News, Vision & Voice for the Advisory Community


McKinsey's $31-billion RIA for McKinsey staffers pays $18 million fine, a real 'slap on the wrist' considering 'repeated violations' related to having zero recusal process for insiders in its compliance plan, a lawyer says

Federal regulators allowed McKinsey to settle without admitting insider trading violations for its in-house RIA but censured the firm and ordered it to 'cease and desist' from future violations.

Tuesday, December 21, 2021 – 11:54 PM by Oisin Breen
no description available
Ari Sonneberg: 'Why [did] the punishment stop short of a penalty with real teeth that would objectively prevent this from recurring?'

Brooke's Note: The easiest way for an RIA to get in trouble with the SEC is to make a compliance plan and then not follow it. McKinsey Investment Office Partners did not make that mistake. When it came to addressing the fact that the $31-billion RIA had McKinsey staff in possession of insider information -- from its consulting business -- who influenced the RIA's investment decisions, it simply did not make any plan for those conflicts whatsoever, according to the SEC. It may have been a good way to avoid any big trouble. Caught without a plan, MIO is only being asked to cough up $18 million and make a plan addressing how it intends to avoid the potential for trading on insider information. McKinsey now characterizes its new plan as "best practices." McKinsey is -- with revenues nearing $11 billion -- perhaps the world's largest purveyor of managerial best practices but our legal sources are not convinced it brought its best intentions to how it ran its RIA.

Wall Street's top cop is collecting $18 million and censuring McKinsey's in-house RIA, after finding it had no process in place to prevent active McKinsey partners with insider information from directing investments in "willful" violation of federal law. 

The Securities and Exchange Commission (SEC) settled its case against McKinsey Investment Office Partners (MIO) late last month. The agency found the need to create a recusal plan for insiders who have a foot in the MIO and McKinsey camps.

Gurbir Grewal: Access to material nonpublic information... presents a heightened risk of misuse.'

"From at least 2015 through 2020 [MIO failed] to establish, maintain, and enforce written policies and procedures ... to prevent the misuse of material non-public information," the SEC filing states.

MIO was formerly named Paul Harris Management, and the 1992-founded RIA manages $31.5 billion, up from $26 billion in January 2019. It exclusively serves current and former McKinsey partners, employees and family members.

The SEC's settlement did not require McKinsey to admit to compliance violations, though it did require it to rewrite its compliance plan.

The SEC also did not identify any instance where MIO or its New York City parent misused such insider information.

However, the regulator found that "the risk of misuse ... was real and significant," and ordered it to "cease and desist from committing or causing any violations" in the future. 

"[MIO] got away with it for so long because either, no one cared to look or it was known and a blind eye was turned. It is hard to imagine that many a McKinsey insider were not aware of what was going on," says Ari Sonneberg, partner and chief marketing officer for Wagner Law Group in Boston.

"It is truly shocking that this was going on at all, let alone for such a long time. McKinsey’s stature must have been a factor in this going unaddressed for as long as it did," Sonneberg adds.

Best practices

The SEC's actions in face of disregard for the rules does not seem like enough justice to be an effective deterrent, says Sonneberg. 

Max Schatzow
Max Schatzow: 'The reality is that insider trading cases are pretty tough to prosecute.'

"A required spinoff would have been one possible justifiable consequence amongst others beyond the financial penalty ... Why [did] the punishment stop short of a penalty with real teeth that would objectively prevent this from recurring?" he asks, in an email.

MIO has responded to a cease-and-desist order by applying "best practices" to its 12-strong board of directors, it says in a statement to RIABiz

"MIO believes that the steps we have taken over the past few years to strengthen our policies and procedures put us squarely in line with best practices in the industry," it writes.

"MIO’s Board of Directors is now composed entirely of independent directors and retired McKinsey partners."

Until Sep. 2020, the MIO board and its investment committee, which "oversees and monitor[s]" MIO's investment decisions, was primarily comprised of active McKinsey partners with "access" to non-public information, according to SEC filings.

Before 2017, the committee also had to formally ratify MIO investment decisions.

"Prior to September 2020, none of MIO’s written policies or procedures effectively sought to identify whether Investments Committee members may have [information] that was relevant to their involvement in MIO’s investment decisions, or set forth a recusal procedure reasonably designed to guard against ... misuse," the SEC filing states.

The SEC has yet to respond to a request for comment.

