WASHINGTON (Reuters) – Citigroup Inc C.N agreed to pay a $400 million penalty and draw up a sweeping remediation plan after U.S. regulators identified “several longstanding deficiencies” and operational lapses, U.S. regulators said on Wednesday.

The Federal Reserve and Office of the Comptroller of the Currency said that the bank required “comprehensive corrective actions” and must overhaul its risk management, data governance and internal controls across the company.

The Fed said the action “requires the firm to correct several longstanding deficiencies.”

“For several years, the Bank has failed to implement and maintain an enterprisewide risk management and compliance risk management program, internal controls, or a data governance program commensurate with the Bank’s size, complexity, and risk profile,” the OCC said in its consent order.

WHAT CITIGROUP’S NEW FEMALE CEO JANE FRASER MEANS FOR BUSINESS AND THE NEXT GENERATION

In a statement, Citi said it was disappointed to have fallen short of regulatory expectations and has “significant remediation projects” under way.

The hefty penalty follows renewed public and regulatory scrutiny of Citi’s operations after an “error” led the bank to mistakenly send Revlon creditors $900 million of its own funds in August. The bank is pursuing legal action against some lenders who are refusing to return the payment.

Since then it has announced that Chief Executive Mike Corbat would retire earlier than expected and the bank would boost investment in its operational systems by $1 billion.

CLICK HERE TO READ MORE STORIES ON FOX BUSINESS 

Incoming CEO Jane Fraser, who will take over early next year, has highlighted improving risk and control systems as a priority. “We will invest in our infrastructure, risk management and controls to ensure