                                                    EFiled: Apr 24 2015 12:37PM EDT
                                                    Transaction ID 57133205
                                                    Case No. 9587-ML
   IN THE COURT OF CHANCERY OF THE STATE OF DELAWARE


OKLAHOMA FIREFIGHTERS                      :
PENSION & RETIREMENT SYSTEM,               :
                                           :
                        Plaintiff,         :
                                           :
                  v.                       :     C.A. No. 9587-ML (VCN)
                                           :
CITIGROUP INC.,                            :
                                           :
                        Defendant.         :



                         MEMORANDUM OPINION


                       Date Submitted: January 22, 2015
                        Date Decided: April 24, 2015




Michael J. Barry, Esquire, Nathan A. Cook, Esquire, and Justin K. Victor, Esquire
of Grant & Eisenhofer, P.A., Wilmington, Delaware, Attorneys for Plaintiff.

Stephen P. Lamb, Esquire and Meghan M. Dougherty, Esquire of Paul, Weiss,
Rifkind, Wharton & Garrison LLP, Wilmington, Delaware; Brad S. Karp, Esquire,
Bruce Birenboim, Esquire, Susanna M. Buergel, Esquire, and Caitlin E.
Grusauskas, Esquire of Paul, Weiss, Rifkind, Wharton & Garrison LLP, New
York, New York; and Jane B. O’Brien, Esquire of Paul, Weiss, Rifkind, Wharton
& Garrison LLP, Washington, DC, Attorneys for Defendant.




NOBLE, Vice Chancellor
      Plaintiff seeks to inspect certain books and records of Defendant Citigroup

Inc. (“Citigroup” or the “Company”) in order to investigate possible

mismanagement and breaches of fiduciary duty by Citigroup’s directors and

officers in connection with events at two of Citigroup’s subsidiaries. Citigroup

argues that Plaintiff has not established a credible basis to infer possible

mismanagement or wrongdoing by the Company’s fiduciaries. Further, assuming

that Plaintiff has stated a proper purpose, Citigroup contends that the scope of

inspection demanded is overbroad.

      On June 27, 2014, this case was tried on a paper record before a Master in

Chancery. The Master issued a draft bench report recommending that the Court

find that Plaintiff has stated a proper purpose for inspection, but narrowing the

scope of documents sought by Plaintiff’s demand.1

      Citigroup took timely exceptions to the draft report. After the parties briefed

those exceptions, the Master issued her final report and recommendation (the

“Final Report”), confirming her conclusion that Plaintiff had established a proper

purpose for inspection.2 She did, however, again narrow the scope of documents

that she deemed Plaintiff should be entitled to inspect.


1
  Section 220 Request Trial Transcript and Draft Bench Report of the Master,
Okla. Firefighters Pension & Ret. Sys. v. Citigroup Inc., C.A. No. 9587-ML, at
104-13 (Del. Ch. June 27, 2014) (TRANSCRIPT).
2
  Okla. Firefighters Pension & Ret. Sys. v. Citigroup Inc., 2014 WL 5351345, at *8
(Del. Ch. Sept. 30, 2014).
                                          1
      On October 7, 2014, Citigroup filed its Notice of Exception to the Master’s

Final Report. The parties briefed Citigroup’s exceptions and presented argument

before this Court. This is the Court’s ruling on the Company’s exceptions.

                               I. BACKGROUND

      Citigroup, a Delaware corporation, is a diversified financial services holding

company headquartered in New York, New York. Its businesses provide a range

of financial products, including consumer banking and credit, corporate and

investment banking, securities brokerage, transaction services, and wealth

management.3 Plaintiff Oklahoma Firefighters Pension & Retirement System has

held Citigroup stock since December 31, 2007.

