Organizational Conflicts of Interest: Cautionary Tales

Maintaining integrity in the contracting profession is essential.

By Jessica Tillipman

A recent, high-profile investigation involving McKinsey & Company (McKinsey) and its contracts with the Food and Drug Administration (FDA) (see the article, “McKinsey & Company’s Alleged Conflicts of Interest at the Heart of the Opioid Epidemic,” on page 20 of this issue) has reminded us that organizational conflicts of interest (OCIs) are an integrity issue that never should be written off as a check-the-box exercise during the procurement process. This incident highlighted the need to address critical gaps in this area of the law.

The U.S. government procurement system aspires to obtain the best goods and services, from the best private sector firms, at the best prices. To attain these goals and safeguard taxpayer dollars, the Federal Acquisition Regulation (FAR) makes clear that government procurement demands the highest commitment to ethical and unbiased conduct. As noted in FAR 3.101-2:

“Government business shall be conducted in a manner above reproach and … with complete impartiality and with preferential treatment for none. Transactions relating to the expenditure of public funds require the highest degree of public trust and an impeccable standard of conduct.”

To maintain integrity in procurement, entities that do business with the government are subject to a patchwork of requirements, restrictions, and compliance obligations.

In my anti-corruption and compliance course at The George Washington University Law School, I refer to this patchwork as the U.S. government procurement anti-corruption ecosystem – a framework designed to prevent, detect, and mitigate corruption risks in government procurement. The framework includes principles and critical tools such as transparency and oversight, whistleblower protections and debarment, and civil and criminal laws addressing a wide range of inappropriate and unethical business practices.

This anti-corruption ecosystem is designed to accomplish four goals: (1) maintain integrity in interactions with government officials, (2) promote fairness, transparency, and competition, (3) ensure contractors are honest in their exchanges with the government, and (4) help maintain integrity throughout the supply chain.

One of the most critical integrity concerns in government acquisition is conflicts of interest. The FAR deals with them in two ways: by regulating personal conflicts of interest (PCIs) and organizational conflicts of interest (OCIs). PCIs are regulated under FAR Part 3, along with other improper business practices.

In contrast, the FAR provisions relating to OCIs reside in FAR Part 9 – Contractor Qualifications. Perhaps because of the way the FAR categorizes conflicts of interest, there is a perception that whereas PCIs are an improper business practice, OCIs are just another routine factor that contracting officers (COs) must consider before awarding a contract.

Organizational Conflicts of Interest

The FAR defines an OCI as occurring when:

“…because of other activities or relationships with other persons, a person is unable or potentially unable to render impartial assistance or advice to the government, or the person’s objectivity in performing the contract work is or might otherwise be impaired, or a person has an unfair competitive advantage.”

The term “person” includes companies and other contracting entities. The current framework for analyzing whether an OCI exists derives primarily from FAR Subpart 9.5 and decisional precedent from the Government Accountability Office (GAO) and the U.S. Court of Federal Claims (COFC).

Although OCIs have been regulated since the 1960s, they have garnered increased attention in recent decades. This is due, among other things, to consolidation in the information technology and defense industries, and the government’s increased reliance on contractors to provide services traditionally performed by public servants, “especially where the contractor is tasked with providing advice to the government.” Experience suggests that OCIs are more likely to occur in contracts involving certain services such as management support services and consultant or other professional services.

OCIs are generally separated into three categories:

  1. Impaired objectivity – may arise where a contractor’s outside business relationships create an economic incentive to provide biased advice under a government contract.
  2. Biased ground rules – can occur when, as part of its work under one procurement, the contractor has helped set the procurement’s ground rules, such as writing the statement of work or developing specifications, for another procurement.
  3. Unequal access to information – might occur when a contractor obtains access to nonpublic information as part of its contract performance giving it an advantage in a later competition for a government contract.

FAR 9.504 requires a CO to “identify and evaluate potential organizational conflicts of interest as early in the acquisition process as possible; and avoid, neutralize, or mitigate significant potential conflicts before contract award.” To fulfill this obligation, COs depend on contractors to disclose, among other things, “any facts that may cause a reasonably prudent person to question the contractor’s impartiality because of the appearance or existence of bias.” Agencies generally demand this information through solicitation provisions or contract clauses that clearly articulate the government’s expectations regarding the disclosure of facts and circumstances that would give rise to an actual or potential OCI.

