CalPERS Uses Unqualified “Expert” to Validate Its London-Whale-Style Deficient Risk Management

The more we’ve looked at CalPERS, the more it has become clear that it suffers from deep-seated governance deficiencies. As we’ll show in this post, they include a board whose members, save JJ Jelincic, apparently view their positions as largely ceremonial and don’t even go through the motions of oversight. Worse, CalPERS’ staff regularly engages in obfuscation and outright lying, and even has taken the unheard step of blowing off requests made by board members, secure in the knowledge that the board is too disengaged to follow up.

In this case, CalPERS’ staff used an “educational workshop,” a setting that puts the board at a disadvantage in challenging problematic practices, to validate a clearly deficient risk management and compliance structure. As we’ll explain at greater length, CalPERS has the foxes running the henhouse. It has the unit that is tasked with “overseeing” compliance and risk management for investments, which is clearly the biggest area of risk for CalPERS, in fact supervised by the parties it nominally oversees. What this means is that the joint investment risk management/compliance function (already an irregular arrangement; they are generally kept separate since the expertise required is different) reports to the Chief Investment Officer. Worse, the CIO also sets the compensation, including bonuses, of the managers in this unit.

This structure is so clearly bogus that CalPERS has objected to it in the past at other investment firms.

George Bailey, a member of Occupy the SEC who has served as a senior compliance officer for trading room operations at several systemically important financial institutions, said regarding the workshop:

This was an excruciating presentation to watch. He was spinning the staff’s decision to embed the compliance function in the business unit. He was not educating the Board on actual best practices.

He’s simply flat out wrong.

Embedding the compliance team in the business unit supervised is a basic Internal Control 101 violation. Conflicts of interest negate any semblance of independence.*

When JP Morgan was revealed to have a similar arrangement in its Chief Investment Office when the London Whale scandal broke, Wall Street professionals were shocked that JP Morgan had such a clearly deficient risk management structure in place. And these risks are real CalPERS has a fixed income portfolio of $57.3 billion, which per CEM Benchmarking, only 5.8% is managed externally. So CalPERS is running a roughly $54 billion portfolio in house with insufficient oversight. And as we have discussed at length, CalPERS, by signing agreements that allow private equity managers to waive their fiduciary duty, are also taking poorly managed risks in that $27 billion portfolio.

CalPERS’ Dubious “Expert”

The May educational workshop on risk and compliance for the board was led by Professor Robert Yetman of UC Davis. Here is his bio:

Associate Professor Robert Yetman is an expert on corporate tax, financial accounting, income tax, U.S. and international financial accounting, and nonprofit accounting and tax issues. His research concentrates on the effect of taxes on business decisions and the response of non-profit organizations to economic incentives. Yetman recently examined why some tax-exempt charities choose to be taxed on their unrelated business income, and how such behavior is not always driven by the desire to maximize profits. He has lectured on cost accounting at executive education programs for wine industry professionals.

In other words, he has no recognized expertise in risk management, compliance, or corporate governance. Nor does he have any demonstrable experience in financial institutions, investment management, financial economics, or statistical methods. Yet CalPERS’ staff has chosen him, with no apparent knowledge of any of the issues that are important to CalPERS, when there are no doubt individuals in the state of California who do know this terrain that would have been willing to advise CalPERS.

But Yetman does appear to have plenty of experience….in consulting to CalPERS on governance, despite his lack of any credentials or research in this area.

Douglas Smith, a former McKinsey partner and co-head of its organizational practice, whose clients include financial institutions, said via e-mail:

It’s perfectly okay for anyone to do things beyond her/his stated area of special expertise. Still, isn’t it just a bit disconcerting that CalPERS engages a biz school professor who does not identify himself as having any particular expertise in governance, in risk, in compliance, in investment … or in workflow and/or information/management processes?

Now, add to this a look around the table and what we see, let’s assume, are well intended, hard working folks who are trying to do their best. Well, it has got to be the case that many if not most of the folks in the room are looking for guidance on how to think through a complex question. Which, again, raises the point about Prof Yetman. Where did they get THIS guy?

