[Salon] Consulting Firms Have Stumbled Into a Geopolitical Minefield



https://foreignpolicy.com/2024/05/22/consulting-firms-business-data-regulation-china-mckinsey/

Consulting Firms Have Stumbled Into a Geopolitical Minefield

The era of free-flowing information is over.

By Henry Farrell and Abraham Newman
A sign for the U.S.-based McKinsey & Company management consulting firm is seen on a wall in Geneva, carved in a serif font in an expanse of gray stone.
A sign for the U.S.-based McKinsey & Company management consulting firm is seen on a wall in Geneva, carved in a serif font in an expanse of gray stone.
A sign for the U.S.-based McKinsey & Company management consulting firm is seen in Geneva on April 12, 2022. Fabrice Coffrini/AFP via Getty Images
May 22, 2024

Earlier this year, McKinsey executives found themselves in serious political trouble. The Financial Times reported that their China branch had boasted in 2019 of its economic advice to the Chinese central government, while a McKinsey-led think tank prepared a book which advised China to “deepen cooperation between business and the military and push foreign companies out of sensitive industries.”

McKinsey, which had previously gotten media attention for promoting China’s Belt and Road initiative, responded with a statement saying that China’s central government had never to its knowledge been a client, and stressing its “75 year history of supporting the US government.” But the damage was done: Senior Republican policymakers called for McKinsey to be banned from tens of millions of dollars in federal contracts.

Once, information brokers like McKinsey could advise governments and share data across national borders with little controversy. Now, they are being forced to make hard choices—and not just by U.S. politicians. The Beijing branch of the Mintz group, a consultancy specializing in due diligence, was raided last year by Chinese authorities, which had apparently started worrying that accurate statistics about the Chinese economy were a national security threat. Bain, which provides detailed advice to corporations, was raided a month later.

These changes in practice go hand in hand with changes in regulation. Although China has eased off on some of the harshest implications of its new rules preventing the export of data, businesses still face serious uncertainty over what information they can export and what they can’t. The U.S, long notoriously lax in its treatment of sensitive data, has acquired a newfound zeal to prevent the export of certain kinds of information and moved sharply away from its past blanket support of “free cross-border information flows.”

Not so long ago, consultancies and other information brokers could work easily with different clients in different countries. Just as they talked to competing firms, they advised competing governments. In 2015, when senior McKinsey partner Lola Woetzel hoped the think tank’s book “provides useful input for the planning and development of China’s technology enterprises and government institutions,” she likely didn’t think she was making a controversial statement.

But what may have seemed banal then may now be depicted as smoking gun evidence that companies are helping the enemy. For decades, business leaders assumed that globalization meant market expansion. Their big worry was gaining and keeping market share, and competing with their rivals. Now, they are being thrown unprepared into a world where globalization means geopolitical risk—and information is the riskiest asset of all.

Top officials in Washington and Beijing no longer see economic information simply as the fuel for innovation and better business services. Instead, they worry about economic confrontation and act on fears over what might happen if there was an actual war, where data could power artificial intelligence, disinformation or surveillance. As markets become battlefields, government leaders begin to worry about who has crucial information about the contours of the combat zone—and who they might be sharing it with.

That is why leaders on both sides of the Pacific are ratcheting up actions aimed to limit the exchange of strategic information. Semiconductors—where the U.S. has imposed extensive restrictions on the export of tools and expertise—took the first hit. Now, business consultancies and compliance groups are in trouble. Soon, it may be everyone.

Once, information brokering seemed to be politically risk free. When political consultancies like McKinsey were criticized, it was usually left wingers deploring their business advice, not centrists and conservatives condemning their work with adversary governments. As governments realized they needed greater information and access, they started to rely more on international consultants, which worked with many clients in many countries.

Consultancy firms were already crucial middlemen in the globalized economy, providing advice and shaping so-called best practices. Big companies in Beijing could see what their peers in Boston were doing, and adapt it to local circumstances. Consultants began to do the same for government clients. Other major international businesses, such as accountancy firms and data brokers, got in on the action, providing governments with specialized information that they didn’t have themselves.

Just as specialized compliance firms told business how to raise capital or make safe investments under different regulatory regimes, business consultancies advised governments how to attract investment, optimize public service delivery, and learn from what other regulators were doing. Governments saw themselves as innovating and competing for market share in a global economy. That seemed to allow information brokers to become middlemen for governments too.

Rep. Ro Khanna, D-Calif., in his office in Washington on Feb. 10. Businesses are rarely happy when an information broker offers advice to an economic competitor as well as to themselves, but they can live with it, so long as confidentiality is preserved. When governments thought of themselves like businesses, they could accept the same rough bargain.

All that has changed now that governments worry less about market competition and more about security competition. What once seemed like market advice to competing governments may now seem like trading information with the enemy. Building up an adversary’s economy may help fuel a military machine that might someday be used against you, and providing data and information might directly enhance their arsenal. Microsoft offered to “relocate” cloud computing staff from China amidst dire pronouncements from the Biden administration that cloud computing might help adversaries train AI.

