With the increasing pressure on compliance of IT goods to not reach into embargo countries we look at how channel partners are tightening up
In the month of December 2011, the controversial site Wikileaks posted documents indicating a group of 150 plus IT companies were globally marketing and selling surveillance and IP monitoring equipment. Included in those names were Alcatel-Lucent, Northrop Grumman, Siemens, VASTech, Trovicor and Sophos to name a few. The post immediately triggered a wave of debate on whether IT companies and the western governments were doing enough to prevent export of this equipment into the hands of repressive regimes across the world. In the same post, a number of IT companies were named whose equipment had been used in select Middle Eastern countries to control and suppress dissent in those countries. These facts have led to a new wave of diligence in export compliance procedures across the regional channel players.
“Dubai is traders central”, says Steve Lockie, Group Managing Director MENA, Westcon, indicating there are very few shipments that take place across the region that either do not originate from Dubai as re-exports or that do not pass through Dubai in a more indirect fashion. While the relevance of Dubai as a regional re-export hub has reduced over the last four years, the shipping and procurements hubs of all major IT vendors continue to reside in Dubai, making it necessary to implement any due diligence process at this central location.
“Every partner that we have has an assigned territory by their contract. They are not allowed to sell out of their territory into another distributor’s territory. When we sign a contract with our distributor we list the countries in which they are authorised to operate and we have the right to audit our partners and our distributors,” explains Anthony Perridge, Channel Director EMEA, Sourcefire, an open source vendor supplying cyber security solutions to global top 2000 companies.
While vendor and distributor partner contracts may exclude certain embargoed countries, since there is chain of partners involved in the product and solution sell through process it becomes imperative to unambiguously verify the final destination of the shipment.
“Whenever Sourcefire takes an order from a distributor we ask for end user details. We have a record of the location and contact of every single end user where the appliance sits and we know who the reseller and distributor was. The location is important for us,” continues Perridge.
Adds Meera Kaul, Managing Director, Optimus Technology and Telecom, a key distributor for Avaya unified communication solutions and end point products: “We do not give a quotation unless the partner tells us who the end customer is. A project for us is identified by both the partner and the end customer.”
After delivery of the product or the solution at the final destination, the activation process is equally stringent. “The software licenses do not get activated till the project is completed and the partner ask for activation. The licenses get activated with an ID that you can trace to the end customer. That is how legal business is done,” continues Kaul.
If the country of activation for a product is part of the embargoed list of countries, the vendor can deactivate online support and upgrade services for the end user. Not getting access to the latest support renders the product vulnerable and therefore of limited capability for the end user operating from an embargoed country.
Hence when the product is activated and registered with a vendor, the country of activation and the country registered through the channel partner can be compared and verified. But industry sources point out, loop holes arise where parts of a large project are diverted enroute from the declared country of final destination and find their way to un-declared and often embargoed countries as the final destination. This is more feasible in project type orders with a large bill of quantities.
Diversion of stocks is also especially feasible where resellers have chosen to keep inventory at their side of the sell through process. Resellers usually keep run rate and fast moving items within their inventory to ensure they capture deals at any particular time, especially those that require immediate availability of product. It is these stocks that often get sold off without the final destination of shipment and the end customer getting properly verified. “Partners at times are stocking themselves. We want closer visibility into where the stock is going,” says KS Parag, Managing Director, FVC, a value added distributor for Polycom, Riverbed and Citrix.
“Some of our solutions are run rate and some are projects. Where stock is being sold for a particular customer it is very clear and it is much more foolproof when you are looking at projects. But we do not want any run rate business we are not aware off,” he continues.
A strong influence that can make channel partners go astray and look into neighbouring territories is the carrot that always dangles in their direction. For the low end of the channel supply chain, smaller resellers can get easily influenced by the strong demand for IT goods into these embargoed countries. For such channel players, “the demand of these markets quite surpasses the risks associated,” says Kaul.
But the size of the carrot has to be viewed on a relative scale. For resellers with a top line figure of a few million dollars, the benefits of doing a few deals into the embargoed countries may be significant. But as you ascend the supply chain and with increasing revenue turnover, the benefits become less and less significant for channel partners operating with a wider span of operations.
