23-04-2025
McKinsey's compliance failure is a case study in corporate complicity
The McKinsey case forces us to ask uncomfortable questions about the behaviour of multinationals operating in governance-compromised jurisdictions. It is easy for firms to speak the language of ethics and integrity from glass towers in New York or London. But it is at the coalface, when ethical decisions are inconvenient, risky, or expensive, that a company's real values are revealed.
McKinsey & Company's role in South Africa's State Capture saga is not just an ethical blemish on one of the world's most prestigious consultancies, it is a case study in how corporate compliance frameworks can be rendered toothless when commercial appetite trumps integrity.
Through its partnerships with Regiments Capital and later Trillian Capital Partners, entities with clear links to the Gupta family, McKinsey embedded itself in the machinery of corruption that drained South Africa's state-owned enterprises. These weren't passive associations. They were deliberate business relationships formed in the face of serious reputational and legal risk. Despite overwhelming indications that these local partners were part of a broader State Capture project, McKinsey pressed ahead. It did so not in ignorance, but in defiance of the red flags.
Compliance protocols failure
McKinsey's internal compliance protocols failed at every critical juncture. Due diligence processes that should have flagged conflicts and corruption risks were either poorly executed, overridden, or deliberately ignored. Even after internal concerns were raised, such as those relating to Trillian's ties to the Guptas, decision-makers within the firm did not intervene. In effect, the very systems designed to shield McKinsey from reputational and legal exposure were sidelined in service of short-term commercial gain.
This was not simply a local compliance failure; it was a global governance collapse. McKinsey's international leadership structures, including its global risk committees, knew, or should have known, about the risks associated with their South African operations. Yet the firm's internal architecture failed to act. That failure underscores a critical flaw in how compliance is often practiced: as a procedural façade, rather than a genuine organisational constraint.
What this tells us is that compliance frameworks cannot be assessed by their existence on paper. McKinsey had protocols. It had ethics officers. It had codes of conduct and formalised approval channels. But what it lacked, at least in this context, was a corporate culture that enabled those structures to interrupt profit-driven decision-making.
The uncomfortable questions
The McKinsey case forces us to ask uncomfortable questions about the behaviour of multinationals operating in governance-compromised jurisdictions. It is easy for firms to speak the language of ethics and integrity from glass towers in New York or London. But it is at the coalface, when ethical decisions are inconvenient, risky, or expensive, that a company's real values are revealed.
In contexts like South Africa, where public procurement systems are easily manipulated and political interference in state-owned entities is endemic, the burden on private firms to self-regulate is even higher. But McKinsey's conduct suggests the opposite: that weak institutional environments are treated not as compliance hazards, but as commercial opportunities.
The scandal also punctures the illusion that Environmental, Social and Governance commitments, particularly those relating to governance, present more than aspirational branding. McKinsey, like many global firms, has embraced Environmental, Social and Governance commitments in its external communications, claiming leadership in corporate integrity. But its actions in South Africa call that narrative into question.
'You cannot claim Environmental, Social and Governance leadership in your annual report while enabling corruption in your offshore operations.'
Investors and regulators are no longer satisfied with platitudes. They are asking whether companies are living their values, or merely marketing them.
The lessons
There are critical lessons to be learned.
First, compliance systems must be context-sensitive and embedded across global operations. What constitutes a red flag in Frankfurt may require entirely different scrutiny in Johannesburg.
Second, local compliance professionals must be empowered to veto or suspend deals, regardless of profitability. This requires not just technical capacity, but institutional support from leadership.
Third, accountability must flow upward. When compliance collapses, it should not be the middle managers or local partners who shoulder the blame, while senior leadership escapes scrutiny.
McKinsey's eventual apology and repayment of R870-million to Eskom, while necessary, does little to address the structural flaws that allowed this conduct to occur. Nor does it restore the trust lost by public institutions whose mandates were undermined by self-interested private actors. Restitution without reform is hollow.
If anything, the scandal should disabuse us of the idea that elite global firms are inherently ethical actors. Prestige does not equal integrity. And in weak governance environments, corporate opportunism will almost always fill the vacuum left by absent enforcement.
For McKinsey, the fallout has been a reputational reckoning. But for South Africa, it is a warning: as long as the compliance frameworks of international firms remain reactive, fragmented, and culturally disconnected from the realities on the ground, the private sector will continue to play a central role in enabling State Capture.
The regulatory response must be robust. South Africa needs stronger cross-border enforcement tools, tighter controls on public-private partnerships, and an empowered prosecutorial authority capable of holding both domestic and international actors accountable. But perhaps more urgently, the global legal and compliance community must recognise that 'doing business responsibly' in vulnerable states means more than following internal rules. It means refusing to participate, explicitly or implicitly, in systems that exploit institutional weakness for private gain. DM
Annerize Shaw (Kolbé) is a specialised attorney of the High Court of South Africa, an LL.M. candidate in Corporate and Commercial Law at the University of London, and a member of the Institute of Advanced Legal Studies, London. She is a published author in the field of international comparative law, with a focus on corporate compliance and legal sector transformation.
