CalPERS Wastes Fund Assets on a Sham Investigation to Intimidate Board Members

CalPERS has a thing about leaks. We’ll use the word “leaks” in the very loose way that CalPERS does. Experience has shown that the organization applies that label to the public disclosure of any negative information about it, even if the information was in no way confidential and the releasing party, such as a board member, was legally entitled to do so.

Readers may remember the coverage we gave a couple of years ago to the trumped-up charges of “leaking” made against then-board member JJ Jelincic, where the allegations ultimately collapsed in the face of evidence that nothing that Jelincic had disclosed was a secret.

Nevertheless, that embarrassing experience has failed to cure the organization of its fevered efforts to find someone, anyone, to pin the blame on for its staggering decline in reputation. To advance that goal, CalPERS has hired a big bucks law firm to lead an investigation. However, like its previous efforts, this one will probably go nowhere in terms of unmasking actual wrong-doing. A tell is is that the investigation has been apparently structured to ensure that at least one important source didn’t get talked to.

So whether this “investigation” is intended for public propaganda purposes or merely to have its “findings” shown privately to the CalPERS board to bolster the notion that their poor reputation is undeserved and results from bogeymen hiding under every bed, rest assured that it is a garbage in, garbage out process.

CalPERS has hired an outside law firm, Orrick, specifically the group within the firm that specializes in squashing corporate whistleblowers, to investigate these “leaks”. However, the investigation is being wrapped up after making a tellingly insincere effort to interview former board member JJ Jelincic.

This sham suggests two possibilities, both unflattering to Orrick and CalPERS. The first is the too typical stew of laziness and incompetence, where Orrick is making the minimal effort to collect the contracted-for fee, perhaps getting signals that CalPERS didn’t want a full-bore effort, and the two sides didn’t coordinate effectively. Second is that Orrick cynically invited Jelincic to an interview – mind you, he is retired and has no obligation to cooperate – with only a couple of days notice and a request that he travel to them, in order to elicit a rejection of their timetable. There is an established history of CalPERS trying to set Jelincic up as the fall guy for leaks, so this could be more of the same.

Before you think the idea that CalPERS would deliberately choose to omit key parties from an investigation is far fetched, CalPERS has done this before. After the private equity bribery scandal that led to the indictment of former board member Al Villalobos, who committed suicide, and former CEO Fred Buenrostro, who was convicted and is serving a four and one half year term in Federal prison, CalPERS hired law firm Steptoe & Johnson to conduct an investigation and prepare a report. We explained at considerable length why it was a whitewash.

The attorney leading the Steptoe investigation, Phil Khinda, contacted one prominent former CalPERS insider about the pay to play scandal investigation and invited him to lunch. Before his counterparty could even respond, Khinda proceeded to list all the reasons why the potential source should not want to participate. This individual said it was very clear that Khinda was actively discouraging him from being interviewed. So this is apparently part of the bag of tricks that big law firm “investigations” practices use, which is to discourage various parties from cooperating, when it would support the desired narrative to insinuate that only people with something to hide would decline an interview.

Why Leaks?

It’s apparently useful for CalPERS staff to play up supposed leaks to the board, as if they were the cause of the bad press the giant pension fund has been getting. In fact, the big causes are far too obvious: CalPERS deeply underfunded status, the board’s and staff’s failure to deal with that overarching problem honestly, with that problem compounded by widespread evidence of poor management and oversight. One glaring example of the last problem is CalPERS having a poor sense of priorities. For instance, it has more people in its PR department than in its risk management and audit unit.

On top of that, CalPERS has used “leaking” as a bloody shirt to attack insiders trying to reform the public pension fund….even when they’ve been presenting public information that is therefore not in any way confidential. One example is when Jelincic was falsely accused of leaking when he responded to a beneficiary question by providing information in a court document filed by CalPERS.

The fact that CalPERS would attempt to depict Jelincic as having breached confidentiality when he was in fact presenting public information indirectly exposes another pathology at CalPERS: a concerted effort to keep things secret when there’s no sound basis for doing so. This is analogous to a worrisome tendency in medicine, to move the threshold for “disease” so low as to look to be driven by profit rather than health considerations.