He is not expert at the questions at hand. He may not be completely ignorant (he does, e.g., acknowledge concerns raised by others about audit being ‘after the fact’ and that the basic choice of reporting lines is one that gets answered as a hard choice). But, he repeatedly also says, “Hey, that point gets into deep institutional issues that are beyond me. I’m only here to talk about X…”

In other words, let’s say, ‘he’s doing the best he can’.

Well, the best he can is not good enough. That’s not some ad hominem attack. He seems like a nice enough guy.

One more key point: he is limited as a facilitator. Again, he’s not atrocious. He does listen and acknowledge in a limited way. But he’s not adept at actually listening and actually helping this group operate as a group with a serious shared issue on their hands. He’s much more hub and spokes in his approach (hence the ‘it’s my session’ … [at 2:05:15] when it ought to be ‘your session’). At least in the 15 minutes I watched, he does not engage the group as a group around a shared problem facing the group with the intent of having the group actually, you know, talk to one another as opposed to talk to him. (There’s one seeming exception where a question is asked and he says he doesn’t have the knowledge to answer (red flag!) and turns to the woman who has joined [the CalPERS staff] 5 weeks earlier. Note though that once she speaks, there is no follow up … no engagement between her and Bill Slaton who asked the question. Instead, it’s all just move along and back to ‘my session’).

So, we have a nice enough guy in over his head working with a group — who as a group — are in over their head because it’s apparent they struggle to actually talk with and work with one another.

Now, all of this assumes the best. I have done that because, clearly, the best is not good enough.

If we now allow for any individuals who might have agendas and so forth — well, it can’t get any better that ‘the best’ can it? In other words, one doesn’t even have to assume ‘agendas’ and one can see from this video that the best thinking and approach is not likely to emerge here.

Below is one the interaction Doug Smith flagged as problematic, starting at 2:05:15 (more on what led up to it soon). I suggest you watch it because the tone of voice is telling:

Associate Professor Robert Yetman: This is so far beyond my realm of knowledge and so, I’m going to talk about this issue [pointing to screen] a little more ‘because it’s what I know. And this is my session. Nyah.

CalPERS’ London-Whale-Style Risk Management Structure

CalPERS breaks with sound risk management and compliance practices by having no one in those functions who can go directly to senior management and the board. The units that handle compliance and risk management ex investment risk report to the CFO, rather than having either be the equivalent of private sector “C suite,” as in reporting directly to the CEO and having direct access to the board, as is widely recommended in industry guides (see here for an example).

Here is the slide summarizing the arrangement. INVO is the Investment Office; ECOM is Enterprise Compliance.

Below is Professor Yetman’s strained effort to justify embedding an oversight group in the business is it nominally supposed to monitor (or view here starting at 1:51:00):

Yetman: Compliance is sort of at that operational level but it’s a very complex organization, or there are some very complex decisions to be made. For example, investments.

How would you go about trying to get that close contact of the risks and the compliance issues of investments, let’s say, while at the same time respecting the knowledge and expertise of that area? So one way is you could say, all right, Marlene’s going to hire a compliance officer, perhaps an attorney who’s done a lot of compliance work, maybe knows something about investments. They have a 401 (k). And I’m going to send them off to INVO [Investment Office] investments, and they’re going to check the compliance in investments. That’s one model. Maybe not the best.

Who knows most about investments? INVO. INVO. Right. So, alright, how about a model that says, well, I’ve got a better idea. Instead of taking compliance officers and putting them into, um, you know, going down there, maybe we could take compliance, create a compliance unit, embed that within Investments. So there’s, does that sound like a crazy idea? Sounds like a reasonable idea to me. Take a compliance unit, and embed it within INVO. And then who would that compliance unit report to? That’s something you have to think of too. If it was an audit unit, who would it report to? Her. This is not an audit unit. This is a compliance unit. It’s got a different role to play. It’s there to assist in helping to comply. So I don’t think it’s a terrible idea if this embedded unit reported to INVO because it would be within INVO, within the investments office. So that sort of thinking is, is sort of the direction that was taken.

