Evidence of meeting #126 for Public Accounts in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was kpmg.
A video is available from Parliament.
4 p.m.
Conservative
The Chair Conservative John Williamson
Thank you very much. That is the time.
It's now Ms. Sinclair‑Desgagné's turn.
If you don't speak or understand French, this is a good time to put your earpiece in.
Right now, we're in Quebec.
Ms. Sinclair‑Desgagné, you have the floor.
4 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
We're in the neighbouring country, but thank you, Mr. Chair, for that introduction.
Mr. Bashir, my question is for you.
Did you come to KPMG as a partner, or did you become a partner at KPMG?
4 p.m.
Partner, Cybersecurity, KPMG
If I understood that correctly, I joined as a direct-admit partner in May 2020, when I joined the firm.
4 p.m.
Bloc
4 p.m.
Partner, Cybersecurity, KPMG
Sorry, that was direct-admit partner. That was my mistake. I will slow down.
4 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
Okay. Perfect.
You joined KPMG as a partner. I imagine that when you arrived, one of the first things you were made to do, since it's the norm in the Big Four, is fairly specialized training on risks and compliance. Is that correct?
4 p.m.
Partner, Cybersecurity, KPMG
It cut out a bit at the end, but if I understood you, you are asking about the training I took for risk....
4 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
I'm talking about risk and compliance training, as well as all the training that new employees are normally required to take in firms. The training is highly specialized. I hope you took it.
4 p.m.
Partner, Cybersecurity, KPMG
Thank you for the clarification.
That is correct. Upon joining the firm, and subsequently on a regular basis, we continually take risk, independence, security and privacy training—all of the training.
4:05 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
Great.
If you've taken this training, I find it strange that you didn't raise the issue of Mr. Utano, who asked you to go through GC Strategies instead of doing your contract and work directly with the Canada Border Services Agency, knowing that KPMG is already a company pre‑approved by the Canada Border Services Agency.
First, I find it strange that in your testimony today you said you don't know why CBSA wanted to go through GC Strategies. I think the answer is pretty obvious. If you don't know why, you may need to return for your risk and compliance training. If you knew that at the time, why didn't you sound the alarm? You knew that it was clear that you could have had a contract directly with the Canada Border Services Agency, but that the agency, for an increasingly clear reason, asked you to go through GC Strategies.
Why didn't you sound the alarm?
4:05 p.m.
Partner, Cybersecurity, KPMG
I have one point of clarification before I answer the question.
We did not have a direct procurement vehicle with the CBSA at the time. I believe what I referred to earlier was the CEPS vehicle, which was more of a government-wide vehicle. There was nothing direct with the CBSA at that particular time.
With respect to the training, we fully followed every single process that the training indicates. This included rigorous risk management processes that check each party that we're engaged with. In this particular case, we had to list GC Strategies and CBSA and subsequently go through a three-partner approval process to ensure that we were able to proceed with the engagement. At that point in time, no flags were raised and, as such, we proceeded accordingly.
4:05 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
What you're saying is that, if you're able to do the work, you find it normal that… I have in front of me information that KPMG is already pre‑approved as a supplier to the government. We feel that the contract is easy to honour.
Do you find it normal that there's a contract, but that a subcontractor goes through GC Strategies?
4:05 p.m.
Partner, Cybersecurity, KPMG
The procurement method is chosen by the government department at the end of the day. We can't question the government's direction on how to procure a service for them.
4:05 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
Forgive me for contradicting you, but that is false. That's what Botler AI did: Botler AI talked about widespread corruption at the Border Services Agency. Botler AI is the one sounding the alarm. Indeed, the company had noticed the behaviours, the ones you witnessed, that sparked the entire ArriveCAN affair.
What you're telling me is that consultants at Botler AI in Montreal may be more aware of or more familiar with the risks and compliances associated with going through a subcontractor like GC Strategies, an empty company or cell that only obtains a commission. What's more, you're telling me that this is completely normal. Finally, you say that Botler AI is aware of this, but that you don't see anything. And yet you've been informed that there was certainly a conflict of interest.
The reason Antonio Utano asked to go through GC Strategies was because it was in the interest of GC Strategies. You haven't seen anything. I find that really unfortunate, because you could have told us today that, in light of the Auditor General's report, you thought it was strange, and that you should have done things differently and sounded the alarm by saying that you thought this process was not normal.
4:05 p.m.
Partner, Cybersecurity, KPMG
I didn't get a question there, but I guess I would simply say that we follow the process we had in place. I'd also like to add that the Government of Canada had vetted GC Strategies, I believe, 100-plus times, as they were awarded a number of contracts in the last number of years, as this committee has discussed.
When you couple our processes with the fact that the Government of Canada itself had validated and revalidated the legitimacy of GC Strategies, that information led us to believe that this was a reasonable path forward to procure.
4:05 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
Also, you were aware of GC Strategies. You knew it was a two‑person company that was just taking commissions; it was supposed to find resources. The only reason we went through GC Strategies was to find resources. In this case, the government had already found resources. You knew that, having met Kristian Firth before. In spite of all that—
4:10 p.m.
Conservative
4:10 p.m.
Bloc
Nathalie Sinclair-Desgagné Bloc Terrebonne, QC
I'll ask the same question. Why didn't you sound the alarm, given that the situation was clearly abnormal?
4:10 p.m.
Partner, Cybersecurity, KPMG
I'll refer you to the previous response. We went through our processes and trusted that the government went through its processes as well.
4:10 p.m.
Conservative
The Chair Conservative John Williamson
Thank you very much.
Next is Mr. Desjarlais, who is joining us virtually.
You have the floor for six minutes, please.
May 30th, 2024 / 4:10 p.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
Thank you very much, Mr. Chair.
I'll begin with KPMG.
Mr. Bashir, when did you start work with the Government of Canada?
4:10 p.m.
Partner, Cybersecurity, KPMG
I'm sorry. To clarify again, do you mean when I started work while at KPMG or as a public servant? Can you clarify that, please?
4:10 p.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
I mean as a public servant.
Mr. Bashir, when did you, yourself, start working with the Government of Canada? What was the date?