Award

Risk, Audit and Compliance Solution

FINANCIAL CONDUCT AUTHORITY

This public procurement record has 4 releases in its history.

Award

16 Oct 2024 at 16:19

TenderUpdate

05 Feb 2024 at 13:37

TenderUpdate

05 Feb 2024 at 08:52

Tender

01 Feb 2024 at 16:45

Summary of the contracting process

The Financial Conduct Authority (FCA) has completed the procurement process for a "Risk, Audit and Compliance Solution" in the IT software package category. The contract was awarded to CoreStream for £565,550 GBP on 23rd September 2024. The procurement followed an open procedure and involved a tender process initially opening on 1st February 2024 with a deadline of 4th March 2024. The contract involves implementing a Risk, Internal Audit, and Compliance Solution for the FCA and the Payment Systems Regulator (PSR) for three years starting from 1st September 2024, with the possibility of two further extensions of 12 months each, totaling a maximum term of five years. The primary delivery location is at the FCA headquarters at 12 Endeavour Square, London (region UKI4).

This tender provides significant opportunities for IT software businesses specialising in Governance, Risk and Compliance (GRC) solutions. Companies offering commercial off-the-shelf (COTS), software as a service (SaaS) platforms, which can be configured for risk management, internal audit processes, and policy compliance will find this contract particularly suited to their offerings. The project will support the FCA and PSR in further embedding their Risk Management Frameworks, enhancing risk maturity, and enabling better decision-making. This presents considerable growth potential for businesses adept at delivering comprehensive risk, audit, and compliance solutions with capabilities for key risk indicator management, policy standardisation, and real-time data analytics.

Find more tenders on our Open Data Platform.
How relevant is this notice?

D3 Tenders Premium

Win More Public Sector Contracts

AI-powered tender discovery, pipeline management, and market intelligence — everything you need to grow your public sector business.

Notice Title

Risk, Audit and Compliance Solution

Notice Description

The FCA is establishing a contractual mechanism to implement a Risk, Internal Audit and Compliance Solution to the FCA for a period of three years starting from 1 September 2024 with an option to extend by two further periods of 12 months each (maximum term 5 years).

Lot Information

Lot 1

The FCA is establishing a contractual mechanism to implement a Risk, Internal Audit and Compliance Solution to the FCA for a period of three years starting from 1 September 2024 with an option to extend by two further periods of 12 months each (maximum term 5 years).
As a fully independent subsidiary of the FCA, the PSR operates to a shared service agreement, but each retains full data segregation. Any proposed solution will be required to maintain this segregation.
The system will support the further embedding of the Risk Management Frameworks that are operated by the FCA and PSR respectively, enabling greater levels of risk maturity across both organisations and ensuring efficient and effective risk-conscious decision making and prioritisation.
Risk Management plays an essential role in helping to deliver on our Strategy and statutory and operational objectives. It does this by helping to ensure we are operating in an effective and efficient risk-based manner in identifying and delivering the timely interventions to appropriately identify, prevent, mitigate, manage, influence and report on actual and potential Risks of Harm.
The current risk system is a commercial off the shelf (COTS), software as a service (SaaS) platform. This has been configured to support, as examples, the FCA's risk of harm and own risk taxonomies and scoring methodologies, to automate aspects of the FCA's Risk and Control Self-Assessment (RCSA) process; Risk Event Management process; risk acceptance and various risk and assurance reviews that are conducted by 2LOD. Additionally, it includes a small number of cross-cutting Risks of Harm.
The current Internal Audit (IA) system is used as a workflow tool to manage the activities associated with internal audits, including findings and actions. This is also a COTS SaaS, with a component hosted on desktop.
Both systems are functionally similar platforms and classified as 'Governance, Risk and Compliance' software tools. Moving to a single platform for all risk and audit information will support the consolidation of our IT estate.
A unified platform is envisaged to benefit day to day users, providing a clear view of the risks and controls they manage, linking the outcomes of IA reviews to wider risk management activities. In addition, this would provide stakeholders with an improved view of risk exposures and resultant mitigations by connecting the data to enable more effective and efficient decision making.
The system will be required to support the FCA's roadmap for critical risk management tools and processes and must therefore be able to support existing (and new) capabilities that have not previously been automated, such as Compliance (i.e., policy management and the implementation of a standardised control library) and Key Risk Indicator management.
We anticipate the system will provide access to real time risk and audit data, providing a high degree of flexibility in the ability to analyse and report on that data on an individual and aggregated risk basis to identify and monitor trends over time. For example, linkages across various records and metrics on a one-to-one, one-to-many and/or one-to-all basis.
The system must be implemented with minimal disruption to current processes and business operations. The supplier will demonstrate a robust approach to significant change and issue resolution, working cohesively with the FCA Product Group to support and independently configure the product.