So, so in theory, the best practice is for compliance to spread across those three lines of defense. And so, let’s think about INVO. So why was INVO selected as, as the first one? Well, it’s strategically important, it’s very complex, and there is some potential for compliance issues, so why not start there? Now, now I gotta take my hat off to CalPERS for saying, “Let’s take the first one, the hardest one,” I don’t know whose idea that was, bully for you. So who’s in the best position to identify compliance risks and mitigation strategies within INVO? INVO or ECOM? ECOM is, well, Marlene. Not her. It’s INVO. OK. So that’s, if we can agree with that, INVO’s in the best position to know its compliance requirements and risks and is thus probably in the best position to devise mitigation strategies. Now this is really different from audit. You don’t want to develop your own audit strategies at a lower divisional level, but you do want mitigation strategies bubbling up from below, I believe. But ECOM’s a division and I call it way up in the sky, but I think you know what I mean. So the answer is to embed within INVO a compliance unit. And so you did. You called this thing ICOR. Who knows what ICOR is? Who knows what ICOR stands for? Sounds good to me. “Investment Compliance and Operational Risk”. So who does ICOR report to? Well, this is a sensitive question and I can see that there would be variation in what people believe. So, in some sense, I’m a little agnostic in that, you know, as long as it reports to someone, I’m OK.

If you are at all finance or even organizationally savvy, it’s obvious this makes no sense whatsoever. As we mentioned above, it’s widely recognized in the financial services industry that senior risk officers need to have direct access to senior management and the board to be effective. Burying them in the bowels of a business unit guarantees that they face obstacles, as in the staff and managers they are calling out on lax conduct or worse. As George Bailey stressed:

Calpers’ investment office does what JPM’s Chief Investment Office was supposed to do, or any bank’s Treasury does, invest for the long term. Adopting an internal control model that mirrors JPM’s is bound to end badly. Oversight needs to be independent and outside the profit center.

Not surprisingly, Bailey took issue with Yetman’s claim that cooperation between the Investment Office and compliance was important:

Compliance understands inherent risks. Business understands product risk. Risk managers understand product risk as well as the business.

The key collaboration is between risk management and compliance. They both should be independent for the board to have any hope of effectively overseeing the fund.

You can even see from how Yetman uses language that he’s having to strain to sell this structure: “I don’t think it’s a terrible idea….if we can agree with that…I’m a little agnostic.” And worse, Yetman dignifies the notion that this unit is in a support role, as in it is to “help” the investment, and not operate as a line of defense, which requires independence and authority.

In fact, CalPERS has deemed this arrangement to be unacceptable at its external investment managers. As Andrew Silton, the former chief investment officer for North Carolina, said via e-mail:

The UC Davis professor completely misses the importance of making sure that compliance/risk management does not report to investments. He seems to see it as a mere technical point. C/RM has to be imbedded and have the requisite expertise, but if they don’t have the appropriate reporting structure, CalPERS runs the risk of having a breakdown when something goes wrong. Reporting truth to power is never easy, but when the powerful also hold the power of hiring, performance, compensation, and firing compliance/risk management may either be cowed or be forced to become a whistleblower. The notion that audit is an adequate backstop doesn’t hold up. As someone in the video points out, audit is after the fact. Moreover, audit seldom catch the kinds of problems that cause pension plans or investment firms big sums.

Back in 2002 or so, the mutual fund industry engaged in variety of illicit practices (after hours trades, market timing). I remember that Alliance Bernstein was put on the “watch list” by CalPERS and North Carolina for the improprieties. We both insisted that A/B reform its compliance reporting, so that the compliance officers were completely independent from the traders and portfolio managers. It’s ironic that public pension plans want one set of rules for their managers, and another set for themselves.

Doug Smith also found it obvious that the risk management could not function effectively in this structure (emphasis his):

Well, a direct reporting relationship accompanied by compensation scheme leads to POWER over risk management. And, yes, this reflects the sketchy, ineffective and even unethical approach seen in London Whale. But it also reflects the fundamental reality of risk vs trading/investing choices in every single fucking investment group in the entire planet. It boils down to power:

Does the investment company/enterprise/whatever signal that risk control/etc has equivalent power as investment?

Yetman and his ilk can smilingly talk until the cows come home about the importance of risk folks having better understanding of the job of investment folks … and, by the way, vice versa.

But, here’s the rub: a shared understanding (risk of investment; investment of risk) is excellent!!

It’s also necessary but NOT sufficient.

And sufficient only comes with arrangements of power.

Unless risk has equivalent power to investment, then investment wins.