      On March 17, 2014, Plaintiff made a written demand (the “Demand”) on

Citigroup pursuant to 8 Del. C. § 220 (“Section 220”).4 The Demand sought books

and records relating to recently-disclosed adverse events involving two of

Citigroup’s subsidiaries: Banco Nacional de Mexico, S.A. (“Banamex”) and

Banamex USA. More specifically, Plaintiff aims to investigate a recent fraud at

Banamex (the “Banamex fraud”) and Banamex USA’s compliance with the Bank




3
  Transmittal Aff. of Meghan M. Dougherty in Supp. of Def.’s Br. in Supp. of
Exceptions to the Master’s Final Report (“Dougherty Aff.”) Ex. G.
4
  Verified Compl. Pursuant to 8 Del. C. § 220 to Compel Inspection of Books and
Records (“Compl.”) Ex. 1.
                                         2
Secrecy Act (the “BSA”)5 and anti-money laundering (“AML”) requirements

under federal laws and banking regulations.

A. The Banamex Fraud

      Banamex, an indirect wholly-owned Citigroup subsidiary, is one of the

Company’s largest foreign consumer banks, accounting for approximately 10% of

the Company’s global profits.6 Citigroup views Banamex as “an integral part of

[Citigroup’s] global network and a source of great pride . . . .”7 “Banamex is . . .

subject to the same risk, control, anti-money-laundering and technology standards

and oversight which are required throughout the [Company].”8 Citigroup’s Co-

President, Manuel Medina-Mora, holds the title of “Chairman, Mexico” and

oversees Citigroup’s Mexican business.9

      On February 28, 2014, Citigroup disclosed that a recent fraud had been

discovered at Banamex:

             As of December 31, 2013, Citi, through [Banamex], had
      extended approximately $585 million of short-term credit to
      Oceanografia S.A. de C.V. (“OSA”), a Mexican oil services company,
      through an accounts receivable financing program. OSA has been a
      key supplier to Petróleos Mexicanos (“Pemex”), the Mexican state-
      owned oil company. Pursuant to the program, Banamex extended
      credit to OSA to finance accounts receivables due from Pemex. As of

5
  31 U.S.C. § 5311, et. seq.
6
  Transmittal Aff. of Justin K. Victor in Supp. of Pl.’s Answering Br. in Opp’n to
Citigroup’s Exceptions to the Master’s Final Report (“Victor Aff.”) Ex. 2.D.
7
  Dougherty Aff. Ex. G.
8
  Victor Aff. Ex. 15 at 2.
9
  Victor Aff. Ex. 19.
                                          3
      December 31, 2013, Banamex also had approximately $33 million in
      either outstanding loans made directly to OSA or standby letters of
      credit issued on OSA’s behalf.

             On February 11, 2014, Citi learned that OSA had been
      suspended from being awarded new Mexican government contracts.
      Upon learning of this suspension, Citi, together with Pemex,
      commenced detailed reviews of their credit exposure to OSA and of
      the accounts receivable financing program over the past several years.
      As a consequence of those reviews, on February 20, 2014, Pemex
      asserted that a significant portion of the accounts receivables recorded
      by Banamex in connection with the Pemex accounts receivable
      financing program were fraudulent and that the valid receivables were
      substantially less than the $585 million referenced above.10

      The Banamex fraud caused Citigroup to adjust downward its fourth quarter

and full year 2013 financial results by $235 million after tax.11 Citigroup’s net

income fell from $13.9 billion to $13.7 billion.12 Citigroup’s Chief Executive

Officer (“CEO”), Michael Corbat, described the Banamex fraud as “significant”

and suggested that “the impact to [Citigroup’s] credibility [would be] hard[] to

calculate.”13 The Company fired at least twelve employees, including four high-

ranking executives in Mexico.14



10
   Victor Aff. Ex. 2.A.
11
   Id.
12
   Id. In April 2014, Citigroup disclosed that a second fraud had been uncovered at
Banamex. The magnitude of the second fraud, which involved less than
$30 million in loans, was small relative to the Banamex fraud. Victor Aff. Ex. 5.
As a result of the frauds, Citigroup’s Mexican unit reduced its first quarter net
profit by $112 million. Victor Aff. Ex. 4.
13
   Dougherty Aff. Ex. G.
14
   Victor Aff. 13.
                                         4
      Moody’s Investors Service (“Moody’s”) downgraded its ratings for

Banamex to “reflect the severity of the fraud revealed in March and the subsequent

revelations about the deficiencies in Banamex’s risk management and auditing

functions that permitted this fraud to occur.”15    Moody’s questioned whether

structural and cultural risk management and governance issues at Banamex were

broader than initially thought.16

B. Banamex USA’s BSA/AML Compliance

      Banamex USA is a California-based Citigroup subsidiary. It is a deposit-

taking bank that provides retail banking and money-transfer services to customers

doing business in Mexico and the United States. In its Annual Report on Form 10-

K, filed on March 3, 2014, Citigroup disclosed that it and Banamex USA had

received grand jury subpoenas issued by the United States Attorney’s Office for

the District of Massachusetts (the “U.S. Attorney’s Office”) relating to compliance

with BSA and AML requirements under federal laws and banking regulations.

