Oklahoma Firefighters Pension & Retirement System v. Citigroup Inc. ( 2015 )

                                                    EFiled: Apr 24 2015 12:37PM EDT
Transaction ID 57133205
Case No. 9587-ML
IN THE COURT OF CHANCERY OF THE STATE OF DELAWARE
OKLAHOMA FIREFIGHTERS                      :
PENSION & RETIREMENT SYSTEM,               :
:
Plaintiff,         :
:
v.                       :     C.A. No. 9587-ML (VCN)
:
CITIGROUP INC.,                            :
:
Defendant.         :
MEMORANDUM OPINION
Date Submitted: January 22, 2015
Date Decided: April 24, 2015
Michael J. Barry, Esquire, Nathan A. Cook, Esquire, and Justin K. Victor, Esquire
of Grant & Eisenhofer, P.A., Wilmington, Delaware, Attorneys for Plaintiff.
Stephen P. Lamb, Esquire and Meghan M. Dougherty, Esquire of Paul, Weiss,
Rifkind, Wharton & Garrison LLP, Wilmington, Delaware; Brad S. Karp, Esquire,
Bruce Birenboim, Esquire, Susanna M. Buergel, Esquire, and Caitlin E.
Grusauskas, Esquire of Paul, Weiss, Rifkind, Wharton & Garrison LLP, New
York, New York; and Jane B. O’Brien, Esquire of Paul, Weiss, Rifkind, Wharton
& Garrison LLP, Washington, DC, Attorneys for Defendant.
NOBLE, Vice Chancellor
Plaintiff seeks to inspect certain books and records of Defendant Citigroup
Inc. (“Citigroup” or the “Company”) in order to investigate possible
mismanagement and breaches of fiduciary duty by Citigroup’s directors and
officers in connection with events at two of Citigroup’s subsidiaries. Citigroup
argues that Plaintiff has not established a credible basis to infer possible
mismanagement or wrongdoing by the Company’s fiduciaries. Further, assuming
that Plaintiff has stated a proper purpose, Citigroup contends that the scope of
inspection demanded is overbroad.
On June 27, 2014, this case was tried on a paper record before a Master in
Chancery. The Master issued a draft bench report recommending that the Court
find that Plaintiff has stated a proper purpose for inspection, but narrowing the
scope of documents sought by Plaintiff’s demand.1
Citigroup took timely exceptions to the draft report. After the parties briefed
those exceptions, the Master issued her final report and recommendation (the
“Final Report”), confirming her conclusion that Plaintiff had established a proper
purpose for inspection.2 She did, however, again narrow the scope of documents
that she deemed Plaintiff should be entitled to inspect.
1
Section 220 Request Trial Transcript and Draft Bench Report of the Master,
Okla. Firefighters Pension & Ret. Sys. v. Citigroup Inc., C.A. No. 9587-ML, at
104-13 (Del. Ch. June 27, 2014) (TRANSCRIPT).
2
Okla. Firefighters Pension & Ret. Sys. v. Citigroup Inc., 

