Two Sunshine Ordinance Task Force complaint victories in the past month against the City’s whistleblower program underscore failures of San Francisco’s whistleblower program.
CitiReport invited Patrick Monette-Shaw an opportunity to provide a behind-the-scenes review of a Whistleblower complaint that bumped along in the city’s confidential system until a Sunshine request tested the city’s refusal to disclose whether there was any merit to the complaint of mismanagement and misspending of funds. Monette-Shaw filed the Sunshine complaint.
Patrick Monette-Shaw is an open government accountability advocate, a patient advocate and a member of California’s First Amendment Coalition.
This is Part Three of Three Parts.
by Patrick Monette-Shaw
San Francisco’s whistleblower program began as an independent check on government waste, fraud and inefficiency and was signed into law by then-mayor Art Agnos. The first city whistleblower was a new-to-City Hall hire, Ed Lee, who worked out of the mayor’s office.
After Agnos left office, the whistleblower program receded in staff and budget until 1995 when it was transferred to the Ethics Commission.
Before long, Ethics pushed it aside and even ended the annual Whistleblower reports required by law. The City Attorney ensured that its former independence came to an end by asserting that office’s right to handle all investigations. Ironically, the program was launched to be independent because of concerns that the City Attorney’s office protected city officials accused of wrongdoing rather than ending abuses. Now it was back under their tent via Ethics.
The program became little more than a hotline.
In 2003, the city’s corporate community concluded that waste and inefficiency was taking a toll, and argued that the program be established under the City Controller. Voters were willing to try anything, and Ethics had no objection to losing a program it had already dropped. The need for an independent whistleblower program was indisputable.
As too often happens with the translation of voter intentions into a government program, the results were somewhat different. First to go was the independence, as the Controller’s Whistleblower office began sharing with officials accused of mismanagement all the detail and evidence to allow them to marshal a defense – all behind closed doors. The next step was almost inevitable – instead of exposing waste, fraud and inefficiency, it became a tool for managing the city’s risk.
And managing the risk meant “fixing” the problem raised in whistleblower complaints without admitting a problem had existed.
When voters passed Prop C in 2003, they were told the City Controller would investigate whistleblower complaints. In its 2005 whistleblower program policies manual, the City Controller played a central role in investigating whistleblower complaints.
But by December 2010, the policy manual was revised, indicating the City Controller refers complaints to City departments for investigation as well as for resolution, Departments are allowed to investigate charges against their own departments.
One way for Departments to resolve risk is to target the staff member who made the complaint. Under the Controller’s referral, the Department has been handed all the evidence against its management compiled in the complaint and often the name of the person who filed the complaint.
“When complaints are viewed as threats or risks, there is little incentive to investigate them properly, or to protect the whistleblower,” says Dr. Kerr.
“The risk of retaliation against whistleblowers and the burial of whistleblower complaints increases when complaints are referred back to departments to investigate internally,” Dr. Rivero adds.
The role of the Whistleblower program in a risk management system surfaced in an April 28, 2011 report by John Madden, chair of the Audit Subcommittee of the Citizen’s General Obligation Bond Oversight Committee. That’s the subcommittee charged with monitoring whistleblower complaints and the City’s whistleblower program.
But while the City appeared to take very seriously the potential risk inherent in the claims of a whistleblower, it seems to take a far less serious view of the potential for retaliation against the whistleblower.
During his April 28 presentation, Mr. Madden likened whistleblowers to those who “fink on their co-workers.” Madden suggested retaliation might be little more than “putting sand in your sandwich,” or being “assigned a smaller cubicle.” He mentioned nothing about whistleblowers that face wrongful termination retaliation for exposing wrongdoing in City government.
Rating The Whistleblower Complaint
The city categorizes the risks to be taken into account in evaluating a whistleblower complaint by rating the complaint as high, medium or low risk. It appears the City may be using the Whistleblower program as a means to evaluate and manage risks that stem from the actions of high-level City officials.
Tonia Ledju, the Controller’s manager overseeing the Whistleblower Program, indicated on May 18 that the criteria used to evaluate risk includes “rating potential monetary loss to the City, level of staff involved, potential reputation damage, and the use of ARRA [Recovery Act ‘stimulus’] funds.”
Complaints are rated as high-, medium-, and low-risk. The City Controller’s whistleblower website doesn’t disclose the risk profiles, which are kept secret even from whistleblower complainants.
The highest risk category — involving loss to the City of more than $50,000, or cases involving elected officials, and appointed department heads and department deputy directors — aims first at limiting the City’s liability, not to expose wrongdoing at the highest levels of City government.
High-risk cases are sent to the City Attorney, whose role includes defending high-level City officials whose wrongdoings have been exposed by whistleblowers. High-risk cases should be sent, instead, to an external independent agency, since referral of high-risk cases to the City Attorney would seem to involve built-in conflicts of interest. This process defeats the independence that was the aim of the Whistleblower program dating back to 1988.
“Medium-risk” complaints are defined as allegations of wrongdoing involving low- to mid-level management employees.