Banamex USA had also received a subpoena (addressing its BSA/AML programs)

from the Federal Deposit Insurance Corporation (the “FDIC”).17

      The U.S. Attorney’s Office was reportedly investigating “whether [Banamex

USA] . . . failed to alert the government to suspicious banking transactions along


15
   Victor Aff. Ex. 21 at OFP00000979.
16
   Id.
17
   Victor Aff. Ex. 9 at OFP00000512.
                                        5
the U.S.-Mexico border that in some cases involved suspected drug-cartel

members . . . .”18 Concerns stemmed from Citigroup’s failure to “submit . . .

suspicious-activity reports flagging the questionable transactions . . . .”19 The BSA

requires banks to notify federal authorities of any suspicious activity on cash

transactions over $10,000.20

      The government subpoenas came on the heels of a series of consent orders

(the “Consent Orders”) that Citigroup had entered into with various regulators in

2012 and 2013 regarding BSA/AML compliance. The first order, on April 4,

2012, was with the Office of the Comptroller of the Currency (the “OCC”). The

OCC had investigated Citibank, N.A. (“Citibank”), another Citibank subsidiary,

and concluded that Citibank’s BSA/AML compliance program was deficient.

According to the OCC, Citibank had

      failed to adopt and implement a compliance program that adequately
      covers the required BSA/AML program elements due to an
      inadequate system of internal controls and ineffective independent
      testing. [Citibank] did not develop adequate due diligence on foreign
      correspondent bank customers and failed to file Suspicious Activity




18
   Victor Aff. Ex. 6.
19
   Id.
20
   Id. In 2012, Citigroup had sent a team of employees and consultants to Banamex
USA’s headquarters to install new controls and review past transactions. That
investigation had revealed “problems with a money-services business that allowed
people to transfer money across the U.S.-Mexico border without being a
customer.” Id.
                                         6
       Reports (“SARs”) related to its remote deposit capture/international
       cash letter instrument activity in a timely manner.21

       Later in 2012, Banamex USA entered into a consent order with the FDIC

and the California Department of Financial Institutions. Neither admitting nor

denying legal violations, Banamex USA agreed to address, among other issues, the

“(i) overall integrity and effectiveness of the BSA/AML compliance program,

including policies, procedures, and processes; (ii) BSA/AML risk assessment;

(iii) BSA reporting and recordkeeping requirements . . . [and] (vii) personnel

adherence     to       [Banamex   USA’s]   BSA/AML   policies,   procedures,   and

processes . . . .”22

       Then, on March 21, 2013, Citigroup entered into a consent order with the

Board of Governors of the Federal Reserve System (the “Federal Reserve”). This

order referenced the previous two and stated the Federal Reserve’s conclusion that

“Citigroup lacked effective systems of governance and internal controls to

adequately oversee the activities of the Banks with respect to legal, compliance,

and reputational risk related to the Banks’ respective BSA/AML compliance

programs . . . .”23 Citigroup’s board of directors (the “Board”) agreed to enhance

its risk management program with regard to BSA/AML compliance.


