When the news broke recently that Microsoft is going to outsource more of its legal processing work to the BPO division of Wipro Technologies in Bangalore, people couldn’t help but wonder: Why not send some of that LPO work to companies closer to home?

There’s no lack of BPO companies in neighboring countries like Costa Rica and Mexico, to name just two. (And as one observer told us, LPO is basically another form of BPO.) Well, the biggest reason is simple: It’s hard to find a nearshore firm that’s doing LPO.

India Dominates

Ed Thomas, an analyst with the IT services team at global research firm Ovum, has just wrapped up a report that provides an overview of the LPO market. “The report doesn’t include any specifics about Latin or Central America as delivery models because no one mentioned them,” he said. “India is by far the dominant location.”

(The Philippines would be next in the standings, and China and Sri Lanka are growing. “A lot of companies want to have nearshore facilities in that region,” Thomas said.)

Nearly everyone we spoke with said that when it comes to LPO, India has what Thomas called “two very significant advantages that put it head and shoulders above everyone else”: superb command of the English language, and a legal tradition based on British common law.

Another big advantage is India’s experience with the “P” word. “India is very good at process,” attorney Jordan Furlong, a partner with Edge International and based in Canada, said. “BPO is very process-driven, and Indian companies have shown that they’re great at systemization. They know how to take a task, break it down into components, and assign each task to someone that’s going to provide the best cost and the most efficiency.”

India, he said, also has something else: Plenty of people trained in the legal arts. “The country graduates about 80,000 new lawyers every year. By contrast, that’s the total number of all the lawyers in Canada.”

Entrepreneurship has played a huge role in India’s dominance of the fledgling LPO market. “If you go back and think about why India has succeeded as an outsourcing destination, it’s because of the entrepreneurship that existed,” said Jagdish Dalal, managing director of thought leadership at the International Association of Outsourcing Professionals. “What you need is a bunch of investors and entrepreneurs who are ready to say ‘Let’s do this.’”

Early Innings

LPO is a new game, and there’s still time for new players to get into it. Everyone emphasized that.

“It’s important to remember that LPO is still in its nascent stages,” Ed Thomas said. “We shouldn’t overestimate the market. It’s quite small as it currently stands. But in the long term, there are going to be opportunities there for Nearshore companies that can overcome certain challenges.”

Those challenges include cracking a market that involves “a lot of trust between vendor and client,” he said. “Clients like to see previous successes. It’s not easy to just form a startup and say ‘We are now providing LPO.’ There’s reluctance among legal firms to use LPO in the first place.”

But again, the benefits we’ve all heard about being geographically close to clients will help providers of LPO in the same way it has helped providers of IT services. “It’s useful to have a lot of face-to-face interaction” when doing legal work, Thomas said.

“Once the market matures a bit, in three to five years, we will see jobs going to Latin America,” said Alok Aggarwal, chairman and co-founder of research firm Evalueserve, which provides KPO and LPO services.  Companies there would have a chance at acquiring LPO work “that does not require too much English writing or speaking.” The propensity for “legalese” makes it not easy for people even in India and the Philippines to do LPO tasks, Aggarwal said, but “work such as tagging, e-discovery, and categorization can be done by nearshore companies in Latin America even today.”

Aggarwal recommends that nearshore firms that want to get into the LPO business “approach clients with the aim of doing paralegal work” like e-filing and docketing.

“LPO is a whole lot more smoke than fire right now,” Dalal said. “There’s a lot of talk, but not enough going on to say this sector has hit scale.” Dalal said he thinks Panama and Costa Rica could be likely players in the LPO game. Panama has English and proximity to the U.S., and Costa Rica’s government has shown a knack for inviting foreign companies to invest.

“We’re not looking at an outsourcing phenomenon where the nearshore companies in the Americas are missing it,” Dalal said. “It’s still fertile ground.”

Wipro Ltd. of Bangalore is carrying out several significant changes in handling client accounts, especially those in the top 10, as it looks for increased share of wallet from existing clients. In an interview with Business Line, the company's Chief Financial Officer, Suresh Senapathy, said such an exercise was expected to start delivering results in 2011.

Senapaty said the current financial year may not be a picture-perfect year for the industry. He said it will be a year where you just move up from the negative first half of 2010, but the momentum is still picking up. When the growth momentum is there, there will be a tailwind. But since Wipro went into a growth trajectory only in the second half, the tailwind is not as high. He said fiscal year 2010-11 will set the pace for seeing good results in 2011-12. The U.S., India, APAC, and pockets of U.K. are improving.

The volume growth been for Wipro has been about 4.1 percent for quarter four, which is good, on the back of a very good volume growth the previous quarter. This quarter will also see good volume growth.

