Whistleblower letter to Citigroup Board of Directors on ethics and retaliation
|Subject: Whistleblower complaint|
|From: Abdul Jaludi <firstname.lastname@example.org>|
|Date: 10/15/2015 3:46 PM|
I know you are extremely busy but just in case my previous email
went into the junk folder I am re-sending my note to the board of
directors ethics committee inline rather than a attachment. Please
let me know if you receive this.
To the Citi Board of Directors ethics committee:
In early 2010, in my role as manager of the North America event management team, it was my responsibility to ensure trouble tickets were created for every system and application related problem which may affect customers. As a member of the global problem management committee one of my functions was to ensure problems were properly resolved, prevented from recurring and properly tracked in the problem management system (EMS). It was in these capacities that I found problem management (EMS) tickets were either being deleted, reclassified to a lower severity even though they fit the severity one criteria or not being created at all.
Severity one problem (EMS) tickets are for problems affecting large dollar amounts, such as hundreds of millions in deposits that don’t get posted to customer accounts within regulatory requirements, or tens of thousands of debits that are doubled, or problems that affect large numbers of customers, such as a system problem that prevents a high number of banking customers from withdrawing funds, or prevents them from accessing their accounts.
All severity one EMS tickets are required to be sent to senior management and to the Office of the Comptroller of the Currency (OCC). Hundreds of severity one problems that should have been reported were not being sent. These were either being deleted or lowered to a lesser severity so they wouldn’t have to be reported. In addition, O&T help desks, which usually get the first notification of system problems, began a practice of refusing to open a severity one EMS ticket unless they absolutely had to, such as a caller escalating an issue.
I reported these issues to my management and was told everyone knew what’s being done and that it was being done to make O&T look good. There had been a directive to reduce severity one problems and this was how it was being done, by manipulating the problem management system or preventing issues from being reported. I kept reporting this issue to senior management, through emails, using the ethics complaint system, to the CIO’s, Jagdish Rao, town hall through the website and in person.
I had also sent an email to the CEO, Vikram Pandit in early 2010, regarding management practices within O&T. About a week later I was called to see the O&T North America data center head, Tony DiSanto, who was unhappy I had written to the CEO. He said Don Callahan, Citi’s CAO, had called him and read him the email over the phone then asked Tony to take care of it. Going forward, Mr. DiSanto wanted me to send any issues I found directly to him.
A few months later I sent an email to Tony DiSanto regarding the CEO’s Span of Control directive, which stated each manager must have a minimum number of direct reports. I pointed out that Alberto Montufar had developed two org charts, one internally keeping things as they are and a fake second set to make it look they were compliant with the CEO’s directive. Nothing came of this aside from finding out this practice was commonplace within O&T.
During this timeframe my management kept telling me I should keep my mouth shut. My former manager, Silvio Ottolia, had also told me that Tony DiSanto hated my guts for refusing to keep my mouth shut and wanted me fired.
In the 2rd quarter of 2010 Silvio told me I was being moved down one level, and would be reporting to Steve D’Amato. I was told to go visit my new boss. After this conversation I went to see my current manager, Christine Cullison and asked her if it was true, that I had been moved down one level and she said it was out of her hands. She said this was being ordered by Mr. Montufar (now South America CTI head reporting to Jagdish Rao)) under the premise of consolidating the mainframe automation and distributed event management teams. Both Steve and I reported to Christine, who said I was much more qualified and the best individual to manage the combined team, but that her hands were tied.
She told me to put together a presentation of my accomplishments for her to present to her new boss (Larry Proctor). Within a few days, while I was on vacation and working on the presentation, new org charts were made and sent out showing me reporting to one of Steve D’amato’s directs, lowering me down two levels.
I voiced my concerns about what was happening behind closed doors to Silvio, Christine and Larry. Larry said that a fair selection process would take place, even though new org charts had already been distributed. Nothing happened until a month later, in early 3rd quarter 2010, when my teams, which included North America event management and the command center automation teams, were taken away from me.
For two months I had no staff reporting to me nor was I given any work to do. Then, in late 4Q 2010, I was transferred to the ITDCA (Infrastructure tools and Data Center automation) group reporting to Motti Finkelstein. During my initial meeting with Motti, he said he was told to take me and did not know what to do with me. About two months later a new manager (Madhu Aiyappen) was transferred from CTI to manage the group, adding a layer of management between Motti and the ITDCA team. In May 2011, Madhu demoted me to an entry level Unix administrator position, even though I had no Unix experience. On May 31, 2011 I sent Madhu an email asking for a reason for the demotion. This is the response I received via email:
It’s not a demotion by any means. I will call you and explain (he never did). The projects you will be working will be managed by TK. The organization is still going through restructuring and realignment.