Heightened risk

But the SEC was direct in finding MIO willfully violated two sections, rule 204A, and 206(4), of the Advisers Act. 

Section 204A of the Advisers Act

  •  Requires investment advisers (whether SEC-registered or not) to establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material, nonpublic information by the investment adviser or any of its associated persons. Investment advisers also have a duty to supervise persons associated with the investment adviser with respect to activities performed on the adviser's behalf.

                                                               (Source: SEC)

The first requires advisors to "establish, maintain and enforce written policies and proceedures" that "prevent the misuse of material nonpublic infromation" that would violate the Advisers Act or the Securities Exchange Act of 1934.

The latter requires RIAs to adopt policies that prevent violations to the Advisers Act.

The SEC also censured the firm, which prevents it from appearing or practicing before the federal agency in any way.

"Allowing individuals who may possess or have access to material nonpublic information also to have oversight over investment decisions that may benefit them economically presents a heightened risk of misuse," says Gurbir Grewal, SEC director of  the enforcement division, in a release.

Among practices cited by the SEC, MIO directly and indirectly invested millions of dollars in companies, when members of its investment committee had direct access to non public information about them through their roles at McKinsey, according to the latest SEC filings.

McKinsey also sold its consulting services to clients in which MIO funds had previously taken investment stakes, and about which MIO had access to non public information, the filings state. 

"MIO did not have policies and procedures reasonably designed to address the risks associated with its organizational structure," according to the documents.

Between 2015 and 2020, MIO invested 90% of its client assets through third party managers, half of which was held in MIO-owned and run special purpose funds. It invested 10% directly, at its own discretion.

It amounts to a pattern of McKinsey behavior of pushing the legal edge and ethics can get trampled, according to Tim Welsh, founder and CEO of Larkspur, Calif.-based consultancy, Nexus Strategy, via email.

"McKinsey seem to think they can maneuver around [the SEC] with legal machinations, which goes to the character, culture and bending of ethical behavior that has been going on for decades, as they consider themselves an 'elite' consulting firm."

"This stinks to high heaven ... [and] "temptation is a very powerful thing," he adds.

Risks vs. benefits

The $18 million fine and rewrite of internal control rules by McKinsey's RIA -- from what little the SEC is revealing -- seem incommensurate to the cited compliance issues, Sonneberg adds.

Tim Welsh
Tim Welsh: 'This stinks to high heaven ...'

"Unfortunately, the SEC provided zero context for its $18 million fine -- we have no idea how it relates to the violations," he says.

"On its face, without any additional information, it does seem like a slap on the wrist ... for what amount to major repeated violations. It is very puzzling and concerning," he adds.

The SEC may have determined that the risks of resource outlay outweighed the rewards in pressing its case against McKinsey, according to Max Schatzow, a partner in the law firm of Stark & Stark of Princeton, N.J.

"The reality is that insider trading cases are pretty tough to prosecute, especially when the facts are unique," he says. "The area of the law is constantly evolving, and the SEC might not have the appetite to litigate this type of case."

Blind Eye

The combination of McKinsey's clout, and the frequently documented revolving door between regulators and industry players may also have delayed -- and possibly diminished -- regulatory action, according Bill Singer, attorney and writer of the Broke and Broker blog.

Section 206: Prohibited Transactions 

  • It shall be unlawful for any investment adviser by use of the mails or any means or instrumentality of interstate commerce, directly or indirectly— to engage in any act, practice, or course of business which is fraudulent, deceptive, or manipulative. The Commission shall, for the purposes of this paragraph (4) by rules and regulations define, and prescribe means reasonably designed to prevent, such acts, practices, and courses of business as are fraudulent, deceptive, or manipulative.

                                                               (Source: SEC)

"Modern-day regulation is largely an exercise in reading toe tags in the morgue, whereby the focus is not on prevention but on a post mortem.

"We have created a dangerous disincentive to truly rock the boat [because it] imped[es] the revolving door through which public regulators move into private consulting roles and back," he explains.

"It's not so much that MIO got away with [a] failed compliance regime or that it cleverly thwarted the inquiring eye of regulators

"To the contrary, MIO's substandard compliance flourished because no one cared to ask the tough questions," he adds, via email.

The SEC cited multiple cases of MIO making trades or investment determinations where a decision-maker alternately wearing an MIO and McKinsey hat was in a position to hold material non-public information. 

