As disruptive technologies continue to explode across the corporate technology landscape, a natural inclination from both business personnel and attorneys may be to draw parallels between these innovation tools and more established technologies and practices. Robotics and process automation (“RPA”), a hotbed of exponential growth in recent years, is no different. Increasingly, the benefits and risks of RPA have been compared to those ones associated with traditional outsourcing or managed services (“BPO”). And while a considerable amount of overlap undoubtedly exists, the critical differences between RPA and BPO are even more striking.
RPA and BPO: Similarities…With Distinct Differences
RPA is an umbrella term used to characterize machine-based solutions which previously required human thinking and/or oversight. Organizations may implement RPA for any number of reasons, from something as simple as automating workflows to navigate corporate contract approvals, to conducting deep-dive data analytics for the purposes of making diagnoses in medicine. Many of the underlying rationales for RPA use are similar to those reasons frequently cited as the basis for BPO: 1) RPA is less expensive; 2) RPA saves time; 3) RPA allows higher value resources to devote their time to higher value tasks. The expectation is that, over time, the machine/code in the case of RPA, and the human(s) in the case of outsourcing, will become more efficient at a discrete set of tasks, thereby creating opportunities for gainsharing and improved efficiencies.
To be sure, a subset of the risks related to RPA overlap with outsourcing. Both people and systems incumbent to an organization may be displaced or eliminated altogether by the influx of RPA or BPO. In both cases, the following issues may arise:
In the case of BPO, organizations typically overcome the first issue by having both the internal resources and the BPO vendor staff work together on the front end to clearly define requirements and an end to end process. While this type of business analysis may also occur in the RPA context, RPA firms are typically more agile in their staffing and resources, and securing a seasoned business analyst who will carefully and meticulously document business requirements and processes can be problematic.
In the case of competitive advantage, an argument can be made that the same contractual safeguards leveraged in BPO deals (confidentiality, trade secrets, intellectual property rights, etc.) may leveraged similarly in RPA deals. However, the niche leaders in the RPA space are primarily startup organizations funded by venture capital firms who may have little or no tolerance for accepting contractual terms which would in effect limit the RPA organization’s ability to both learn from prior engagements and mass market those learnings to other customers.
The issue of regulatory compliance also poses materially different risks for consumers of RPA, the most obvious one being, “How does use of RPA vary my organization’s compliance obligations?” An additional concern is whether RPA vendors will assume the risk of compliance with such regulations. Considering the lack of appetite from venture capital firms for assumption of risks associated with RPA, it is likely that this will be an area in which RPA vendors demand a less balanced risk allocation, even when large organizations are sitting across the negotiation table.
RPA’s Unique Risks
Unfortunately, the risks set forth above are not the only ones presented in the RPA space. Consider the following:
Even though RPA does present materially different risks than prior process innovations, oddly the approach to managing such risks may be a familiar one. As a former colleague astutely noted during the early days of public cloud implementations, “things have to go wrong to go right.” In most cases, internal resources from legal, data privacy, information security, risk management and business operations will race to assess and scrutinize exactly what was purchased, what risks it will present and what may have already gone wrong (and ways to mitigate those unforeseen risks). These actions will allow corporate teams to create a veritable “lessons learned” for future RPA deals as corporate brakes are applied to restore operational stability…until the next “disruptor du jour” arrives.