But compared to Wipro’s peers, it's low…

One percent here or there is okay. Overall momentum is good. Spending is back. And Indian companies have started winning deals. The volume growth has been substantial, the revenue growth has been at the top end of the guidance, the net headcount has been substantial, we have got a large order book of about $1 billion in just one quarter… all these give us good confidence about the current and next quarters…

While major IT companies say that the telecom sector has stabilized, Wipro believes the sector has in fact done well.

Company officials saw spend coming back in the sector. The spending may not be going up as significantly as in retail, financial services, energy and utilities, healthcare, but it will not drag anymore. Earlier, when others were growing, telecom was declining and seeing a drag. Now there won't be a drag effect anymore but it won't lead the pack.

The India piece of the action in the telecom sector is still doing well. Deals like Uninor and Aircel happened and now they are talking about 3G – that will come with high spending as well. 3G will be a growth opportunity.

The revenue from top 10 clients has grown at similar pace as the overall average – little lower in quarter four. Quarter three, it grew faster. Wipro has been pretty focused in that in terms of acquiring the right talent; they have hired lot of good partner-level material (client engagement managers).

The client engagement managers operate like CEOs. Their job is to increase share of wallet of clients – their incentives are linked to what they bring out of the accounts. As Wipro goes forward, it will see a big change in the next 4-6 quarters. It will start delivering soon on this…

More than 90 percent of Wipro revenues come from existing clients. They are doing a lot of things there. They split the sales force into miners (to increase Wipro’s share of client’s wallets) and hunters (to procure new accounts). Wipro has also started giving more importance to order-booking as opposed to billing. The order-book number it has got now versus what it had in the previous year is significantly higher. It is not sharing those numbers but as it goes forward, in the next 2-3 quarters, it will perhaps start sharing those numbers on a quarterly basis.

Wipro's BPO business saw more than 5 percent growth in the fourth quarter, sequentially; year on year, it grew 20 percent. About 50 percent of revenues comes from transaction processing – that has been growing fastest. Earlier, there was more voice, now it's more transaction processing. It brings in more differentiation. In the future, BPO business will grow faster than IT services industry. Attrition levels in transaction are lower. In the voice side it is around 35 percent.

Wipro is said to be looking at acquisitions in the BPO area. There are lot of nonlinearity initiatives it can drive on its own. And there are lot of high-end business – KPO, LPO, data analytics and so on – some of them it is already investing organically and some of them may become targets to acquire.

The talk in business circles over the past decade has been that legal process outsourcing is all smoke and no fire because security issues—a prime concern of U.S. law firms—will never be solved satisfactorily

Irrespective of size, all foreign law firms and corporations are equally concerned about how and where their data is stored, handled and maintained with LPOs in India.

One firm, AEL DATA Services LLP of Beaverton, Ore., and London, England, says it has solved the seemingly insurmountable difficulties. It says that, in terms with the ISMS certification that it holds, it has put into place various steps and measures.

Data Backups

Backups are only created with the permission of the client and if the client contract specifically allows the creation of such backups by AEL DATA.

AEL Data backups, installation media and boot disks are stored only in IT Room where authorized people have access to them. In order to make restorations simple, backups are well-labelled.

Backups are stored in a cool, dry space with a temperature of 16-22 degrees Celsius at 40% humidity.

Biometric Access Controls

Access is available to authorized personnel only by means of biometric access control. Standards and conformity assessment processes are identified and adopted for each projects. The biometric standards and conformity assessment are integrated as practice immediately once approved.

Building Structure

AEL has four hours of fire resistant material for storage repositories including all doors and the protection of openings (e.g., fire dampers in air conditioning ductwork)

Automatic fire suppression system

24 hour smoke detectors with automatic fire alarms linked to the fire station or security agency

A robust firewall and intrusion detection system are in place

Data is backed up on a daily basis and stored in a fireproof safe

Personnel Security

All staff are vetted to ensure their suitability for the work involved

AEL also undertakes Criminal Record Checks (CRC) on all employees.

Physical Security

The facility is built of solid construction to which only controlled access is possible.

This facility is equipped with CCTV cameras and intruder detection systems.

Information Security

AEL implements ISO 27001:2005 (information Security & Management System) in the LPO Operations location

The law firms’ own end-user computing policies are enforced

ID and password authentication are in place and strictly enforced.

User accounts lock if an incorrect password is inputted (3 unsuccessful attempts is the norm)

Logs recording logon/logoff detail are kept and are reviewed

Anti-virus software is in place that is able to detect adware and other malicious code. Virus signature files are updated at daily

Server room is a secure dedicated area where servers are housed and only authorized staff have access. IT system are supported by an uninterruptible power supply, at least to allow smooth shutdown in the case of a power outage

Relevant staffs are vetted and are made aware of their IT security responsibilities. (i.e., passwords, locking unattended workstations).