Specifically, the SEC cited cases between Oct. 2015 and June 2017, where third-party managed funds used by MIO traded in securities linked to three companies when MIO investments committee members had access to sensitive information about them.

Case studies

MIO, for example, signed off on a $70 million change to a third party fund manager's investment allocation, which included a heavy stake in the debt of Alpha Natural Resources (ANR). At the same time, McKinsey Recovery and Transformation Services (RTS), was contracted to give ANR restructuring advice.

Bill Singer
Bill Singer: 'Modern-day regulation is largely an exercise in reading toe tags.'

RTS's president also sat on MIO's investment committee when the MIO investment committee ratified the allocation change, according to the SEC.

Indeed, by June 2016, MIO increased its investment in the noted third-party manager's funds to roughly $272 million, as the third-party manager upped its stake in ANR senior secured debt to $70 million.

Similarly, between October 2015 and December 2016, MIO, via six third-party managers, invested in SunEdison, another RTS client. Again a senior RTS executive sat on the MIO investment committee at the time.

In 2017, MIO also directly invested in Puerto Rican municipal bonds, at the same time that McKinsey provided the Puerto Rico Financial Oversight and Management Board with its consultancy services.

Again, members of MIO's investment committee had access to non public information through their role at McKinsey when MIO sold roughly $1 million in Puerto Rican bonds.

Cease and desist

Yet the specifics of the cease and desist order that now governs MIO's conduct are unclear, beyond the demand, stated in SEC filings, that it refrain from violating the Advisers Act, and that it improves safeguards to prevent sensitive data flowing from its parent.

"That's the million dollar question [because] the SEC revealed no details about what exact activity or activities MIO is required to cease and desist," says Sonneberg.

"It's safe to say MIO is free to continue serving as an advisor to McKinsey partners in general ... [but] is MIO now prevented from advising in any company to which McKinsey serves as a consultant? ... Unfortunately we will never know," Sonneberg continues.

Although the SEC did not lay out the exact nature of its cease and desist order, violation of such orders can result in criminal charges, fines, and punishments including prison terms, according to Sonneberg.

Yet further action by the SEC is unlikely, at least for now, he adds.

"One would think that there would be a case for insider trading here, I won’t say it can’t still happen, but it would more likely have been rolled out prior to or in tandem with the SEC announcing its civil enforcement," he explains.


The bigger issue is that regulatory action is often little more than lip service, because permanent solutions are within easy grasp, according to Singer.

"There are a number of obvious solutions: pay in-house compliance staff lots more money ... invest [compliance] department[s] with independence ... [sever] the entire compliance function from its present 'in house' role and create in independent agency charged with arms-length oversight," he explains.

For now, it's little more than spectacle, he adds..

Some relatively lower-level employee's or a retired, former executive's head is cut off and served up to the public on a silver platter. It's all a grand display of gore,"


Industry experts, for several years, have questioned MIO's ability to effectively wall itself off from the oodles of insider information at its parent's fingertips, according to a 2016 Financial Times report.

The late November SEC fine is also not the first levied on MIO or McKinsey in recent years.

In February, McKinsey settled a case in most US states over its role in boosting opioid sales for more than $600 million, and in February 2019, it settled a case with the Department of Justice's US Trustee Program over inadequate disclosures in bankruptcy cases.

In August 2020, MIO also paid out $39.5 million to settle a case of alleged violations of ERISA rules against self-dealing in two McKinsey retirement plans. The 2020 settlement also mandates that all expense reimbursements will be reviewed by an independent fiduciary, for no less than three years.

MIO employs 175 staff, including 31 advisors, according to its form ADV. Its parent, McKinsey employs 30,000 and has $10.6 billion of annual revenues, according to the company’s website.

Related Moves

Five RIA Doubletakes: An RIA-only law firm breaks away • Kitces launches picker of 'best of breed' RIA software bundles • Vanguard targets 2070 just as media targets TDFs • SEC fishing for RegBI Scofflaws, including RIAs • CFP appoints first African-American chair

RIA Lawyers will reject RIA custodians• Kitces Nascar montage is now interactive and helpful • Vanguard's super long TDF draws critics• SEC supply lines are stretched with new battle front • Kamila Elliot is ex-DFA, diverse and calling CFP shots

January 12, 2022 – 3:13 AM

RIABiz Directory

The Industry Sourcebook for RIAs

   |    LISTING

RIABiz Directory sponsored by:

Directory Sponsor Logo