Publication & Lifecycle

Open Contracting ID
ocds-h6vhtk-043685
Publication Source
Find A Tender Service
Latest Notice
https://www.find-tender.service.gov.uk/Notice/033456-2024
Current Stage
Award
All Stages
Tender, Award

Procurement Classification

Notice Type
Tender Notice
Procurement Type
Standard
Procurement Category
Goods
Procurement Method
Open
Procurement Method Details
Open procedure
Tender Suitability
Not specified
Awardee Scale
Large

Common Procurement Vocabulary (CPV)

CPV Divisions

48 - Software package and information systems


CPV Codes

48517000 - IT software package

Notice Value(s)

Tender Value
£3,500,000 £1M-£10M
Lots Value
£3,500,000 £1M-£10M
Awards Value
Not specified
Contracts Value
£565,550 £500K-£1M

Notice Dates

Publication Date
16 Oct 20241 years ago
Submission Deadline
4 Mar 2024Expired
Future Notice Date
Not specified
Award Date
22 Sep 20241 years ago
Contract Period
31 Aug 2024 - 31 Aug 2029 Over 5 years
Recurrence
Not specified

Notice Status

Tender Status
Complete
Lots Status
Cancelled
Awards Status
Active
Contracts Status
Active

Contracting Authority (Buyer)

Main Buyer
FINANCIAL CONDUCT AUTHORITY
Contact Name
FCA Procurement, Phil Lamacraft
Contact Email
fcaprocurement@fca.org.uk
Contact Phone
+44 2070661000

Buyer Location

Locality
LONDON
Postcode
E20 1JN
Post Town
East London
Country
England

Major Region (ITL 1)
TLI London
Basic Region (ITL 2)
TLI4 Inner London - East
Small Region (ITL 3)
TLI41 Hackney and Newham
Delivery Location
TLI4 Inner London - East

Local Authority
Newham
Electoral Ward
Stratford Olympic Park
Westminster Constituency
Stratford and Bow

Supplier Information

Number of Suppliers
1
Supplier Name

CORESTREAM

Open Contracting Data Standard (OCDS)

View full OCDS Record for this contracting process

Download

The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts.

