Every quarter the same conversation lands. A European mid-cap wants its own customer-operations centre in Lagos rather than rent seats from a third-party BPO. A Nigerian holding company wants to add an AI-augmented BPO vertical to its existing mix. A regional outsourcing destination — Kigali, Accra, Nairobi — wants to enter the AI-augmented market and needs a setup partner who has built the pattern before.
The gap is the same. The buyer can describe the destination — their own operation, owned and branded, running on a modern AI-augmented stack, defensible to an EU procurement audit, staffed by graduates trained against a real curriculum. What they cannot describe is the route. Talent funnel design, regulatory wiring, Connect and Bedrock substrate configuration, training programme, eval gate — none of this is in their existing capability. Hiring a CEO to figure it out from cold takes nine to fifteen months and a tolerance for early mistakes the market punishes.
This is the playbook we run when the buyer says yes. cmdev sits at the intersection of AI engineering, regulatory practice, and BPO operations design — and has built each of those layers in isolation across a range of client engagements. We have not yet run a paid BPO-establishment engagement end to end as a single contracted scope. This is the playbook stated declaratively, in advance of that first engagement. If we are to set this up with you, this is how we will do it, in both theory and in practice.
Key takeaways
- The engagement is a 90-day setup, broken into three 30-day phases — discovery and foundation, build, first cohort live — designed to deliver an operational vertical the partner owns at the end of day 90.
- cmdev is the setup partner, not the long-term operator. We bring the playbook, execute the build, co-train the partner's training team, and transition to an optional managed-services backstop on day 91. The partner owns the operation.
- The default substrate is Amazon Connect plus Bedrock with the audit-chain discipline that satisfies an EU controller and an NDPA processor obligation simultaneously. The pattern adapts to Azure or GCP where the partner's corporate stack is already there.
- The eval gate before first live calls is non-negotiable — a golden Q-and-A corpus scored against the trained cohort, with a published pass threshold per intent class. Cohorts that miss the gate do not go live. This is the single biggest difference between a competent setup and a chaotic one.
- What this is not: staff augmentation, ticket-handling outsourcing, or white-label resale of cmdev's own services. The partner ends up owning the vertical, the workflow, and the regulatory posture.
Why this engagement exists
There is a class of company that wants to own a BPO operation rather than buy one. International groups setting up a captive African delivery centre. Nigerian conglomerates adding a customer-operations vertical alongside trading, fintech, or telco businesses. Regional outsourcing destinations standing up their first AI-augmented offering because the older labour-arbitrage model no longer wins bids on its own.
The structure is consistent. The partner sees the value of an owned vertical — better margin profile than a vendor relationship, data inside the corporate boundary, the IP of the operating model accruing to them, and optionality on adjacent expansion sitting with the owner of the playbook. What they lack is the assembled capability to build that vertical from cold. The component skills exist in the market — recruiters, trainers, Connect implementation partners, regulatory counsel, AI engineers — but stitching them into a coherent operation that survives a year-one audit is a different problem.
cmdev is not a generalist BPO operator and not a contact-centre implementation partner who sells Connect projects and walks away. We sit at the intersection of three practices the establishment engagement needs: AI engineering (the Bedrock layer, knowledge-base hygiene, eval discipline), regulatory practice (NDPA and GAID locally, GDPR and UK DPA on the inbound side, sector overlays where they apply), and BPO operations design (talent funnel, training curriculum, supervisor structure, QA function). The playbook is the integration of those three practices into a single 90-day setup.
What we deliver in 90 days
At the end of day 90 the partner owns five deliverables. An active talent funnel — recruitment partners under contract, screening pipeline at a defined throughput, the first cohort hired and in seats. Regulatory wiring complete — NDPA registration filed, DPO appointed, GAID-aligned policies in place, GDPR Article 28 DPA template with executed SCCs ready for inbound EU clients, sector overlay (CBN CSAT, NAICOM) wired where the workload demands it. A live technology substrate — Connect tenant provisioned, Bedrock knowledge base indexed on the initial corpus, contact flows built for the launch vertical, agent workspace configured with Amazon Q for Connect or equivalent assist tooling. A transferable training programme — curriculum documented, the partner's training team co-trained and ready to run the next cohort without us. The first cohort operational — 10 to 20 seats live on a soft-launch volume, eval gate passed, two weeks of shadow operations and two weeks of supervised live calls behind them.
That is what done looks like. Everything else serves those five deliverables.
