Over on The Financial Times blog, John Gapper provides some details and analysis of Anil Kumar's guilty plea in the Galleon insider-trading scandal. For those who have not been following the situation closely, Anil Kumar, a former McKinsey Director, "put his own reputation -- and that of the firm -- at risk for $2.6m … which is said to have been paid to him in return for providing inside information on companies he gleaned through his work at McKinsey," according to Gapper. There are really two procurement ironies and lessons we can draw from this. For one, Kumar, whom I previously referred to as the "knowledge-process outsourcing godfather," was the original thought leader who introduced the idea of companies sharing confidential information with offshore partners in the spirit of both savings and efficiency (obviously, trust never quite factored into that notion).
Perhaps the more important lesson for procurement in all of this is that we should step back and think about the level of comfort we feel with sharing information with our services suppliers. It doesn't matter whether a vendor is a $9.50/hour janitor working the night shift cleaning executive offices or a $200K/week 4-person consulting team pouring over confidential product information and financial forecasting data; what does matter is the level of controls we place on specific information, and the overall contractual obligations to which we require our suppliers to adhere. For example, why not require services suppliers and their employees to regularly sign documents attesting to their willingness to be held personally and professionally liable -- individually and collectively -- for any of their actions that involve information breaches -- and by extension, the actions of their peers? And what about individual and firm background checks as part of the initial supplier on-boarding and ongoing management processes?
Of course we could punt on this issue entirely and opt to keep McKinsey, IBM, Accenture -- not to mention Manpower, Adecco, and other staffing providers -- out of our halls entirely, giving up the flexibility and expertise that consulting and contingent workforces can bring. I know of some companies who are partially taking this path by being more restrictive in the types of information they share with services partners, and the level of access they provide them. In outsourcing arrangements, however, being restrictive in any way can become problematic. Regardless, one thing is clear: Kumar's admitted "shame and embarrassment" will not suffice to put procurement organizations at ease about the types of confidential information to which vendors -- working on-site or off -- have access.