That is, investment wins before the fact. Audit, of course, has after the fact power. And after London Whale or pay to play or going long and stupid in securitization or any other stupid, greedily, IBGYBG (I’ll be gone, you’ll be gone) investments will lead to audit saying, “You fucked up royally. We need better risk controls. Let’s get them by making risk management actually independent and not dependent… etc etc etc”

Or not: as in CalPERS, it can also lead to Clinton-esque triangulation of ever more complex processes and embeds and …… workshops of the partially blind being led by the partially blind.

Smith is not exaggerating when he talks about “partially blind”. One thing that is deeply troubling about this entire talk is that Yetman appears to have no understanding of what risk management in a financial institution amounts to, thing like making sure that the daily pricing that the traders and portfolio managers use for investments has integrity, that there are risk limits in place to make sure that CalPERS does not take overly concentrated bets or takes a position so large in an instrument or market that it cannot readily exit without having a price impact, and looking for unintended risk correlations. The are real risks in fixed income, where nearly all of the instruments are not highly liquid, so both integrity of pricing and liquidity/position risk are real issues.**

It’s also disingenuous, or a reflection of how far out of his depth Yetman is, to describe CalPERS risk and compliance issues as “very complex” and using that to suggest no outsider to the Investment Division could understand them. There are many financial institutions that have vastly more daunting risk management issues, by operating trading units in numerous locations around the world, handling enormous daily trading volumes because they handle corporate and investor transactions, run large positions in many currencies, and have large derivative books. There are plenty of individuals, including university professors that CalPERS could engage, with world class risk management expertise.

CalPERS Had a Compliance Problem and Its Embedded Compliance Unit Didn’t Catch It

As Doug Smith surmised, CalPERS is papering over problems rather than correcting them (watch here starting at 2:02:58).

Board Member JJ Jelincic: We also had the experience, and some of this is closed session and some of this is open session, um, so I’m going to try to keep to the open session. But we actually had a case where we were trading securities in Investments even though we had inside information within the organization. ECOM caught it. The people who caught it were told, “It’s none of your business, ignore it.” When they didn’t, it actually became one of the elements, not the only element, but one of the elements, within their adverse [personnel] action, which clearly delivered a message. And that’s part of my sensitivity. I think embedding them in, having the investment skills and embedding them in INVO makes a lot of sense, but I’m not sure the reporting line ought to go that way.

[Background muttering]

Jelincic: Everything I said is public.

General Counsel Matthew Jacobs: Well let me just state, since this is a public comment period, public discussion, for the record that while there was an SEC review by a regional office, they ended up closing it without making any findings. I think that’s important for the record.

Jelincic: I have no objection. That’s in fact true. We got the letter. It spelled out in the statue and says, “If were not proceeding…” So they didn’t find. I donMy own belief is that there was no intentional insider trading. I think it was inadvertent. But the fact that ECOM brings it to the attention and becomes subject to an adverse action is problematic.

Yetman: Well, so…

Jacobs: Well, just to be clear, there wasn’t any insider trading at all.

At that point, Yetman interjected with his “this is over my head and my session” patter.

Notice what happened here:

JJ pointed out that there was a case of insider trading, specifically, that of someone trading stocks that were on a “restricted” list. And notice who caught it. Not the supposedly “we’re on top of it and are in touch with the risks” embedded ICOR unit, but the independent unit, ECOM, that does not report to the head of investments, but to the CFO.

As the Sacremanto Bee reported in 2013:

Federal investigators are looking into allegations that CalPERS violated insider trading laws this year when it purchased $26.6 million in restricted stock and then decided it didn’t need to reverse the trades when they were discovered….

“We wanted to reverse (the trades),” said Ted Nishio, a retiree who worked in CalPERS’ Division of Enterprise Compliance who said he was fired after he told his boss that the fund should quickly act. “But the higher ups said, ‘Let it be.’ ”

This case, as JJ indicates, led to a disciplinary action. But not just any action. Two employees who persisted were fired.