“As a corporate it is a fraction of our business globally. Why on earth would you want to put all that at risk for one deal? It is a matter of the relative size of the carrot,” explains Lockie.
Another reason that drives diversion of shipments to embargoed territories in the Middle East can be the lack of adherence to established processes by regional and local offices of vendors. Often sales quotas for channel partners are unrealistic and are based on possible opportunity deals arising from embargoed territories. Under pressure from their principals, channel partners accept these unrealistic targets and start to go astray.
“If you have set unrealistic quotas that lead channel partners to do a little bit of this and a little bit of that, you have broken multiple laws. Give people reasonable quotas in the first place,” says Westcon’s Lockie, a value added distributor for Juniper Networks and Avaya. His advice to channel partners: “You have to be strong enough to say No!” to such practices.
An important step in this process is to disregard any possible opportunity deals arising out of embargoed countries right from the onset. Incremental business that stems out of embargoed countries needs to be discounted in every possible market sizing and growth estimate right from the regional vendor’s office downwards to distributors and finally to reseller partners.
“We do not want to recognise any revenue coming from these countries within ourselves as a team. Second we do not want to recognise any business coming from channels. Channels will adhere to and not do any business into these embargo countries. We will not recognise the sale and cancel the order and opportunity,” explains FVC’s Parag. “As a practice we will not do any business without the end customer being completely recognised and confirmed by the channel partner in writing. These challenges came into question when the end user was never known or had never been discussed by the channel partner. But now without the end user name we will not do any business or recognise any business.”
One of the strictest such compliance measures is practised by value added distributor Westcon across the region and according to Lockie, it all boils down to, “What are the ethics and values of the organisation you are working for.” In 1993 when Westcon first set up shop in the region it chose to concentrate on a very small part of the market opportunity, where it could say with as much confidence as possible that the goods were staying within the country, that they were not moving to other countries as part of the grey market, and were not being re-exported to end users in embargoed countries. “That is a very conscious decision.”
Westcon along with its vendor partners follow a due diligence process called “2 removed.” Internally it raises questions such as how well do you know the reseller partner bringing business to the table? Does Westcon know its directors, are any of them on a denied party list; and in which country is the head office of the reseller. Moving to the next removed level – are there any red flags in dealing with this reseller such as emphasis on cash payments, incomplete end user documentation and purchase orders and so on. And the next removed level of due diligence, which may include has the reseller personally given undertakings that it is following export compliance controls; that it is screening and monitoring denied party lists and so on.
Westcon has also put in place a decision making tree to be followed by its sales team and reseller partners for export compliance procedures. The decision making tree raises a number of red flags every day and each one of them has to be investigated whether it is a false positive or true positive. If it is a true positive and an embargoed country has been named, the request for quotation is immediately denied. On the other hand if it is a false positive and the deal can go through along with an export license to countries such as Pakistan for example, after the antecedents of the end user are immaculately verified, then procedures for application of the export license need to be initiated at the earliest and in parallel with end user discussions.
Westcon places a huge amount of importance on internal acceptance and incorporation of this process. The export compliance decision making tree is part of the sales and reseller partner induction process at the local level and is repeated every quarter. “If this is not done, you do not have effective control.”
There is also the danger of creating an excess paper trail as a cover for bypassing such export compliance systems. “When authorities investigate such cases more than anything else, you need to show what your intent was. Unless you can show you have denied supply to companies in the last month for example, you are not really living the system and the intent is to get around the process. That to me is what an effective export compliance programme looks like, where the intent is to make sure you have every possible step in place for export compliance,” says Lockie.
“This is all about business ethics. Every single business owner is responsible for adhering to these agreements. But can you enforce 100% legislation either in business or private life? There will always be cases where organisations or individuals are breaching these kinds of contracts for the sake of extra money and not caring about the system,” says Stephen Berner, Managing Director, help AG Middle East.
Finally in the event, if there is a breach into an embargoed country, the complete supply chain is collectively responsible. “But ultimately the person with the most visibility is the reseller, to know where it is going,” says Lockie.
In summary, for any regional channel partner, if it can evidence it has effective controls in place such as a “2 removed strategy”, which are a part of its day to day business operations, and the breach has happened through no fault of its own, it is unlikely to face legal action.