21
   Victor Aff. Ex. 18 at 2. The Bank neither admitted nor denied the OCC’s
findings.
22
   Victor Aff. Ex. 16 at 5.
23
   Victor Aff. Ex. 17 at 2-3. The “Banks” are Citibank and Banamex USA.
                                           7
                                  II. ANALYSIS

A. Legal Standard

      This Court reviews the Master’s factual findings and legal conclusions de

novo.24

      Through Section 220, “[a]ny stockholder, in person or by attorney or other

agent, shall, upon written demand under oath stating the purpose thereof, have the

right . . . to inspect for any proper purpose . . . [t]he corporation’s . . . books and

records . . . .”25 A stockholder seeking inspection must demonstrate its proper

purpose by a preponderance of the evidence.26

      To investigate waste and mismanagement, which is a proper purpose, a

stockholder “must present some credible basis from which the court can infer that

waste or mismanagement may have occurred.”27 However, the stockholder is “not

required to prove by a preponderance of the evidence that waste and

[mismanagement] are actually occurring.”28 “Both the stated purpose and the




24
   Ct. Ch. R. 144(a).
25
   8 Del. C. § 220(b)(1).
26
   Seinfeld v. Verizon Commc’ns, Inc., 909 A.2d 117, 121 (Del. 2006).
27
   Thomas & Betts Corp. v. Leviton Mfg. Co., Inc., 681 A.2d 1026, 1031 (Del.
1996).
28
   Id.
                                          8
underlying need for information necessarily derive from an absence of conclusive

facts, and such a standard would beg the ultimate question at issue.”29

      “Delaware courts routinely reject the conclusory allegation that because

illegal behavior occurred, internal controls must have been deficient, and the board

must have known so.”30 Nonetheless, the Court is not ruling on a motion to

dismiss, but a Section 220 demand, where “the ‘credible basis’ standard sets the

lowest possible burden of proof. The only way to reduce the burden of proof

further would be to eliminate any requirement that a stockholder show some

evidence of possible wrongdoing.”31

B. Plaintiff’s Purposes for Inspection

      Plaintiff intends to investigate mismanagement and possible breaches of

fiduciary duty by Citigroup’s directors and officers in connection with the

Banamex fraud and Banamex USA’s BSA/AML compliance.32 Plaintiff seeks to

investigate, in contemplation of derivative litigation, the disinterest of the Board to

determine whether presuit demand would be excused.33




29
    Donald J. Wolfe, Jr. & Michael A. Pittenger, Corporate and Commercial
Practice in the Delaware Court of Chancery, § 8.06[e][1], at 8-135 (2014).
30
   Desimone v. Barrows, 924 A.2d 908, 940 (Del. Ch. 2007).
31
   Seinfeld, 909 A.2d at 123.
32
   Compl. Ex. 1.
33
   Id.
                                          9
C. Investigating the Banamex Fraud Is a Proper Purpose

      Citigroup’s Risk Management and Finance Committee (the “Risk

Management Committee”) is a standing committee of its Board.                   The Risk

Management Committee oversees the Company’s risk management, including its

risk appetite, its risk policies, its exposure to operational risk, and the qualifications

and background of senior risk officers.34         The Risk Management Committee

reviews management’s design, implementation, and maintenance of an effective

risk program. It also reports to the Board regarding the Company’s risk profile and

risk management policies and practices.         To fulfill its charge, the committee

receives regular management reports and may request information to investigate

matters within the scope of its duties.35       The Board also maintains an Audit

Committee, which further oversees risk assessment and risk management.36

      Plaintiff intends to test whether it has viable Caremark claims against

Citigroup’s fiduciaries for failing to fulfill their oversight responsibilities.

According to Citigroup, while the Banamex fraud was unfortunate, its occurrence

only supports an inference of mismanagement or wrongdoing at Banamex, not at

Citigroup. Caremark claims are among the hardest to plead successfully.37 For

that reason, this Court has analogized the practice of immediately filing a

34
   Victor Aff. Ex. 10 at 2. This is not an exhaustive list of its duties.
35
   Victor Aff. Ex. 10 at 1.
36
   Victor Aff. Ex. 12 at 5.
37
   See In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959, 968 (Del. Ch. 1996).
                                           10
complaint asserting such claims after a negative corporate event to purchasing a

lottery ticket.38 Most claims are unlikely to survive a motion to dismiss, but filing

is cheap and the payoff, for the “winning ticket,” is potentially large.

      The Court therefore encourages stockholders to pursue a Section 220

demand instead of bringing a premature complaint.

