WASHINGTON — Global consulting giant McKinsey & Co.’s work with both the Pentagon and powerful Chinese state-owned enterprises poses a potential risk to national security that federal agencies can no longer ignore, lawmakers and critics say.
McKinsey’s consulting contracts with the federal government give it an insider’s view of U.S. military planning, intelligence and high-tech weapons programs. But the firm also advises Chinese state-run enterprises that have supported Beijing’s naval buildup in the Pacific and played a key role in China’s efforts to extend its influence around the world, according to an NBC News investigation.
There is no evidence or allegation that McKinsey has damaged U.S. national security, and U.S. authorities have not charged the firm with violating federal contracting laws related to its work with Chinese clients.
But with tensions high between China and the U.S., McKinsey’s business operations in both countries are coming under growing scrutiny. Critics say the firm, the world’s largest consulting company, needs to divulge more details about its work in China, particularly amid concerns in Washington about Beijing’s industrial espionage, arms buildup and intellectual property theft.
Apart from its consulting in China, McKinsey has come under sharp criticism from lawmakers and faced legal challenges over alleged conflicts of interest in other fields.
The company this year agreed to pay $573 million to settle allegations from 49 states that its work for opioid manufacturers helped "turbocharge" sales of the drugs, contributing to a deadly addiction epidemic. At the same time the firm was working for the pharmaceutical companies, McKinsey was advising the Food and Drug Administration on its prescription drug policy, according to court documents.
Asked about its work in China and the United States, McKinsey told NBC News that it abides by U.S. laws on federal contracting and that it has extensive internal rules to prevent conflicts of interest and to protect clients’ information.
“We follow strict protocols, including staffing restrictions and internal firewalls, to avoid conflicts of interest and to protect client confidential information in all of our work. When serving the public sector, we go further: in addition to managing potential staffing conflicts, we are subject to our Government clients’ organizational conflict of interest requirements and comply with these obligations accordingly,” a company spokesperson, Neil Grace, said in an email.
The Pentagon and other federal government agencies rely on McKinsey to carry out often sensitive work touching on national security strategy, cybersecurity and cutting-edge technology, paying the firm hundreds of millions of dollars for its advice and data-crunching.
Since 2008, McKinsey has undertaken over $851 million worth of consultant work for the federal government, with the Defense Department as the top client, generating nearly a third of the firm’s government revenue.
McKinsey has advised senior officials about weapons budgets, the Defense Department’s IT network, modernizing naval shipyards, developing technology for the Space Force and Air Force and evaluating the management of the F-35 fighter jet program.
“I can't see how you could work in the areas they're working in for the Defense Department and at the same time have the extensive connections in China, and not be compromised,” said Marianne Jennings, a professor of legal and ethical studies in business at Arizona State University. “If you just step back objectively, there's a great deal of risk here for the United States.”
In four federal contracts obtained by NBC News, including with the Defense Department and the Navy, McKinsey made no mention of its clients in China or any possible conflict of interest. Under federal law, contractors must disclose any possible conflicts of interest.
But McKinsey does not view its consulting for Chinese enterprises as a conflict, and experts say the federal government often doesn’t focus on a contractor’s foreign clients. Instead, federal officials usually look at whether a company has foreign ownership or control, and vet contractors’ employees for any security concerns. Still, the burden is on the contractor to divulge even the appearance of a potential conflict.
Lawmakers from both parties and critics of McKinsey worry its work with Chinese state-owned companies could allow Beijing access to valuable information associated with the firm’s extensive consulting with U.S. government agencies, possibly giving China an upper hand in its competition with the U.S. Even if no secret material was obtained by China, McKinsey could inadvertently provide Beijing with valuable insights into senior leadership and strategic thinking in the U.S. government, critics say.
In the past 13 years, McKinsey has worked on more than 60 contracts for different branches of the armed services and agencies within the Defense Department and there has been an uptick in the federal agency’s use of its services in the last five years, according to the federal government website USA spending.gov.View this graphic on nbcnews.com
Some of McKinsey’s work in Washington grants employees access to secret information, requiring a security clearance. A 2015 contract between the Pentagon’s Defense Information Systems Agency and McKinsey obtained by NBC News gave McKinsey’s team access to classified information.
The CIA hired McKinsey to help with a major reorganization of the agency during the Obama administration. After the 9/11 attacks, McKinsey advised the FBI on building its intelligence-gathering capability.
Information about the potential scope of McKinsey’s work with the intelligence community is not publicly available, as details about the intelligence budget remain classified. But a former senior U.S. intelligence official told NBC News that McKinsey continues to do consulting work for the intelligence agencies.
