Citigroup $444B Basket: Dismissible Warnings, No Hard Block
A Citigroup trader clicked through a single pop-up listing 711 warning messages — only the first 18 visible without scrolling — and released a $444B basket order instead of the intended $58M; ~$1.4B sold before cancellation and the FCA/PRA fined Citigroup £61.6M.
What happened
On May 2, 2022, a Citigroup trader intended to sell a $58M basket but fat-fingered a $444B basket order into the execution system. The order triggered a pop-up presenting 711 warning and soft-block messages, of which only the first 18 lines were visible without scrolling; the trader dismissed the entire pop-up with a single click without scrolling through it. All warnings were overridable — nothing was a hard block. Internal controls stopped $255B, but $189B reached the execution algorithm and approximately $1.4B sold before the trader cancelled. The execution briefly crashed the OMX Stockholm 30 index by about 8 percent. The FCA and PRA fined Citigroup £61.6M in May 2024 for inadequate controls.
What the agent did
The execution agent submitted a basket order with notional value ($444B) orders of magnitude larger than the trader intended ($58M), with no hard ceiling preventing over-threshold submission and no requirement for second-party approval of the over-cap release.
The irreversible effect
Approximately $1.4B in securities sold before cancellation; OMX Stockholm 30 index dropped ~8%; regulatory fine of £61.6M; reputational damage and market disruption.
Root cause
Warnings alone are not effective controls — a single click dismissed a pop-up containing 711 warning messages, most of which were never even seen. The system lacked hard enforcement: no mandatory per-invocation notional ceiling on the standard submit path, no second-party approval requirement for over-cap submissions, and no segregation of duties preventing a single agent from releasing exceptional orders. The over-cap release skill had no approval gate required.
How a maker-checker control would have refused it
MakerChecker's proxy would refuse the $444B submission with `limit_violation` if citi-trade-submit-capped@2 carried a maxAmountPerInvocation limit (e.g., $1B). The only over-cap release path would be citi-trade-submit-uncapped@1 marked risk_tier: high, which the proxy refuses with `high_risk_requires_gate`, requiring the submission to route through a governed flow with a preceding approval gate (a named human sign-off that the requester cannot bypass or self-approve).
Runnable reproduction
This incident ships as a runnable scenario in the open-source repository. Point the enforcement engine at the policy and watch the action get refused, with the refusal written to a signed audit record.
examples/citigroup-444b-fat-finger-overridable-warning
Accuracy and corrections
This entry describes a publicly reported incident and is compiled from the primary sources listed above. Where an account is a legal allegation rather than an established finding, the entry labels it as such. Summaries can still contain errors. If you can document a correction, email hello@makerchecker.ai and we will review and correct it, with the change noted, within 14 days.
See it for yourself
Reading is one thing. Watch it block an agent.
One command starts the demo: an agent stopped from signing off its own work, and the signed evidence file an inspector can check for themselves.
Designed against the rules your auditors already enforce.