Updated ,first published
KPMG Australia boss Andrew Yates and senior partner Julian McPherson have abruptly resigned after the group confirmed confidential client data was shared and potentially used to win new business with other clients.
In a statement on Friday morning, KPMG said its treatment of the whistleblower complaint that triggered the scandal, and subsequent investigation into the allegations “fell short of the firm’s expectations, those of the whistleblower and the broader community”.
The anonymous whistleblower first made their complaint in 2024 with dozens of allegations, including that KPMG partners illicitly accessed board papers from their client, Lendlease, which was used to win lucrative audit work at Westpac and Dexus.
The whistleblower also alleges confidential information was used to win Macquarie’s lucrative audit contract.
The matter became public in March this year when Labor MP Deborah O’Neill raised the whistleblower allegations in a Senate speech citing “misuse of confidential information, corruption of ASX audit tender processes” and retaliation against the whistleblower for raising these concerns.
“There are clear allegations here of profoundly unprofessional and unethical behaviour,” she said.
Accessing and sharing confidential client data is a serious allegation for consulting groups, which need access to their clients’ most sensitive data to complete lucrative audit work and consulting services.
KPMG recently won the Macquarie Group audit contract, which is worth around $75 million a year.
On Friday, KMPG said an initial internal investigation, that did not substantiate the allegations raised by the whistleblower, was not conducted with the “necessary rigour required”.
The initial whistleblower complaint in 2024 triggered an internal investigation.
KPMG later appointed an external legal firm, Ashurst, to review the internal investigation after the whistleblower declined to co-operate with the internal investigation.
Another law firm – Allens – was later appointed to conduct a fresh external investigation when the whistleblower raised the allegations with the board, which included former NSW premier and current Cricket Australia chairman Mike Baird.
“Allens are continuing to challenge the conclusions reached in prior investigations,” KPMG said on Friday.
KPMG chairman Martin Sheppard said he had accepted the resignations of Yates and McPherson with immediate effect as they had ultimate responsibility for managing the whistleblower complaint and the internal investigations.
“We apologise unreservedly to the whistleblower. We commit to learning from this process to ensure we create an environment where it is safe and easy to surface concerns that will be acted upon. KPMG apologises to the clients whose information was not handled with the care and respect they expect from us,” Sheppard said.
The firm said appropriate disciplinary action will continue to be imposed if the investigations identify further matters.
As recently as May 14, two years after the whistleblower made the allegations, KPMG said that “based on the evidence identified to date, the allegations have not been substantiated”.
But KPMG did concede, at the time that it made this statement, to two “related conduct matters”.
One concerned the inappropriate sharing of client documents between KPMG personnel, and the other was described as an “inappropriate informal remark”.
On Friday, KPMG said its “ongoing investigation recently revealed a separate incident where internal documents containing client information have also been inappropriately shared internally”.
Investigations into all three matters are ongoing, it said.
A letter from Lendlease chief executive Tony Lombardo in late April, to a parliamentary joint committee (PJC) chaired by O’Neill, confirmed the construction giant was the victim of the earlier data breach which KPMG described as a “related conduct” matter.
Lendlease said KPMG first made it aware of whistleblower allegations in May last year – that sensitive board papers had been accessed by its audit partners to win work with other clients – but KPMG said it was satisfied there was “no issue”.
After O’Neill aired the whistleblower allegations in March, KPMG told Lendlease that one of its audit partners had actually accessed the board papers, but the consulting group deemed the documents to be of “low sensitivity” and gave it “zero competitive advantage”.
“Lendlease has advised KPMG that the actions of its employees are not acceptable and is in discussions with KPMG as to the action to be taken,” Lombardo said in the letter to a parliamentary committee.
KPMG says it has reported these matters to professional bodies, and regulators such as the Australian Securities and Investments Commission.
The alleged use of confidential information echoes the PwC tax leaks scandal where partners at the firm allegedly used confidential government tax plans to help multinational companies avoid the new scheme.
PwC was forced to spin-off its government business for $1 in 2024 when it was banned from any further business with federal agencies following the tax leaks scandal. It was still forced to sack hundreds of staff as customers fled to other consulting groups like KPMG.
The scandal led to strict procurement rules governing acceptable behaviour by consultants.
This week during Senate estimates Department of Finance officials said they had told KPMG Australia it could be banned from bidding for contracts after the firm repeatedly failed to notify officials about wide-ranging allegations of client data misuse.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.
Colin Kruger is a senior business reporter for the Sydney Morning Herald and The Age.Connect via email.