      [O]nce you have those books and records, you can make an intelligent
      decision about whether or not to sue, because it may well be that the
      board is not involved in the underlying misconduct and, therefore, the
      board is the appropriate corporate actor to determine what if anything
      should be done on behalf of the company as a result of the corporate
      trauma . . . .

            Second and perhaps equally important, if you learn that the
      board was somehow implicated and therefore is not the institutionally
      competent actor, you can actually plead a complaint that might
      survive Rule 23.1.39

      Here, the record would not likely support fiduciary duty claims capable of

surviving a motion to dismiss. However, the relevant question is whether the

record establishes a credible basis, the “lowest burden of proof,” to support a

conclusion that Plaintiff’s demand is based on more than mere suspicion and

conjecture.   Of course, it may turn out “that the board is not involved in the




38
   U.C.F.W. Local 1776 & Participating Emp’rs Pension Fund v. Allergan, Inc.,
C.A. No. 6223-VCL, at 28 (Del. Ch. Apr. 27, 2011) (TRANSCRIPT).
39
   Id. at 28-29.
                                          11
underlying misconduct and, therefore, the board is the appropriate corporate actor

to determine what if anything should be done on behalf of the company . . . .” 40

      It would be inappropriate to infer possible mismanagement by Citigroup’s

Board or senior management merely because wrongdoing occurred at Banamex

and the Board has oversight responsibility. If Plaintiff’s showing ended there, the

record would merely indicate that improper behavior may have occurred despite

Citigroup’s internal controls. An inference that those controls were deficient, in a

sense capable of establishing a credible basis for a Caremark claim, would be

overreaching.

      However, before the Banamex fraud was revealed, there were red flags

indicating issues at the subsidiary. Plaintiff argues that Citigroup’s Board either

was, or should have been, aware of the warning signs. The Banamex fraud was not

merely a blip on Citigroup’s radar. Banamex is “an integral part of [Citigroup’s]

global network and a source of great pride . . . .” 41 It accounts for approximately

10% of Citigroup’s annual profits and the fraud was material enough to Citigroup

to cause it to restate its financial results.42 Citigroup took broad remedial actions to

address the fraud and its fallout. One might commend Citigroup for the actions it

took once the Banamex fraud was revealed. Conversely, one might also question,


40
   Id.
41
   Dougherty Aff. Ex. G.
42
   Id.
                                          12
if the event was so significant to Citigroup, how the Company allowed it to occur

in the first place.43

       Citigroup’s CEO confirmed that “[t]here were telltales [of the Banamex

fraud] along the way . . . .”44 “[E]mployees missed signs of trouble they should

have recognized and elevated to superiors.”45 Perhaps, the failures to report up the

ladder indicate a lack of adequate controls. Additionally, debt ratings firms Fitch

and Standard & Poor’s both stopped rating Oceanografia, Banamex’s counterparty

to the Banamex fraud loans, in 2010, citing insufficient financial information.46

Citigroup did not review its credit exposure to Oceanografia until February 11,

2014, upon learning that Oceanografia had been suspended from being awarded

new Mexican government contracts.47

       These circumstances raise questions over whether proper risk management

and detection systems were in place, or were properly followed.           One can

reasonably infer that if the Risk Management and Audit Committees were

functioning properly, then a system would have existed to detect, prevent, or


43
   As one financial journalist observed, the Banamex fraud indicated a failure “in
the . . . Banamex and Citigroup risk-management departments, where no one
seems to have stopped to ask how on earth a simple accounts-receivable credit line
could have grown to more than half a billion dollars in size.” Victor Aff. 2.F.
(Felix Salmon, Incompetent Banamex, THE STREET, Mar. 4, 2014, at 1).
44
   Victor Aff. Ex. 15 at 1.
45
   Id.
46
   Victor Aff. Ex. 2.D at 2.
47
   Victor Aff. Ex. 2.A at 1.
                                        13
minimize the Banamex fraud. That the fraud involved an accounts-receivable

credit line, a core component of the bank’s business, is further cause for concern.