The Pentagon’s Defense Counterintelligence and Security Agency (DCSA) vets contractors before they are given access to classified information. The agency “takes seriously our responsibility to ensure only trusted personnel — both federal and contract — have access to classified information,” said spokesperson Christopher Bentley.
For contractors, the agency ensures that companies “are not adversely influenced or controlled by foreign interests,” Bentley said.
But the agency declined to comment about McKinsey’s work for the federal government. McKinsey was awarded a contract this year worth $1.2 million to advise the DCSA.
In China, vast state-owned or controlled enterprises have sought out McKinsey for “strategic” advice. Some of McKinsey’s clients were blacklisted in 2019 and 2020 by the U.S. government as actively undermining U.S. national security interests. (All blacklisting occurred after McKinsey’s contracts were already in effect.)
U.S. authorities say one of the blacklisted firms, the China Communications Construction Company (CCCC), and its subsidiaries built a network of artificial islands in the South China Sea, a project that the U.S. and its allies see as an attempt to intimidate and coerce neighboring countries that have competing claims in the waterway. CCCC’s dredging fleet constructed more than 3,000 acres worth of islands that have been turned into a string of military bases, with naval ports, runways, hangars, missile sites and radar, experts say. The Defense Department last year placed the firm on a list of companies deemed to have ties to the Chinese military.
The Commerce Department also placed CCCC on a separate blacklist and warned that transactions with Chinese firms on the list carry a “red flag,” recommending U.S. companies “proceed with caution with respect to such transactions.”
China Communications Construction Company put out a press release in 2015 promoting McKinsey’s role at a conference outlining the firm’s latest five-year plan.
McKinsey “made recommendations regarding the company's overall strategic objectives, business portfolio strategy, organizational control strategy, strategy implementation path, core competency development, and other aspects,” it said.
McKinsey has acknowledged commercial links to China Ocean Shipping Company (COSCO), a state-owned conglomerate that has played a key role in China’s naval expansion and Beijing’s bid to extend its global reach. COSCO has not been blacklisted by the U.S. government.
In a 2020 federal court filing related to McKinsey’s advisory role in a bankruptcy case, the firm cited its connection to COSCO. That same year, the shipping company said in a press release that it had received advice from McKinsey.
As part of China’s “Belt and Road Initiative,” COSCO has been pouring Chinese government money into ports around the world and other logistics hubs. COSCO in recent years has bought a majority stake in the Greek port of Piraeus, invested in a new container terminal in the United Arab Emirates, and purchased a major stake in the Peruvian port of Chancay.
COSCO is among a core of state-owned enterprises that are part of the country’s defense industrial base and are given special status by the ruling Chinese Communist Party, according to regional analysts. The company has provided logistical support to the Chinese navy’s escort operations in the Gulf of Aden and experts say it serves as the maritime logistical arm for the People’s Liberation Army (PLA).
Meanwhile, McKinsey advised the U.S. Navy on plans to modernize its network of naval shipyards.
McKinsey, which set up business in China in the 1990s, says on its website it employs more than 1,000 people at six offices across the country and has carried out more than 1,500 “engagements” with Chinese clients in the past five years.
According to McKinsey, the firm’s work in China is carried out through a separate legal entity and most of its consulting does not involve state-owned enterprises (SOEs).
“The vast majority of that work is for the private sector, including with U.S. and other multinational companies. Our limited work with SOEs focuses on the same core commercial and operational topics on which we serve other major corporations,” Grace, the company spokesperson, said.
The company declined to discuss its work with specific Chinese clients, including those that appear on U.S. government blacklists.
Grace said McKinsey follows an extensive internal policy to evaluate potential clients and does not serve political parties anywhere in the world or defense, intelligence, justice or policing institutions in countries with low rankings on the Economist Intelligence Unit’s Democracy Index.
But experts say major state-owned companies in China are virtual arms of the ruling Communist Party and have senior party officials embedded in the enterprise’s leadership.
Asked about its relationship with Chinese enterprises with ties to the country’s military, Grace said, “Consistent with our client service policy, we do not serve any clients in China on topics connected to defense, intelligence, justice or police issues.”
According to the company’s policy manual, McKinsey employees “are required to disclose any potential conflicts of interest, whether real or perceived, and to consult with relevant firm leaders and governance bodies on how best to handle the situation.”
McKinsey also maintains strict standards on protecting data and ensuring “information security,” Grace said.
“All client information, whether from the U.S. government or any other client, is subject to broad safety and security procedures that we regularly assess and test to ensure that the firm is deploying rigorous security measures," he said. "We follow all U.S. government requirements for handling its sensitive data — including where appropriate doing work on separate IT devices or only on client systems — and employ the requisite hardware and other security protocols to meet our obligations."
