.) This section, in turn, provides that a heightened penalty can be assessed for “committ[ing] any [of the enumerated] violation[s];” “recklessly engag[ing] in an unsafe or unsound practice;” or “breach[ing] any fiduciary duty” if that “violation, practice, or breach” is, among other things, “part of a pattern of misconduct.” 12 U.S.C. § 1818(i)(2)(B) (emphasis added). Given there is at least one way by which a bank could engage in a “pattern of misconduct” without being found reckless, i.e., by “committ[ing] any violation” as part of a pattern, a CMP certainly does not require reckless conduct to be statutorily sound. Plaintiffs' dictionary definition does not change the calculus. Indeed, Plaintiffs chose the second definition, that misconduct is “intentional or wanton wrongful but usually not criminal behavior” (Opp. Br. at 12), but in that same source the first definition provides that misconduct can simply mean “mismanagement.” Merriam-Webster.com Dictionary, available at https://www.merriam-webster.com/dictionary/misconduct. And Black's Law Dictionary defines misconduct as “[a] dereliction of duty; unlawful, dishonest, or improper behavior.” MISCONDUCT, Black's Law Dictionary (11th ed. 2019). This too can, but need not, involve wrongful or culpable intent and can simply be premised on “unlawful” behavior. Notably, Black's Law Dictionary has separate definitions for “wanton misconduct” and “willful and wanton misconduct” both of which do include recklessness in the definition. (Id.) While the OCC order certainly refers to a “pattern of misconduct” it does not refer to “reckless” conduct. (Ex. 25, Nelles Decls. at Art. II § 6.) Given the statutory structure and the definitions set forth above, the Court cannot infer that the imposition of a CMP equates to a finding of recklessness.
Plaintiffs' theory based on Defendants' alleged claims of involvement with risk management fails as well. “[T]o establish an inference of scienter, Plaintiff[s] must do more than allege that the Individual Defendants had or should have had knowledge of certain facts contrary to their public statements simply by virtue of their high-level positions.” Lipow v. Net 1 UEPS Techs., Inc., 131 F.Supp.3d 144, 163 (S.D.N.Y. 2015). Thus, “[w]here scienter is based on a defendant's knowledge of and/or access to certain facts,” Plaintiffs must allege facts showing that (i) "specific contradictory information was available to the defendants” (ii) "at the same time they made their misleading statements.” In re Adient plc Sec. Litig., No. 18-CV-9116 (RA), 2020 WL 1644018, at *27 (S.D.N.Y. Apr. 2, 2020). And “[w]here plaintiffs contend defendants had access to contrary facts, they must specifically identify the reports or statements containing this information.” Novak, 216 F.3d at 309. As set forth in detail above, Plaintiffs have not identified any specific fact that the Individual Defendants possessed that contradicted their statements at the time they were made. Plaintiffs have certainly alleged that the OCC and Fed communicated concerns with some aspects of Citigroup's risk management systems at different times, but “such vague allegations fail to provide any specific information sufficient to suggest, let alone adequately plead, that Defendants' statements . . . were false when made, or that Defendants' belief in them was unreasonable.” In re Adient plc Sec. Litig., 2020 WL 1644018, at *28 (internal quotations omitted).
Plaintiffs' reliance on the “core operations doctrine” is also misplaced. Even assuming that the risk management systems qualify as “core operations,” “the core operations theory at most constitutes supplemental support for alleging scienter but does not independently establish scienter.” Lipow, 131 F.Supp.3d at 174. Supplemental support “cannot serve to independently establish scienter” or “bolster” an inference of scienter where Plaintiffs have not adequately alleged an independently sufficient basis. Id.
Finally, Plaintiffs rely on Mr. Corbat's and Mr. Hu's resignations. “Terminations or resignations of corporate executives are insufficient alone to establish an inference of scienter,” Woolgar v. Kingstone Cos., Inc., 477 F.Supp.3d 193, 240 (S.D.N.Y. 2020), because “there are any number of reasons that an executive might resign, most of which are not related to fraud,” Das v. Rio Tinto PLC, 332 F.Supp.3d 786, 815 (S.D.N.Y. 2018). Additional factual allegations linking the termination or resignation to the alleged fraud are necessary. See Woolgar, 477 F.Supp.3d at 240. “Put differently, a resignation can establish scienter only if the plaintiff alleges independent evidence corroborating that the employee who resigned held a culpable state of mind. Standing alone, however, an employee's resignation does not raise a strong inference of scienter.” Schiro v. Cemex, 396 F.Supp.3d 283, 303 (S.D.N.Y. 2019). Here, the only relevant fact alleged is that Messrs. Corbat and Hu resigned, perhaps ahead of schedule, around the time of the October 2020 Orders. This does not raise a strong inference of scienter. Indeed, it is not surprising that a CEO might resign as a result of significant regulatory actions related to the management of the company during his or her tenure. Id. at 303 (“When corporate misconduct is disclosed, members of management resign for all sorts of reasons, including that they were negligent in overseeing the responsible employees or simply because the optics of changing management are better for investors and regulators.”); Lighthouse Fin. Grp. v. Royal Bank of Scot. Grp., 902 F.Supp.2d 329, 343 (S.D.N.Y. 2012) (“The resignations . . . are at least as consistent with punishing those at the helm for their poor judgment and leadership, than resignations relating to concocting a scheme to defraud shareholders.”). It does not raise an inference of intentionality or recklessness.
