0%
 

Welcome


Welcome to the Escalation Policy and Escalation Standard Training course.

Citi’s culture and values are at the heart of how business is conducted. A strong risk and control environment is a key enabler of Citi’s culture of excellence.

  • Managing risk is everyone’s job at Citi. We are all risk managers.
  • Risk is inherent to Citi’s business and cannot be avoided. Everyone must be vigilant and manage risk with consistency and accountability.
  • The Enterprise Risk Management Framework (ERMF) is Citi’s standard for managing risk.
  • Everyone is responsible for escalating risks and concerns, and Citi provides an environment where this can be done without fear of retribution.

It is your responsibility to understand your role as it relates to managing risk, taking complete ownership of your actions, and supporting Citi in identifying and managing risk every day.

Why are you taking this course?

This foundational course is part of Citi's Enterprise Risk Management Training Program (ERMPT). ERMPT is a series of courses which will build your understanding of your risk and control responsibilities.

We are committed to equipping employees with knowledge and training to carry out day-to-day risk and control responsibilities.

Citi continues to reinforce a robust risk culture of “no surprises” with transparent and purposeful communication on all risk-related matters. Everyone plays a role in protecting Citi’s risk and control environment and for escalating events in an appropriate and timely manner. The Escalation Policy and Escalation Standard support Citi’s risk environment by setting out an enterprise-wide and standardized approach for escalations so that everyone is clear on their responsibilities.

Review the course objectives and tips on how to navigate this course.

Scroll down to continue.

Quote text needed here.

Course Objectives


After completing this course, you will be able to:

  • Explain WHO escalates, WHAT to escalate, WHEN to escalate, to WHOM to escalate, and HOW to follow up on escalations
  • Describe the 4 Escalation Lifecycle stages
  • Explain the importance of timely and consistent escalation of Events
  • Describe your role and responsibilities in relation to the Escalation Lifecycle


Course Navigation Tips


This course is divided into four topics and an end-of-course assessment. After completing the training content, you must score 80% or higher on the assessment to receive credit for this course.

The Home button at the end of each topic takes you to the Home page.

The Menu button provides access to the individual topics.

The Resource button provides a list of useful links.

The Globe button lets you switch to a different language.

The Close button ends your training session and closes the course window.

Coming Next


In the next topic, The Four W’s and H, we’ll explore the key minimum requirements for appropriate and timely escalations as set out in the Escalation Policy and Standard.

The Four W’s and H


In this topic, you will learn about the key principles outlined in the Escalation Policy and the roles and responsibilities within the Escalation Standard, including minimum requirements for the Escalation of Events.

Scroll down to continue.

Culture of No Surprises –
If You Feel Something is
Not Right, Speak Up


As communicated by Jane Fraser, Citi’s CEO, “we are all risk managers.” All staff are therefore responsible for escalating Events – in other words, “if you feel something is not right, speak up.”

You should speak up:

  • When a gut feeling tells you that something is not right
  • Even if all details or impact are initially unknown
  • Without fear of having sole ownership for remediating the Event
  • Without fear of retaliation

Citi’s aim is to maintain a robust risk culture of “no surprises.” Everyone must understand their role in protecting Citi and in fostering proactive and timely escalation of Events.

As a reminder, Citi prohibits retaliatory action against individuals who escalate Events.

Overview of the Escalation Policy and the Escalation Standard

The Escalation Policy and the Escalation Standard are enterprise-wide policy documents that set out a consistent approach for the timely identification, assessment, escalation, and disposition of Events.

Select each question to learn more about the Escalation Policy and Escalation Standard.

 
What is the objective of the Policy and Standard?

What is the objective of the Policy and Standard?

The Escalation Policy outlines the 11 key principles and focuses on WHO escalates, WHAT to escalate, WHEN to escalate, to WHOM to escalate, and HOW to follow up on escalations.

The Escalation Standard defines the minimum requirements and roles and responsibilities for Business and Functions to manage timely escalations of Events across Citi, regardless of origin or Risk Category.

We will cover each of these key areas in more detail later in this topic.

What are my responsibilities for complying with the Policy and Standard?

What are my responsibilities for complying with the Policy and Standard?

All staff are responsible for the identification and timely escalation of Events under the Escalation Policy and Escalation Standard.

What else is covered in the Policy and Standard?

What else is covered in the Policy and Standard?

The Escalation Policy and Escalation Standard apply to all risk categories.

The Policy and Standard set out minimum requirements for Escalation including:

  • The Escalation Lifecycle
  • Roles and Responsibilities
  • Escalation thresholds for Impact Factors
  • Defined target timeframes for escalation

Impact Factors

Impact factors are used to identify Events most critical to Citi, regardless of the Risk Category or source. The Impact Factors dictate the minimum thresholds for escalating Events. The Impact Factors include:

Select each image to learn more.

