As storied short seller David Einhorn would say, “No matter how bad you think it is, it’s worse.” The lawyers and banking experts I’ve contacted thus far have never heard of a case like the latest from CalPERS, which is saying a lot.
As you can see from the embedded filing below, CalPERS is suing Gloria Najera, a former employee it says embezzled $685,000 from beneficiaries, including, Wells Fargo style, from a beneficiary’s bank accounts.
The civil claim is sketchy on the timetable, but Najera was a clerical worker responsible for updating beneficiary addresses and bank direct deposit information. That apparently also gave her access to at least the last four digits in their Social Security numbers. Najera used this information to pilfer directly from the bank account of one beneficiary to the tune of nearly $69,000. For nine others, she diverted funds from dormant CalPERS accounts (where CalPERS had reason to think the beneficiary was still alive but had only out-of-date bank deposit information) to bank accounts controlled by Najera and co-conspirators.
Yet despite CalPERS allegedly informing the police about the theft back in January, the perp of this huge embezzlement of beneficiary trust funds hasn’t even been arrested, much the less charged.
CalPERS instead is taking the virtually unheard of approach of merely filing a civil suit, rather than letting a prosecutor file criminal charges, even though California law requires that a criminal court order full restitution on behalf of CalPERS.
The lack of an arrest of and charges against the accused thief, Gloria Najera, screams that CalPERS is again, true to form, prioritizing covering up its own culpability rather than utilizing the enforcement authority of the state — a replay of their orchestrated cover-up of the serious conflict of interest violations of their departed Chief Investment Officer, Ben Meng. Anyone who engaged in similar abuses at a merely adequately functioning financial institution would be wearing an orange jumpsuit by now.
Given the CalPERS history of cover-ups, from CEO Marcie Frost’s fabricated college education through the appointment of fabulist Charles Asubonten as CFO, one has to wonder whether Gloria Najera’s blatant embezzling was an outlier in her unit, which handles the sensitive personal information of beneficiaries on a daily basis, or just the tip of a fraud iceberg.
In an open session at a CalPERS board meeting Tuesday, general counsel Matt Jacobs claimed that CalPERS had reported the theft to the California Highway Patrol in January, which is an eternity ago in criminal justice terms, particularly since CalPERS’ own filing presents Najera as still out and about in Sacramento.
The CHP is the first stop for California agencies to report criminal activity. Financial fraud is admittedly normally outside its wheelhouse, which is issuing traffic tickets. But what is it about “theft” that even the CHP does not understand?
CalPERS has also served up the cagey claim that it is “working with law enforcement” in the form of the California Attorney General.
Golly gee, the CalPERS complaint below has more than enough information to secure a grand jury indictment. So why has CalPERS been sitting on its hands?
CalPERS is complicit in this embezzlement. Anyone who is familiar with basic bank or securities firm security procedures can see in the filing that CalPERS had fundamentally deficient control procedures. The most glaring and indefensible failure was the absence of the most basic check, a separation of duties. Literally no one was minding Najera’s illicit transfers, which date back to at least 2017. In addition, CalPERS evidently didn’t even take notice when Victim 7 had put his benefits on hold due to possible fraud and investigate back then.
If you read the compliant carefully, it becomes clear that the investigation and the discovery of the extent of the theft came about because a bank through which Najera was stealing from a beneficiary account there notified CalPERS.1 CalPERS then found nine other beneficiary accounts where Najera took a different route, that of diverting funds that had not yet been transferred out of CalPERS to her accounts or those of co-conspirators, rather than the proper recipients.
Even more troubling is that in 2018, CalPERS rejected a proposal by highly qualified compliance manager Lawrence Wold to build a fraud prevention program. Bizarrely, Matt Jabobs and the Chief Compliance Officer, opposed it. Wold curiously left CalPERS apparently just after passing the probationary period to return to the state Department Justice in a senior position, and is now Accounting Controller at Covered California. CalPERS insiders believe that had the system Wold proposed been implemented, this fraud would have been stopped.
CalPERS’ spokesman Brad Pacheco appears to have admitted that CalPERS is not pressing charges when he went silent on l’affaire Najera after promptly answering an initial query.2 As the lawyers like to say, qui tacet consentire videtur, or “He who is silent is taken to agree.” Pacheco would have every reason to confirm that CalPERS was pressing charges if that had actually happened.
Keep in mind that CalPERS’ General Counsel Matt Jacobs was a Federal prosecutor for nearly a decade. Even though CalPERS as a matter of procedure may have to first report a crime to the California Highway Patrol, and the CHP may then feel it has to go to the Attorney General, Jacobs would know full well that the Attorney General isn’t set to pursue this sort of case, but it’s bread and butter business for the Sacramento County district attorneys. In fact, they’d probably be keen to take this case on, since it is straightfoward and would also garner press attention.
Given the considerable deference with which CalPERS is treated in Sacramento, it would not be hard for Jacobs to have gotten this matter in the right hands had he wanted to.
