---
title: "Governance Risk and Compliance tool"
ocid: "ocds-h6vhtk-067195"
canonical_url: "https://d3tenders.com/contract/?ocid=ocds-h6vhtk-067195"
markdown_url: "https://d3tenders.com/contract/ocds-h6vhtk-067195.md"
json_url: "https://d3tenders.com/contract/ocds-h6vhtk-067195.json"
source: "Find A Tender Service"
current_stage: "Tender"
buyer: "BRITISH BUSINESS BANK PLC"
published: "2026-05-21"
---

# Governance Risk and Compliance tool

Buyer: BRITISH BUSINESS BANK PLC  
Current stage: Tender  
OCID: ocds-h6vhtk-067195

[View canonical contract page](https://d3tenders.com/contract/?ocid=ocds-h6vhtk-067195)  
[Download OCDS JSON](https://d3tenders.com/contract/ocds-h6vhtk-067195.json)

## Summary

British Business Bank Plc is spearheading a procurement process for a comprehensive Governance Risk and Compliance (GRC) tool, aimed at enhancing regulatory obligations and organizational growth. The project is active under the competitive flexible procedure, ensuring an open procurement process. The solution is sought to be scalable, consolidating risk data and improving efficiency and accountability across the organization. This procurement targets compliance software development services within the UK, and the deadline for expressions of interest is set for 5th June 2026, with enquiries closing on 29th May 2026. The contract period is slated to begin on 6th October 2026 and runs until 5th October 2032, with an optional two-year renewal. The procurement stage is currently set at ‘tender’, with a gross value of £1,320,000.

This tender presents significant opportunities for businesses specialising in compliance software development, financial systems, and related IT services to demonstrate their innovation and capacity for comprehensive data management solutions. Companies providing services that align with risk assessment, corporate governance, and financial compliance will find this particularly beneficial. The contract offers a substantial value, ideal for SMEs and VCSEs equipped to handle complex data and regulatory frameworks. Such participation not only promises substantial economic returns but also paves the way for long-term collaborations with a central government public authority, expanding business portfolios in the competitive public sector market.

## Notice

DELTA Access Code :4J4GPFS79V Description The Authority aims to procure a scalable, integrated Governance, Risk and Compliance (GRC) software solution, capable of supporting its organisational growth and any required regulatory obligations. The solution is intended to consolidate risk data from across the Authority into a single platform that strengthens oversight, enhances analysis & reporting, improves operational efficiency, and ensures accountability. A GRC tool may also provide the opportunity to identify data synergies and move away from several systems used across the Authority. Strategic Objectives Integrated View of the Risk and Control Environment A unified cloud-based platform will provide a single source of truth for risks, controls, incidents, actions and metrics. Full traceability will be maintained across taxonomies, business units, policies and key processes, improving framework integration, transparency and decision-making. Data Driven Culture and Analytics The system will enable trend analysis, early warning indicators and data driven insights to support proactive management of current and emerging risks. Operational Efficiency and Improved Ownership An intuitive user experience, default 'outofthebox' configurability, guided workflows and automation will reduce manual effort and embed firstline ownership of risks and controls, while supporting second line oversight and challenge. High Quality Data and Reporting Automated dashboards and configurable reporting to the Microsoft Office suite will streamline internal and external stakeholder reporting, including for senior management, committees and regulators. Assurance and Regulatory Compliance The platform will facilitate compliance with the UK Corporate Governance Code (including Provision 29) and relevant FCA expectations. Evidence trails, compliance monitoring and control testing will support a robust assurance framework. Core Capability Requirements Initial core capability requirements have been identified, with activities still ongoing to define the full scope of requirements and determine the business units which a GRC tool may be implemented into. A full prioritised list of requirements and business units identified as part of ongoing activities, will be incorporated into future specifications. The current core GRC solution must support, but not be limited to the following key modules: Risk & Control Management - Risk and control library - RCSA: inherent/residual assessments, control tiering and assessments, risk acceptances and outoftolerance management - Heat maps, bow ties and risk scoring matrices - Control improvement actions - Endtoend traceability of risk, control and incident data by risk taxonomy, business unit, policy suite, and key processes Control Testing - Structured workflows, evidence capture and reporting to support assurance activities. Data, Reporting & Analytics - Configurable automated reporting - UK Corporate Governance Code Provision 29aligned reporting - Data ingestion from internal and external sources - Use of AIassisted tooling where appropriate Risk Appetite & Key Risk Indicators - Capture, monitoring and reporting of KRIs and risk appetite metrics. Incident Management - Central reporting portal - End to end incident lifecycle management, including automations - Metrics and trend analysis Policy Management - Governance and maintenance of the policy suite - Evidence based assessment of policy effectiveness using risk, control, testing and incident data Regulatory Compliance - Compliance monitoring plan execution - Horizon scanning and analysis of regulatory changes - Impact assessment of external developments on the control environment Ethics & Integrity - Management and reporting of gifts and hospitality, conflicts of interest, personal account dealing and insider lists. Internal Audit - Audit planning and delivery workflows - Action tracking and reporting Non-Core Capabilities While not central to the initial procurement, the system should also be capable of supporting: - Business continuity and resilience - Programme/project risk management - Third party risk management