The ITDCA team was responsible for data center tools, which included Tivoli and scheduling applications, both of which I was a subject matter expert, but I was never asked to work with either team, unless they ran into problems. Instead I was told to learn Unix and software packaging, normally functions for low level workers.
Around the 2nd quarter of 2011 Frank Colangelo, head of the operations team which managed the Tivoli scheduling application (TWS), asked me to take over all engineering work for that product. I told Madhu and TK that Frank wanted to transfer all resources he had for TWS to ITDCA, since it already owned all other scheduling applications. I never received a response.
Several months later the Frank asked for my help in regards to getting support from IBM for some TWS problems. I was able to resolve the TWS problems but received this note from TK on Nov 18, 2011:
The TWS agent effort appears to have grown a life of its own. My concern is at the end of the day, we in CATE do not own the product expertise (the engineers Frank wanted to transfer to ITDCA) nor are we in a position to offer ongoing engineering support…While I acknowledge your efforts to initially set the wheels in motion to help the customer and have set the course, I believe it is time for CTI to take over the ongoing coordination so that you can focus on the primary engineering efforts for the solutions ITDCA owns… You can help in this area by developing skills in aspects such as agent packaging (low level unix admin function) etc to support the TAD4D or other products that we own in Madhu’s team.
In 2009 I had founded the WAIS application, a tool that automated mainframe tasks, including requests for emergency access to production which resolved audit violations since the manual process violated numerous security standards. WAIS was chosen by the security standards committee as the global standard, replacing the manual process and a vendor application, saving over $1 million per year. From initial rollout until early 2011 I had been continually asked to help various divisions within Citi to migrate onto the WAIS application. This stopped in 2011 when I was ordered by Madhu to cease all WAIS activities, saying there was no expertise within ITDCA, even though I was the technical expert and WAIS was an infrastructure automation tool. In addition, while all engineering work was being moved to ITDCA, Madhu refused to take ownership for WAIS, even though I was the operational and engineering owner of the product. Instead I was ordered to learn a software licensing product (TAD4D) which ITDCA volunteered to take on and to work side by side with a low level Unix administrator.
Initially, I was told I could work on WAIS only if a request for help came in. One request came in June from the compliance officer (Luis Soto) for Citi’s Institutional Clients Group (ICG) to help move the remaining businesses within ICG to WAIS. I had worked with Luis in the past and had brought over half of the ICG businesses to WAIS. In early June Luis asked if I could help move the rest of ICG to WAIS. I asked Madhu who said I could help only if the request came through the workflow system, even though email requests were commonplace.
On June 9. 2011 I forwarded an email from Luis giving the workflow # and asking if it was assigned to the right group. The workflow requested my help in a project expected to result in a $1 million save. This was Madhu’s response:
What is the math behind this huge $1,000,000,00 save. Who made the decision that this belongs to PSE? This should be in the SD space. Feel free to request a call with the requestor and invite Ramit and Pathman.
Ten minutes later, Madhu rejected the request for help with this response:
As stated previously, your goal should be to work on PSE initiatives and disconnect from operations and project management activities for SD.
Another request came in July, 20, 2011 from Hugh Leung, senior manager for the Mainframe systems team who said the security team which took over WAIS was having problems putting the Mainframe emergency ID process onto WAIS and needed my help.
Can you forward my request to Motti and Madhu that I would like you to complete the DMZ and GDPS lpars. This way our process to open zid is the same for all NA lpars.
This request was denied by Madhu, even though they were assigning me very little work to do aside from having me learn Unix and software packaging.
On June 24, 2011 I received an email from Silvio Ottolia, who was now in charge of the command center relocation project, asking who my manager was and who he worked for. I replied TK, Madhu then Motti. In response I received the following email from Silvio:
I will be sending them a request to use your services to get estimates for building a new CC in Texas as well as a satellite in Rutherford.
This was followed by another email 21 minutes later:
I am asking TK and his manager for your assistance to develop and build out costs for a large scale CC in Texas and a new one in Rutherford. Will also need to consider reconfiguring/enhancing the Singapore and Warsaw location for the Global CC strategy.
This was followed 7 minutes later with this email:
I have already spoken to Madhu and he is OK with it. Also will try to get you into our org and part of the strategy.
Before my team was taken from me I was the ‘go to’ person for all command center projects. I had developed the NA command center strategy, managed the staff when the director was out, and performed all command center builds, consolidations, upgrades and moves.
A few weeks later I called Silvio to get a status on the transfer and was told that Tony DiSanto will never allow it. He was also told to not seek my help for anything. Despite this warning he scheduled a conference call during the weekend where I helped him put together a strategy for the command center relocation, working two days on my own time to formulate the plan which he and Phil Gasparino, head of production scheduling said looked good.