, at *8
(Del. Ch. Sept. 30, 2014).
1
On October 7, 2014, Citigroup filed its Notice of Exception to the Master’s
Final Report. The parties briefed Citigroup’s exceptions and presented argument
before this Court. This is the Court’s ruling on the Company’s exceptions.
I. BACKGROUND
Citigroup, a Delaware corporation, is a diversified financial services holding
company headquartered in New York, New York. Its businesses provide a range
of financial products, including consumer banking and credit, corporate and
investment banking, securities brokerage, transaction services, and wealth
management.3 Plaintiff Oklahoma Firefighters Pension & Retirement System has
held Citigroup stock since December 31, 2007.
On March 17, 2014, Plaintiff made a written demand (the “Demand”) on
Citigroup pursuant to 8 Del. C. § 220 (“Section 220”).4 The Demand sought books
and records relating to recently-disclosed adverse events involving two of
Citigroup’s subsidiaries: Banco Nacional de Mexico, S.A. (“Banamex”) and
Banamex USA. More specifically, Plaintiff aims to investigate a recent fraud at
Banamex (the “Banamex fraud”) and Banamex USA’s compliance with the Bank
3
Transmittal Aff. of Meghan M. Dougherty in Supp. of Def.’s Br. in Supp. of
Exceptions to the Master’s Final Report (“Dougherty Aff.”) Ex. G.
4
Verified Compl. Pursuant to 8 Del. C. § 220 to Compel Inspection of Books and
Records (“Compl.”) Ex. 1.
2
Secrecy Act (the “BSA”)5 and anti-money laundering (“AML”) requirements
under federal laws and banking regulations.
A. The Banamex Fraud
Banamex, an indirect wholly-owned Citigroup subsidiary, is one of the
Company’s largest foreign consumer banks, accounting for approximately 10% of
the Company’s global profits.6 Citigroup views Banamex as “an integral part of
[Citigroup’s] global network and a source of great pride . . . .”7 “Banamex is . . .
subject to the same risk, control, anti-money-laundering and technology standards
and oversight which are required throughout the [Company].”8 Citigroup’s Co-
President, Manuel Medina-Mora, holds the title of “Chairman, Mexico” and
oversees Citigroup’s Mexican business.9
On February 28, 2014, Citigroup disclosed that a recent fraud had been
discovered at Banamex:
As of December 31, 2013, Citi, through [Banamex], had
extended approximately $585 million of short-term credit to
Oceanografia S.A. de C.V. (“OSA”), a Mexican oil services company,
through an accounts receivable financing program. OSA has been a
key supplier to Petróleos Mexicanos (“Pemex”), the Mexican state-
owned oil company. Pursuant to the program, Banamex extended
credit to OSA to finance accounts receivables due from Pemex. As of
5

, et. seq.
6
Transmittal Aff. of Justin K. Victor in Supp. of Pl.’s Answering Br. in Opp’n to
Citigroup’s Exceptions to the Master’s Final Report (“Victor Aff.”) Ex. 2.D.
7
Dougherty Aff. Ex. G.
8
Victor Aff. Ex. 15 at 2.
9
Victor Aff. Ex. 19.
3
December 31, 2013, Banamex also had approximately $33 million in
either outstanding loans made directly to OSA or standby letters of
credit issued on OSA’s behalf.
On February 11, 2014, Citi learned that OSA had been
suspended from being awarded new Mexican government contracts.
Upon learning of this suspension, Citi, together with Pemex,
commenced detailed reviews of their credit exposure to OSA and of
the accounts receivable financing program over the past several years.
As a consequence of those reviews, on February 20, 2014, Pemex
asserted that a significant portion of the accounts receivables recorded
by Banamex in connection with the Pemex accounts receivable
financing program were fraudulent and that the valid receivables were
substantially less than the $585 million referenced above.10
The Banamex fraud caused Citigroup to adjust downward its fourth quarter
and full year 2013 financial results by $235 million after tax.11 Citigroup’s net
income fell from $13.9 billion to $13.7 billion.12 Citigroup’s Chief Executive
Officer (“CEO”), Michael Corbat, described the Banamex fraud as “significant”
and suggested that “the impact to [Citigroup’s] credibility [would be] hard[] to
calculate.”13 The Company fired at least twelve employees, including four high-
ranking executives in Mexico.14
10
Victor Aff. Ex. 2.A.
11

