Skip to content
Digital forensic analyst examining encrypted data streams, magnifying glass in hand, holographic display, forensics, cybercrime investigation

How tech companies are managing compliance risks with channel partners

Photographic portrait of Matt Solomon
Miles Ripley

Principal, Forensic & Integrity Services, Ernst & Young LLP; EY Americas Investigations & Compliance Leader

3 minute read 11 Feb 2025
Related topics
Forensic & Integrity Services

Leading tech companies are employing risk-based, data-driven approaches to assess, monitor and control their channel partner ecosystems.

In brief

  • Technology companies need to enhance their channel partner compliance program and controls considering regulatory updates and associated enforcement activity.
  • Organizations are advised to develop risk-based compliance programs to assess and mitigate the multitude of risks at all stages of the channel partner lifecycle.
  • Key considerations within the channel partner lifecycle include: onboarding, sales deal and incentive approval, monitoring activities and close-out.

For large technology companies, growth likely means engaging with a vast network of distributors and resellers — known colloquially as channel partners. These channel partners present a wide range of risks to corporate compliance, reputation and even margin erosion. While engaging channel partners may be necessary for growth, as a means to deliver sales targets to introduce key products in certain regions, the Department of Justice (DOJ) considers channel partners as extensions of the corporate sales network and has in numerous instances found companies liable where insufficient or improper diligence and monitoring controls failed to prevent misconduct.

Download the full article

PDF (1 MB)

How EY can help

A November 2024 webcast hosted by EY Americas Investigations & Compliance Leader discussed how to mitigate and respond to these key compliance risks at each stage within the channel partner lifecycle. He summarized the key steps as 1) program governance and stakeholder engagement; 2) partner onboarding and selection; 3) partner discounts, incentives and rebates; 4) ongoing activities, risk monitoring and investigations; and 5) partner close-out. Panelists were Courtney Andrews, a partner in White & Case’s global white-collar and investigations practice; Ethan LeKate, a director of global compliance at Dell Technologies; and Karin Reiss, an assistant general counsel at Microsoft.

 

The panelists all described a dynamic risk environment along with regulations that are becoming more complex. They emphasized the need for technology companies to proactively engage within their organization, outside of just the legal and compliance functions, and to get all levels of employees educated and aligned about the strategic goals and key priorities of the channel partner compliance program.

 

Employees outside legal and compliance typically have an understanding of ethics, compliance and regulations, LeKate said, but complex regulations require more communication and guidance. “Employees are expected to have a deeper and deeper understanding of the program requirements and controls in order to take responsibility and manage the risks.”

 

1. Channel partner compliance is a team sport.

Microsoft’s network of channel partners extends into the hundreds of thousands, Reiss said. Microsoft’s program involves multiple functions and leverages embedded compliance professionals across the lifecycle, including a risk-based sales deal review and approval process. “We view compliance as everyone’s responsibility.”

 

2. Develop a risk-based, data-driven approach to all stages of the lifecycle.

Partner engagement starts with business justification and due diligence, including an assessment of any prior non-compliance with laws and regulations. Once engaged, understand and monitor discounts and incentives provided to the partner to identify potentially higher-risk activity. Leading programs examine discounts on government customer deals; Marketing Development Funds (MDF) and incentives for sufficient justification; and any red flags.

To prioritize resources, abbreviated-risk partners undergo abbreviated levels of diligence and renewals at longer intervals, while higher risk partners face more rigorous screening. Audits and compliance-focused sales deal reviews encourage “good deal hygiene,” Andrews said. The learnings can be applied across the broader channel partner community. Performing compliance-focused data analytics will help target where to prioritize those resources, time and effort.

3. Follow off-boarding best practices for partner closeout.

The closeout stage is often overlooked by companies. Considerations by leading compliance functions include record retention/deletion (e.g., intellectual property, data privacy and security), and dealing with any red-flag activity that surfaces after the relationship is terminated. Another factor to consider is keeping track of the officers, directors and principals for the partner, where they operate and other key information, as they may try to re-register after incorporating under a different name. While some organizations choose to conduct a closeout audit, typically, unless there is an ongoing inquiry or concern, it may be difficult to complete. “The relationship is broken, and it can be hard to get an acceptable level of cooperation,” Andrews said.

Adam Wolken also contributed to this article.

Summary

As the technology sector continues to expand with new and evolving products and sales programs, so too will the complexity of compliance, legal and regulatory risks facing these companies. Therefore, it’s critical to implement a compliance-focused approach at all stages of the channel partner lifecycle to address key risks. “Even though compliance programs are maturing, the avoidance schemes mature with them,” Ripley concluded. “It’s a work in progress for everyone, and using data and technology to improve programs and efficiency needs to be a key focus.”

About this article

Photographic portrait of Matt Solomon
Miles Ripley
Principal, Forensic & Integrity Services, Ernst & Young LLP; EY Americas Investigations & Compliance Leader
Passionate about long-term, value-driven exceptional client service. Committed to building diverse and inclusive teams focused on investigations and compliance innovation. Devoted to family.
Related topics
Forensic & Integrity Services

Related articles

Transforming compliance with advanced strategies and technologies

Learn how multinationals are approaching compliance challenges and driving advancements. Read the 2024 Global Integrity Report – US edition.

19 Sep 2024 Liban Jama + 1

What you can learn from DOJ’s new approach to corporate accountability

The DOJ’s new whistleblower rewards program may impact your business. Learn about practical considerations for the C-suite and the board.

01 Aug 2024 Walid Raad + 1

The corporate role in countering public corruption

Organizations can join the fight against US domestic corruption and reduce exposure by strengthening their corruption compliance programs.

21 Jul 2022 Miles Ripley + 1

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
    You are visiting EY us (en)
    us en