### Lot Information

Lot 1

Renewal: Optional 2 year extension is applicable to this contract

## Key Details

| Field | Value |
| --- | --- |
| Publication source | Find A Tender Service |
| Latest notice | https://www.find-tender.service.gov.uk/Notice/047427-2026 |
| Notice type | UK4 - Tender Notice |
| Procurement type | Standard |
| Procurement category | Services |
| Procurement method | Open |
| Procurement method details | Competitive flexible procedure |
| Tender suitability | SME, VCSE |
| Awardee scale | Not specified |
| All stages | Planning, Tender |

## Dates

| Field | Value |
| --- | --- |
| Publication date | 21 May 2026 |
| Submission deadline | 29 May 2026 |
| Future notice date | 18 May 2026 |
| Award date | Not specified |
| Contract period | 5 Oct 2026 - 5 Oct 2032 |
| Recurrence | Not specified |

## Values

| Field | Value |
| --- | --- |
| Tender value | £1,100,000 |
| Lots value | £1,100,000 |
| Awards value | Not specified |
| Contracts value | Not specified |

## Status

| Field | Value |
| --- | --- |
| Tender status | Active |
| Lots status | Active |
| Awards status | Not specified |
| Contracts status | Not specified |

## Buyer

| Field | Value |
| --- | --- |
| Main buyer | BRITISH BUSINESS BANK PLC |
| Locality | SHEFFIELD |
| Post town | Sheffield |
| Postcode | S1 2GQ |
| Country | England |
| ITL 1 | TLE Yorkshire and The Humber |
| ITL 2 | TLE3 South Yorkshire |
| ITL 3 | TLE32 Sheffield |
| Local authority | Sheffield |
| Electoral ward | City |
| Westminster constituency | Sheffield Central |
| Delivery location | Not specified |

## CPV Codes

### Divisions

- 72 - IT services: consulting, software development, Internet and support
- 79 - Business services: law, marketing, consulting, recruitment, printing and security
- 90 - Sewage, refuse, cleaning and environmental services

### Codes

- 72212170 - Compliance software development services
- 72212442 - Financial systems software development services
- 79212110 - Corporate governance rating services
- 90711100 - Risk or hazard assessment other than for construction

## Release History

- 21 May 2026 at 16:57 - TenderUpdate - UK4 - Tender Notice - https://www.find-tender.service.gov.uk/Notice/047427-2026
- 21 May 2026 at 16:53 - TenderUpdate - UK4 - Tender Notice - https://www.find-tender.service.gov.uk/Notice/047423-2026
- 21 May 2026 at 16:20 - Tender - UK4 - Tender Notice - https://www.find-tender.service.gov.uk/Notice/047402-2026
- 23 Mar 2026 at 14:42 - Planning - UK3 - Planned Procurement Notice - https://www.find-tender.service.gov.uk/Notice/026336-2026

## Documents

- https://www.find-tender.service.gov.uk/Notice/047427-2026
  21st May 2026 - Tender notice on Find a Tender
- https://www.find-tender.service.gov.uk/Notice/047423-2026
  21st May 2026 - Tender notice on Find a Tender
- https://www.find-tender.service.gov.uk/Notice/047402-2026
  21st May 2026 - Tender notice on Find a Tender
- https://www.find-tender.service.gov.uk/Notice/026336-2026
  23rd March 2026 - Planned procurement notice on Find a Tender

## Notice URLs

- https://www.delta-esourcing.com/respond/4J4GPFS79V
- https://www.legislation.gov.uk/ukpga/2023/54/contents

## Provenance

This Markdown file is an alternate public rendering of the D3 Tenders contract record. The canonical page is https://d3tenders.com/contract/?ocid=ocds-h6vhtk-067195. The underlying structured data is available as OCDS JSON at https://d3tenders.com/contract/ocds-h6vhtk-067195.json.