Notably, Banamex is subject to the same oversight standards which are required

throughout the Company.48

      Citigroup is a sprawling multi-billion dollar corporation. That wrongdoing

occurred at one of its subsidiaries falls far short of indicating failures on behalf of

its fiduciaries. Nonetheless, given the nature and magnitude of the Banamex fraud,

there is at least a credible basis to infer deficiencies at Citigroup, and Plaintiff is

entitled to investigate.49     This conclusion does not ignore the corporate

separateness of Citigroup and Banamex, but recognizes the Board’s role in

overseeing its important subsidiary.

D. Investigating Banamex USA’s BSA/AML Compliance Is a Proper Purpose

      The Court agrees with the Master that “the issue of Banamex USA’s

BSA/AML compliance is a closer case” than the Banamex fraud.50 The Consent


48
   Victor Aff. Ex. 15 at 2.
49
   Southeastern Pennsylvania Transportation Authority v. AbbVie, Inc., 2015 WL
1753033 (Del. Ch. Apr. 15, 2015), is distinguishable. In that case, the record did
not establish a credible basis to doubt that directors had acted loyally in connection
with approving and subsequently terminating a merger. The record reflected that
the board was informed of the merger-related risks and had factored the risks into
its decision to approve the deal. Id. at *15. Here, the Plaintiff is not asserting that
Citigroup’s board improvidently made a business decision that imposed a
substantial risk on the Company. Instead, the Plaintiff has established a minimum
credible basis from which one can infer a failure of oversight at the Company.
50
   See Okla. Firefighters Pension & Ret. Sys., 2014 WL 5351345, at *7.
                                          14
Orders, standing alone, would not satisfy the credible basis threshold. Further, that

Citigroup and Banamex USA subsequently received subpoenas relating to

BSA/AML issues does not, in the abstract, allow the inference that Citigroup failed

to implement the Consent Orders properly.

      Citigroup correctly observes that the fact that a corporation is “one of many

companies in many industries caught up in the dragnet of a federal

investigation . . . does not support an inference of possible wrongdoing.”51 In

isolation, Citigroup’s receipt of subpoenas regarding BSA/AML issues does not

adequately suggest mismanagement or wrongdoing by its fiduciaries.

      However, there is evidence that the subpoenas were not merely the

consequence of Citigroup’s being “caught up in the dragnet of a federal

investigation.” The subpoenas were issued shortly after Citigroup entered the

Consent Orders, which arose from findings by the OCC, the FDIC, and the Federal

Reserve that Citigroup and certain of its subsidiaries, including Banamex USA, did

not maintain adequate controls for compliance with BSA/AML requirements.52

Banamex USA, which is overseen by Citigroup, is now under investigation for an

apparent failure to report suspicious banking transactions. The Consent Orders

addressed BSA reporting requirements, which include suspicious activity


51
   La. Mun. Police Emps.’ Ret. Sys. v. Lennar Corp., 2012 WL 4760881, at *4
(Del. Ch. Oct. 5, 2012).
52
   Again, Citigroup has neither admitted nor denied the agencies’ findings.
                                         15
reporting.   The government investigation is thus targeted at Citigroup and

Banamex USA, and at least part of the government’s reason for investigating is

known. The government’s rationale relates directly to events at Banamex USA

that one might expect not to occur if the Consent Orders had been properly

implemented.

      Therefore, Plaintiff “has cobbled together sufficient evidence, taken as a

whole, to satisfy the threshold credible evidence standard.”53            One could

reasonably infer that Citigroup either incorrectly implemented the Consent Orders

or failed to carry out appropriately the actions those orders contemplated. Plaintiff

has a proper purpose to investigate Citigroup’s implementation of the controls and

compliance programs that it agreed to under the Consent Orders.54

E. Proper Scope of Inspection

      An inspection under Section 220 “is not open-ended; it is restricted to

inspection of the books and records needed to perform the task. Accordingly,

inspection is limited to those documents that are necessary, essential, and sufficient

for the shareholders’ purpose.”55 This Court “has wide latitude in determining the