12

 In April 2014, Citigroup disclosed that a second fraud had been uncovered at
Banamex. The magnitude of the second fraud, which involved less than
$30 million in loans, was small relative to the Banamex fraud. Victor Aff. Ex. 5.
As a result of the frauds, Citigroup’s Mexican unit reduced its first quarter net
profit by $112 million. Victor Aff. Ex. 4.
13
Dougherty Aff. Ex. G.
14
Victor Aff. 13.
4
Moody’s Investors Service (“Moody’s”) downgraded its ratings for
Banamex to “reflect the severity of the fraud revealed in March and the subsequent
revelations about the deficiencies in Banamex’s risk management and auditing
functions that permitted this fraud to occur.”15    Moody’s questioned whether
structural and cultural risk management and governance issues at Banamex were
broader than initially thought.16
B. Banamex USA’s BSA/AML Compliance
Banamex USA is a California-based Citigroup subsidiary. It is a deposit-
taking bank that provides retail banking and money-transfer services to customers
doing business in Mexico and the United States. In its Annual Report on Form 10-
K, filed on March 3, 2014, Citigroup disclosed that it and Banamex USA had
received grand jury subpoenas issued by the United States Attorney’s Office for
the District of Massachusetts (the “U.S. Attorney’s Office”) relating to compliance
with BSA and AML requirements under federal laws and banking regulations.
Banamex USA had also received a subpoena (addressing its BSA/AML programs)
from the Federal Deposit Insurance Corporation (the “FDIC”).17
The U.S. Attorney’s Office was reportedly investigating “whether [Banamex
USA] . . . failed to alert the government to suspicious banking transactions along
15
Victor Aff. Ex. 21 at OFP00000979.
16

17
Victor Aff. Ex. 9 at OFP00000512.
5
the U.S.-Mexico border that in some cases involved suspected drug-cartel
members . . . .”18 Concerns stemmed from Citigroup’s failure to “submit . . .
suspicious-activity reports flagging the questionable transactions . . . .”19 The BSA
requires banks to notify federal authorities of any suspicious activity on cash
transactions over $10,000.20
The government subpoenas came on the heels of a series of consent orders
(the “Consent Orders”) that Citigroup had entered into with various regulators in
2012 and 2013 regarding BSA/AML compliance. The first order, on April 4,
2012, was with the Office of the Comptroller of the Currency (the “OCC”). The
OCC had investigated Citibank, N.A. (“Citibank”), another Citibank subsidiary,
and concluded that Citibank’s BSA/AML compliance program was deficient.
According to the OCC, Citibank had
failed to adopt and implement a compliance program that adequately
covers the required BSA/AML program elements due to an
inadequate system of internal controls and ineffective independent
testing. [Citibank] did not develop adequate due diligence on foreign
correspondent bank customers and failed to file Suspicious Activity
18
Victor Aff. Ex. 6.
19

20

 In 2012, Citigroup had sent a team of employees and consultants to Banamex
USA’s headquarters to install new controls and review past transactions. That
investigation had revealed “problems with a money-services business that allowed
people to transfer money across the U.S.-Mexico border without being a
customer.” 

6
Reports (“SARs”) related to its remote deposit capture/international
cash letter instrument activity in a timely manner.21
Later in 2012, Banamex USA entered into a consent order with the FDIC
and the California Department of Financial Institutions. Neither admitting nor
denying legal violations, Banamex USA agreed to address, among other issues, the
“(i) overall integrity and effectiveness of the BSA/AML compliance program,
including policies, procedures, and processes; (ii) BSA/AML risk assessment;
(iii) BSA reporting and recordkeeping requirements . . . [and] (vii) personnel
adherence     to       [Banamex   USA’s]   BSA/AML   policies,   procedures,   and
processes . . . .”22
Then, on March 21, 2013, Citigroup entered into a consent order with the
Board of Governors of the Federal Reserve System (the “Federal Reserve”). This
order referenced the previous two and stated the Federal Reserve’s conclusion that
“Citigroup lacked effective systems of governance and internal controls to
adequately oversee the activities of the Banks with respect to legal, compliance,
and reputational risk related to the Banks’ respective BSA/AML compliance
programs . . . .”23 Citigroup’s board of directors (the “Board”) agreed to enhance
its risk management program with regard to BSA/AML compliance.
21
Victor Aff. Ex. 18 at 2. The Bank neither admitted nor denied the OCC’s
findings.
22
Victor Aff. Ex. 16 at 5.
23
Victor Aff. Ex. 17 at 2-3. The “Banks” are Citibank and Banamex USA.
7
II. ANALYSIS
A. Legal Standard
This Court reviews the Master’s factual findings and legal conclusions de
novo.24
Through Section 220, “[a]ny stockholder, in person or by attorney or other
agent, shall, upon written demand under oath stating the purpose thereof, have the
right . . . to inspect for any proper purpose . . . [t]he corporation’s . . . books and
records . . . .”25 A stockholder seeking inspection must demonstrate its proper
purpose by a preponderance of the evidence.26
To investigate waste and mismanagement, which is a proper purpose, a
stockholder “must present some credible basis from which the court can infer that
waste or mismanagement may have occurred.”27 However, the stockholder is “not
required to prove by a preponderance of the evidence that waste and
[mismanagement] are actually occurring.”28 “Both the stated purpose and the
24
Ct. Ch. R. 144(a).
25
8 Del. C. § 220(b)(1).
26
Seinfeld v. Verizon Commc’ns, Inc., 