“Low-risk” complaints are defined as allegations of wrongdoing involving low-level City employees, or a measurable loss of less than $10,000.
None of these definitions that Madden used in his report are included in the whistleblower program’s policy manual. The City subsequently refused to disclose the origin of these definitions.
For Sunshine advocates, the injection of “reputation damage” in assessing whistleblower complaints and how they will be handled raises a question of whether this has become a new, extralegal “exemption” to justify withholding records requested by Sunshine advocates.
The context of the new risk policy may well be the final resolution of the Laguna Honda patient gift fund whistleblower complaint.
Just days after the Controller’s Office released its audit report ordering restitution of over $350,000 to Laguna Honda Hospital’s patient gift fund for patient use that was the subject of Parts 1 and 2 in Pandora’s Secrecy’s Box, the Controller’s Whistleblower Program released its policy and procedure manual as revised in December 2010
The gift fund audit may have led to the policy changes, since the procedure manual now reveals in Section 3.1 that whistleblower complaints are evaluated in part to determine its “risk profile”
Monica Wu in the Controller’s Office indicated that the risk rating is a “collaborative effort within the organization.” It is not known if the three-person whistleblower program staff performs the risk analyses, or whether other City employees are involved in determining complaint risk.
The risk ratings are determined in a step that includes evaluation of a complaint, determination of jurisdiction of who will investigate a given complaint, and the method of investigation. Wu claims the risk rating doesn’t actually determine jurisdiction, just who should be made aware of a complaint. She claimed that risk profiles aren’t shared with departments.
In response to a request for any analyses that have been prepared on the number of whistleblower complaints received and the percentage assigned to each risk category, Ms. Wu responded that no report is available assessing the initial risk profile assigned versus the final risk outcome following disposition of complaint investigations.
When complaints are closed, City departments, but not the whistleblower, are notified with either “No violation” or “Violation” letters of finding. The whistleblower’s only way to learn the outcome of a complaint is to search on the Controller’s website to see if the case was closed and if there was a finding. There is no program that contacts the whistleblower directly with the results.
The public also is not provided specific information even when action is taken in response to a whistleblower complaint. The Controller’s Annual Report (http://sfcontroller.org/Modules/ShowDocument.aspx?documentid=1129) provides case studies of complaints but does not identify the names of any department, contractor or official even when the Controller concludes wrongdoing took place.
The City’s Risk Management Challenge
Two reports have raised serious questions about the City’s handling of the financial risks it faces in settlements. While recommendations for action were presented, no action resulted.
San Francisco Civil Grand Jury issued a report titled Risk Management: Are the Managers Managing the Risks of the City? The Grand Jury was concerned that basic risk management — a process allowing enterprises to manage risks inherent to their programs — was not being performed in a city with assets in excess of $15 billion. The Grand Jury concluded that basic risk management decisions are made “at the whim of particular [City] departments” on a decentralized basis, and that the Office of Risk Management “remains an insurance department with limited duties.”
San Francisco’s Office of Risk Management is located in the General Services Agency under the City Administrator. Historically, the Risk Management Office focused on obtaining insurance coverage for City Departments.
The Grand Jury’s report mirrored many of the concerns in a 1999 Board of Supervisors Legislative Analyst report titled Judgment and Claims Report: Review of Claims, Settlements and Litigation Data for City Departments, written to explore reducing the amount of claims awards paid by the City. A primary recommendation was that departments should be responsible through their own budgets for the costs of settling mismanagement claims. The object was to increase accountability.
Although the Grand Jury submitted 11 recommendations, the City Controller, the Mayor, and others rejected almost all of them. A dozen years after the Legislative Analyst’s report, City departments are still not responsible for budgeting settlement of claims costs or litigation expenses in their annual budgets.
By 2010, the City Controller reported the City went from having issued zero settlement obligation bonds in 2000, and none in 2001, to a staggering $162.1 million as of June 2010. In June 2005, settlement obligation bonds soared to $188.6 million in principal alone.
The Grand Jury noted there is little opportunity for public scrutiny of the City’s claims management programs — which scrutiny is essential to analyze the City’s risk exposure — because it is difficult to obtain data from the City Attorney’s Office. The City Attorney rejected the Grand Jury’s recommendations five and eleven to provide a standard “loss run” report, indicating both recommendations would not be implemented as unwarranted or unreasonable. Loss run reports itemize the type of loss, claimant, litigation status, injury claims, legal expenses, and settlement amounts, among other data used by insurance companies to assess the degree of risks.
The potential overlap with the Whistleblower program is clear. The potential to use the justification of confidentiality in risk management outcomes to also justify secrecy in the Whistleblower program appears to follow logically in the view of city officials.
The Grand Jury noted that due to the lack of consequences at the department level, the City’s risk management system is “virtually a ‘Get Out of Jail Free’ card for department heads.”
The same could be said of the city’s Whistleblower program, despite repeated efforts to inject public accountability and trust in the management of city operations.