Potential Financial Gain/Loss

Is likely or has resulted in a monetary loss or gain

Potential Regulatory Actions

Potential to result in violation of law, rule, regulation, and/or regulatory actions, inquiries, or investigations from government agencies

Policy Breaches

A breach of any Citi-approved policy

Reputation Risk Impact

Damage to Citi’s brand, negative coverage in traditional/social media or adverse attention from stakeholders and/or elected officials

Business Damage

Impact on annual budget/revenue and/or disruption to operations

Conduct Risk Impact

Could result in negative impacts to customers/clients or the integrity of financial markets

Employee Impact

A proportion of employees impacted with the potential to disrupt operations and/or services

The Four W’s (and H) of Escalation

We are all responsible for escalating potential or actual Events, because at Citi, we are all risk managers. You might be wondering:

  • Who is responsible for escalating an Event
  • What needs to be escalated
  • When you should escalate
  • Whom you should escalate to
  • How to follow up

Let's break it down.

Select each question to learn more.

 
WHO escalates an Event?

WHO escalates an Event?

All Citi Staff need to escalate Events, potential or actual, that may result in negative impacts to Citi.

Escalation must never be a substitute for Staff making decisions that they are authorized to make, following Business As Usual (BAU) process, or for effective discussion and decision-making. The Escalation Standard includes a Threshold Grid which provides thresholds for Events based on Impact Factors.

Once a Staff member has identified an Event, the Staff member is required to raise it to their Direct Manager or Manager’s Manager. Events are then assessed as Level 1-4 with the level determining to whom the Event is escalated. When the Event relates to a confidential or sensitive matter, these should be raised directly to an Escalation Channel.

WHAT is escalated?

WHAT is escalated?

Events are defined as potential or actual matters, or any other situations, that may result in negative impacts to Citi such as business impairment, reputational damage, loss or harm, threats, or acts of violence to Citi including but not limited to:

  • Control failures or deliberate avoidance or manipulation of controls;
  • Customer harm;
  • Limit/threshold breaches;
  • Regulatory actions;
  • Potential Violation of laws, rules and/or regulations;
  • Breaches, waivers, and dispensations of Citi policies, (defined in the Policy Governance Policy), Citi Code of Conduct or ethical standard which include but are not limited to codes of conduct related to professional licenses; and/or
  • Behavior that is a detrimental departure from industry, or other applicable standard of conduct, whether external or internal.
WHEN is an Event escalated?

WHEN is an Event escalated?

Events must be promptly raised by Staff upon observing or learning about the Event. The early recognition and prompt escalation of Events is key to mitigating risk, so escalations need to be made in alignment with the timing expectations outlined in the Escalation Standard. You should escalate the Event even if all the facts and risks are not yet fully known.

WHOM to escalate to?

WHOM to escalate to?

The first point of contact to escalate an Event is the Staff’s Direct Manager or to their Manager’s Manager, or another Manager in their Business or Function. For confidential events, Staff may escalate directly to any Escalation Channel.

The Direct Manager or the Manager’s Manager will notify the Escalation Champion via the Global Escalation Platform. Events are escalated in-line with the Escalation Standard to impacted stakeholders, including as applicable the Executive Management Team (EMT) and the Board.

Escalation of Events differs from the reporting of Events to Governance Committees and other forums. The former is covered by this Policy whereas the Reporting of Events to Governance Committees and forums is governed by the Citi Governance Policy.

HOW to follow up?

HOW to follow up?

All Staff are encouraged to follow up on any Event they have escalated if they have reason to believe it is not being acted upon. In such instances, they are encouraged to reach out to their Escalation Champion.

Check Your Understanding


What are some examples of Events that must be escalated?

Select the best response and then select Submit.

Submit

Check Your Understanding


Which of the following actions should you take upon learning about an event?

Select the best response and then select Submit.

Submit

Coming Next


In the next topic, you will learn about the different roles and responsibilities involved in escalating an event.

Roles and Responsibilities


In this topic, you will learn about the roles and responsibilities within the Escalation Standard, including how these roles are expected to comply with the Escalation Standard.

Scroll down to continue.

Staff Considerations and Expectations


You are expected to comply with the Escalation Policy and Escalation Standard, and cooperate fully and honestly with internal or external investigations. Furthermore, if you deliberately tamper with, destroy, or otherwise attempt to cover up an Event, including withholding information or compromising the confidentiality of an investigation relevant to an Event, you may also be subject to disciplinary action, up to and including termination of employment. This is in accordance with the Citi Global Disciplinary Review Policy, and any local policies or procedures that may apply.