The McKinsey way
Founded in 1926, McKinsey has built up a vast consulting business with 36,000 employees and dozens of offices around the globe, advising governments and top corporations. Known for its connections in the upper echelons of corporate power and for shaping how American companies operate, McKinsey has a loyal alumni network, including numerous CEOs and top government officials.
According to Duff McDonald, author of a 2013 book on McKinsey, "The Firm: The Story of McKinsey and Its Secret Influence on American Business," the company’s business model hinges on what it calls confidentiality. McKinsey often does not reveal who its clients are or the nature of its work.
The firm is able to operate behind a wall of “confidentiality” partly because the management consulting industry is virtually unregulated, both in the U.S. and around the world, according to experts.
The tight-lipped firm says the principle of confidentiality allows it to protect the interests of its clients. But critics say McKinsey’s insistence on secrecy allows it to operate without accountability, and to provide advice to clients whose interests might be diametrically opposed.
“I don't think they have much compunction about working for anyone at all,” McDonald said.
‘No reason’ to hire McKinsey
Under federal contracting law, companies are required to disclose any conflict of interest, or appearance of a conflict, when bidding on a proposal, and to present a plan to address the conflict. It remains unclear if McKinsey has disclosed any potential conflicts of interest due to its work with Chinese firms, including in its contracts for the Defense Department.
In the four federal contracts obtained by NBC News between McKinsey and the Defense Department, the Navy and Customs and Border Protection, the consulting firm did not cite its clients in China or any apparent conflicts of interest.
For a 2018 contract for the Naval Information War Center Atlantic, which provides satellite communications and other information technology support for naval forces, McKinsey “did not make a disclosure of possible appearances of conflict of interest,” a Navy spokesperson said.
The U.S. Navy “was unaware of McKinsey’s work with any Chinese state-owned enterprises,” the spokesperson added.
For the 2015 contract between McKinsey and the Pentagon’s Defense Information Systems Agency (DISA), which runs the military’s computer network, the agency “was not aware of any conflict of interest or a possible appearance of a conflict of interest” concerning the contract, said Mary Constantino, spokesperson for DISA.
Asked about hiring McKinsey in the future, Constantino said the agency “cannot speculate on prospective work and has no pending awards.”
A spokesperson for the Defense Department, Jessica Maxwell, said that “each contract is examined individually” and the department “won’t speculate on future contracts or bids for contracts. “
Sen. Marco Rubio, R.-Fla., has demanded that the firm offer more information about its work in China and explain how it prevents possible conflicts between its consulting business for the U.S. government and for Chinese clients.
In a November 2020 letter to McKinsey, Rubio complained that the firm had failed to directly respond to many of his questions in earlier correspondence. The senator wrote he was concerned the firm “either wittingly or unwittingly — is aiding the Chinese Communist Party’s attempt to supplant the United States.”
The senator asked McKinsey if it sought to avoid working with Chinese clients in areas of critical national security interest to the U.S., including telecommunications, the military and health care.
The firm did not directly answer the question but said it could not disclose information on specific clients or engagements because of its “contractual and professional obligations to maintain confidentiality,” according to Rubio’s letter.
Rubio also asked McKinsey what kind of safeguards the firm had in place to ensure its work for U.S. government entities did not inform its work with Chinese companies. The firm provided no answer, Rubio wrote.
In addition to the exchange of letters, Rubio’s senior staff and top policy advisers met with members of McKinsey’s global leadership team via Zoom in March, according to a congressional aide present.
“Most of the meeting consisted of generalities, platitudes and broad denials of wrongdoing or conflicts of interest. Every time a member of Sen. Rubio’s staff asked specific questions, McKinsey’s leadership repeated that they could not discuss their clients,” the congressional aide said.
Rubio told NBC News the federal government should stop hiring McKinsey for consulting work.
“There is no reason the U.S. Government should continue using McKinsey given the company’s inability to provide clear, direct answers about its work in China,” Rubio said in an email.
The McKinsey spokesperson confirmed the company’s senior leadership in the U.S. and Asia met via Zoom with Rubio’s staff this year.
“We have discussed our approach to client selection with the senator's office at length, including the diligence efforts we undertake to ensure that each client engagement complies with all necessary guidelines, regardless of where that service takes place,” Grace said.
“We also discussed with the senator's office our extensive internal safeguards to mitigate potential conflicts of interest and wall off sensitive information. We remain available to continue those discussions,” he added.