Days 1 to 30 — discovery and foundation
The first 30 days are not about building anything customer-facing. They are about getting the foundational decisions right, because the cost of revisiting them in week eight is an order of magnitude higher than the cost of being slow in week two.
The phase opens with stakeholder workshops across four functions: executive (strategic intent, destination state), finance (capital structure, unit economic model, contract framework for inbound clients), legal (corporate structure, NDPA registration vehicle, DPA architecture), and operations (launch vertical, volume forecast, SLA framework). Written outputs the partner signs off on. Decisions deferred here compound into the build phase as rework.
Regulatory scoping runs in parallel. The Nigerian layer is the floor — NDPA 2023, GAID, and any sector overlay the launch vertical pulls in (CBN CSAT for financial-services data, NAICOM for insurance, the absence of a HIPAA-equivalent for US healthcare PHI). The client-side regime sits on top — GDPR Article 28 plus 2021 SCCs Module Two for EU buyers, UK GDPR plus IDTA for UK buyers, CCPA and state overlays for US buyers, FedRAMP-adjacent constraints that rule the operation out of US Federal scope. The output is a written map of which regimes apply to which workload, what registrations and filings are needed, and what DPA architecture survives the inbound client's DPO review.
Talent profile design is the third workstream. An AI-augmented operator is not a traditional call-centre agent and not a junior software engineer — they sit between. The screening criteria reflect this: English fluency at a defined band, basic cognitive aptitude tested against role-relevant tasks, comfort with tool-mediated work, comfort with the editing-and-judgement loop that defines the AI-augmented workflow. Fail-out thresholds at each stage of the funnel are decided here, not improvised later.
Tech substrate design closes the phase. The default — and the substrate we operate most cleanly — is Amazon Connect for the contact-centre platform, Bedrock for the AI layer, S3 with Object Lock for the audit store, and Amazon Q for Connect for agent assist. If the partner is on Azure or GCP, the pattern adapts; regulatory wiring and training curriculum are substrate-agnostic. We do not push the partner onto AWS if their corporate stack is elsewhere. The SLA framework is drafted in the closing week against the workload assumptions — tested by the first live cohort, ratified after that.
Days 31 to 60 — build the operation
Five workstreams run in parallel.
The talent funnel goes live first. Recruitment partners under contract, screening assessment calibrated against the role definition, first interview rounds scheduled. We run the funnel jointly with the partner's HR function — they hold offer authority and brand, we hold calibration discipline. The first cohort is offered by end of week six.
The Connect tenant is provisioned in the right region, with contact flows built for the launch vertical. Lex bots are trained on the first intent set, with bot scope deliberately narrower than what the partner thinks they need — overscope on a launch bot is one of the most reliable predictors of a botched go-live. The Bedrock knowledge base is indexed on the initial corpus, drawn from the partner's documentation, FAQ library, policy library, and historical case archive. Knowledge-base hygiene is set up explicitly — versioning, freshness checks, the ingest pipeline that survives the partner adding documents without breaking the index.
The training curriculum is delivered to the partner's training team. We do not replace the training function — we co-train. The first cohort is taught by our team alongside the partner's trainers, with the explicit goal that cohort two onward is taught by the partner alone. The curriculum runs the six-week AI-augmented track: four weeks of customer-service fundamentals and product knowledge, plus two weeks of tool fluency — prompt and draft literacy, audit-trail literacy, edge-case handling.
The supervisor structure is designed in parallel with the cohort hire. The ratios we operate against are 1:8 for tier-one routine workloads and 1:5 for complex or regulated work. Escalation criteria are documented — customer escalation request, regulated information request, suspected fraud, call duration over two standard deviations above intent median, anomalous edit-rate on AI drafts. QA scorecards are calibrated to the launch vertical.
Compliance documents close the build phase. The DPA template is drafted against the most demanding inbound regime the partner expects — usually GDPR Article 28 with 2021 SCCs Module Two. Processor agreements for downstream subprocessors are reviewed and aligned. The breach playbook is walked through with the DPO, including the multi-stream notification chain — NDPC under GAID, the inbound controller under Article 28, the sector regulator where applicable, the inbound client's contractual window which is almost always tighter than the regulatory clock.
Days 61 to 90 — first cohort live
The first cohort — typically 10 to 20 seats, depending on the partner's launch ambition and inbound contract structure — completes the six-week training programme and arrives at the eval gate.