Unlike many other provisions in the FAR that ensure compliance through standard solicitation provisions and contract clauses found in FAR Subpart 52, the FAR contains no mandatory OCI solicitation provision or contract clause. Instead, agencies have developed their own language. For example, FDA contracts may contain the following:

The contractor warrants that, to the best of the contractor’s knowledge and belief, there are no relevant facts or circumstances which would give rise to an organizational conflict of interest, as defined in FAR Subpart 9.5, and that the contractor has disclosed all relevant information regarding any actual or potential conflict. The contractor agrees it shall make an immediate and full disclosure, in writing, to the contracting officer of any potential or actual organizational conflict of interest or the existence of any facts that may cause a reasonably prudent person to question the contractor’s impartiality because of the appearance or existence of bias or an unfair competitive advantage.

Failure to disclose the information required by an applicable OCI clause can lead to a multitude of adverse consequences, including, but not limited to contract termination, prosecution for the making of false statements (including fines and imprisonment), and suspension or debarment. In addition, a false OCI certification could trigger potential liability under the False Claims Act, resulting in treble damages and penalties. The submission of false claims also can be criminally prosecuted. Criminal penalties for submitting false claims include imprisonment and fines.

Given the potentially severe consequences for failure to disclose an actual or potential OCI, most sophisticated contractors take affirmative steps to identify possible conflicts of interest and, to the best of their ability, mitigate them. Mitigation can include developing firewalls, executing non-disclosure agreements, or shifting work to a neutral, unaffiliated third party. Although FAR Subpart 9.5 speaks primarily to COs, contractors play a significant role in communicating with the CO to mitigate or avoid potential OCIs. Moreover, “an effective mitigation plan may enable a contractor to perform engagements for which it otherwise would not be available.”

The McKinsey Case

On April 13, 2022, the House Committee on Oversight and Reform released an interim report (conflicts report) that found, among other things, that McKinsey consultants worked on FDA contracts while also working for the opioid manufacturers regulated by the FDA without disclosing this information to the agency (See the article, “McKinsey & Company’s Alleged Conflicts of Interest at the Heart of the Opioid Epidemic,” on page 20 of this issue).

The report describes in detail the overlap between McKinsey’s work for the FDA and its opioid manufacturer clients. It also contains a description of how nearly two dozen McKinsey consultants (including senior partners) “worked for both FDA and opioid manufacturers on related topics, including at the same time.” The report also notes that McKinsey never disclosed the potential conflicts to the FDA, despite the presence of language in McKinsey’s FDA contracts requiring it to disclose “any facts that may cause a reasonably prudent person to question the contractor’s impartiality.”

The information presented in the report raises significant red flags of “impaired objectivity” OCIs, where there is concern that the contractor’s other business relationships (including those with private sector clients), “could create an incentive for a contractor to provide biased advice” under its government contracts. The policies underlying OCI rules as outlined in the article, “Developing an Organizational Conflicts of Interest Framework,” published in the American Bar Association Public Contract Law Journal, emphasize why preventing and mitigating conflicts of this nature are so important:

“The failure of a procurement system to address OCIs appropriately can undermine both its legitimacy and anti-corruption goals and may have other undesirable effects … OCIs can also reduce the quality and value of the services a government receives, because organizations with OCIs may have competing loyalties that could undermine the quality of their advice to the government. Divided loyalties may include conflicting interests such as maximizing profit versus rendering candid advice to the government. In circumstances where providing impartial advice may be against organizational self-interest, the procuring organization faces performance risk.”

Notably, “impaired objectivity” OCIs are often very difficult to mitigate, particularly where the conflict permeates nearly every aspect of the government contract. Moreover, COs tend to reject mitigation plans when contractors fail to implement or monitor compliance with them (i.e., when employees breach firewalls to obtain a competitive advantage in a procurement).

The Path Forward: Compliance and Reform

The McKinsey report is a compelling case study in how conflicts and compliance issues could significantly undermine the public’s confidence in our procurement system and the contractors that provide critical goods and services. Although it is tempting to view this situation in a vacuum, the lessons have broader repercussions for the government contracting community.

First, it reminds contractors how important ethics and compliance programs are in reducing risks associated with identifying, mitigating, and disclosing OCIs.