Events escalated to Human Resources (HR) are not anonymous. However, when staff raise an Event to HR, they may request their identity be maintained as confidential. If staff wish to raise an anonymous Event, they will be directed to raise it via the Ethics Office.

Escalation Lifecycle: Timely and Consistent


The following have critical roles across the Escalation Lifecycle to achieve timely and consistent identification, assessment, escalation, and disposition of an Event:

  • All Staff: All Citi employees, contractors, consultants, and all other parties obligated to follow Citi policies.
  • Direct Manager or Manager’s Manager: Individuals with management responsibilities over other personnel.
  • Escalation Channels: Include Citi Security and Investigative Services (CSIS), Human Resources (HR), Independent Compliance Risk Management (ICRM), Legal, Ethics Office.
  • Escalation Champions: Staff members nominated by each Business and Function Head as a point of contact during the escalation process.
  • Business and Function Heads: Individuals responsible for a specific Business or Functions.
  • Central Escalation Team: Functional team that provides centralized support throughout the escalation lifecycle through Event escalation coordination, monitoring, and reporting.
  • Escalation Event Owners: Assigned Staff member who is responsible for the Event and follows it throughout the Escalation Lifecycle.
  • Event Action Plan Owners: Develops and implements Event Action Plans to address Events.
  • Second Line of Defense: Comprised of Independent Compliance Risk Management (ICRM) and Independent Risk Management.
  • Subject Matter Experts (SMEs): Personnel who possess a deep understanding of a particular subject.

Escalation Lifecycle: Roles and Responsibilities

There are roles for Staff, the Staff Member’s Direct Manager, the Escalation Event Owner and the Escalation Action Plan Owner of the Event. We will focus on these four roles in this section of the training.

Select each tab for more information.

All Staff
Direct Manager or Manager’s Manager
Escalation Event Owner
Event Action Plan Owner

All Staff

It starts with you, Citi Staff.

All Staff must:

  • Follow existing procedures regarding the business-as-usual escalation of matters, and escalate Events that meets the criteria of the Escalation Threshold Grid (Appendix F) in line with the requirements of Section 3.4; and
  • Escalate Events to a Direct Manager, Manager’s Manager or an alternate Manager within their reporting line or Escalation Channel.

Direct Manager or Manager’s Manager

Direct Manager or Manager’s Manager must:

  • Review details of Event(s) that staff have escalated to them and forward the Event to one of the Escalation Channels when deemed to be a confidential or sensitive matter requiring further review
  • Submit, as required, a Preliminary Impact Assessment in the Global Escalation Platform to determine the Impact Factor(s) and Impact Rating
  • Must if, during the Preliminary Impact Assessment the Event is determined to be an existing issue, Regulatory Finding, Technology Incident, Security Incident, or a Limit Breach , follow the appropriate policy
  • Escalate the Event, as required, to:
    • The appropriate Escalation Champion;
    • Appropriate Escalation Channel if an Event contains confidential information; and/or
    • Appropriate SME(s), including Risk Category Owner(s), Escalation Channel, Escalation Champion, or Second Line of Defense for further guidance and input

Escalation Event Owner

Escalation Event Owner must:

  • Complete a Full Impact Assessment as per the Escalation Standard and identify a root cause for Level 1 and Level 2 Events, where required, and for Level 3 Events when requested
  • Provide completed Full Impact Assessments to the Business and Function Heads and Escalation Champion, highlighting deviations from the Preliminary Impact Assessment
  • Document an Event Action Plan within 90 days of identification, as required
  • Oversee and advise Event Action Plan Owners on execution of Event Action Plans, as necessary
  • Complete a Closure Form for assigned Events
  • Provide Full Impact Assessments, Event Action Plans, and Closure Forms to Second Line of Defense review and challenge
  • Provide Event status updates to the Escalation Champion, Business and Function Heads, Second Line of Defense, and Global Regulatory Engagement
  • Prepare Event and Event Action progress reports for relevant stakeholders, including Central Escalation Team, Escalation Champions, Business and Function Head, and Second Line of Defense

Event Action Plan Owner

Event Action Plan Owner must:

  • Execute and/or drive execution of Event Action Plan(s), where required, by target date
  • Provide and document status changes and Event Action Plan status to the Event Owner and Escalation Champion until the Event is closed
  • Provide details of an Event on closure to the Business and Function Head and Second Line of Defense for review and challenge

Check Your Understanding


Which role is responsible for completing a Full Impact Assessment to the Business and Function Heads?