As an attorney said via e-mail:

The real outrage here is that the staff at a fund conclusively proven to have been rife with corruption, and who seem to have no problem wasting fund assets on the exact same high-fee outside managers who were the source of those corrupt influences, are conducting a “leak” investigation that is clearly aimed at intimidating independent board members from exercising their fiduciary duty of inquiry — by unlawfully creating the atmosphere where non-confidential public records are represented by staff to be “privileged” when the law is clear that they are not.

The CalSTRS Policy Guide specifically limits the use of the Government Code 11126(c)(16) “investment decisions” closed-session exception: “With regard to investment decisions, the Board shall consider most investment matters in open session unless such consideration would jeopardize execution of the investment or cause harm to the economic value of the investment.” p.32, Teachers’ Retirement Board Policy Manual (2015). This is the same law that applies to CalPERS.

The “attorney-client privilege” secrecy ruse is also complete poppycock. The Government Code 11126(e) closed-session exception severely limits the privilege to situations where the agency has “substantial exposure to litigation” and open session discussion would prejudice the position of the agency in the litigation. This exposure to litigation does not include covering-up wrongdoing by staff or the board. Government Code 11126(e)(2) states that, “…all expressions of the lawyer-client privilege other than those provided in this subdivision are hereby abrogated.”

Withholding information to which the public is entitled is a misdemeanor crime under Government Code 11130.7

In other words, “leaking” in the eyes of CalPERS’ staff is when an insider provides information that CalPERS would prefer to go unnoticed, regardless of whether it is actually confidential or not. That attitude is indefensible in a governmental body, where the employees and officers are accountable to beneficiaries and the public. It is also the sign of a diseased culture, since high functioning organizations acknowledge and fix problems rather than try to cover them up.

What About CalPERS’ Terrible IT Security?

One wonders whether CalPERS informed Orrick about CalPERS’ lax IT practices, which could raise doubts on the ability to reach firm conclusions as to how supposed confidential information got out into the wild.

Incoming board member Margaret Brown complained repeatedly that board members and certain senior executives had been assigned formulaic passwords and user IDs. Anyone who learned about them could readily access confidential board records by impersonating a particular user.

Brown got pushback when she sought to change her password to something more secure. Literally, all that staff was willing to do was to send her a later password in the same sequence. That meant the “new” password was every bit as guessable as the old one by knowledgeable insiders, as well as easily hackable.

On top of that, the “new” password was sent to her by e-mail, and that same e-mail was also sent to other members of the Board Services Unit.

Since the response to pointing out that the passwords were wildly insecure was for CalPERS to continue to generate insecure and widely-known passwords, Brown continued complaining.

The next iteration of response was for CalPERS to let Brown pick a number in the same password sequence. So if the old password had been “boardmember2” Brown could now make it “boardmember[number of Brown’s choice]. Not only was the “improvement” still trivially easy to hack, but the “new” password was again e-mailed to Brown and other CalPERS staffers, undermining the notion that the passwords were at all secure.

It was only in September, after we wrote about the laughably poor password security, that CalPERS finally made real changes. But even then, it’s not clear whether they were made for board members or also extended to senior staff, who also had similarly lame formula passwords. But either way, this means that board materials, including closed session records, could easily be accessed by individuals outside board through September 2018, and that knowledgeable senior staff could also impersonate board members to look at that information.

That means that any “leak” of closed session or other confidential information available to board members by computer before September 2018 can’t be attributed to board members with any confidence. The recipients of the “leaks” would be journalists, and it would be unheard of for a reporter to burn a source. It’s considered to be a huge ethical lapse when that happens accidentally (recall the uproar over The Intercept and Reality Winner).

More evidence of CalPERS’ poor IT security practices comes via a lawsuit by former employee Nancy Michaels against CalPERS and former employee Melinda Lorenz-Anderson (nee Lorenz). Lorenz obtained access to, altered, and distributed copies of Michaels’ confidential personnel records to members of the state legislature, alleging that Michaels had obtained a promotion improperly.

Bear in mind that Lorenz did not have access to any personnel file as part of her job duties. She badged in after hours and got access to Michaels’ records. To have done so, she either had to have hacked CalPERS’ system or had someone provide her with a password and login of someone who had access. Under Federal law, engaging in unauthorized access to computer records is a crime.