A disaster-recovery procedure and business continuity plan is in place

Network Security

To protect the information that resides in the AEL Data enterprise network a number of other security measures have been implemented.

Users are to have valid, authorized accounts and may only use those computing resources that are specifically authorized.

Users are responsible for changing passwords on their accounts every 15 days to ensure that private and secure files are kept secure.

Users have the right to change their password at any time.

Users do not share passwords.

Users are not allowed to try in any way to obtain a password for another user's account.

Data protection schemes and system security exists to protect all users. Users do not attempt to circumvent data protection schemes or exploit security loopholes.

To ensure additional security, users

Log off their computer if they are going to be away from their computer for an extended amount of time.

Disclose to the AEL Data IT Team any misuse of computing resources or potential loopholes in computer systems security and cooperate with the IT Team in the investigation of system abuses.

Software

With regards to copyright

Software used on AEL Data personal computers is purchased and/or licensed issued for AEL Data.

Users are aware that ALL computer software is protected by copyright unless it is explicitly labeled as PUBLIC DOMAIN.

Software is only used for the purpose allowed in that particular software’s license agreement and is not be copied without the express authorization of the software license.

Hardware

All personal computer systems used by AEL Data employees are owned by AEL Data and managed by IT Dept.

Personal computer equipment is not relocated

The physical configuration of any AEL Data personal computer cannot be modified without consultation with AEL Data IT Department.

Only equipment purchased by or approved by AEL Data may be attached to an AEL Data LAN.

Network Access

Network IP address is only assigned by the IT team.

No user is allowed to change their IP address.

All remote access (dial-in services) to AEL Data is controlled with adequate security in place.

Users are not allowed to extend or re-transmit network services in any way

Users are not permitted to alter network hardware in any way.

User IDs

These are the types of IDs that will be used at AEL Data:

User Account IDs - accounts for general users, customers, and those persons accessing computers, applications, databases and systems in a nonadministrative function.

Process IDs - accounts for applications, databases, and other automated processes.

Privileged Account IDs - accounts for administration of servers, network devices, Biometric Device, etc.

Password Management

All user-level passwords are, at a minimum, at least 8 characters in length and a maximum of 14 characters.

Maximum password age: 60 days.

Minimum password age: 15 days.

Remote Access

Remote access to AEL Data networks and systems from the Internet is permitted only through/perimeter gateways specifically authorized by the ISC.

The appropriate AEL Data IT group logs all connections.

Through MPLS VPN connection the network is secured and it is impossible to intrude or hack the network providing the safe and secure transfer of data through network.

Remote Access Software and Hardware

The use of any type of remote control software or hardware that enables a user to control or access data on a AEL Data system without utilizing an authorized perimeter gateways is prohibited without the prior written authorization of the ISC.

Wireless Access

Employees cannot connect wireless access devices to AEL Data network at any time for any reason, except where a written waiver is provided by the ISC.

Antivirus

All computers within AEL Data have management approved antivirus software installed.

Weekly scheduled scanning is enabled to run at regular intervals.

Clear Desk Policy

Where practically possible, paper and computer media is stored in suitable locked safes, cabinets or other forms of security furniture when not in use, especially outside working hours.

Clear Screen Policy

AEL Data computers/computer terminals are not left logged on when unattended and should be password protected.

Computer screens are angled away from the view of unauthorized persons.

System-Usage Monitoring

System-Usage Monitoring Policy identifies any wrongdoing or new security vulnerabilities.

Media Disposal

Paper records are disposed of in accordance with the retention and destruction schedule contained in the Data Retention Policy of AEL Data.

The staff ensures that confidential paper records are disposed of using the shredder.

CD/DVDs are sent to the IT department for destruction,

These disks are made unreadable and disposed of by a member of the IT department under guidance laid down by the ISM (Information Security Manager.)

Security and Access Control

The storage room has a 24-hour intruder alarm.

The duty supervisor is the only person on site with a key to the storage room.

Other keys are kept in a nearby secure off-site location.

Access to the storage room is restricted to staff working on the project, or persons authorized by them by means of biometric access controls.

Preparation Area

Security and Access Control: Access to the preparation room is restricted to staff working on the project, or persons authorised by them

End of Working Day: At the end of working day, all registers are returned to their storage areas and the storage area securely locked.

LPO Operations Area/Work Floor

Security and Access Control: The Operations area/work floor access is restricted to staff/employee/lawyers working on the project

End of Working Day: At the end of working day, all materials are returned to their storage areas and securely locked away

Media Disposal

Paper records are disposed of in accordance with the retention and destruction schedule contained in the Data Retention Policy of AEL Data.

The staff ensures that confidential paper records are disposed of using the shredder.

CD/DVDs are sent to the IT department for destruction,

These disks are made unreadable and disposed of by a member of the IT department under guidance laid down by the ISM (Information Security Manager.)