Carahsoft’s raid may stimulate the reseller market

The FBI and Defense Criminal Investigative Service search last week of the headquarters of Carahsoft Technology Corp. raised new questions and concerns about the long-term viability of vendors selling in the federal marketplace and the agency’s reliable access to certain technologies.

Former federal executives and industry experts said it may be time to rethink the approach to IT value-added resellers (ITVARs) as the FBI and DCIS raid shed a brighter light on supply chain threats that most vendors and agencies have so far she skipped.

“I’m hearing a lot of customer concern,” said one industry consultant, who, like many others in this story, requested anonymity for fear it would damage their relationship with Carahsoft. “Many of them are asking questions about what will happen next and what it means. While I don’t think anyone knows this yet because there isn’t much information out there, it’s unclear what this means for my clients, Carahsoft and their government clients.”

One industry source who works for the technology company said almost all of its federal business goes through Carahsoft, causing it to ask more questions about how it sells to the federal marketplace and whether it needs to work with other ITVARs.

“If they stop fulfilling orders, even for one day, we will lose money. So the question now is: should we allow such a large number of transactions to take place through a single seller?” said the source. “Even if this event didn’t happen at the end of the fiscal year, what can we do? I think government and industry are asking themselves this question now. I expect that regardless of what happens with Carahsoft, there will be impacts on the supply chain risk management side. That’s where everyone goes crazy.”

Problems associated with a single source of supply

For several tech companies, Carahsoft is the main conduit to federal agencies. In fiscal year 2023, Carahsoft won $1.4 billion in federal contracts. According to USASpending.gov, in 2024 the company has already earned over $960 million.

Additionally, Carahsoft claims to work with over 10,000 government contractors, value-added resellers, solution providers and system integrators. These include almost every major government technology provider, from Adobe to AWS to Dell to Google to Microsoft to Splunk.

For many small and medium-sized companies, Carahsoft is the best and perhaps only route to the federal market.

“Having exclusive contracts and single sources of supply creates potential challenges for many of us and for the government,” said an industry official who was a former federal director. “Agencies may not have access to the best technology if something happens to one of these sellers. We all face greater supply chain risk if certain companies or channels are not available.”

It is unclear what further action, if any, the FBI or Department of Justice will take, but if the government decides to suspend Carahsoft or propose its expulsion, the impact would be enormous.

As several industry sources have said, the FBI and DCIS do not raid companies if it is purely a civil matter. Sources say history shows that when the FBI shows up, there is usually something more serious and illegal going on, without knowing any details of the Carahsoft situation.

Another industry source who has been involved in False Claims Act civil cases in the past said there are usually meetings with the Department of Justice and the company, and ultimately the company writes a check to settle the allegations.

FBI raids are ‘extreme’

However, the source said, when the FBI decides to show up at your door unannounced, it’s usually an “extreme” situation.

“I’ve had clients push back, delay, and then negotiate for what the Department of Justice really wanted. Then there is a gradual release of documents and sometimes deadlines are not even met and the government is not happy, but I have never seen a raid,” an industry source said. “It must have been a flagrant violation, involving numerous missed deadlines and a criminal history. Our operating assumption was that you try to narrow it down to reduce your burden, but you can’t say no to (a request for a civil investigation).”

Other sources report that on September 24, the FBI and DCIS served Carahsoft with two criminal and one civil subpoenas.

Trey Hodgkins, a longtime federal procurement expert and now senior vice president of Phoenix Strategies, a government affairs firm, said he sees agencies looking for alternatives to Carahsoft until they learn more about the current situation.

“They will look at these contracts and see if they can apply this technology elsewhere. If I were a government employee and this situation occurred, part of my thoughts would be how to get what I need rather than buying it here,” he said. “I think companies are also looking at whether they can partner with someone else, especially if the agency doesn’t want to use that company right now.”

The concerns expressed by several industry executives do not only apply to Carahsoft, but to the entire ITVAR approach.

It’s worth taking a second look at the seller model

While many industry experts praised the role of value-added vendors, which also include companies like Red River, World Wide Technology and Immix Group, they said the rise of these vendors as an easier path for many companies entering the federal market is a bigger concern. rules on government takeovers than the companies themselves.

