In December we briefly reported on a significant DOJ fine of $650m against McKinsey & Company. This fine was levied as part of a criminal and civil settlement between the consulting firm and the DOJ in relation to the firm’s work with Purdue Pharma on the marketing and sale of OxyContin. OxyContin is an opioid painkiller with highly addictive properties.
According to the DOJ press release, the settlement and deferred prosecution agreement are a part of “ongoing efforts to hold actors accountable for their roles in the opioid crisis.”
The Agreed Statement of Facts (statement), also currently posted prominently on the McKinsey website, makes for fascinating reading. It lays bare the frequently noted moral and ethical void on the part of the family members controlling Purdue, but is also a damning indictment of the culture at the consulting firm itself. It illustrates the dangers of presenting clever and hard-working people with work assignments that are unmoored from the human consequences resulting from their actions and the solutions that they devise.
This case has been written about and analyzed at length and there is already some excellent and exhaustive existing commentary.
Records destroyed
However, worth noting by specialist compliance and surveillance readers in particular is that one of the felony charges is related to McKinsey “knowingly destroying records, documents and tangible objects with the intent to impede, obstruct, and influence the investigation.”
Section XVII (pages 59 to 64) of the statement outline the actions of McKinsey partners that led to this felony charge.
They demonstrate not only the awareness by the partners and staff of the fact that the consulting work was potentially untenable, but also a clear understanding of the importance of reducing or eliminating records in order to potentially avoid responsibility and accountability.
In this context the messages between the McKinsey employees and partners involved are an instructive case study. They include the following exchanges and actions:
| iMessage exchange about emailing “opioid decks” to Purdue Pharma executives [Partner 3 and Consultant 6] | Partner 3: “what’s bad in that deck…” Consultant 6: “Nothin [sic] bad. We said we wouldn’t do it. And creates a trail to the inline discussion. These guys will be deposed. Best our emails are not sucked into it.” |
| Text message about OxyContin sales force reduction [Consultant 6 and another McKinsey Partner] | Consultant 6: “Don’t want to create an email trail but the board decided to pull all reps from OxyContin.” |
| Private / work email exchange [Partner 2 and Partner 3] | Exchange between two work email addresses. Partner 2: “Hope you’re well. Can you send me your private email address. Want to send you a note.” Partner 3 reverted with private email address. Follow on message to this private email address from Partner 2: “Just saw in the FT that [a Purdue Pharma board member] is being sued by states attorneys general for her role on the [Purdue Pharma] Board. It probably makes sense to have a quick conversation with the risk committee to see if we should be doing anything other that [sic] eliminating all our documents and emails. Suspect not but as things get tougher there someone might turn to us.” [Emphasis added in statement] Response to message above from Gmail address by Partner 2: “Thanks for the heads up. Will do.” |
| Email to self [Partner 2] | Subject line: When Home Item listed: “delete old pur [Purdue Pharma] documents from laptop[.]” |
| Email to self [Partner 2] | “Remove Purdue folder from Garbage” |
| Action [Partner 2] | Purdue Pharma folder removed containing more than 100 items “may of which appear to be dated in critical timeframes” and seven of which “include the name of the Purdue Pharma CEO. The Outlook event log showed that the deletion was not the partner’s “typical practice”. |
It appears that investigators were not able to subsequently retrieve the deleted documents and related off-channel communications. This would certainly have at the least colored the DOJ view of the firm and its culture and, possibly, had some impact on the size of the settlement.
If nothing else, it is a cautionary tale and highlights the need for an awareness of what channels are being used for business communications and the need for a policy / alert system that triggers an early warning when those channels are being circumvented.
To be sure, the company created a document titled How We Have Changed in December that outlines the significant changes it has made since 2019 to its technology, risk management policies, internal controls, Code of Conduct, training programs and staffing resources in order to make the operational and cultural corrections needed to avoid further violations and reputational damage.
Along with the statement outlined above, this external-facing document could serve as a blueprint of action for other firms, as it is intended to hold McKinsey to the high standards clearly outlined in it.
