Tuesday, August 5, 2008

Preventing Fraud at Public Pension Funds


Today I am going to discuss a subject that very few people really understand: preventing fraud at public pension funds. Fraud can happen at any institution but when big money is involved, it is imperative that fiduciaries and stakeholders take the necessary measures to prevent fraud from occurring in the first place.

Last week I defined the five major risk categories below taken from CPP Investment Board's site:

  1. Investment risk: The risk inherent in achieving investment goals and objectives, including market, credit and liquidity risk. The operationalization of our Risk/Return Accountability Framework has substantially increased the risk management focus of our investment decision-making. Under this approach, risk decisions are made at the total portfolio level. The board of directors approves an active risk limit, and management strives to maximize active returns within this limit not within individual asset classes.

  2. Strategic risk: The risk that an enterprise or particular business area will make inappropriate strategic choices or be unable to successfully implement selected strategies. The CPP Investment Board's business plans are created annually to operationalize our strategic direction. Progress against the business plans is reviews quarterly by senior management with our board of directors.

  3. Legislative and regulatory risk: The risk of loss due to non-compliance with actual or proposed laws, rules and regulations and prescribed industry practices. Our primary risk management strategy here is our compliance management process, which ensures we have robust practices in place to manage legislative and regulatory risk. It includes oversight by our Legal department and also obtains input from external legal counsel to ensure completeness and accuracy in compliance with all relevant regulations.

  4. Operational risk: The risk of loss from inadequate or failed internal processes, people or systems, or from external factors. Strategies to mitigate operational risk include performing risk and control reviews and continuing our strong hiring practices to ensure that we have the right resources to meet our business challenges. Our operational risk activities also include a business continuity program that defines the best response to any business interruption at the CPP Investment Board.

  5. Reputation risk: Risk of loss of reputation, credibility or image due to internal or external factors. Reputational risk management will continue to be a key focus for our Enterprise Risk and Controls Group in 2008. We will strengthen our approach by building on the solid foundation we currently have in place. The CPP Investment Board has built a culture based on strong ethics which guides all our activities as reflected in our code of conduct. As an example, all employees and directors are required to disclose and personal trading or business interests that might lead to a real potential or perceived conflict of interest or result in personal benefit.

In terms of fraud, the major risks lie in operational risk and reputation risk. These risks are compounded when pension funds allocate money to external hedge funds, private equity funds, real estate funds, infrastructure funds and/or when internal investment managers engage in complex investment activities that require complicated modeling techniques to arrive at a valuation of their investment activity. These "valuation risks" are typically found in very illiquid instruments or markets which hardly trade.

Unfortunately, while many pension funds incorporate strict conflict of interest policies that govern the board, management and employees, a lot more needs to be done to prevent fraud from occurring at public pension funds. In particular, I argue that stakeholders should demand nothing less than an independent annual review of all operational activities by operational risk specialists and by certified fraud examiners (CFEs).

When I was analyzing hedge funds, I was directly responsible for due diligence of external hedge fund managers. This entailed comprehensive investment, operational and risk management due diligence prior to recommending an investment in a hedge fund. I would never sign off on any investment that I was not comfortable with and even then, nothing guaranteed that fraud would not occur. (The only way you can significantly curtail operational and investment risks with external hedge funds is by putting them all on a managed account platform where you have full transparency of the underlying portfolio. Of course, full transparency requires liquidity and an understanding of the risks or else you can still suffer material losses).

Another way is to make sure you perform rigorous background checks on hedge fund and private equity managers and that you use qualified third parties to conduct a rigorous operational due diligence. For example, Castle Hall Alternatives is a firm that specializes in operational due diligence on hedge funds. It is well known that most hedge fund blowups occur because of operational risks. Castle Hall's founder, Chris Addy, regularly writes a blog on all sorts of operational issues. One of the cases he reported on was DB Zwirn's wind down of its largest hedge funds.

On that case, Mr. Addy stated the following lessons for investors:

Firstly, shareholders will not get their money back instantly: given the reported 60% portfolio allocation to "illiquid" assets, we imagine that the repayment / distribution process will be lengthy. Investors do not need a catastrophic fraud to nonetheless find themselves in a long and potentially painful work-out situation.

Secondly, a hedge fund management company is a business, and the nuts and bolts of running a company matter. Hedge fund managers are not miraculously immune from exactly the same accounting and operational challenges that any business has to address day in, day out. As we have often said, hedge funds are not institutions: managers are small, entrepreneurial firms without - in virtually all cases - an "institutional" infrastructure.

Even at the largest, standalone hedge funds, it is quite possible for asset growth and portfolio complexity to run significantly ahead of available back office resources. Moreover, the frantic back office teams can be so overwhelmed with day to day settlement and trading that it is easy to see how mundane management company accounting can get lost in the mix.
Yet, a hedge fund is a business, and it's business 101 that you need to keep the books, keep them accurately, and keep them up to date. It's clearly a pity if you can afford a private jet but not a bookkeeper.

Thirdly, delays in the issuance of audited financial statements can have significant ramifications. Fund of funds, for instance, may have been unable to issue their own financial statements if DB Zwirn was a material position in their own portfolios. After six months of delay, if a fund of funds cannot issue its own financials, it may find itself violating SEC custody rules - we imagine that there were plenty of fund of fund CFO's pretty unhappy with the private jet accounting by this point. AU 332 also creates problems for investors needing to provide their own auditors with copies of underlying fund financial statements.