Select the best response and then select Submit.

Submit

Check Your Understanding


Which role is responsible to provide and document status changes and Event Action Plan to the Event Owner and Escalation Champion until the Event is closed?

Select the best response and then select Submit.

Submit

Coming Next


In the next topic, you will learn about the different stages of the Escalation Lifecycle.

Escalation Lifecycle


In this topic, you will learn about the different stages of the Escalation Lifecycle and who plays a part in each stage.

Scroll down to continue.

Understanding the Four Escalation Lifecycle Stages


All staff must promptly raise, and provide details of any Event they observe, or learn about, to their Manager or Manager’s Manager, or one of the Escalation Channels in accordance with the Escalation Policy.

Citi strives to foster an environment of transparent and purposeful communication. If something seems amiss, don’t keep it to yourself. Contact a manager or one of the Escalation Channels. In other words, “if you feel something is not right, speak up.

The Escalation Policy establishes 11 principles which serve as the foundation to the Escalation Lifecycle stages, these stages are: Identification, Assessment, Escalation, and Disposition.

Select here to view the Escalation Lifecycle in full.

You are required to view the lifecycle before you can progress.

Identification


All Staff identify events and escalate to the Direct Manager or Manager’s Manager. If this is a confidential or sensitive matter requiring further review the Direct Manager or Manager’s Manager will raise it directly to the Escalation Channel.

This is a placeholder adaptive image for the purposes of testing. This is the alt tag for this image for the purposes of testing.

Assessment


If not deemed to be a confidential or sensitive matter, the Direct Manager or Manager’s Manager enters the Event into the Global Escalation Platform and completes a Preliminary Impact Assessment. This stage of the lifecycle also requires the Direct Manager or Manager’s Manager to utilize the Escalation Threshold Grid to determine the Event Impact Factor(s) and the rating level.

The Escalation Threshold Grid is defined in the Escalation Standard.

This is a placeholder adaptive image for the purposes of testing. This is the alt tag for this image for the purposes of testing.

Escalation


The Escalation Champion (or delegate) reviews and approves the Preliminary Impact Assessment which includes the associated , Impact Factor(s) and Rating Level. Together the Impact Factor(s) and Rating Level determine the escalation timing expectations as per the Escalation Standard.

Impacted stakeholders are notified via the Global Escalation Platform and for the highest impact events, through coordination by the Central Escalation Team.

The Business and Function Head is informed and determines the Escalation Event Owner.

This is a placeholder adaptive image for the purposes of testing. This is the alt tag for this image for the purposes of testing.

Disposition


The Event Owner completes a Full Impact Assessment (where required, as per the Escalation Standard) and dispositions the Event via the Closure Form where it meets one of the following conditions:

  • Requires the opening of new Issue (or linkage to an existing Issue)
  • When an Event has been identified as a finding by a Regulator
  • The Event no longer meets the definition of an “Event”
  • If the Event does not meet the criteria of the above three bullet points, it will require an Action Plan to be documented in the Global Escalation Platform

This is a placeholder adaptive image for the purposes of testing. This is the alt tag for this image for the purposes of testing.

Check Your Understanding


If an Event is deemed not to be Confidential or Sensitive, at which stage does the Direct Manager or Manager’s Manager complete a Preliminary Impact Assessment?

Select the best response and then select Submit.

Submit

Check Your Understanding


As part of the Escalation Lifecycle, at what stage, is a Full Impact Assessment (where required) completed?

Select the best response and then select Submit.

Submit

Coming Next


Now that you know the key minimum requirements, principles, and roles of escalation, in the next topic, Escalations: Let’s Practice we will run through a scenario to help you further understand why it is important to escalate Events.

Escalations: Let’s Practice


In this topic, you will review a scenario to explore the actions you should take to escalate Events.

Scroll down to continue.

Meet Brent


Brent, a Personal Banker, witnesses a colleague Pat taking money from the cashier drawer for personal use. Brent immediately goes to his Direct Manager, Lisa, and raises the event. Lisa reassures Brent she will escalate the situation to the appropriate Escalation Channel.

To WHOM?


Brent escalated his concerns to his Direct Manager.

According to the Escalation Policy and Escalation Standard, who else could Brent have raised this concern to?

Select the best response and then select Submit.

Submit

To WHOM Should Lisa Escalate?


Lisa identifies that the event she has just received from Brent, may be considered Sensitive and/or Confidential as it refers to a particular staff member.

Based on the description of the Event, which Escalation Channel is most appropriate?