, 121 (Del. 2006).
27
Thomas & Betts Corp. v. Leviton Mfg. Co., Inc., 

, 1031 (Del.
1996).
28

8
underlying need for information necessarily derive from an absence of conclusive
facts, and such a standard would beg the ultimate question at issue.”29
“Delaware courts routinely reject the conclusory allegation that because
illegal behavior occurred, internal controls must have been deficient, and the board
must have known so.”30 Nonetheless, the Court is not ruling on a motion to
dismiss, but a Section 220 demand, where “the ‘credible basis’ standard sets the
lowest possible burden of proof. The only way to reduce the burden of proof
further would be to eliminate any requirement that a stockholder show some
evidence of possible wrongdoing.”31
B. Plaintiff’s Purposes for Inspection
Plaintiff intends to investigate mismanagement and possible breaches of
fiduciary duty by Citigroup’s directors and officers in connection with the
Banamex fraud and Banamex USA’s BSA/AML compliance.32 Plaintiff seeks to
investigate, in contemplation of derivative litigation, the disinterest of the Board to
determine whether presuit demand would be excused.33
29
Donald J. Wolfe, Jr. & Michael A. Pittenger, Corporate and Commercial
Practice in the Delaware Court of Chancery, § 8.06[e][1], at 8-135 (2014).
30
Desimone v. Barrows, 

, 940 (Del. Ch. 2007).
31
Seinfeld, 

.
32
Compl. Ex. 1.
33

9
C. Investigating the Banamex Fraud Is a Proper Purpose
Citigroup’s Risk Management and Finance Committee (the “Risk
Management Committee”) is a standing committee of its Board.                   The Risk
Management Committee oversees the Company’s risk management, including its
risk appetite, its risk policies, its exposure to operational risk, and the qualifications
and background of senior risk officers.34         The Risk Management Committee
reviews management’s design, implementation, and maintenance of an effective
risk program. It also reports to the Board regarding the Company’s risk profile and
risk management policies and practices.         To fulfill its charge, the committee
receives regular management reports and may request information to investigate
matters within the scope of its duties.35       The Board also maintains an Audit
Committee, which further oversees risk assessment and risk management.36
Plaintiff intends to test whether it has viable Caremark claims against
Citigroup’s fiduciaries for failing to fulfill their oversight responsibilities.
According to Citigroup, while the Banamex fraud was unfortunate, its occurrence
only supports an inference of mismanagement or wrongdoing at Banamex, not at
Citigroup. Caremark claims are among the hardest to plead successfully.37 For
that reason, this Court has analogized the practice of immediately filing a
34
Victor Aff. Ex. 10 at 2. This is not an exhaustive list of its duties.
35
Victor Aff. Ex. 10 at 1.
36
Victor Aff. Ex. 12 at 5.
37
See In re Caremark Int’l Inc. Deriv. Litig., 