CalPERS was aware of Lorenz’s breach; it launched a disciplinary action against her, with the punishment set to become effective after Lorenz’s retirement.1 Yet CalPERS was obligated to make a criminal referral, which it failed to do. On top of that, CalPERS in court is defending Lorenz’s “right” to disseminate the stolen information in such a way as to make it a public record….even after disciplining her for precisely this conduct. It is over my pay grade, but it seems highly doubtful that CalPERS would be supporting this line of argument had it made a criminal referral as it was obligated to

Needless to say, CalPERS’ overzealous defense of someone who unquestionably hacked CalPERS’ systems sends all the wrong messages to other CalPERS employees.

The Botched Effort to Interview JJ Jelincic

Lily Becker, a partner at Orrick, first rang JJ Jelincic on March 11. Jelincic told her he couldn’t speak then and she’d need to call back. It was a 38 second phone call (CalPERS may want to check its billings). She said she’d try again at 10:00 AM the following day. She did not call then.

Becker next called on March 19, again failed to get Jelincic live, and Jelincic returned the call the following day. Her next attempt was March 27, a full eight days later. She again missed Jelincic, who again dialed her the next day.

After two failures to connect by phone, if the matter were urgent or important, the logical move would have been to leave a message suggesting how to coordinate a time to speak, say via e-mail or through a secretary. But Becker tried calling Jelincic two more times before taking that step. The latest round of missed calls was when Becker rang Jelincic on April 4 and Jelincic returned her call on April 5.

On Monday April 8, Becker left a message asking Jelincic to come in for an interview in Orrick’s San Francisco or Sacramento office later that week and to e-mail to set a time. This is what transpired next:

From: JJ Jelincic
Sent: Tuesday, April 9, 2019 4:56 PM
To: Becker, Lily
Subject: meeting

This is not a good week. I’m working on a campaign. Next week doesn’t look a lot better.

What do you want to talk about?

JJ Jelincic

From: Becker, Lily
To: JJ Jelincic
Sent: Tuesday, April 9, 2019, 04:01:16 PM PDT
Subject: RE: meeting

Thank you for reaching out via email as I suggested, as I know we have been trading voicemails for several weeks. As I mentioned when we spoke the first time, we are conducting an investigation for CalPERS regarding certain leaks of confidential or closed session information from late 2017 to 2019. This week is the last week we are conducting interviews. Please let me know if you are available before the end of the week. It would be most useful if we could set up time for you to come to our San Francisco or Sacramento office.

Thank you,

Lily

From: JJ Jelincic
To: Becker, Lily
Sent: Wednesday, April 10, 2019, 07:49:59 PM PDT
Subject: Re: meeting

As I said this week doesn’t work.

I also cannot leave unchallenged your statement “As I mentioned when we spoke the first time, we are conducting an investigation for CalPERS regarding certain leaks of confidential or closed session information from late 2017 to 2019.” That is simply untrue. That first conversation was about that I was in the middle of something and could not talk then. We agreed you would call about 10:00 am the next day. That did not happen.

I actually had a conversation with Henry Jones on March 14 about you reaching out to me. He was aware of that and said you had spoken to him. However, when I asked him what it was about he said he would not tell me because he didn’t want to get ahead of you.

Your email of April 9 is the first time I knew what you wanted to discuss and that there was any deadline. There was normally about a week between the time I called you and you called back. That certainly showed no sign of urgency.

The last closed session I attended was in was in December of 2017. I would have no way of knowing if any information I received from staff since that time came from closed session.

JJ Jelincic

It may not be sufficiently obvious why this interaction does not smell right.

A critical bit of information is that Jelincic was a CalPERS employee through March 6, 2019. He had filed his retirement date well in advance, mid-December 2018.

In the March 14 meeting with Henry Jones, Jones mentioned that Orrick had already interviewed other board members. It is a reasonable assumption that Orrick would have scheduled at least some of the interviews at the time of the monthly board meetings, for the convenience of Orrick and board members who don’t live in Sacramento. Working back from that, Orrick almost certainly conducted some board member interviews at the latest at the February board meetings on February 19 through 21. That would mean it had been engaged, done preliminary research, and developed its investigation program, including its interview guide, before then.