These sweeping changes explain McKinsey’s current troubles. Business activities that seemed innocuous a few years ago may be depicted as near-treasonous today. Companies that did not directly engage with foreign governments, but that just gathered market information, face similar dilemmas. Chinese regulators justified their action against Mintz by claiming that the company had conducted “foreign-related statistical investigations.”

In a world of geopolitical competition, even apparently innocent collection of economic data can be penalized harshly. After all, other governments could potentially use such data to discover and exploit economic vulnerabilities, discovering which businesses have financial relationships with which, or which rely on foreign technologies that might be weaponized against them.

The U.S. has already acted to choke off China’s access to certain highly advanced semiconductors, and has targeted businesses with close relationships to China’s military.

China has cut off foreign access to key data on business relationships and technological advances, which it fears may be deployed against it.

Chinese officials have also complained furiously at U.S. actions, but their rhetorical conversion to the gospel of free exchange of information is belated and hypocritical. China does not just censor its own citizens and try to silence dissidents abroad. It has spent decades enthusiastically trying to force reporters and information companies to comply with the party line, exploiting the vulnerabilities of parent companies, which want access to China’s market.

When Bloomberg ran a story on the corruption of China’s party elite, the government searched its bureaus and ordered state-owned companies not to lease Bloomberg terminals. Bloomberg reportedly killed a second story that would bring the corruption story closer to Xi Jinping, suspending, and later firing, the reporter responsible, reportedly for revealing what had happened.

The U.S. and China have each made efforts to limit the economic repercussions. Jake Sullivan, the White House national security advisor, has taken to using the more anodyne term “derisking” as an alternative to “decoupling,” and has stressed that the U.S. wants a “small yard, high fence” approach that would limit China’s access to a limited number of “foundational” technologies, while allowing continued financial and informational exchange elsewhere. China has partly rolled back a national security law that would have made it vastly more difficult for companies to transfer internal data across borders.

But even so, the trend seems to point toward more restrictions on information exchange rather than less. It is nearly impossible to define what “foundational” technologies are in advance, or to keep the yard small when a bipartisan coalition wants to dramatically expand it. And while some in China’s complex internal political system might want continued international exchange of trade and information, national security hawks are ascendant, suggesting that the future may see more rather than fewer restrictions on information exchange.

Nor are traditional information brokers like McKinsey—or even Ernst & Young—the only plausible targets. The U.S. Congress has started investigating whether cranes used at U.S. ports are phoning back to the mothership in China, while the E.U. worries about Chinese produced airport screening equipment The data revolution means that nearly every major business is an information broker, and hence at risk of being targeted or pressed into service as a possible unwilling combatant.

Indiscriminate data collection has itself become a risky bet as the logic of national security devours the globalized economy. TikTok’s business model and its Chinese roots have led U.S. politicians to see it as an urgent national security risk. That is why they swiftly passed legislation intended either to force its sale or shut down its U.S. operations. Biden administration executive orders limit cloud service providers and data brokers from sending data to China. Elon Musk has had to hustle and build an alliance with Baidu to get China to consider approving Tesla’s compliance with data security laws.

Every prominent international business that extensively gathers data risks unwelcome attention and action. And nearly everyone is gathering data. So what can businesses do to minimize the risk of being McKinseyed?

The first and most obvious step is to map their exposure. Companies need to understand how much they have become information brokers, the specific information and data that they have collected, and the different jurisdictions that they are exposed to. Very often, data practices are consigned to middle management and company lawyers—but they now pose potential existential risks.

As a result, capacity needs to be built at the level of top management. Senior executives in strategic sectors of technology, such as semiconductor production, have had to educate themselves in a hurry about how geopolitics is transforming their business model.

Some businesses will have to consider reforming their internal organizational structures to make themselves more robust. McKinsey itself is moving toward a more centralized risk management system to make it less likely that ambitious partners, hungry to grow their client relationships, create risk for the firm as a whole.

But for some businesses, the best step may be the most radical one—considering whether they want to be in the business of information gathering and brokering at all. As Fourcade and Healy suggest, the drive to gather data on everything was at least as much the result of businesses piling in on what everyone else was doing, as of cool consideration of the possible business model.

Others may want to support national privacy and data protection laws that they previously opposed. Such laws provide them with a potential legal shield against foreign demands for data and information that would hurt their reputation and get them into political trouble back home. Finally, businesses may find themselves increasingly forced to choose between the U.S. and China.

Information brokers like McKinsey and Bain have long been criticized for their association with a particular model of globalized capitalism. That model is in trouble—and so are the businesses that helped propagate its gospel. As information increasingly comes to be seen not solely as an economic input, but also as a source of geopolitical risk and disadvantage, McKinsey won’t be the last information broker to end up being targeted by angry politicians.

Henry Farrell is the Stavros Niarchos Foundation Agora Institute professor at the Johns Hopkins School of Advanced International Studies. Twitter: @henryfarrell

Abraham Newman is a professor in the government department and the Walsh School of Foreign Service at Georgetown University.



This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.