Escalation Channel Events to Escalate
Citi Security and Investigative Services (CSIS) Informational and physical security, cyber-related, and internal fraud-related Events
Human Resources (HR) HR related Events including employment discrimination, harassment, workplace health and safety Events, potential violations of employment-related laws, retaliation for raising or participating in investigations of Events.
Independent Compliance Risk Management (ICRM) Compliance related risk Events
Legal Legal or litigation exposure related Events
Ethics Office Note: You may always raise concerns to the Ethics Office via the Citi Ethics Hotline. Concerns raised through the Citi Ethics Hotline can be made anonymously to the extent permitted by applicable laws and regulations.

Feedback: CSIS would be a good choice of Escalation Channel as the Event potentially involves internal fraud. However, when uncertain, any Escalation Channel can be escalated to.

HOW to Follow Up on Escalations


All Staff are encouraged to follow up on any Event they have escalated if they have reason to believe it is not being acted upon.

In such instances, they are encouraged to reach out to the Escalation Champion or their Delegates.

In Conclusion


In choosing to escalate, Brent raised awareness of a potential risk to Citi. All staff are reminded to escalate as follows:

  • If you feel something is not right, speak up
  • Act immediately, even if all details or impact is initially unknown
  • Act without fear of owning or remediating the Event
  • Act without fear of retaliation

Coming Next


In the next topic, the course Summary, we’ll review your learning before completing the assessment.

Summary


Review the key takeaways from this course.

Scroll down to continue.

Key Takeaways


In this course, you learned that:

  • Citi reinforces a robust risk culture of “no surprises”
  • The Escalation Policy and Escalation Standard support Citi’s risk environment with a consistent approach to Escalations
  • Early identification and prompt escalation of potential or actual Events is key to mitigating risk
  • You should escalate any Event even if all details or impact is initially unknown – in other words, “if you feel something is not right, speak up”
  • Citi prohibits retaliatory action against individuals who escalate Events

Coming Next


In the next topic, the Assessment, it’s time to check your understanding of the content by completing a short assessment. As mentioned at the start of this training, you must score 80% or higher on the assessment to receive credit for this course.

Good luck!

Assessment



You have become aware of an internal fraud-related Event. While you can escalate to any Escalation Channel, given that this is internal fraud-related, who is identified by the Escalation Policy and Escalation Standard as the primary group to escalate the matter to?

Select the best response and then select Submit.

Submit


As a new hire, you believe there are long-term backlogs of unreconciled transactions that are diverting to incorrect accounts or do not have the appropriate risk management reporting transparency.

What should you do?

Select the best response and then select Submit.

Submit


An Event related to widespread employee discrimination practices that results in regulatory action, a hefty fine, and media coverage, will likely impact Citi in which of the following ways?

Select all that apply and then select Submit.

Submit


Sam is aware of an online system outage that interrupted the bank’s payment processing. He heard that there is a team working on a fix so is concerned about prematurely escalating the issue.

What should Sam do?

Select the best response and then select Submit.

Submit


Who is responsible for identifying and raising Events per the Escalation Policy and Escalation Standard?

Select the best response and then select Submit.

Submit


What role is required to perform a Preliminary Impact Assessment to determine the Impact Factor(s) and Impact Rating?

Select the best response and then select Submit.

Submit


What is the first step you must take as an Escalation Event Owner?

Select the best response and then select Submit.

Submit


As Event Action Plan Owner, you must:

Select all that apply and then select Submit.

Submit


Who is an Escalation Champion?

Select the best response and then select Submit.

Submit


Who can appoint the Escalation Champion?

Select the best response and then select Submit.

Submit

Assessment Results

Copyright © Citi and/or its affiliates. All rights reserved.

This course provides an overview of the key minimum requirements for appropriate and timely escalations as set out in the Escalation Policy and Escalation Standard.

Please Note: Since every section of the Escalation Policy and Escalation Standard cannot be covered in this course, it is your responsibility and obligation to read, understand, and comply with the Escalation Policy and the Escalation Standard.

Scroll down to view the topic list and select the Welcome topic to get started. Select the Home button at any time to return to this menu.

A list of useful links is available at any time by selecting the Resources button .

Definitions of key terms are also provided on some screens throughout the course. Select the words underlined to view the definition for these key terms.

If you are accessing the course from a personal device directly over the Internet (outside of the Citi network), some links may not work because they are linked to content within Citi’s network. Please log into your Citi computer to access these links.

Topics

 

Welcome

The Four W’s and H

Roles and Responsibilities

Escalation Lifecycle

Escalations: Let’s Practice

Summary

Assessment


Menu
Home
Welcome
The Four W’s and H
Roles and Responsibilities
Escalation Lifecycle
Escalations: Let’s Practice
Summary
Assessment