Skip to content
AID-2022-0003May 2, 2022critical

Citigroup $444B Basket: Dismissible Warnings, No Hard Block

A Citigroup trader clicked through a single pop-up listing 711 warning messages — only the first 18 visible without scrolling — and released a $444B basket order instead of the intended $58M; ~$1.4B sold before cancellation and the FCA/PRA fined Citigroup £61.6M.

Unauthorized financial actionFail-closed limitsHigh-risk approval gateSegregation of dutiesNamed approval gate

What happened

On May 2, 2022, a Citigroup trader intended to sell a $58M basket but fat-fingered a $444B basket order into the execution system. The order triggered a pop-up presenting 711 warning and soft-block messages, of which only the first 18 lines were visible without scrolling; the trader dismissed the entire pop-up with a single click without scrolling through it. All warnings were overridable — nothing was a hard block. Internal controls stopped $255B, but $189B reached the execution algorithm and approximately $1.4B sold before the trader cancelled. The execution briefly crashed the OMX Stockholm 30 index by about 8 percent. The FCA and PRA fined Citigroup £61.6M in May 2024 for inadequate controls.

What the agent did

The execution agent submitted a basket order with notional value ($444B) orders of magnitude larger than the trader intended ($58M), with no hard ceiling preventing over-threshold submission and no requirement for second-party approval of the over-cap release.

The irreversible effect

Approximately $1.4B in securities sold before cancellation; OMX Stockholm 30 index dropped ~8%; regulatory fine of £61.6M; reputational damage and market disruption.

Root cause

Warnings alone are not effective controls — a single click dismissed a pop-up containing 711 warning messages, most of which were never even seen. The system lacked hard enforcement: no mandatory per-invocation notional ceiling on the standard submit path, no second-party approval requirement for over-cap submissions, and no segregation of duties preventing a single agent from releasing exceptional orders. The over-cap release skill had no approval gate required.

How a maker-checker control would have refused it

MakerChecker's proxy would refuse the $444B submission with `limit_violation` if citi-trade-submit-capped@2 carried a maxAmountPerInvocation limit (e.g., $1B). The only over-cap release path would be citi-trade-submit-uncapped@1 marked risk_tier: high, which the proxy refuses with `high_risk_requires_gate`, requiring the submission to route through a governed flow with a preceding approval gate (a named human sign-off that the requester cannot bypass or self-approve).

Runnable reproduction

This incident ships as a runnable scenario in the open-source repository. Point the enforcement engine at the policy and watch the action get refused, with the refusal written to a signed audit record.

examples/citigroup-444b-fat-finger-overridable-warning

View the reproduction on GitHub →

Accuracy and corrections

This entry describes a publicly reported incident and is compiled from the primary sources listed above. Where an account is a legal allegation rather than an established finding, the entry labels it as such. Summaries can still contain errors. If you can document a correction, email hello@makerchecker.ai and we will review and correct it, with the change noted, within 14 days.

See it for yourself

Reading is one thing. Watch it block an agent.

One command starts the demo: an agent stopped from signing off its own work, and the signed evidence file an inspector can check for themselves.

Designed against the rules your auditors already enforce.