BPO and compliance
Sapru, Partner & Managing Director, Frost & Sullivan, talks about
the regulations and standards that the Indian BPO industry has to follow these
days. He also touches upon the changing global scenario.
There is a widely held notion that Indias success in the BPO space is
because India is a low-cost destination with a deep supply of qualified manpower.
This is why the Indian Business Process Outsourcing industry has come to epitomise
compliance to international quality and standards.
The BPO scenario consists of businesses that depend entirely on repeat business
for growth. Clients invariably start small and only ramp up over time as they
develop confidence in the delivery capability of the service provider. Given
this, the key differentiators that Indians have developed are quality and adoption
of standards that permeate all business aspects.
SURROUNDED BY STANDARDS
As a business that depends on offshoring from customers in international markets,
the situation that Indian BPOs find themselves in on the issue of compliance
to quality standards and government regulation is unique.
First, they have to comply with Indian law. Then, they must comply with the
relevant laws of the land that offshores business processes, such as COBIT for
IT management, Six Sigma, ISO, COPC for quality management and Sarbanes-Oxley
Act 2002 for auditing. Sometimes the customers may have their own unique practices
that Indian BPOs must adopt. Finally, BPOs themselves may have designed their
own process standards or may like to comply with some well-known international
standards such as SOX.
GOVERNMENT'S POINT OF VIEW
Compliance to regulatory frameworks
such as SOX by the BPO industry can act as a signal to global stakeholders
that a firm is following best practices for corporate governance. This
has become an important enabler as India's BPOs are proposing to list
on international bourses
It is a general practice to consider compliance to government regulation separately
from the compliance to industry standards. However, there is a case for everyone
to consider these as on the same continuum rather than on two different spheres.
Both of these issues pertain to the general business environment.
While compliance to government regulations and following industry standards
may not by itself grow business, not having quality certifications can certainly
act as a dampener for business growth. The invitation criteria itself these
days for large deals specifies minimum adherence to quality standards and regulation,
and not having these can eject service providers from the deal.
Compliance to regulatory frameworks such as the Sarbanes-Oxley Act by the BPO
industry can act as a signal to global stakeholders that a firm is following
best practices for corporate governance. This has become an important enabler
as Indias BPOs are proposing to list in international bourses, and valuation
is determined by the liquidity that they can attract from shareholders.
TAKING OFF THE LOAD
Earlier, some regulatory restrictions prevented BPOs from claiming tax benefits
when serving both international and Indian customers. Restrictive regulations
such as these have now been removed.
One of the enabling aspects of the Indias regulatory environment has been
de-constraining the Factory Act by allowing female workers to work the night
shift. The emphasis of international regulations has mainly been on the privacy
and data security aspects of the BPO business. No-call list in the US and HIPPA
standard for the healthcare industry are two prime examples of this regulatory
|IT ACT 2000
The IT act is still somewhat opaque
on the data protection front. There is a need for increased recognition
for these standards of the BPO environment, and to create laws to prevent
COBIT is an IT management standard. It
identifies certain control parameters, the dependencies on IT resources
and puts certain practices in place. Any organisation becoming more complex
from the IT point of view needs to have to some kind of COBIT compliance.
However, one may not replicate the exact COBIT standard in the organisation.
Many IT vendors are now creating information
structure management software compliant to these standards. For example,
HP OpenView is based on the ITSM COBIT standards.
PRACTICES IN PLACE
The quality standards that Indian BPOs have adopted represent an eclectic mix
of issues that BPOs must address. Some are standards that directly affect the
quality of service offered by the service providers, including COPC, ISO and
In addition, Indian BPOs have adopted standards that create a more enabling
agenda, though peripheral to the quality of the final service offered. Under
this category are the ones such as COBIT, ITSM and BS7799.
Furthermore, many organisations are adopting procedures such as whitehat hacking,
in which ethical hackers hack and test security. Third-party BPOs have been
using these audit reports to highlight their security compliance to their customers.
THE EMERGING SCENARIO
Many organisations are adopting
procedures such as whitehat hacking, in which ethical hackers hack and
test security. Third-party BPOs have been using these audit reports to
highlight their security compliance to their customers
As standards mature and BPOs realise the intrinsic value of each, there is
a likelihood for some realignment in the standards that will be followed in
future. We foresee two mutually exclusive trends in the markets for standards.
The first will be in process compliance and the second will be in outcome
compliance. Standards such as COPC prescribe best practices and root cause analysis
templates specific to the BPO industry, and are attuned to increasingly complex
situations that BPOs face today. Others such as the ISO standard may not be
specific to the BPO industry, however they prescribe the process and documentation
aspects of ensuring quality.
While there is a commitment to quality standards and regulation, an equally
important aspect that BPOs must appreciate is that of cost and the extra management
bandwidth that compliance demands from senior managers.
Hence, there is a need to strike a balance between what the external world is
demanding from BPOs and the intrinsic gains that BPOs can seek from adopting
|Frost & Sullivan conducted
a survey in March 2004 in which nearly 71 interviews were conducted with
operational managers, COOs, IT managers and CTOs.
Some of the trends by the end of March
2004 in the BPO industry:
- 82 percent followed a quality standard,
suggestive of the criticality of quality to contact centres.
- ISO is the most widely accepted quality
standard adopted by contact centres, with about 25 percent of the sample
- Other than ISO as a quality standard,
Six Sigma and COPC also have a large acceptance in the market at 20
percent and 13 percent respectively.
- High level of acceptance of a third party/external
entity to accredit quality: less than one-fifth of the sample taking
no formal quality initiatives.
- Quality consciousness amongst adopters
and potential adopters of CMS (Call Monitoring System) and WFM (Workforce
Management System) is very high.
COPC and Six Sigma are popular with large contact
- ISO as a practice is popular in medium
and small enterprises; Six Sigma retains popularity in the large and
medium enterprises, COPC a favourite with the large contact centres.
- While quality initiatives are important
for both the value from quality as well as communication to external
constituency, cost of acquiring quality norms is crucial in the final
- Quality initiatives and size are the leading
indicators for gauging prospective investment intentions in CMS and
WFM. Tracking these two parameters can lead to prospect identification.
As told to Sneha Khanna