, 968 (Del. Ch. 1996).
10
complaint asserting such claims after a negative corporate event to purchasing a
lottery ticket.38 Most claims are unlikely to survive a motion to dismiss, but filing
is cheap and the payoff, for the “winning ticket,” is potentially large.
The Court therefore encourages stockholders to pursue a Section 220
demand instead of bringing a premature complaint.
[O]nce you have those books and records, you can make an intelligent
decision about whether or not to sue, because it may well be that the
board is not involved in the underlying misconduct and, therefore, the
board is the appropriate corporate actor to determine what if anything
should be done on behalf of the company as a result of the corporate
trauma . . . .
Second and perhaps equally important, if you learn that the
board was somehow implicated and therefore is not the institutionally
competent actor, you can actually plead a complaint that might
survive Rule 23.1.39
Here, the record would not likely support fiduciary duty claims capable of
surviving a motion to dismiss. However, the relevant question is whether the
record establishes a credible basis, the “lowest burden of proof,” to support a
conclusion that Plaintiff’s demand is based on more than mere suspicion and
conjecture.   Of course, it may turn out “that the board is not involved in the
38
U.C.F.W. Local 1776 & Participating Emp’rs Pension Fund v. Allergan, Inc.,
C.A. No. 6223-VCL, at 28 (Del. Ch. Apr. 27, 2011) (TRANSCRIPT).
39
Id. at 28-29.
11
underlying misconduct and, therefore, the board is the appropriate corporate actor
to determine what if anything should be done on behalf of the company . . . .” 40
It would be inappropriate to infer possible mismanagement by Citigroup’s
Board or senior management merely because wrongdoing occurred at Banamex
and the Board has oversight responsibility. If Plaintiff’s showing ended there, the
record would merely indicate that improper behavior may have occurred despite
Citigroup’s internal controls. An inference that those controls were deficient, in a
sense capable of establishing a credible basis for a Caremark claim, would be
overreaching.
However, before the Banamex fraud was revealed, there were red flags
indicating issues at the subsidiary. Plaintiff argues that Citigroup’s Board either
was, or should have been, aware of the warning signs. The Banamex fraud was not
merely a blip on Citigroup’s radar. Banamex is “an integral part of [Citigroup’s]
global network and a source of great pride . . . .” 41 It accounts for approximately
10% of Citigroup’s annual profits and the fraud was material enough to Citigroup
to cause it to restate its financial results.42 Citigroup took broad remedial actions to
address the fraud and its fallout. One might commend Citigroup for the actions it
took once the Banamex fraud was revealed. Conversely, one might also question,
40
Id.
41
Dougherty Aff. Ex. G.
42
Id.
12
if the event was so significant to Citigroup, how the Company allowed it to occur
in the first place.43
Citigroup’s CEO confirmed that “[t]here were telltales [of the Banamex
fraud] along the way . . . .”44 “[E]mployees missed signs of trouble they should
have recognized and elevated to superiors.”45 Perhaps, the failures to report up the
ladder indicate a lack of adequate controls. Additionally, debt ratings firms Fitch
and Standard & Poor’s both stopped rating Oceanografia, Banamex’s counterparty
to the Banamex fraud loans, in 2010, citing insufficient financial information.46
Citigroup did not review its credit exposure to Oceanografia until February 11,
2014, upon learning that Oceanografia had been suspended from being awarded
new Mexican government contracts.47
These circumstances raise questions over whether proper risk management
and detection systems were in place, or were properly followed.           One can
reasonably infer that if the Risk Management and Audit Committees were
functioning properly, then a system would have existed to detect, prevent, or
43
As one financial journalist observed, the Banamex fraud indicated a failure “in
the . . . Banamex and Citigroup risk-management departments, where no one
seems to have stopped to ask how on earth a simple accounts-receivable credit line
could have grown to more than half a billion dollars in size.” Victor Aff. 2.F.
(Felix Salmon, Incompetent Banamex, THE STREET, Mar. 4, 2014, at 1).
44
Victor Aff. Ex. 15 at 1.
45
Id.
46
Victor Aff. Ex. 2.D at 2.
47
Victor Aff. Ex. 2.A at 1.
13
minimize the Banamex fraud. That the fraud involved an accounts-receivable
credit line, a core component of the bank’s business, is further cause for concern.
Notably, Banamex is subject to the same oversight standards which are required
throughout the Company.48
Citigroup is a sprawling multi-billion dollar corporation. That wrongdoing
occurred at one of its subsidiaries falls far short of indicating failures on behalf of
its fiduciaries. Nonetheless, given the nature and magnitude of the Banamex fraud,
there is at least a credible basis to infer deficiencies at Citigroup, and Plaintiff is
entitled to investigate.49     This conclusion does not ignore the corporate
separateness of Citigroup and Banamex, but recognizes the Board’s role in
overseeing its important subsidiary.
D. Investigating Banamex USA’s BSA/AML Compliance Is a Proper Purpose
The Court agrees with the Master that “the issue of Banamex USA’s
BSA/AML compliance is a closer case” than the Banamex fraud.50 The Consent
48
Victor Aff. Ex. 15 at 2.
49
Southeastern Pennsylvania Transportation Authority v. AbbVie, Inc., 