Second, it has highlighted the urgency of overhauling FAR OCI regulations.

Reducing OCI Risk Through Ethics and Compliance

The issues highlighted in the McKinsey report must be considered against the backdrop of a growing global consensus on what constitutes an effective corporate ethics and compliance program. Since 2004, increased attention has been devoted to internal compliance and ethics programs designed to prevent, detect, and mitigate ethics and corruption risks in the course of a company’s business activities. Given the heightened corruption risks and compliance obligations associated with government contracts, most sophisticated government contractors have invested heavily in ethics and compliance programs to reduce these risks.

FAR 52.203-13 requires contractors to (1) adopt a written code of business ethics and conduct which must be made available to each employee engaged in performance of the contract, (2) maintain an ongoing business ethics awareness and compliance program, and (3) develop an internal control system. Even for contractors that fall outside the coverage of this FAR provision, implementing and maintaining a strong ethics and compliance program remains a necessity in reducing risk, ensuring compliance with the law, and sustaining a culture that promotes ethical conduct.

Many of the world’s largest government contractors have dedicated significant resources to “promote and advance a culture of ethical conduct in every company that provides products and services through government contracting.” Recognizing that an ethical transgression by one government contractor has the potential to negatively impact all government contractors, organizations such as the Defense Industry Initiative (DII) and the International Forum for Business Ethical Conduct (IFBEC) are dedicated to establishing and improving business ethics and compliance programs in the government contracts industry. The efforts of DII and IFBEC are buttressed by organizations such as the Society of Corporate Compliance and Ethics (SCCE), which support ethics and compliance professionals across all industries.

Contractors must develop policies and procedures tailored to the unique risks they face. A truly risk-tailored compliance program recognizes that not all risks are equal and devotes more time to policing high-risk areas. For example, given the risks associated with a contractor’s failure to properly identify, mitigate, and disclose potential OCIs, most contractors have dedicated compliance policies, procedures, and controls designed to effectively manage this risk. Moreover, in light of the heightened OCI risks associated with contracts involving management support and consulting, contractors providing such services would be expected to dedicate a greater proportion of their compliance resources to them.

A robust and proactive approach to OCI compliance likely would include:

Clear and accessible policies and procedures to identify OCI risks and requirements.

Processes and internal controls to ensure practices are compliant and consistent with internal policies and regulatory/contractual requirements.

Regular testing to assess the effectiveness of internal controls related to OCI compliance.

Remediation of identified weaknesses in policies, procedures, or practices.

Firm-wide training on OCI requirements, with more extensive training for employees most likely to encounter or manage OCI-related issues.

 Ensuring senior management’s words and actions demonstrate a commitment to OCI compliance.

Requiring and encouraging employees to identify and report facts that could give rise to a potential OCI.

 Conducting a rigorous OCI analysis before submitting proposals and fully complying with OCI reporting obligations.

 Maintaining stringent controls to safeguard nonpublic information acquired or accessed during the performance of a government contract.

Merely adopting an OCI policy is not enough. The effectiveness of an institution’s ethics and compliance program depends upon whether it is followed in practice. Ethics and compliance professionals disparage “paper programs” that appear robust but are neither implemented nor followed in practice.

To be clear, an occasional violation or deviation from policies and procedures does not necessarily mean that a compliance program is ineffective; no entity is immune from human transgression. However, evidence of a systemic disregard for compliance policies and procedures, particularly when committed by senior leaders, is often strong evidence of a weak compliance culture.

Modernizing OCI Regulations

In addition to highlighting an alleged compliance failure, the McKinsey report shed light on the need to update FAR OCI provisions, which have remained largely unchanged since 1984. The current language in FAR 9.5 no longer reflects modern procurement practices and the sophisticated body of OCI case law that has developed over the past several decades. Moreover, the existing guidance fails to address the growing risks associated with the government’s increasing reliance on contractors to provide services that include advice and the exercise of judgment.

As noted in a 2007 Report of the Acquisition Advisory Panel to the Office of Federal Procurement Policy and the United States Congress:

“[T]he trend toward more reliance on contractors … raises the possibility that the government’s decision-making processes can be undermined … [u]nless the contractor employees performing these tasks are focused upon the interests of the United States, as opposed to their personal interests or those of the contractor who employs them, there is a risk that inappropriate decisions will be made.