{
    "tag": [
        "compiled"
    ],
    "id": "ocds-h6vhtk-043685-2024-10-16T17:19:12+01:00",
    "date": "2024-10-16T17:19:12+01:00",
    "ocid": "ocds-h6vhtk-043685",
    "initiationType": "tender",
    "tender": {
        "id": "CON-23-235",
        "legalBasis": {
            "id": "32014L0024",
            "scheme": "CELEX"
        },
        "title": "Risk, Audit and Compliance Solution",
        "status": "complete",
        "classification": {
            "scheme": "CPV",
            "id": "48517000",
            "description": "IT software package"
        },
        "mainProcurementCategory": "goods",
        "description": "The FCA is establishing a contractual mechanism to implement a Risk, Internal Audit and Compliance Solution to the FCA for a period of three years starting from 1 September 2024 with an option to extend by two further periods of 12 months each (maximum term 5 years).",
        "value": {
            "amount": 3500000,
            "currency": "GBP"
        },
        "lots": [
            {
                "id": "1",
                "description": "The FCA is establishing a contractual mechanism to implement a Risk, Internal Audit and Compliance Solution to the FCA for a period of three years starting from 1 September 2024 with an option to extend by two further periods of 12 months each (maximum term 5 years).<br/>As a fully independent subsidiary of the FCA, the PSR operates to a shared service agreement, but each retains full data segregation. Any proposed solution will be required to maintain this segregation.<br/>The system will support the further embedding of the Risk Management Frameworks that are operated by the FCA and PSR respectively, enabling greater levels of risk maturity across both organisations and ensuring efficient and effective risk-conscious decision making and prioritisation. <br/>Risk Management plays an essential role in helping to deliver on our Strategy and statutory and operational objectives. It does this by helping to ensure we are operating in an effective and efficient risk-based manner in identifying and delivering the timely interventions to appropriately identify, prevent, mitigate, manage, influence and report on actual and potential Risks of Harm. <br/>The current risk system is a commercial off the shelf (COTS), software as a service (SaaS) platform. This has been configured to support, as examples, the FCA's risk of harm and own risk taxonomies and scoring methodologies, to automate aspects of the FCA's Risk and Control Self-Assessment (RCSA) process; Risk Event Management process; risk acceptance and various risk and assurance reviews that are conducted by 2LOD. Additionally, it includes a small number of cross-cutting Risks of Harm. <br/>The current Internal Audit (IA) system is used as a workflow tool to manage the activities associated with internal audits, including findings and actions. This is also a COTS SaaS, with a component hosted on desktop.<br/>Both systems are functionally similar platforms and classified as 'Governance, Risk and Compliance' software tools. Moving to a single platform for all risk and audit information will support the consolidation of our IT estate.<br/>A unified platform is envisaged to benefit day to day users, providing a clear view of the risks and controls they manage, linking the outcomes of IA reviews to wider risk management activities. In addition, this would provide stakeholders with an improved view of risk exposures and resultant mitigations by connecting the data to enable more effective and efficient decision making.<br/>The system will be required to support the FCA's roadmap for critical risk management tools and processes and must therefore be able to support existing (and new) capabilities that have not previously been automated, such as Compliance (i.e., policy management and the implementation of a standardised control library) and Key Risk Indicator management. <br/>We anticipate the system will provide access to real time risk and audit data, providing a high degree of flexibility in the ability to analyse and report on that data on an individual and aggregated risk basis to identify and monitor trends over time. For example, linkages across various records and metrics on a one-to-one, one-to-many and/or one-to-all basis.<br/>The system must be implemented with minimal disruption to current processes and business operations. The supplier will demonstrate a robust approach to significant change and issue resolution, working cohesively with the FCA Product Group to support and independently configure the product.",
                "value": {
                    "amount": 3500000,
                    "currency": "GBP"
                },
                "contractPeriod": {
                    "startDate": "2024-09-01T00:00:00+01:00",
                    "endDate": "2029-08-31T23:59:59+01:00"
                },
                "hasRenewal": false,
                "submissionTerms": {
                    "variantPolicy": "notAllowed"
                },
                "hasOptions": false,
                "status": "cancelled",
                "awardCriteria": {
                    "criteria": [
                        {
                            "name": "Cross-Cutting Items",
                            "type": "quality",
                            "description": "2%"
                        },
                        {
                            "name": "Action Management",
                            "type": "quality",
                            "description": "6%"
                        },
                        {
                            "name": "Non-Functional Requirements",
                            "type": "quality",
                            "description": "25%"
                        },
                        {
                            "name": "Compliance and Policy Mgt.",
                            "type": "quality",
                            "description": "6%"
                        },
                        {
                            "name": "Risks and Controls",
                            "type": "quality",
                            "description": "8%"
                        },
                        {
                            "name": "Assurance & Internal Audit",
                            "type": "quality",
                            "description": "11%"
                        },
                        {
                            "name": "Risk Events",
                            "type": "quality",
                            "description": "5%"
                        },
                        {
                            "name": "Data Analytics",
                            "type": "quality",
                            "description": "6%"