“Other OEMs are encouraged to use one VAR rather than multiple VARs. There are things like deal registration and exclusive contracts that give them a reason to only work with one company or a limited number of companies,” said a former federal official who now works in the industry. “There are risks further down the supply chain that are a by-product of the market and do not lead to healthy outcomes for the government.”

Aileen Black, a former executive at Google, VMWare and other federal contractors, said ITVARs provide much-needed services to both many contractors and the government.

“Carahsoft, for example, provides the infrastructure at a reasonable cost to have all the contract vehicles that allow the government to buy things, especially from innovative companies,” she said. “Carahsoft does this at an extremely low margin compared to using a large systems integrator. They provide great service and innovation.”

Additionally, industry representatives say ITVARs also reduce risks and administrative burdens for companies doing business with the government.

For example, one company looked at how much it would cost to work directly with the government and estimated that it would require 5 to 10 full-time employees to manage and oversee the entire effort. These workers would have to handle everything from managing contracts, to keeping up with price changes, to adhering to all legal and cybersecurity compliance requirements, and much more.

For a small or medium-sized company, the need to employ as many as 10 people is a huge cost that it either cannot afford or prefers to spend the money on business development or technical skills.

“It shows what barriers the government creates. “I don’t blame the government, but it needs to understand why these barriers exist and why many companies can’t afford to overcome them,” the former federal official said. “Many large companies also support the ITVAR model. Hiring a team to manage contract vehicle access is not a mission-critical task for them. Outsourcing this work to the VAR means he doesn’t have to worry about it. But it also means that taxpayers are paying more for these technology services than they have to.”

Public procurement rules are too burdensome

Black and other industry executives say the challenge is the ever-increasing complexity of the federal foreclosure system.

Alan Thomas, former commissioner of the Federal Acquisition Service at the General Services Administration, said that while there are valid reasons for some of the complexities in the federal acquisitions industry, this situation could be a catalyst for both agencies and industry to reconsider whether processes must be so demanding.

“Carahsoft is a billion-dollar company because the government requires companies to meet so many conditions,” said Thomas, now the founder of AlphaTango Strategies. “The government needs to look at the root causes that require these VARs. What demands on suppliers cause people to look for ways to reduce risk? We need to look at these requirements and consider some cuts.”

The former federal executive added that whatever the issue involves Carahsoft and the third party it works with, it is a symptom of a broader problem of increased risk in the supply chain.

If companies are unwilling or unable to engage with the government, they will find alternative and less risky ways, in this case intermediaries such as ITVAR.

“Why don’t companies want to cooperate directly with the government? Why take the risk? Whether it’s a GSA discount clause or the hassle of getting a deal in place and maintaining it, using an intermediary reduces your risk. They also see some legal and administrative benefits,” the source said. “But there also needs to be some accountability on the part of the procurement ecosystem. If the number of suppliers with a captive market is limited because it is too difficult to do business with the government, the government must consider whether it can lower policy barriers, find ways to provide flexible pricing, and other common obstacles.

There are some signs that the trend is starting to reverse. Microsoft recently changed course and began selling directly on the federal marketplace rather than using resellers.

Sources credit GSA with trying to reduce risk for suppliers by implementing new programs, such as the Transactional Data Reporting (TDR) initiative to replace the price reduction clause.

Congress is paying attention

Additionally, Congress is starting to pay more attention to this issue. Sense. Brian Schatz (D-Hawaii) and Pete Welch (D-Vermont) recently wrote to GSA Administrator Robin Carnahan to learn how the agency is mitigating the risk of relying on too few contractors to handle so much of the federal government’s work IT systems.

“This is particularly true for software that has kernel access and high-level privileges to critical government systems,” Schatz and Welch wrote.

Lawmakers have shown no public interest in the Carahsoft situation, with spokesmen for both the Homeland Security and Governmental Affairs Committee and Rep. Gerry Connolly (R-Va.) saying they have no comment on the current situation.

The former Hill staffer said they wouldn’t be surprised if some lawmakers watch this situation closely and start asking some questions, especially GSA, to try to understand what the Justice Department is trying to do.

“It definitely would have piqued my interest when I was on the Hill,” the former employee said. “I don’t think the vendor issue is widely understood on the Hill, so I wouldn’t be surprised if there are questions about how it works and how GSA or another agency can provide access to the technology they need.”