Every few month’s a new request for help came to the team and Madhu would send an email to the entire team asking for volunteers. For each of these emails I had responded that I would be happy to take any of the requests but was always ignored.
In 3Q 2011, Citi create a contest to find the best future of banking ideas. I submitted an idea (Family Banking) which made it into the top ten. I asked management within CTI and CATE for support, to encourage their staff to review the ideas, but not a single email or mention of support was provided.
Without any support from CATE, and limited support from CTI, my idea was selected as the winning idea in March 2012, beating 2,500 other ideas with 65,000 participants. A second idea was chosen as the co-winner and a marketing company (IDEO) hired by Citi estimated at least $100 million in revenue and 4,500 new customers for the first year the combined idea is implemented. I was part of the team which presented this to Vikram Pandit, Citi’s CEO, in NY.
Several months later I was asked to give a presentation to Tony DiSanto’s team by his new chief of staff, Tony Concolino, who was unaware of complaints I had been making regarding O&T. Tony DiSanto was on vacation at the time and unaware of the request. The presentation was to be held at Tony’s next staff meeting in New York, a monthly one which included his directs and one level down.
Angel Dejesus, one of my direct reports and I attended the meeting and were to present first. Tony DiSanto walked into the conference room five minutes late, with more than 50 people around the globe waiting in the room, on conference lines or video conference. Tony Concolino asked the senior manager for data center operations to introduce me but he refused saying his video conference equipment wasn’t working properly even though he just had a properly working conversation with someone else in the room.
I introduced myself and began giving the presentation on Family banking. During the first 20 minutes I was continually heckled by Tony DiSanto. Every few minutes he would pick up his blackberry, look at the screen then toss it onto the table. He also kept making confrontational statements or asking confrontational questions, such as ‘where did you get your data?’, ‘That’s not the correct churn rate’, ‘Chase already does that’, ‘who is paying for this’ and so on. This stopped when someone called him on his mobile phone and the rest of the presentation went on without any comments or questions from anyone. During the entire 30 minute presentation no one else either in the room, on video or on the phone made any comments or said anything aside from the heckling by Tony DiSanto. Several weeks after this meeting we heard that Tony Concolino had been dismissed.
One of the Citi Challenge judges, Francesco Vanni D’Archerifi, CEO of the ICT division) noticed in my bio that I was writing a book on Command Centers and asked for my help with his business command center (BCC), which my staff had helped to build. He asked me to help the Command Center, which moved from New York to Delaware (BCC) implement monitoring in order to reduce the number of customer problems. Over the next few months I met with management and staff within the BCC and was told by Angelo Markakius, the BCC manager in Delaware “they knew what Francesco wanted but were not going to do it” because O&T wanted them to focus on other matters, such as creating reports, even though that wasn’t part of their function and went against their goals. When the BCC initially opened in NY it reported into ICT management, but was moved to O&T when it relocated to Delaware. Nonetheless, I sent Francesco and the BCC recommendations for automating and streamlining the center.
In 3Q 2012 I was contacted again by Francesco asking for help with the BCC again. I had a one hour private face to face meeting with Francesco in his NY office where he seemed desperate for help. Clients had been calling with service complaints. For example, he referred to an incident affecting Exxon, ICT’s largest customer. Over $300 million in customer transactions sent by Exxon to Citi had not been processed until three days later, after Exxon staff called asking about the transactions. The Exxon CEO had called Francesco to complain. His directive to me, which I had confirmed via email, was to help the BCC prevent customer outages, reduce outage durations and to implement better monitoring and reporting so that Citi management knew about these issues first rather than from clients.
I performed a full review of the BCC incident management process and found that outages and outage durations have been going up. The main problem was they were avoiding opening trouble tickets, and when they did, created them as level two rather than level one so they wouldn’t have to be reported to the regulators. For example, even though a post mortem report was created for the Exxon issue, no trouble or problem management ticket was ever created. While trying to address this I spoke to the manager for the Delaware BCC, Angelo Markakius, who said they will not change their policy of not opening tickets for every problem since it would make O&T metrics look bad, and they would classify all issues as severity two so they would not get reported to the regulators.
In 4Q 2012 I sent a note to Jon Beyman, CIO for O&T ICT division, regarding these practices and the lack of a problem manager for the ICT division along with some suggestions. He said he had other ideas and would be happy to speak to me about them. I attempted to schedule a meeting with Jon numerous times but was either ignored or told he was too busy.
I then made recommendations to ICT and CTI regarding improving the BCC incident and problem management process. Work had begun on implementing some of these recommendations with a weekly meeting to review the process.
The second problem I found was at least 25% of problems were caused by O&T developers working in Jon’s organization. While examining trouble tickets I noticed many customers facing the same problem for days or even weeks, or constantly recurring. One US corporate customer threatened to leave the bank if the issue wasn’t resolved soon while another in Japan threatened to go to the regulators if the problem wasn’t corrected.