The eval gate is the most operationally important moment in the entire 90 days. The gate is a golden question-and-answer corpus, drawn from the launch vertical's most common intents, with a published scoring rubric and a published pass threshold. Each operator works the corpus end-to-end — voice, chat, and email modalities where they apply, AI-augmented and unassisted modes, easy intents and the difficult ones. Answers are scored against the rubric: factual accuracy against the knowledge base, appropriate use of the AI draft, correct escalation behaviour, audit-trail completeness. Operators who pass go live. Operators who fail go back into supervised practice with a published re-test schedule. This is non-negotiable. The single largest difference between a competent BPO setup and a chaotic one is whether the eval gate is real or theatre. We make it real, and we make the partner's QA function the long-term owner of the corpus.
Operators who pass enter two weeks of shadow operations — observing live interactions, working test queues without customer contact, rehearsing the escalation flow. Shadowing surfaces the failure modes no amount of training catches — how the agent workspace renders on the partner's hardware, lag in the CRM integration, the specific phrasings of difficult interactions the training set under-represented.
Weeks three and four are supervised live calls at a throttled volume, with the supervisor structure at the tight end of the design ratios (1:5 regardless of workload class, then relax to standard once stable). Every interaction is QA-sampled at a higher rate than steady-state. Patterns surfaced daily, written up weekly, either resolved with targeted coaching or fed back into the curriculum for cohort two.
The audit chain is verified end-to-end during this period. We run live exercises — a simulated subject-access request, a simulated breach notification, a simulated regulator query — to confirm that discovery, response, and evidence-production workflows actually work in the partner's environment. Audit-chain failures discovered in week eleven are recoverable. The same failures discovered in month nine after an inbound client's DPO has flagged them are commercial events.
Day 90 is the handover.
The handover — what the partner owns
At end of day 90 the partner owns three things that are durable, transferable, and theirs.
The playbook itself — talent funnel design, screening criteria, interview rubrics, training curriculum, supervisor structure, QA scorecards, eval gate corpus, regulatory wiring, breach playbook. Documented, written so the partner's next cohort, next vertical, or next operations lead can pick them up without our involvement. A setup that leaves the partner dependent on the setup vendor for every subsequent cohort is a bad outcome for both sides.
The technology substrate — Connect tenant, Bedrock knowledge base, contact flows, agent workspace, audit-trail store, integration with the partner's existing systems. The substrate sits under the partner's AWS account (or Azure tenant, or GCP project) from day one. We never operate it on cmdev-owned infrastructure. The partner pays the cloud bills directly, holds the root credentials, and can terminate cmdev's access at any point without disrupting operations.
The trained team — the first cohort on the floor, the partner's training team certified to deliver the curriculum to subsequent cohorts, the partner's supervisor and QA leads in role. The team are the partner's employees throughout. We do not place cmdev personnel into the operation.
Optional ongoing scopes vary: a managed-services retainer covering AI substrate updates, knowledge-base hygiene, regulatory monitoring, and second-cohort training support; expansion to a new vertical with the same playbook and re-calibrated workload specifics; or a co-managed phase for partners who want cmdev's operational eyes on the floor for six to twelve months while their leadership team builds the muscle.
What we cost
The engagement is project-plus-retainer, not seat-based. The setup itself is a fixed-scope 90-day project priced against workload mix and regulatory complexity. Ongoing scopes are priced as monthly retainers against a defined scope of work.
Ranges depend on workload class and substrate decisions. A single-vertical, English-language, EU-buyer-facing setup on the Connect plus Bedrock default sits at the lower end. A multi-vertical setup with financial-services overlay, multi-buyer-regime regulatory wiring, and a non-default substrate sits at the upper end. We provide indicative numbers under NDA in the first scoping conversation; we deliberately do not publish dollar commitments in advance of the workload assessment.
What we do commit publicly is the economic model. The partner should expect the setup to pay back inside year one against the unit-economic improvement on the launch vertical. If the launch vertical is small enough that year-one payback is not achievable, the engagement is the wrong size and we will say so in scoping.
What this is not
It is not staff augmentation. We do not place cmdev personnel into the partner's operation as a hidden FTE substitute.
It is not ticket-handling outsourcing. We do not run the inbound queue ourselves and bill per interaction. The partner runs their own operation against their own inbound clients.
It is not a white-label resale of cmdev's own services. The operation is the partner's, branded as theirs, contracting with their clients under their own corporate identity.
If what the partner wants is any of the three patterns above, the right conversation is a different one. Several are reasonable BPO commercial structures — they are just not what the establishment engagement delivers.
