Evidence of meeting #126 for Public Accounts in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was kpmg.
A video is available from Parliament.
4:50 p.m.
Conservative
John Nater Conservative Perth—Wellington, ON
Did you, in fact, receive $400,000 from GC Strategies for your work?
4:50 p.m.
Partner, Cybersecurity, KPMG
I did, from GC Strategies, yes. That is correct.
4:50 p.m.
Conservative
John Nater Conservative Perth—Wellington, ON
Would you have expected to receive exactly the same amount, had you dealt directly with CBSA?
4:50 p.m.
Conservative
John Nater Conservative Perth—Wellington, ON
By going through GC Strategies, you still got paid the same amount, but taxpayers, in the great scheme of things, paid more. Is that a good assumption?
4:50 p.m.
Partner, Cybersecurity, KPMG
That is my understanding of what happened, yes.
4:50 p.m.
Conservative
John Nater Conservative Perth—Wellington, ON
Okay.
You talked about meeting with Mr. Firth two to three times while you were at the Treasury Board of Canada Secretariat as a senior government official, as a director general. You made the comment that they were like any other vendor. In response to another question, you said there was an element of understanding where the industry was heading.
My question to you, though, is this: Were you aware that GC Strategies actually didn't do any IT work? Were you aware of that at the time?
4:50 p.m.
Partner, Cybersecurity, KPMG
I did not know the nature of GC Strategies' business in great depth. What I did know about them.... To give Mr. Firth credit, he thoroughly read a recent IT strategy we had posted in 2017-18 and sent an email, since obviously I had a public email address at the time, saying he had some suggestions on how I might be able to achieve some of those strategic objectives.
I didn't do any research into the company. I took the meeting as I would have with any other vendor who had come up with a good idea to investigate further.
4:50 p.m.
Conservative
John Nater Conservative Perth—Wellington, ON
He flim-flammed you. He made you think that they were a reputable IT company when, really, they were two guys who were operating a business.
He was able to write you a nice email, you know, and compliment you on some strategies and convince you that they were actually a reputable company like any other, when really they weren't. Is that a good assumption?
4:50 p.m.
Partner, Cybersecurity, KPMG
I don't know the term that you used there, but what I would suggest is that he brought two valid products to the table. One was to secure communications, as I mentioned. One was digital identity. When I looked up those products, they're legitimate products that he had aligned himself with, so, you know, kudos to him for finding the right products out there.
4:50 p.m.
Conservative
John Nater Conservative Perth—Wellington, ON
I guess kudos to him for pulling the wool over a lot of people's eyes over a number of years and making himself quite wealthy from it.
I want to go briefly to the risk management process that you spoke of within KPMG. I have two questions.
First of all, are there records of that process, and would you be willing to share that information with this committee? That's the first question.
4:55 p.m.
Partner, Cybersecurity, KPMG
We have records of all of these processes, and I'll take that back to the team to see what can be shared.
4:55 p.m.
Conservative
John Nater Conservative Perth—Wellington, ON
Okay. I look forward to seeing that, hopefully.
Second, what information did you provide to that process within KPMG on your past interactions with GC Strategies? Were they aware that you had personally met with them on at least two and maybe three occasions as a senior official with the Treasury Board of Canada Secretariat?
4:55 p.m.
Partner, Cybersecurity, KPMG
I don't recall that being one of the fields I talked about earlier that had to be filled out regarding personal meetings with the organization. The process is more about testing the legitimacy of the organization. I think we looked for any public knowledge of lawsuits or things of that nature, and nothing came up at that time.
4:55 p.m.
Conservative
The Chair Conservative John Williamson
Thank you very much, Mr. Nater.
Up next is Ms. Yip.
You have the floor for five minutes, please.
4:55 p.m.
Liberal
Jean Yip Liberal Scarborough—Agincourt, ON
Thank you very much.
I'm going to be asking each one of the companies the next two questions.
Was either of your companies involved in creating the terms of contracts you were awarded?
Mr. Bashir.
4:55 p.m.
Liberal
Jean Yip Liberal Scarborough—Agincourt, ON
Were security clearances a prerequisite to receiving a contract to work on ArriveCAN? I mean, were they acquired before the work began?
Mr. Bashir.
4:55 p.m.
Partner, Cybersecurity, KPMG
Thanks for clarifying.
In my particular case, security clearances were certainly a requirement given the security nature of the work we were performing, and I can assure you that every member of my team had the requisite security clearance based on the role they had.
To clarify that statement, on those that were issued, a couple of the members of my team were required to have in-depth access, as you can imagine, to CBSA systems, and they required secret clearances. Other members of my team required reliability clearances, but all folks involved had the requisite clearance, yes.
4:55 p.m.
President, Donna Cona Inc.
Yes, we had the appropriate corporate security clearances, as did our consultants. We have a team that is responsible for making sure that's all in place on any contract.
Yes, we had all the security clearances.