Archives || Search || About Us || Advertise || Feedback || Subscribe-
Issue of February 2006 

[an error occurred while processing this directive]

 Home > Analyst's Corner
 Print Friendly Page ||  Email this story

BPO and compliance

Aditya Sapru, Partner & Managing Director, Frost & Sullivan, talks about the regulations and standards that the Indian BPO industry has to follow these days. He also touches upon the changing global scenario.

There is a widely held notion that India’s success in the BPO space is because India is a low-cost destination with a deep supply of qualified manpower. This is why the Indian Business Process Outsourcing industry has come to epitomise compliance to international quality and standards.

The BPO scenario consists of businesses that depend entirely on repeat business for growth. Clients invariably start small and only ramp up over time as they develop confidence in the delivery capability of the service provider. Given this, the key differentiators that Indians have developed are quality and adoption of standards that permeate all business aspects.


As a business that depends on offshoring from customers in international markets, the situation that Indian BPOs find themselves in on the issue of compliance to quality standards and government regulation is unique.

First, they have to comply with Indian law. Then, they must comply with the relevant laws of the land that offshores business processes, such as COBIT for IT management, Six Sigma, ISO, COPC for quality management and Sarbanes-Oxley Act 2002 for auditing. Sometimes the customers may have their own unique practices that Indian BPOs must adopt. Finally, BPOs themselves may have designed their own process standards or may like to comply with some well-known international standards such as SOX.


Compliance to regulatory frameworks such as SOX by the BPO industry can act as a signal to global stakeholders that a firm is following best practices for corporate governance. This has become an important enabler as India's BPOs are proposing to list on international bourses

It is a general practice to consider compliance to government regulation separately from the compliance to industry standards. However, there is a case for everyone to consider these as on the same continuum rather than on two different spheres. Both of these issues pertain to the general business environment.

While compliance to government regulations and following industry standards may not by itself grow business, not having quality certifications can certainly act as a dampener for business growth. The invitation criteria itself these days for large deals specifies minimum adherence to quality standards and regulation, and not having these can eject service providers from the deal.

Compliance to regulatory frameworks such as the Sarbanes-Oxley Act by the BPO industry can act as a signal to global stakeholders that a firm is following best practices for corporate governance. This has become an important enabler as India’s BPOs are proposing to list in international bourses, and valuation is determined by the liquidity that they can attract from shareholders.


Earlier, some regulatory restrictions prevented BPOs from claiming tax benefits when serving both international and Indian customers. Restrictive regulations such as these have now been removed.

One of the enabling aspects of the India’s regulatory environment has been de-constraining the Factory Act by allowing female workers to work the night shift. The emphasis of international regulations has mainly been on the privacy and data security aspects of the BPO business. No-call list in the US and HIPPA standard for the healthcare industry are two prime examples of this regulatory trend.

Acts and standards
IT ACT 2000
The IT act is still somewhat opaque on the data protection front. There is a need for increased recognition for these standards of the BPO environment, and to create laws to prevent loopholes.

COBIT is an IT management standard. It identifies certain control parameters, the dependencies on IT resources and puts certain practices in place. Any organisation becoming more complex from the IT point of view needs to have to some kind of COBIT compliance. However, one may not replicate the exact COBIT standard in the organisation.
Many IT vendors are now creating information structure management software compliant to these standards. For example, HP OpenView is based on the ITSM COBIT standards.


The quality standards that Indian BPOs have adopted represent an eclectic mix of issues that BPOs must address. Some are standards that directly affect the quality of service offered by the service providers, including COPC, ISO and Six Sigma.

In addition, Indian BPOs have adopted standards that create a more enabling agenda, though peripheral to the quality of the final service offered. Under this category are the ones such as COBIT, ITSM and BS7799.

Furthermore, many organisations are adopting procedures such as whitehat hacking, in which ethical hackers hack and test security. Third-party BPOs have been using these audit reports to highlight their security compliance to their customers.


Many organisations are adopting procedures such as whitehat hacking, in which ethical hackers hack and test security. Third-party BPOs have been using these audit reports to highlight their security compliance to their customers

As standards mature and BPOs realise the intrinsic value of each, there is a likelihood for some realignment in the standards that will be followed in future. We foresee two mutually exclusive trends in the markets for standards.

The first will be in process compliance and the second will be in outcome compliance. Standards such as COPC prescribe best practices and root cause analysis templates specific to the BPO industry, and are attuned to increasingly complex situations that BPOs face today. Others such as the ISO standard may not be specific to the BPO industry, however they prescribe the process and documentation aspects of ensuring quality.

While there is a commitment to quality standards and regulation, an equally important aspect that BPOs must appreciate is that of cost and the extra management bandwidth that compliance demands from senior managers.

Hence, there is a need to strike a balance between what the external world is demanding from BPOs and the intrinsic gains that BPOs can seek from adopting quality.

The F&S survey results
Frost & Sullivan conducted a survey in March 2004 in which nearly 71 interviews were conducted with operational managers, COOs, IT managers and CTOs.
Some of the trends by the end of March 2004 in the BPO industry:
  • 82 percent followed a quality standard, suggestive of the criticality of quality to contact centres.
  • ISO is the most widely accepted quality standard adopted by contact centres, with about 25 percent of the sample acknowledging it.
  • Other than ISO as a quality standard, Six Sigma and COPC also have a large acceptance in the market at 20 percent and 13 percent respectively.
  • High level of acceptance of a third party/external entity to accredit quality: less than one-fifth of the sample taking no formal quality initiatives.
  • Quality consciousness amongst adopters and potential adopters of CMS (Call Monitoring System) and WFM (Workforce Management System) is very high.

COPC and Six Sigma are popular with large contact centres

  • ISO as a practice is popular in medium and small enterprises; Six Sigma retains popularity in the large and medium enterprises, COPC a favourite with the large contact centres.
  • While quality initiatives are important for both the value from quality as well as communication to external constituency, cost of acquiring quality norms is crucial in the final decision.
  • Quality initiatives and size are the leading indicators for gauging prospective investment intentions in CMS and WFM. Tracking these two parameters can lead to prospect identification.

—As told to Sneha Khanna

- <Back to Top>-  
Untitled Document
Indian Express - Business Publications Division

Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.