In Dec 2012, I was told by Beyman that I was wasting his staff’s time and to immediately stop what I was doing.
In Feb 2013 I was dismissed, even though the department I worked in was not being relocated anywhere. I had also written a book on process improvements (The Art of Process Improvement) and although I had extensive process improvement experience within CTI, I was never asked to perform this function within Madhu’s team, but instead asked to install and test software on Unix servers, which I had never done before in my 26 years at Citi.
Shortly after Mike Corbatt took office I sent him an email mentioning some of my accomplishements and that I was being unfairly treated by management. I did not get a response. On March 6 I called Don Callahan’s office and spoke to his secretary. I told her I felt my layoff was due to retaliation and was told they would get back to me. A few days later I received a fedex from Andrew Smith, a Citi attorney, with a memo dated Mar 8, 2013 saying any further communication with Citi must go through him and the following:
Your message to Don Callahan of March 6 has been forwarded to me for a reply… As communicated to you on Feb 20, 2013, due to deteriorating business conditions and budget constraints, CTO performed a thorough business review to realize cost efficiencies. As a result, several job functions were identified for job elimination. Unfortunately, your position was one of those functions, and has been eliminated at this time. Your inclusion in this reduction in force was for no reasons beyond that business review.
Anyone who reports ethics issues is usually penalized. Ethics complaints usually go to the HR department which is aligned to the senior manager within a department. HR members are more loyal to the managers they represent rather than to the corporation.
People in O&T are afraid of submitting any ethics complaints for fear of retaliatory actions. This was also apparent in the Voice of the Employee surveys.
Although it is supposed to be anonymous, managers usually know the people who’ve submitted ethics complaints. An example: around late 2009, a person submitted an anonymous complaint to the North America Data Center Operation head (Alberto Montufar) town hall website regarding the new person hired to manage the Rutherford Data Center, who had no experience in with Citigroup data centers, although there were many qualified individuals who were working in Rutherford, all of whom were overlooked for the position. This question was read during the townhall, apparently by mistake. Mr. Montufar did not provide an answer but directed whoever submitted the question to file an ethics complaint. Two weeks later, Mr. Montufar’s administrative assistant and others were chatting about the individual by name in the Rutherford building who submitted the ethics complaint regarding hiring practices. (I do not know what happened to that person).
A similar incident occurred with the Silver Spring Data Center.
In 2009, there was an open position for a data center manager to manage the Citigroup Silver Springs location. Two qualified individuals applied for the position, however, Mr Montufar gave the position to a project manager (Jose Pacheco). Mr Pacheco had never set foot in a data center nor was he familiar with data center management. One of the people who applied was transferred to Texas and the other who kept complaining (Bob Earomirski) was given an early retirement package. At one point Mr. Pacheco wanted to eliminate the UPS system protecting the Data Center in case of a power failure, but was prevented when staff members intervened.
There are many other examples of questionable activities within O&T that point to issues with the most senior leader, Don Callahan. Examples include:
A former CIO, Debbie Hopkins, leased a very large campus from her former employer, in the middle of Warren, NJ, an upscale community and out of reach of all mass transit. The Warren campus, fifteen minutes from the CIO’s residence was taken with a 15 year lease with a no sublease option. Eventually, Ms. Hopkins was moved to special projects but found new life sometime later setting up shop in Palo Alto as the head of the new innovation team.
The O&T chargeback system is a cash cow for O&T, siphoning off massive amounts of money from the very businesses it is supposed to be helping. This is a clandestine operation where most chargeback fees are hidden and one of the reasons why many businesses often missed their revenue targets. One example is the internal helpdesk. Rather than open trouble tickets, which generate no fees, users are told to open a marketplace request for the product in trouble, since this generates a fee and gives the impression of an increasing workload with very few problems.
There used to be a time where I could pick up the phone to get a job anywhere, but Beyman, Callahan and their friends have made that impossible. My house and cars are close to being taken away and my wife is talking about leaving me, but these people are good at instilling fear by making examples of people like me. What better example than complete ruin?
I had hoped to be part of the team that helped make Citi the global leader once again. I am hoping this letter to the board does not land on deaf ears. At the very least, ethics complaints need to go somewhere else aside from the office of the CAO. O&T also must be prevented from having the ability to gather the identity of someone making an anonymous complaint. Every user submitting an ethics complaint from their desktop unwittingly supplies their userid. Outsourcing IT used to be a threat which kept costs under control. Every five years a study was performed to see how efficient O&T was. An O&T division that’s 1/3 of the company, in a non-technology firm, ends up spending massive amounts of money supporting itself.