That in turn means had CalPERS wanted to interview Jelincic, it easily could have while he was an employee. Jelincic would have had to take the meeting; he could also have requested that a union representative participate.

Instead, a presumably very competent Orrick partner made a minimal, leisurely effort to get a hold of Jelincic. When Jelincic made it clear that the week of April 8 was not convenient, suddenly Orrick says the interviews are about to be over and oh, by the way, tries to claim that Jelincic knew that they were about leaks, when he didn’t. Indeed, board member Henry Jones’ closed-mouthedness on March 14 about why Orrick was contacting Jelincic says he knew Jelincic didn’t yet know what the request was about….and Jones could have gotten that information only from the Orrick partner Becker.

It would be nice if CalPERS expended as much executive energy on improving its returns as it does on trying to prevent board members from doing their job. Indeed, the example of CalSTRS says that having a board that is active, pro-transparency, and engages in healthy give and take with staff, rather than acting as a rubber stamp, is consistent with higher returns. Too bad CalPERS is so determined not to eat the good governance cooking it feels so free to set before corporate America.

_____

1 Lorenz set her retirement date after the sanction and sanction date was set. It certainly looks as if the intent was to encourage her to retire rather than have the disciplinary action bite.

Print Friendly, PDF & Email

19 comments

  1. diptherio

    …another pathology at CalPERS: a concerted effort to keep things secret when there’s no sound basis for doing so.

    hmmmm….well it might be sound for somebody if they were, for instance, pulling a Fred and Al routine. Ya know, just sayin’…

  2. Susan the other`

    CalPERS is consistent. Protecting themselves like the NSA. The State of California is answerable to the public. It is probably the only organization that can dissolve CalPERS corporate structure and start managing the fund directly. Kinda like an integrity bankruptcy. And the longer it remains unresolved the worse it decays. It’s definitely a stage-5 debacle.

  3. skk

    Am I reading this right ? That after the initial userid and a one-time password Margaret Brown wasn’t able to, nay FORCED to, change it to something of her choosing, subject to strength requirements ? but was required to use the “one-time” password ? Unbelievable.

    1. Yves Smith Post author

      No, the passwords prior to September 2018 were not “one time” passwords. They were issued by CalPERS. Members of the six person Board Services Unit knew them plus they were e-mailed so anyone who had access to the e-mails besides the Board Services Unit also had access. Plus the formula was simple, so anyone who knew the formula (some if not all of the executives) could also have brute forced access under someone else’s account on not many at all attempts.

      Brown was unable to change it the first time she complained. She was just “issued” a new password, so [something similar in strength] to “boardmember2” became “boardmember3”. No joke, next one in the same sequence.

      Then after she complained a second time, the extent to which she was able to set her password was that she could pick the number after (in our illustration) “boardmember” so “boardmember[number chosen by Brown]”

      They have now changed things to allow/encourage board members to set their own strong passwords.

  4. flora

    Being a highly skeptical person, a red flag went up when I read the Jelencic/Becker email back-and-forth. Mr. Jelencic’s responses seem to indicate he was aware of the traps being set.

    Instead, a presumably very competent Orrick partner made a minimal, leisurely effort to get a hold of Jelincic. When Jelincic made it clear that the week of April 8 was not convenient, suddenly Orrick says the interviews are about to be over and oh, by the way, tries to claim that Jelincic knew that they were about leaks, when he didn’t.

    I think a soft attempt was made to create a deliberately misleading paper trail. imo.

    Thanks for your continued reporting on CalPERS, PE, and pensions.

  5. George Phillies

    California has an Attorney General. For some of these interesting episodes, that AG appears to have been Kamala Harris, who is now running for President. Reasonable folks might suspect that at some point her brilliant achievements in maintaining honesty and integrity at CalPers just might possibly show up during her campaign.

  6. Clive

    I almost don’t mind (so inured as I now am to it) attempt stitch-ups by the corporate hatchet men (and women, it’s an equal opportunities event these days to try to get one over on the presumed-unwary or lined-up fall guy). But only when they at least try to make a bit of an effort.