                        },
                        {
                            "name": "Key Risk Indicators",
                            "type": "quality",
                            "description": "6%"
                        },
                        {
                            "name": "Total Cost of Ownership",
                            "type": "cost",
                            "description": "25%"
                        }
                    ]
                }
            }
        ],
        "items": [
            {
                "id": "1",
                "deliveryAddresses": [
                    {
                        "region": "UKI4"
                    },
                    {
                        "region": "UKI4"
                    }
                ],
                "deliveryLocation": {
                    "description": "12 Endeavour Square, London"
                },
                "relatedLot": "1"
            }
        ],
        "submissionMethod": [
            "electronicSubmission",
            "written"
        ],
        "submissionMethodDetails": "https://atamis-fca.my.salesforce.com/",
        "documents": [
            {
                "id": "economic",
                "documentType": "economicSelectionCriteria"
            },
            {
                "id": "technical",
                "documentType": "technicalSelectionCriteria"
            }
        ],
        "procurementMethod": "open",
        "procurementMethodDetails": "Open procedure",
        "coveredBy": [
            "GPA"
        ],
        "tenderPeriod": {
            "endDate": "2024-03-04T12:00:00Z"
        },
        "submissionTerms": {
            "languages": [
                "en"
            ],
            "bidValidityPeriod": {
                "endDate": "2024-09-01T23:59:59+01:00"
            }
        },
        "awardPeriod": {
            "startDate": "2024-03-04T12:00:00Z"
        },
        "bidOpening": {
            "date": "2024-03-04T12:00:00Z"
        },
        "hasRecurrence": false,
        "amendments": [
            {
                "id": "1",
                "description": "The address for accessing documentation was incorrect.The correct address is https://atamis-fca.my.site.com/s/WelcomeThe figures quoted in the notice are INCLUDING VAT"
            },
            {
                "id": "2",
                "description": "Due to an administrational error the first word of the final sentence was merged into the web address given, rendering the web link unusable. The correct weblink is: https://atamis-fca.my.site.com/s/Welcome"
            }
        ]
    },
    "parties": [
        {
            "id": "GB-FTS-40611",
            "name": "Financial Conduct Authority",
            "identifier": {
                "legalName": "Financial Conduct Authority",
                "id": "01920623"
            },
            "address": {
                "streetAddress": "12 Endeavour Square",
                "locality": "London",
                "region": "UK",
                "postalCode": "E20 1JN",
                "countryName": "United Kingdom"
            },
            "contactPoint": {
                "name": "Phil Lamacraft",
                "telephone": "+44 2070661000",
                "email": "fcaprocurement@fca.org.uk",
                "url": "https://atamis-fca.my.salesforce.com/"
            },
            "roles": [
                "buyer"
            ],
            "details": {
                "url": "http://www.fca.org.uk",
                "buyerProfile": "http://www.fca.org.uk",
                "classifications": [
                    {
                        "scheme": "TED_CA_TYPE",
                        "description": "Financial Regulator"
                    },
                    {
                        "scheme": "COFOG",
                        "description": "Financial Regulation"
                    }
                ]
            }
        },
        {
            "id": "GB-FTS-3518",
            "name": "Financial Conduct Authority",
            "identifier": {
                "legalName": "Financial Conduct Authority"
            },
            "address": {
                "streetAddress": "12 Endeavour Square",
                "locality": "London",
                "postalCode": "E20 1JN",
                "countryName": "United Kingdom",
                "region": "UKI"
            },
            "contactPoint": {
                "email": "fcaprocurement@fca.org.uk",
                "name": "FCA Procurement",
                "telephone": "+44 2070661000"
            },
            "roles": [
                "buyer",
                "reviewBody",
                "mediationBody",
                "reviewContactPoint"
            ],
            "details": {
                "url": "http://www.fca.org.uk",
                "buyerProfile": "http://www.fca.org.uk",
                "classifications": [
                    {
                        "scheme": "TED_CA_TYPE",
                        "id": "BODY_PUBLIC",
                        "description": "Body governed by public law"
                    },
                    {
                        "scheme": "COFOG",
                        "description": "Financial Regulation"
                    }
                ]
            }
        },
        {
            "id": "GB-FTS-127286",
            "name": "CoreStream",
            "identifier": {
                "legalName": "CoreStream"
            },
            "address": {
                "streetAddress": "20 Grosvenor Place,",
                "locality": "London",
                "region": "UKI",
                "countryName": "United Kingdom"
            },
            "roles": [
                "supplier"
            ],
            "details": {
                "scale": "large"
            }
        }
    ],
    "buyer": {
        "id": "GB-FTS-3518",
        "name": "Financial Conduct Authority"
    },
    "language": "en",
    "awards": [
        {
            "id": "033456-2024-1",
            "relatedLots": [
                "1"
            ],
            "status": "active",
            "suppliers": [
                {
                    "id": "GB-FTS-127286",
                    "name": "CoreStream"
                }
            ]
        }
    ],
    "contracts": [
        {
            "id": "033456-2024-1",
            "awardID": "033456-2024-1",
            "status": "active",
            "value": {
                "amount": 565550,
                "currency": "GBP"
            },
            "dateSigned": "2024-09-23T00:00:00+01:00"
        }
    ],
    "bids": {
        "statistics": [
            {
                "id": "1",
                "measure": "bids",
                "relatedLot": "1",
                "value": 16
            }
        ]
    }
}