Rubio has proposed legislation that would require federal contractors to reveal any commercial ties with the Chinese government, military or state-controlled entities. Other lawmakers have proposed bills to prevent U.S. contractors from buying key technological equipment or solar panels from Chinese firms.
Rep. Mike Rogers of Alabama, the ranking Republican on the House Armed Services Committee, said it was important to know whether taxpayers' dollars are “fueling China’s military modernization.“
“If a federal contractor has ties to the [Chinese Communist Party] and its civ-mil fusion apparatus, the government should have tools to punish that behavior and rethink whether that company has the privilege of doing business with the U.S. government,” Rogers said.
The Chinese government and military’s increasingly tight control over the private sector is forcing the U.S. to “rethink our trade and commercial relationship,” including how federal contracts are vetted, said Michael McCaul of Texas, the ranking Republican on the House Foreign Affairs Committee.
McCaul said McKinsey’s work deserved “greater scrutiny” and the federal government needed to demand more transparency.
“Transparency is a core tenet of our democratic system. If the U.S. government is spending taxpayer dollars, it makes sense to understand how federal contractors are doing business with an adversary’s military,” McCaul said.
McKinsey is not the only consulting company doing business with the federal government and Chinese state-owned companies, and the emerging cold war between Beijing and Washington has created a dilemma for these firms, experts say.
U.S. defense contractors that work with the Pentagon are subject to strict laws and rules about what weapons and technology they can provide to foreign governments. But management consulting firms fall into a gray area, as they are selling advice, according to a former senior Pentagon official.
“If U.S. consultants gain knowledge about how the U.S. government works and transfer that knowledge to the Chinese government, that would be a red flag,” said the former official.
Ensuring nothing spills over to a foreign client poses a difficult challenge, the official said. “Call me a skeptic, there might be ways to firewall it, but I just don’t know if those are sufficient to protect national security.”
China also worries U.S. firms could hand over sensitive information to its adversaries in Washington, and has imposed increasingly tough restrictions on American companies operating in the country, experts say. U.S. companies operating in China are under pressure to store data locally, making them increasingly vulnerable to Beijing scooping up proprietary data.
McKinsey’s track record
In other work carried by McKinsey, the firm has faced accusations of conflicts of interest, and in some cases has apologized or agreed to costly settlements out of court.
Earlier this year, McKinsey agreed to pay nearly $600 million to settle investigations into its role in helping boost opioid sales. Lawsuits turned up documents showing how McKinsey pushed to ramp up sales of Purdue Pharma’s OxyContin painkiller as a deadly opioid crisis gripped the country. The firm also sought to help Purdue fend off potential regulations by the FDA, even as it did consulting work for the FDA, according to court documents.
The House Committee on Oversight and Reform announced this month that it was launching an investigation into McKinsey’s consulting work for the opioid manufacturers, seeking documents regarding “the company’s conflict of interest, and its apparent failure to monitor and prevent harmful practices.”
McKinsey has come under federal investigation and been sued over allegedly flouting bankruptcy laws that require advisers to be disinterested advocates for clients and to disclose all relationships that might give rise to a conflict of interest.
In 2019, McKinsey paid $15 million to settle an inquiry by a unit of the Justice Department into whether it violated disclosure rules designed to prevent conflicts of interest in corporate bankruptcies. The firm, however, did not admit to any wrongdoing.
Last year, McKinsey agreed to forfeit millions of dollars in fees for advising Westmoreland Coal Co. in its bankruptcy, as part of a deal with federal officials probing Westmoreland’s compliance with bankruptcy laws.
In South Africa, the consulting giant became embroiled in a corruption scandal after authorities began a fraud investigation into a $120 million contract McKinsey had worked on with a public utility company, Eskom. The company had ties to the billionaire Gupta family, close friends of former President Jacob Zuma who were found to have pocketed public funds by South Africa’s anti-corruption watchdog in 2016.
McKinsey issued an apology in 2017 over the Gupta case, saying it was “embarrassed” by the individuals whose work “fell short of our standards.”
“There appears to be a pattern of behavior from McKinsey,” said Sen. Maggie Hassan, D-N.H. “Whether it be the health of Americans or the national security of our country, McKinsey has repeatedly taken actions that create serious concerns about conflicts of interest.”
McDonald, author of "The Firm," said the company’s bankruptcy work, its role in the opioid crisis and other examples show it has failed to regulate itself.
“They say the nature of the business is such that we maintain strict confidentiality. OK, well then in that case, you're the only ones that can regulate this,” McDonald said. “And all the recent evidence in the last few decades suggests that they are either incapable, inept or not inclined to do so.”