Over a decade ago, audits and studies identified significant issues stemming from the government’s increased reliance on contractors to provide services traditionally performed by public servants. Although progress has been made, many issues persist.

In 2011, the FAR Council engaged in a thoughtful and somewhat herculean task of attempting to refine the OCI rules. Although the proposed rule never was implemented and ultimately was withdrawn (10 years later on March 19, 2021), it addressed numerous outstanding issues, including:

Relocating the FAR’s OCI Provisions: After concluding that OCI issues are more closely aligned with business practice than contractor qualifications, the proposed rule recommended relocating the FAR’s OCI provisions from FAR 9.5 to a new FAR Subpart 3.12.

 Amending Existing FAR Coverage and Introducing New Solicitation Provisions and Contract Clauses: Recognizing the need to assist COs in implementing OCI policy, the FAR Council recommended amending existing FAR coverage to clarify key terms and provide more detailed guidance regarding how COs should identify and address OCIs. It also introduced new solicitation provisions and contract clauses after determining that it would be beneficial to have standard language in the FAR that could be tailored if appropriate (rather than relying on agency-specific solicitation provisions and contract clauses).

 Enhancing Protections Related to Contractor Access of Nonpublic Information: Citing government reports that raised concerns regarding the safeguarding of nonpublic information companies obtain while performing government contracts, the FAR Council proposed new clauses to contractually obligate contractors to protect all nonpublic information they access during contract performance. The FAR Council also proposed requiring all employees who might access nonpublic information to sign nondisclosure agreements enforceable by both the government and third-party information owners.

The McKinsey report reminds us that we need to revisit this effort – not only to bring greater clarity to the existing regulations, but to create a more uniform approach across federal agencies to the risks associated with OCIs and the protection of nonpublic information.

Recognizing the need to address deficiencies in the current OCI regulatory framework, Congress recently has introduced legislation that directs the FAR Council to address these outstanding issues. These bills are a step forward in strengthening OCI policy.


Unlike headline-generating topics such as bribery and fraud, OCIs are often viewed as a highly technical litigation issue that rarely garners attention outside of law firm client advisories. The McKinsey report reminds us that OCIs are an integrity issue and have the potential to undermine the quality and value of services the government receives. When taxpayer dollars are at stake, a contractor’s undivided loyalties are paramount.

Fortunately, the McKinsey incident has spurred legislative action and increased attention to ethics and integrity, which may result in strengthening a regulatory regime long overdue for reform. CM


 Jessica Tillipman is the assistant dean for government procurement law studies and government contracts advisory council professorial lecturer in government contracts law, practice and policy at The George Washington University Law School. She teaches Anti-Corruption & Compliance, a course that focuses on anti-corruption, ethics, and compliance issues in government procurement. She would like to thank Jacquelyn Sherman for her assistance with the preparation of this article. 


See generally Steven L. Schooner, Desiderata: Objectives for a System of Government Contract Law, 11 Pub. Procurement L. Rev. 103 (2002), available at:

The Federal Acquisition Regulations System, Title 48 of the U.S. Code of Federal Regulations, provides a robust set of rules and requirements governing the U.S. Government’s procurement process.

See generally FAR 3.11 (defining PCIs as situations in which a covered employee has a financial interest, personal activity, or relationship that could impair the employee’s ability to act impartially and in the best interest of the government when performing under the contract) and FAR 52.203-16. There are additional laws that guard against personal conflicts of interest and other “impartiality” concerns that apply more broadly to U.S. government officials. See, e.g., 18 U.S.C. 207 (Acts Affecting a Personal Financial Interest); 5 CFR § 2635 (Impartiality in Performing Official Duties).

See generally FAR 9.5 (describing OCIs as an institution’s inability to render impartial assistance or advice to the government due to conflicting relationships with other entities).

FAR 2.101.

Daniel I. Gordon, Organizational Conflicts of Interest: A Growing Integrity Challenge, 35 Pub. Con. L.J. 25 (Fall 2005).

Keith Szeliga, Conflict and Intrigue in Government Contracts: A Guide to Identifying and Mitigating Organizational Conflicts of Interest, 35 Pub. Cont. L. J. 639 (2006) (citing FAR 2.101).

Organizational Conflicts of Interest, 76 Fed. Reg. 23236 (April 26, 2011).

FAR 9.502.