Next, the obvious protection for investors (and equally, in this case, for the manager himself) would have been for the DB Zwirn funds to appoint an administrator. Administrators can (and should) keep independent accounting records for non investment items such as fees, expenses, inter company transfers etc. etc. If a fund chooses to be self administered, however, investors must recognise that there is only one set of books, no independent checks and balances, and that the NAV is entirely dependent on the quality and accuracy of the firm's in house accountants.

Importantly, Mr. Addy adds:

But, therein lies the rub - prior to DB Zwirn, the largest fund which "failed" as a result of a breakdown in accounting was Archeus Animi. In that instance, the manager claimed that the fund's administrator, GlobeOp, had failed to maintain adequate portfolio accounting records. The result was the same untenable delay in the issuance of audited financial statements and the same vicious circle of lost investor confidence. The problem in this case, however, was that the manager chose to outsource all accounting and did not keep full, parallel records in house: they were hence unable to detect problems on a timely basis and unable to use their own records to correct the administrator's alleged mistakes.

From our side, we continue to believe that the best investor protection comes from the tried and tested model of true, third party administration, with both the investment manager and an administrator each running their own books and records. Two sets of books may seem like overkill, but DB Zwirn and Archeus are painful examples of why this is always necessary.

As I stated above, apart from reliable third party administration, which you also need to do a due diligence on, investors who have the means should look into setting up managed accounts that they have full control over.

But what does this have to do with fraud at public pension funds? It turns out that most public pension funds are more stringent on controlling operational and fraud risks from external managers than they are at controlling their own internal operational risks. Improper segregation of duties, lax controls, outdated policies, inefficient support staff and systems, high employee turnover rates, etc., can all lead to serious operational failures, conflicts of interest and even outright fraud.

In fact, there have been documented cases of fraud at public pension funds. For example, if you read James Ray's 2005 testimony before the United States Senate Committee on Health, Education, Labor and Pensions on protecting America's pension plans from fraud, he cites countless examples on potential conflicts of interests and fraud cases.

One of the examples he cites was the case of Capital Consultants. I quote the following:

Much has been made of the fact that Capital Consultants salesman Dean Kirkland provided free trips and other valuable gifts to some trustees of some pension plans, and that one trustee was paid substantial cash kickbacks. Needless to say, this conduct was improper in an ERISA context. Kirkland and a trustee who received the cash kickbacks were properly convicted of crimes under existing law. There is no lack of law prohibiting such misconduct, or governmental authority to investigate.

Section 1954 of Title 18 of the United States Code, under which Kirkland was convicted, makes it a crime for service providers (and others) to offer or give a kickback to ERISA plan fiduciaries, and makes it a crime for any ERISA plan fiduciary to solicit or receive a kickback. In addition, ERISA itself treats such a kickback as a prohibited transaction
that subjects the giver and the recipient to various civil remedies. And, in the context of labor-management relations, the Taft-Hartley Act (Section 302 of Title 29 of the United States Code) generally prohibits employer payments to union representatives.

The Labor Department’s Employee Benefits Security Administration has broad authority (including subpoena powers) to investigate whether such a criminal or civil violation has occurred. In the context of multiemployer plans, the Labor Department’s Inspector General also has criminal investigative authority.


The fact is that many in the investment community consider “travel and entertainment” for pension plan clients to be normal marketing; the kind of thing that “everybody does” because if they don’t their competitors will. This is how business is conducted in the marketplace. I’ve heard some investment firm representatives say that their firms get upset if they don’t spend their marketing budgets to get “face time” with clients. There seems to be little understanding among investment firms, or at least their representatives, that some marketing practices that might be “business as usual” are simply unlawful, even criminal, if used in the context of an ERISA-covered pension plan. This needs to change, but will only change if the investment firms realize that their business interests are better served by compliance with ERISA’s restrictions
on payments to or for plan fiduciaries. If investment firm representatives cease offering gifts and gratuities to plan fiduciaries, there will be nothing for plan fiduciaries to accept.

Finally, take the time to review Benchmark Financial Services' article on the long overdue Florida public pension clean-up. I quote the following:

We estimate that approximately $1 billion has been lost by Florida public pensions as a result of broker- consultant schemes. Tragically Florida taxpayers have had to contribute more to fund these underperforming retirement plans for state workers. Florida public pensions have suffered for decades as their broker-consultants profited. There is plenty of blame to go around because it was in no one's interest to expose the wrongdoing. A clean-up is long overdue. Let's hope that the winds of truth have finally begun to blow into the sheltered world of the Florida public pension community.

It is my contention that as long as pension plan stakeholders do not commission an independent annual investment and operational risk assessment of all internal and external activities, including a fraud assessment performed by independent certified fraud examiners, then stakeholders will remain vulnerable to investment, operational and fraud risks.

Moreover, as I stated last week, stakeholders should work with certified fraud examiners to develop and implement comprehensive whistle-blowing protection policies which ensure that employees are protected if they divulge any fraudulent and/or inappropriate
activities taking place at pension funds. This is absolutely crucial for detecting and mitigating against fraud, mismanagement and conflicts of interest at public pension funds.

There is simply too much at stake to turn a blind eye to these activities. As public pension funds undertake increasingly complex internal and external investment activities, all stakeholders deserve an independent public annual report that rigorously assesses investment, operational and fraud risks.

Important note: Those of you looking to mitigate investment and operational risks at pension funds should go the Association of Public Pension Fund Auditors website and click on references and links for key documents. Alternatively, you can scroll down the right hand side of this blog until you reach the pension governance section and view those and other important documents on governance best practices.