While COVID-19 has impacted the entire global economy, organisations that have outsourced core business and operational functions have been particularly exposed, one example being the impact that lockdowns in India and the Philippines have had on Telstra to deliver on new orders and manage faults. The full extent of the impact of the pandemic on outsourced operations is not yet known, and infection rates in a number of countries that support large Business Process Outsourcing (BPO) sectors do not yet appear to have peaked.
Aspects of the traditional outsourcing model have been proven to be flawed, and organisations now have an opportunity to build more resilient frameworks to protect against similar occurrences. An organisation’s outsourcing and supply chain strategy has greater C-suite and board attention than in the past, and there will be an expectation on GCs and legal teams to be familiar with these strategies, and to ensure that the organisation adopts appropriate risk mitigations to enable it to survive future pandemics and other black swan events.
The following areas warrant consideration in the context of future outsourcing arrangements.
1. Business continuity and disaster recovery. Historically, business continuity planning (BCP) has been underpinned by a requirement to have a multiple physical backup sites that are capable of being quickly deployed in the event of an incident. This generally assumes that workers and systems at one location can be easily transitioned to another location (often in close geographic proximity) in order to ensure continuity.
This is particularly prevalent in the context of BPO arrangements which are heavily reliant on remote workforces. Although multiple physical locations is an important part of BCP and disaster recovery, this will not provide effective protection in the context of a broad global lockdown, as COVID-19 has demonstrated. Moving forward, organisations will need to be comfortable that their business continuity planning includes mechanisms to deal with broad-based remote working, and that these mechanisms have been, and are capable of being, stress tested on a regular basis.
2. Remote working as the ‘new normal’. It seems increasingly likely that some form of remote working arrangements will be in place for the foreseeable future. This reality heightens the importance of organisations incorporating appropriate information and data security requirements into their outsourcing arrangements. Often, security mechanisms associated with remote workforces have been focused on physical security (e.g. physical access control to secure sites). In a remote working environment, the focus will need to include logical security mechanisms (e.g. electronic access control and technical controls to prevent exfiltration of information to private systems).
Organisations will also need to have appropriate mechanisms in place to control the level of performance of their service provider’s workforce when physical supervision is not possible. This might include requiring service providers to electronically monitor the quantity of output of individuals, or to structure arrangements to be output driven (as opposed to time and materials based) so that the delivery risks, and risks associated with potential reduced efficiency in a remote environment, are shifted to the service provider. We expect that organisations will require their service providers to provide a detailed plan (which has been, and is capable of being, stress tested on a regular basis) setting out how remote working will be implemented, and how performance risk will be managed when physical supervision isn’t possible.
3. Broad review of outsourcing strategy. One of the key benefits of outsourcing business functions is the potential to tap into a skilled workforce in a country with a lower cost base (particularly where there is a skills gap in the home jurisdiction). The obvious risk of this is that it diminishes the level of control an organisation might exert over the remote workforce, and it relies on a seamless communication and mobility of information and resources. While the cost benefits of outsourcing will always be a major attraction, there is an increased focus on supply chain robustness and resilience. We commented on this in further detail in an earlier piece. This is now a C-suite issue with board scrutiny, and is likely to necessitate broad reviews of the outsourcing strategy of organisations, particularly in relation to critical functions. We expect organisations to pay close attention to whether critical functions which may have been outsourced can be brought in-house or on-shore.
We also expect to see an acceleration of investment in automation of labour-heavy activities to reduce the dependence on human capital (and therefore the susceptibility to pandemics or other health issues). This flight to automation and ‘bots’ during the pandemic has already been evident amongst organisations with substantive outsourced operations. Increased use of automation in outsourcing may be an opportunity to bring functions back on-shore while managing the cost of doing so to a reasonable level. There is also likely to be an acceleration of cloud migration given the flexibility that cloud computing offers to scale up and scale down operations to cope with external demand shocks caused by pandemics and similar black swan events
4. ‘Big bang’ BPOs may be a thing of the past. Building on point three above, we expect organisations to consider moving away from single-source models for particular critical functions which would benefit from being multi-sourced from vendors in a range of different geographic locations, each of which is capable of ‘stepping in’ if another vendor is incapable of performing. The benefits of a single-source approach are twofold. Firstly, the customer negotiates a low overall price and secondly, the customer has a single point of contractual accountability (the so called “single throat to choke”). The result has often been that the service provider uses the lowest cost/offshore location, sometimes to the detriment of the customer from a quality and risk perspective. Also, the supply chain becomes opaque and the customer is unaware of how the service provider will perform in the event of a pandemic or other black swan event. The benefits of a single-source model need to be carefully weighed against the lack of supply chain resilience and the inherent exposure that this brings.
5. Re-thinking governance and control structures. Strong governance processes and mechanisms are often key to the successful implementation and operation of outsourced arrangements. These processes rely on having shared working spaces, physical meetings and gatherings, or in the case of remote workforces, the constant presence of representatives of the organisation at the premises of its service provider and vice-versa. The concept of physical proximity is particularly relevant in an agile delivery context that depends on the close and continued interaction of team members. Organisations will need to re-think the way that traditional governance models can effectively operate in a remote working context.
One of the trends that became evident in the early stages of COVID-19 was that organisations were forced to relax some of their stringent governance arrangements in order to accommodate the changed work environment. Being nimble in this context was a benefit to these organisations. However, there is a clear balance that needs to be struck between loosening governance, and completely removing governance and control structures. It would be beneficial for organisations to have a tiered structure of governance and controls that can be easily ratcheted up or down depending on the circumstances, and which has been pre-determined and stress tested in the context of a remote working environment.
6. Increased contingency planning of the ‘worst case’. At the beginning of the pandemic, there was a flurry of activity in relation to the application of existing force majeure clauses or ‘frustration’ based arguments to the present circumstances. Where it could be said that occurrence of COVID-19 constituted a force majeure event, often the impact was the service provider being relieved of its contractual obligations. From a customer perspective, a more desirable outcome is a potential relaxing of obligations to an agreed baseline of performance, rather than a complete release from all obligations.
We expect to see a heightened focus on contingency planning (even in the context of low probability, high impact events), which then translates into variable performance obligations and pricing structures which are hard-coded into the outsourcing arrangement so that there is complete clarity on performance and price expectations if a similar event occurs. We also expect that organisations will require potential service providers to provide details of their “worst case” modelling when responding to tenders in large scale outsourcing projects.
Although COVID-19 has had a significant impact on outsourced arrangements in the short term, we expect to see strong and sustained demand for outsourced services in the longer term as part of accelerated digital transformation activities within organisations. By considering and addressing the points above, organisations will be able to increase the resilience of their outsourced arrangements. GCs and legal teams have an important role to play in helping to guide this thinking.
This publication is introductory in nature. Its content is current at the date of publication. It does not constitute legal advice and should not be relied upon as such. You should always obtain legal advice based on your specific circumstances before taking any action relating to matters covered by this publication. Some information may have been obtained from external sources, and we cannot guarantee the accuracy or currency of any such information.