53
   Robotti & Co., LLC v. Gulfport Energy Corp., 2007 WL 2019796, at *3 (Del.
Ch. July 3, 2007).
54
   A broader investigation into what may have led to the Consent Orders is not a
proper purpose. The Master reached this same conclusion.
55
   BBC Acq. Corp. v. Durr-Fillauer Med., Inc., 623 A.2d 85, 88 (Del. Ch. 1992).
                                         16
proper scope of inspection.”56      In exercising this discretion, the Court limits

inspection to “documents reasonably required to satisfy the purpose of the

demand.”57 Circumscribing an appropriate scope “is [a] fact specific [exercise]

and will necessarily depend on the context in which the shareholder’s inspection

demand arises.”58     “[T]he stockholder should be given enough information to

effectively address the problem. . . .”59

      The Master’s Final Report recommends production of

      (1) board and committee minutes and materials provided to the board
      or committees, (2) materials containing talking points, scripts, or other
      summaries of remarks or reports that were delivered at a board or
      committee meeting, and (3) policies and procedures, but only to the
      extent those books and records relate to the following topics: (a) the
      Banamex fraud, (b) the BSA/AML matters at Banamex USA, (c)
      Banamex’s fraud detection and prevention efforts, and (d) Citigroup’s
      BSA/AML compliance.60

      The Master limited the documents subject to her recommendation with two

separate timeframes: January 2011 until the date of an order for Banamex fraud-

related documents, and January 2012 until the date of an order for documents

relating to Banamex USA’s BSA/AML compliance.

      Citigroup’s only exception to the Master’s recommended scope, given the

Court’s finding of proper purpose, is that production of documents relating to

56
   Thomas & Betts Corp., 681 A.2d at 1035.
57
   Carapico v. Phila. Stock Exch., Inc., 791 A.2d 787, 793 (Del. Ch. 2000).
58
   Espinoza v. Hewlett-Packard Co., 32 A.3d 365, 372 (Del. 2011).
59
   Saito v. McKesson HBOC, Inc., 806 A.2d 113, 115 (Del. 2002).
60
   Okla. Firefighters Pension & Ret. Sys., 2014 WL 5351345, at *8.
                                            17
“Citigroup’s BSA/AML compliance” would exceed what is necessary, essential,

and sufficient to investigate Plaintiff’s BSA/AML concerns. Citigroup contends

that this topic of inspection should be narrowed because Plaintiff’s proper purpose

regarding BSA/AML compliance is limited to investigating the implementation of

the Consent Orders and not more generally into what may have led to the orders.

      However, the scope recommended by the Master is appropriately tailored to

allow Plaintiff to investigate its potential claims while mitigating the burden on

Citigroup. The first Consent Order was entered into on April 4, 2012. The Master

recommended inspection regarding “Citigroup’s BSA/AML compliance” of

documents from January 2012 to the date of the order.61           This timeframe

appropriately allows Plaintiff to investigate Citigroup’s implementation of the

Consent Orders. Not only did the Master place time constraints on the documents

to be produced, but she only recommended production of three categories of

documents, as described in the Final Report.62

      “Citigroup’s BSA/AML compliance” does not describe a vague category of

documents. It embodies a class of documents potentially instructive on the issue of

the Company’s implementation of the controls and compliance programs

contemplated by the Consent Orders. While it is unavoidable that some documents


61
   The Master substantially narrowed Plaintiff’s request for documents dating back
to January 1, 2008.
62
   See supra text accompanying note 60.
                                        18
within this category’s scope may not ultimately advance Plaintiff’s proper purpose,

production of this category is necessary to allow Plaintiff to investigate fully

BSA/AML         compliance.     Documents      concerning   Citigroup’s   BSA/AML

compliance are targeted toward investigating whether the Consent Orders were

properly implemented. Narrowing the scope of inspection further than the Master

has already done risks rendering Plaintiff’s investigation incomplete.

                                III. CONCLUSION

         Plaintiff has established a proper purpose to investigate mismanagement and

possible breaches of fiduciary duty by Citigroup’s fiduciaries in connection with

the Banamex fraud and Banamex USA’s BSA/AML compliance. The Master

appropriately limited the scope of Plaintiff’s demand to categories of documents

that are necessary and essential for Plaintiff’s purpose.

         After a de novo review of the issues raised, Citigroup’s exceptions to the

Master’s Final Report are denied. The Court approves and adopts the Final Report

and the recommendations contained therein.

         Counsel are requested to confer and to submit an implementing form of

order.




                                          19