Finally, Plaintiffs argue that the Court must consider the allegations “holistically.” Plaintiffs are correct that “the [C]ourt's job is not to scrutinize each allegation in isolation but to assess all the allegations holistically.” Tellabs, 551 U.S. at 326. But that does not mean that Plaintiffs can “combine inadequate allegations of motive with inadequate allegations of recklessness . . . to demonstrate scienter.” Kalnit, 264 F.3d at 141. After all, “zero plus zero cannot equal one.” Reilly v. U.S. Physical Therapy, Inc., No. 17 CIV. 2347 (NRB), 2018 WL 3559089, at *19 (S.D.N.Y. July 23, 2018). Thus, even viewed holistically, Plaintiffs allegations fail to state with particularity facts giving rise to a strong inference of scienter. The more likely inference is that the Defendants thought that their risk management systems and controls were adequate at the time they made the statements.
In short, Plaintiffs' allegations regarding scienter do not support a “powerful or cogent” inference that Individual Defendants harbored thoughts of fraud. Tellabs, 551 U.S. at 323. As a result, there is also no intent that can be imputed to the Company. See Teamsters, 531 F.3d at 195. Consequently, Plaintiff's Section 10(b) and Rule 10b-5 claims must also be dismissed on the basis of lack of scienter.
Plaintiffs' theory of corporate scienter relies entirely on imputing the scienter of the Individual Defendants and other employees to Citigroup. (CAC ¶¶ 306-08.) Because the CAC fails adequately to allege scienter on the part of the Individual Defendants and does not identify any other particular employee with adequate scienter, corporate scienter is necessarily lacking.
C. Section 20(a) Claims
Plaintiffs also assert a control person claim against the Individual Defendants Under Exchange Act § 20(a). (CAC ¶¶ 580-86.) To establish control person liability, the plaintiff must allege: (i) “a primary violation by the controlled person,” (ii) “control of the primary violator by the defendant, and (3) that the defendant was, in some meaningful sense, a culpable participant in the controlled person's fraud.” ATSI Commc'ns, Inc. v. Shaar Fund, Ltd., 493 F.3d 87, 108 (2d Cir. 2007). Because, as discussed above, Plaintiffs have failed to establish a primary violation of the securities laws, their section 20 claim necessarily collapses and is dismissed. See In re Merrill Lynch Auction Rate Sec. Litig., 851 F.Supp.2d 512, 530 (S.D.N.Y. 2012).
D. Leave to Amend
In a single sentence at the end of their opposition brief, Plaintiffs request leave to amend if the Court dismisses the Complaint. (Opp. Br. at 40.) Although Rule 15(a)(2) directs courts to “freely grant leave” to amend a pleading “when justice so requires,” Fed.R.Civ.P. 15(a)(2), courts may deny leave “for good reason, including futility, bad faith, undue delay, or undue prejudice to the opposing party.” McCarthy v. Dun & Bradstreet Corp., 482 F.3d 184, 200 (2d Cir. 2007). Plaintiffs have not proposed any specific amendments, and the Court has serious doubts that they can add any allegations that would shore up their CAC. As a result, the Court will not grant Plaintiffs' request, but Plaintiffs may move for leave to amend to explain further how any amendment would cure the defects identified above. See Loreley Fin. (Jersey) No. 3 Ltd, v. Wells Fargo Sec., LLC, 797 F.3d 160, 190 (2d Cir. 2015) (noting that leave may be denied "where the request gives no clue as to how the complaint's defects would be cured" (citation and internal quotation marks omitted)).
V. Conclusion
For the foregoing reasons, Defendants' motion to dismiss is GRANTED. Plaintiffs may move for leave to amend within thirty days of this order. The Clerk of the Court is directed to close the open motion [dkt. no. 115].
SO ORDERED.