FAR 9.505; see also Vantage Assocs., Inc. v. United States, 59 Fed. Cl. 1, 10 (2003) (citing Aetna Gov’t Health Plans, Inc., Found. Health Fed. Servs., Inc., B-254397 (July 27, 1995)).

See, e.g., 48 CFR § 3452.209-70 (requiring, in Department of Education contracts, disclosure of all such relevant information if a conflict of interest appears to exist to a reasonable person with knowledge of the relevant facts or if such a person would question the impartiality of the contractor). See also 48 C.F.R. 1352.209-74 (U.S. Department of Commerce’s OCI clause).


“The Firm and the FDA: McKinsey & Company’s Conflicts of Interest at the Heart of the Opioid Epidemic,” Interim Majority Staff Report, Committee on Oversight and Reform, U.S. House of Representatives (April 13, 2022) at 36, available at

See generally 31 U.S.C. §§ 3729 – 3733. See also United States ex rel. Ervin & Assocs., Inc. v. Hamilton Sec. Grp., Inc., 370 F. Supp. 2d 18, 51- 52 (D.D.C. 2005) (“A government contractor’s failure to disclose an [OCI] constitutes a false claim under the False Claims Act”).

See 18 U.S.C. § 287.

Szeliga, supra, note 7, at 660.

Conflicts Report, supra note 13.


Conflicts Report, supra note 13 at 36.

Szeliga, supra, note 7, at 660.

Michael D. Pangia, Developing an Organizational Conflicts of Interest Framework: The U.S. System as A Starting Point, 47 Pub. Cont. L.J. 539, 542 (2018).

Johnson Controls World Servs., Inc., B-286714.2 (Feb. 13, 2001).

See generally Jessica Tillipman & Vijaya Surampudi, The Compliance Mentorship Program: Improving Ethics and Compliance in Small Government Contractors, 49 Pub. Cont. L.J. 217 (2020) (describing an evolving global effort to encourage companies to dedicate resources to developing anti-corruption compliance programs and maintaining robust internal controls).

The FAR exempts small business concerns and contracts for the acquisition of a commercial product or commercial service from this requirement. FAR 52.203-13(c).

Defense Industry Initiative, “About DII,” at,and%20services%20through%20government%20contracting.

Defense Industry Initiative, at

International Forum on Business Ethical Conduct for the Aerospace and Defense Industry, at

Society of Corporate Compliance and Ethics, at

For example, the Conflicts Report links to a copy of McKinsey’s “Organizational Conflicts of Interest Policy,” which is designed to assist employees with identifying, assessing, and potentially disclosing OCIs in the context of the company’s federal government contracts work.

Report of the Acquisition Advisory Panel to the Office of Federal Procurement Policy and the United States Congress (Jan. 2007), available at

See, e.g., U.S. Gov’t Accountability Off., GAO-10-693, Stronger Safeguards Needed For Contractor Access To Sensitive Information 30 (2010) (recommending more thorough protections when contractors are allowed access to sensitive information); Admin. Conf. Of The U.S., 2011-3, Compliance Standards For Government Contractor Employees – Personal Conflicts Of Interest And Use Of Certain Non-Public Information, 76 Fed. Reg. 48792 (Aug. 9, 2011) (discussing a proposed rule addressing PCIs and recommending model language in the FAR to be used in contracts that pose particular risks of government contractor employee personal conflicts of interest or misuse of nonpublic information).

On November 2, 2011, the FAR Council issued a final rule, creating FAR Subpart 3.11, titled “Preventing Personal Conflicts of Interest for Contractor Employees Performing Acquisition Functions,” and a new contract clause at FAR 52.203-16, titled “Preventing Personal Conflicts of Interest.”

The FAR Council membership consists of the Administrator for Federal Procurement Policy, the Secretary of Defense, the Administrator of National Aeronautics and Space, and the Administrator of General Services. See

Federal Acquisition Regulation; Organizational Conflicts of Interest, 76 Fed. Reg. 23236 (Apr. 26, 2011)

Organizational Conflicts of Interest, 86 Fed. Reg. 14863 (March 19, 2021).

See Preventing Organizational Conflicts of Interest in Federal Acquisition Act, S.3905, 117th Cong. (2022), and Preventing Organizational Conflicts of Interest in Federal Acquisition Act, H.R.7602, 117th Cong. (2022),