Why this matters strategically
The partner who comes out of a competent establishment engagement owns an asset that is meaningfully more valuable than a third-party BPO contract of equivalent seat count. The unit economics are theirs. The workforce is theirs. The data is inside their corporate boundary. The optionality on adjacent expansion belongs to the owner of the playbook. That asset compounds. The vendor relationship does not.
The mid-2020s window for building this asset is unusually open. The substrate has stabilised — Connect and Bedrock, or the Azure and GCP equivalents, are mature enough to build against without rewriting every six months. The regulatory perimeter is now navigable in jurisdictions that were ambiguous three years ago — NDPA 2023 and GAID give Nigeria a defensible export-grade processing regime. The talent pipeline is producing AI-comfortable graduates at scale in a way it was not in 2022. The partners who set up well-architected, owned BPO verticals in 2026 and 2027 will hold a structural advantage over the buyers still renting seats from third parties when the market matures.
FAQs
Have you actually run a BPO-establishment engagement end to end before?
Not yet as a single contracted scope. We have built each of the constituent layers — talent funnel design, Connect plus Bedrock implementation, knowledge-base hygiene, eval discipline, NDPA and GAID wiring, GDPR Article 28 architecture, training-curriculum design — across separate client engagements. The 90-day setup is the integration of those layers into one contracted scope, and this playbook is that integration stated declaratively. We are explicit with prospective partners about the distinction. The first partner in gets a deliberately under-priced engagement against the published playbook, in exchange for being the reference case.
Why 90 days and not six months?
The 90-day window is calibrated against the work that is genuinely sequential. Discovery cannot compress below 30 days without rushing the regulatory and substrate decisions in ways that cost more in rework than they save in calendar. The build phase can compress to four weeks with concessions on training-curriculum depth, but we do not recommend it. The first-cohort-live phase needs the full 30 days for the shadow-plus-supervised pattern. Stretching beyond 90 days is usually a sign the engagement is wrong-sized.
What if our existing cloud estate is on Azure or GCP, not AWS?
The pattern adapts. Azure (Dynamics 365 Customer Service plus Azure OpenAI plus Microsoft Purview) and GCP (Dialogflow CX plus Vertex AI plus Cloud Logging) support equivalent architectures. The regulatory wiring, training curriculum, talent funnel design, and supervisor structure are substrate-agnostic. What changes is the configuration work in days 31 to 60 and the depth of cmdev's operational fluency on the chosen substrate. Connect plus Bedrock is our default; we will not push you off Azure or GCP if your corporate stack is already there.
How do you handle the eval gate when a cohort fails?
The cohort does not go live. Operators who fail go back into supervised practice with a published re-test schedule — typically two to four weeks of targeted coaching against the failure dimensions, followed by a re-attempt at the corpus. If the failure pattern is systemic (multiple operators failing the same intent class), the failure is in the training curriculum or the knowledge base, and we fix the upstream issue before re-testing. The eval gate is what protects the partner's brand on day one of live operations — softening it to hit a calendar deadline is a false economy.
What is the smallest partner who should consider this engagement?
The economics need a launch vertical that can absorb at least 10 to 20 operators in the first cohort and has a credible path to 40 to 60 operators inside year one. Below that, the fixed cost of the setup distorts the unit economics in ways that do not recover. Above it, the playbook scales linearly to several hundred operators per vertical. Partners with a smaller initial workload but a clear path to the threshold are usually still a fit.
Companion content
- Managed AI-Augmented BPO in Lagos: An Operation Designed for the EU and UK Buyer — the sibling piece, our own delivery model rather than the partner-establishment model
- How Managed BPO Operations Actually Run in Nigeria: Talent, Shifts, and the AI-Augmented Workflow — operational deep-dive on talent funnel, training, and supervisor structure
- Why Nigeria for Managed AI BPO Operations in 2026 — the strategic case for the destination
- The Regulatory Landscape for BPO Providers in Nigeria: NDPA, GAID, CBN CSAT, and Cross-Border Data — the regulatory layer the setup wires against
How to engage
If you are an international company planning a captive African delivery centre, a Nigerian group adding a BPO vertical to your existing business, or a regional outsourcing destination entering the AI-augmented market for the first time, the playbook above is what we run. The conversation starts with a 60-minute scoping call to confirm the launch vertical, the regulatory perimeter, the substrate decision, and the cohort sizing — before any commercial discussion. Talk to us at creativeminds.dev/contact.