 (Del. Ch. Apr. 15, 2015), is distinguishable. In that case, the record did
not establish a credible basis to doubt that directors had acted loyally in connection
with approving and subsequently terminating a merger. The record reflected that
the board was informed of the merger-related risks and had factored the risks into
its decision to approve the deal. Id. at *15. Here, the Plaintiff is not asserting that
Citigroup’s board improvidently made a business decision that imposed a
substantial risk on the Company. Instead, the Plaintiff has established a minimum
credible basis from which one can infer a failure of oversight at the Company.
50
See Okla. Firefighters Pension & Ret. Sys., 

, at *7.
14
Orders, standing alone, would not satisfy the credible basis threshold. Further, that
Citigroup and Banamex USA subsequently received subpoenas relating to
BSA/AML issues does not, in the abstract, allow the inference that Citigroup failed
to implement the Consent Orders properly.
Citigroup correctly observes that the fact that a corporation is “one of many
companies in many industries caught up in the dragnet of a federal
investigation . . . does not support an inference of possible wrongdoing.”51 In
isolation, Citigroup’s receipt of subpoenas regarding BSA/AML issues does not
adequately suggest mismanagement or wrongdoing by its fiduciaries.
However, there is evidence that the subpoenas were not merely the
consequence of Citigroup’s being “caught up in the dragnet of a federal
investigation.” The subpoenas were issued shortly after Citigroup entered the
Consent Orders, which arose from findings by the OCC, the FDIC, and the Federal
Reserve that Citigroup and certain of its subsidiaries, including Banamex USA, did
not maintain adequate controls for compliance with BSA/AML requirements.52
Banamex USA, which is overseen by Citigroup, is now under investigation for an
apparent failure to report suspicious banking transactions. The Consent Orders
addressed BSA reporting requirements, which include suspicious activity
51
La. Mun. Police Emps.’ Ret. Sys. v. Lennar Corp., 

, at *4
(Del. Ch. Oct. 5, 2012).
52
Again, Citigroup has neither admitted nor denied the agencies’ findings.
15
reporting.   The government investigation is thus targeted at Citigroup and
Banamex USA, and at least part of the government’s reason for investigating is
known. The government’s rationale relates directly to events at Banamex USA
that one might expect not to occur if the Consent Orders had been properly
implemented.
Therefore, Plaintiff “has cobbled together sufficient evidence, taken as a
whole, to satisfy the threshold credible evidence standard.”53            One could
reasonably infer that Citigroup either incorrectly implemented the Consent Orders
or failed to carry out appropriately the actions those orders contemplated. Plaintiff
has a proper purpose to investigate Citigroup’s implementation of the controls and
compliance programs that it agreed to under the Consent Orders.54
E. Proper Scope of Inspection
An inspection under Section 220 “is not open-ended; it is restricted to
inspection of the books and records needed to perform the task. Accordingly,
inspection is limited to those documents that are necessary, essential, and sufficient
for the shareholders’ purpose.”55 This Court “has wide latitude in determining the
53
Robotti & Co., LLC v. Gulfport Energy Corp., 

, at *3 (Del.
Ch. July 3, 2007).
54
A broader investigation into what may have led to the Consent Orders is not a
proper purpose. The Master reached this same conclusion.
55
BBC Acq. Corp. v. Durr-Fillauer Med., Inc., 