    The old email saying “Thank-you Clive for helping me when we discussed the latest mismanagement disaster de jour the other day, as you fully admitted you knew all about it, I’d be grateful if we can continue our review of the situation and how you intended to resolve it” (or some other similar feeble attempt at entrapment which couldn’t have entrapped a stoned, drunk rat which had eaten an entire blister pack of OxyContin), however, is especially annoying. It treats the weary recipient like they are an imbecile.

    Top man, JJ, for sending CalPERS winged monkey away with a flea in their ear.

    Note to Orrick: don’t send an intern to do a partner’s job. I know it’s CalPERS and you might think, not totally without good reason, that you can get away with any old tosh and they won’t notice, but not all board members (past or present) are totally clueless.

    1. Anders K

      Being of an optimistic mind (at least today), my take on this is that this is foot soldiers at Orrick phoning it in to actually prevent anyone innocent from being entrapped (yet still get those sweet sweet fees).

      I highly doubt the people at CalPERS will complain that Orrick didn’t entrap the desired victims – but considering their track record, they may send an email and record a voice message to that effect, for all I know. It would not be inconsistent with their usual performance.

  7. human

    To have done so, she either had to have hacked CalPERS’ system or had someone provide her with a password and login of someone who had access. Under Federal law, engaging in unauthorized access to computer records is a crime.

    Seems to me that this is elswhere in the news.

    1. Yves Smith Post author

      Please see this post: https://washingtonsblog.com/2019/04/4-myths-about-julian-assange.html

      Hint: This doesn’t apply to Assange, or at least the conduct described in the indictment doesn’t. He did’t get access and he didn’t assist Manning in getting access. He talked to Manning about “Oh, is there a way to get past this obstacle to a way to get to records that would hide your tracks as opposed to the way you can use now that doesn’t?”

      But yes, the press would have you think what Assange did with Manning falls in that category.

  8. Tom Stone

    Attorney General Becerra’s office is simply overwhelmed pursuing its 47 lawsuits against the Trump Regime!
    Or he’d be all over this, you betcha.
    My guess is that Newsome will be wearing this tarbaby around his neck within two years.

  9. The Rev Kev

    I know that it is not meant to be but I found this post absolutely hysterical. There are so many elements to this story that lends themselves to humour. That Orrick mob had better be careful where those leaks come from. They might actually discover the sources. CalPERS may be like the leaking ship where it is found that it is leaking from the top. Rather unfortunate name that Orrick by the way. What do people say when they have a whistle-blower problem in the C-suites? Time to bring in the “Orcs”?
    If I was JJ Jelincic, I would have gone along with that interview but demanded that it be a place and time of his choosing. I can see it now-

    Orc: “Who the hell is that?”
    JJ Jelincic: “Oh, that’s just my old-time buddy. He’s a big time lawyer now.
    Orc: “And what is that on the table?”
    JJ Jelincic: “Ah, that. That’s a microphone so we can record the interview. It goes with that video camera in the corner”
    Orc: “You can’t do that!”
    JJ Jelincic: “Never mind that now. Time of interview commencement is 9:43. Now, Are you now, or have you ever been, a member of a whistle-blower investigative team? And could you please face the camera when answering? Thank you”

    CalPERS IT security sounds like a joke. What you need is a BOFH to shake the place up. If there is a budgetary problem, then just sack a few PR droids. You do wonder what the IT mob use to log onto CaLPERS account. Is the administrative account called ‘admin’ with the password listed as ‘password’? If they get hacked, legally they will not have a defense that will stand in a court of law in any ensuing lawsuits. It could be that they have already been hacked but refuse to let news of this get out. That Lorenz example is just a case of one that did become public. If that did get out, there would be only one thing that they could do. Bring in the ‘Orcs’. Either that or question the cleaners. When they come into do their work at night and are alone, all they would have to do is read the passwords written on sticky notes stuck to those work computers. The pity with CalPERS is that they do not try to eat any any good governance cooking. What they make up on their own is brown and curly and it sure smells so you wouldn’t be wanting to try that.

  10. Sinecure on Wall St

    Shady lawyers performing unscrupulous acts at the behest of the most mismanaged, inept, corrupt, “pension” in the US, ya dont say

    Anyone lodge a complaint with the CA bar yet?

Comments are closed.