I obtained and reviewed the files from the State Personnel Board (case number 13-0767). Three staffers made complaints. One of the grounds for firing of one of the ones that persisted, Jeannine Carter, was that she transferred some files to her home computer for review, which is a breach of internal policy. But another ground for firing her her was that she continued to pursue the matter when she was instructed to drop it. That isn’t just proof that the escalation procedures were inadequate; it send a chilling message to anyone who sees a problematic activity. It’s 100% contrary to the sort of culture of compliance that Yetman touted as highly desirable in his talk. And CalPERS settled the case on the eve of the Personnel Board hearing on her wrongful termination case, which indicates that at a minimum, CalPERS did not want its dirty laundry aired.

The other staffer who was dismissed, Nishio, by virtue of being a retiree (technically a “retired annuitant”) was essentially a temp. CalPERS could thus dismiss him and contend (as it did) that it was not for cause.

It was also unfortunate that Jelincic was misled by Jacob’s “there were no findings” argument. As readers of the financial press know full well, the SEC’s persistent refusal to make any findings of fact has been a huge bone of contention for years. In 2011, Judge Jed Rakoff rejected a $285 million settlement between the SEC and Citigroup because the lack of an admissions left him unable to determine whether the settlement was fair or not. Even though he was overruled on appeal (in a decision that many securities law experts questioned), Congress and the press took up his underlying issue, the lack of any admissions whatsoever even in the case of multibillion dollar SEC settlements. The SEC has finally given a bit of ground and now often obttains thin factual admissions in high-profile cases. But when this case was at issue, the SEC was in its full bore, “No confessions necessary” mode even when it was obtaining significant monetary damages.

Even worse, we have the spectacle of Matt Jacobs lying when JJ brings up the matter of the disciplining of staff over raising the insider trading matter. He falsely stated there was no insider trading.

As the SEC’s own website makes clear, when you trade on the basis of privileged information, it is insider trading. The fact that CalPERS put a security on its restricted list and a CalPERS employee nevertheless traded on it is proof. If there had been no trading in an security where CalPERS had confidential information, CalPERS could have easily satisfied the SEC and no investigation would have taken place. So the issue was not whether there was insider trading or not. It was whether it was legal or illegal, and if illegal, whether the abuse was serious enough to merit a fine. All we know for certain is that CalPERS was not fined.

From a risk management perspective, the most glaring failure at CalPERS is the motherhood and apple pie idea that Yetman mentioned in his talk, the importance of the “tone from the top”. This video alone is damning on this issue. It reveals a board that is complacent and far more concerned in maintaining a friction-free relationship with staff than doing its job of oversight. It tolerates staff serving up as experts individuals with no demonstrable expertise in the matter at hand to endorse the status quo. That strongly suggests that CalPERS chose someone lacking in meaningful experience in order to get the rubber stamp they sought.***

Even more troubling is that CalPERS’ senior staff routinely blow off board member inquires or lie in response to them. For instance, when CalPERS staff told the board it was going to start investing in life insurance settlements, board member Dana Hollinger, who is in that business, offered her help but was brushed aside. Similarly, last December, in the public comments section, former CalPERS board member Mike Flaherman mentioned that CalPERS was leveraging its private equity managers on the fund level with recourse debt that would inevitably be called at the worst possible moment (see starting at 36:25 here). Investment Committee chairman Henry Jones recognized this as a real issue and asked staff for a report, which it never delivered. And as Jacobs did above and as Wylie Tollette did famously last year when he asserted that no one could get private equity carry fee information, top level staff lie to the board with no inhibition.

These are signs of a culture gone rancid. It’s only a matter of time before it leads to real trouble.
_____
* Astonishingly, Yetman argued that the compliance and risk management should not be independent. In fact, the need for independent in control functions isn’t just recognized in finance but in government (inspectors generals, for instance) and the military (the success of the Germany Army reseted in no small measure on the independence and authority of staff, which acted as a check on generals. See ECONNED for detail).
** For instance, CalPERS has its pricing for its fixed income positions supplied by its custodian, State Street. That is better than not having outside validation, but it is does not offer the protection that the board likely assumes it does. In illiquid or thinly traded markets, the custodian has no basis for a view on price and typically goes to the securities firm that sold the investment to the customer in the first place. As happened regularly during the crisis, those firms themselves were marking their books on the same or similar investments and thus were giving phony inflated marks to third parties as well.
*** Yetman is part of a UC Davis team “educating” CalPERS. His areas is corporate governance. As indicated at length early in this post, there is nothing in his background to recommend him as knowledgeable, much less an authority, in this area.