There’s another reason for Jacobs to have CalPERS present the canard that the Attorney General is on the case: it serves to obfuscate who the Attorney General is almost certainly protecting. And it’s not CalPERS beneficiaries.
For the entire time we have been dogging CalPERS, the Attorney General has rejected his duty of acting at the state’s chief law enforcement officer. He has instead seen his role as defending state agencies when they get in trouble, not matter how egregious their misconduct is, such as when CalPERS engaged in massive copyright theft.
CalPERS’ complaint points out that a foreign bank alerted it to what CalPERS depicts as Najera’s fraud. But Najera was an employee of and supervised by CalPERS. Najera’s conduct is CalPERS’ misconduct. Most banks wouldn’t pursue CalPERS over such a relatively small bore matter, since the cost of pursing the case in hard dollar and managerial terms would be outsized relative to the recovery. But does this bank operate under a regulatory regime where it can’t let this go easily?
This sorry incident provides yet more proof that Marcie Frost and Matt Jacobs are so self-interested as to be threats to beneficiaries. Frost has repeatedly made clear she is incompetent as an operational manager, which is the bulk of what happens at CalPERS. Frost makes matters worse by surrounding herself with toadies rather than officers who can make the trains run on time. Jacobs has succeeded in bullying the board, the one possible check on executive incompetence and misconduct, into deferring to him on utterly bogus legal and governance grounds rather than asking even the most basic questions.
California taxpayers: you have been warned. You are going to be asked to pony up far more than you should have due to the continued failure of the Governor or even the state Treasurer or Controller to make a stink and demand accountability. Only someone of that stature, or a heavyweight litigation machine, can stop this train from going off the cliff.
1From our bank systems/security expert Clive:
Basic control failures. These are employee supervision, monitoring and business process auditing 1-0-1 competencies for an organisation of any size, let alone one of CalPERS’ scale and sophistication. There’s a basic hierarchy of ensuring honest and ethical employee conduct:
1. Rules are defined and in place to govern employees’ actions while working in the enterprise
2. Employees are trained on what the rules are, what they mean and what to do if they are unsure of how to act in a particular situation
3. Systems (either automated such as threat modelling and detection via IT solutions which produce reports that are genuinely read and actioned by managers or internal auditors, or manual e.g. random or routine sampling by management, employees knowing that their work is reviewed effectively and in a timely manner) to verify the rules are being adhered to
4. An organisational culture which instils from the top down that we have rules or regulations, we’re accountable for our actions and that following the rules is “how we do things round here”.
For the plain, vanilla fraud in the diversion of beneficiaries’ benefits (1) we can safely assume that the rules against this and the training on them were in place at CalPERS. If they’re not, that a straight “10” for how bad an incident it was.
So what, assuming there are rules and employees know they shouldn’t do this, failed was the monitoring and oversight. The business process for changing where beneficiaries funds are remitted to should be, because it involves handing a financial transaction, under dual control and also must be supported by a verified customer mandate instructing CalPERS to make the change.
So how this should work is, one person receives a beneficiary mandate (to change the details of where funds are remitted to, here), the incoming mandate is recorded in CalPERS records, they verify against CalPERS’ records the mandate is genuine, this gets processed on the system which manages payment routing and then — this is the crucial part — another, different employee checks the change on the system to ensure it matches the beneficiary mandate.
Obviously another vital part of the business process is that all beneficiary mandates which are received by CalPERS really do get actioned. It’s this last requirement which seems to have not been in place — the felony was enabled by the fact that the felon was able to ignore either an internal CalPERS-originated instruction to terminate or redirect the payments being made to the beneficiary or (this point wasn’t spelt-out in the filing) else similarly ignore an instruction which originated from the beneficiary themselves (or their guardian). Failing to reconcile beneficiary instructions that have been received by CalPERS to those instructions being, in reality, carried out is a “7” in financial institution control failure terms.
2 The key section of my e-mail to Pacheco before the start of business on Wednesday:
I see that in open session yesterday, Matt Jacobs stated that the CHP had been notified in January. He ducked the question posed by Margaret Brown.
The bank regulators/fraud experts and prosecutors (plural) to whom I have spoken so far all have volunteered that it is highly irregular for a company and even more so for a financial institution/fiduciary not to press charges on a clear cut case of embezzlement. The information presented in the civil suit is more than enough to secure a grand jury indictment.
Moreover, it is extraordinarily irregular to file a civil suit for this sort of misconduct as the first line of action. The norm is to pursue criminal charges (with discovery on the prosecutor’s dime) and then file a civil suit only if the prosecutor was somehow unable to surmount the “beyond reasonable doubt” standard of evidence.
The only reasonable surmise from this fact set is that CalPERS has refused to press charges. Do you deny that?
Jacobs’ refusal to give a straight-up answer to Brown to her question of whether Najera had been arrested, and the Sacramento Bee taking up the question today of whether she would be charged might force CalPERS to change its position. And CalPERS being CalPERS, it would also engage in revisionist history, and act as it had never flip flopped on pressing charges.00 Civil Lawsuit to Recover Stolen Assets - calpers-civil-lawsuit-april-2021