, 88 (Del. Ch. 1992).
16
proper scope of inspection.”56      In exercising this discretion, the Court limits
inspection to “documents reasonably required to satisfy the purpose of the
demand.”57 Circumscribing an appropriate scope “is [a] fact specific [exercise]
and will necessarily depend on the context in which the shareholder’s inspection
demand arises.”58     “[T]he stockholder should be given enough information to
effectively address the problem. . . .”59
The Master’s Final Report recommends production of
(1) board and committee minutes and materials provided to the board
or committees, (2) materials containing talking points, scripts, or other
summaries of remarks or reports that were delivered at a board or
committee meeting, and (3) policies and procedures, but only to the
extent those books and records relate to the following topics: (a) the
Banamex fraud, (b) the BSA/AML matters at Banamex USA, (c)
Banamex’s fraud detection and prevention efforts, and (d) Citigroup’s
BSA/AML compliance.60
The Master limited the documents subject to her recommendation with two
separate timeframes: January 2011 until the date of an order for Banamex fraud-
related documents, and January 2012 until the date of an order for documents
relating to Banamex USA’s BSA/AML compliance.
Citigroup’s only exception to the Master’s recommended scope, given the
Court’s finding of proper purpose, is that production of documents relating to
56
Thomas & Betts Corp., 

.
57
Carapico v. Phila. Stock Exch., Inc., 

, 793 (Del. Ch. 2000).
58
Espinoza v. Hewlett-Packard Co., 

, 372 (Del. 2011).
59
Saito v. McKesson HBOC, Inc., 

, 115 (Del. 2002).
60
Okla. Firefighters Pension & Ret. Sys., 

, at *8.
17
“Citigroup’s BSA/AML compliance” would exceed what is necessary, essential,
and sufficient to investigate Plaintiff’s BSA/AML concerns. Citigroup contends
that this topic of inspection should be narrowed because Plaintiff’s proper purpose
regarding BSA/AML compliance is limited to investigating the implementation of
the Consent Orders and not more generally into what may have led to the orders.
However, the scope recommended by the Master is appropriately tailored to
allow Plaintiff to investigate its potential claims while mitigating the burden on
Citigroup. The first Consent Order was entered into on April 4, 2012. The Master
recommended inspection regarding “Citigroup’s BSA/AML compliance” of
documents from January 2012 to the date of the order.61           This timeframe
appropriately allows Plaintiff to investigate Citigroup’s implementation of the
Consent Orders. Not only did the Master place time constraints on the documents
to be produced, but she only recommended production of three categories of
documents, as described in the Final Report.62
“Citigroup’s BSA/AML compliance” does not describe a vague category of
documents. It embodies a class of documents potentially instructive on the issue of
the Company’s implementation of the controls and compliance programs
contemplated by the Consent Orders. While it is unavoidable that some documents
61
The Master substantially narrowed Plaintiff’s request for documents dating back
to January 1, 2008.
62
See supra text accompanying note 60.
18
within this category’s scope may not ultimately advance Plaintiff’s proper purpose,
production of this category is necessary to allow Plaintiff to investigate fully
BSA/AML         compliance.     Documents      concerning   Citigroup’s   BSA/AML
compliance are targeted toward investigating whether the Consent Orders were
properly implemented. Narrowing the scope of inspection further than the Master
has already done risks rendering Plaintiff’s investigation incomplete.
III. CONCLUSION
Plaintiff has established a proper purpose to investigate mismanagement and
possible breaches of fiduciary duty by Citigroup’s fiduciaries in connection with
the Banamex fraud and Banamex USA’s BSA/AML compliance. The Master
appropriately limited the scope of Plaintiff’s demand to categories of documents
that are necessary and essential for Plaintiff’s purpose.
After a de novo review of the issues raised, Citigroup’s exceptions to the
Master’s Final Report are denied. The Court approves and adopts the Final Report
and the recommendations contained therein.
Counsel are requested to confer and to submit an implementing form of
order.
19