Section one: Contracting authority
one.1) Name and addresses
Financial Conduct Authority
12 Endeavour Square
London
E20 1JN
Contact
FCA Procurement
Telephone
+44 2070661000
Country
United Kingdom
Region code
UKI - London
Internet address(es)
Main address
Buyer's address
one.4) Type of the contracting authority
Body governed by public law
one.5) Main activity
Other activity
Financial Regulation
Section two: Object
two.1) Scope of the procurement
two.1.1) Title
Risk, Audit and Compliance Solution
Reference number
CON-23-235
two.1.2) Main CPV code
- 48517000 - IT software package
two.1.3) Type of contract
Supplies
two.1.4) Short description
The FCA is establishing a contractual mechanism to implement a Risk, Internal Audit and Compliance Solution to the FCA for a period of three years starting from 1 September 2024 with an option to extend by two further periods of 12 months each (maximum term 5 years).
two.1.6) Information about lots
This contract is divided into lots: No
two.1.7) Total value of the procurement (excluding VAT)
Value excluding VAT: £565,550
two.2) Description
two.2.3) Place of performance
NUTS codes
- UKI4 - Inner London – East
Main site or place of performance
12 Endeavour Square, London
two.2.4) Description of the procurement
The FCA is establishing a contractual mechanism to implement a Risk, Internal Audit and Compliance Solution to the FCA for a period of three years starting from 1 September 2024 with an option to extend by two further periods of 12 months each (maximum term 5 years).
As a fully independent subsidiary of the FCA, the PSR operates to a shared service agreement, but each retains full data segregation. Any proposed solution will be required to maintain this segregation.
The system will support the further embedding of the Risk Management Frameworks that are operated by the FCA and PSR respectively, enabling greater levels of risk maturity across both organisations and ensuring efficient and effective risk-conscious decision making and prioritisation.
Risk Management plays an essential role in helping to deliver on our Strategy and statutory and operational objectives. It does this by helping to ensure we are operating in an effective and efficient risk-based manner in identifying and delivering the timely interventions to appropriately identify, prevent, mitigate, manage, influence and report on actual and potential Risks of Harm.
The current risk system is a commercial off the shelf (COTS), software as a service (SaaS) platform. This has been configured to support, as examples, the FCA’s risk of harm and own risk taxonomies and scoring methodologies, to automate aspects of the FCA’s Risk and Control Self-Assessment (RCSA) process; Risk Event Management process; risk acceptance and various risk and assurance reviews that are conducted by 2LOD. Additionally, it includes a small number of cross-cutting Risks of Harm.
The current Internal Audit (IA) system is used as a workflow tool to manage the activities associated with internal audits, including findings and actions. This is also a COTS SaaS, with a component hosted on desktop.
Both systems are functionally similar platforms and classified as ‘Governance, Risk and Compliance’ software tools. Moving to a single platform for all risk and audit information will support the consolidation of our IT estate.
A unified platform is envisaged to benefit day to day users, providing a clear view of the risks and controls they manage, linking the outcomes of IA reviews to wider risk management activities. In addition, this would provide stakeholders with an improved view of risk exposures and resultant mitigations by connecting the data to enable more effective and efficient decision making.
The system will be required to support the FCA’s roadmap for critical risk management tools and processes and must therefore be able to support existing (and new) capabilities that have not previously been automated, such as Compliance (i.e., policy management and the implementation of a standardised control library) and Key Risk Indicator management.
We anticipate the system will provide access to real time risk and audit data, providing a high degree of flexibility in the ability to analyse and report on that data on an individual and aggregated risk basis to identify and monitor trends over time. For example, linkages across various records and metrics on a one-to-one, one-to-many and/or one-to-all basis.
The system must be implemented with minimal disruption to current processes and business operations. The supplier will demonstrate a robust approach to significant change and issue resolution, working cohesively with the FCA Product Group to support and independently configure the product.
two.2.5) Award criteria
Quality criterion - Name: Cross-Cutting Items / Weighting: 2%
Quality criterion - Name: Action Management / Weighting: 6%
Quality criterion - Name: Non-Functional Requirements / Weighting: 25%
Quality criterion - Name: Compliance and Policy Mgt. / Weighting: 6%
Quality criterion - Name: Risks and Controls / Weighting: 8%
Quality criterion - Name: Assurance & Internal Audit / Weighting: 11%
Quality criterion - Name: Risk Events / Weighting: 5%
Quality criterion - Name: Data Analytics / Weighting: 6%
Quality criterion - Name: Key Risk Indicators / Weighting: 6%
Cost criterion - Name: Total Cost of Ownership / Weighting: 25%
two.2.11) Information about options
Options: No
two.2.13) Information about European Union Funds
The procurement is related to a project and/or programme financed by European Union funds: No
Section four. Procedure
four.1) Description
four.1.1) Type of procedure
Open procedure
four.1.8) Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: Yes
four.2) Administrative information
four.2.1) Previous publication concerning this procedure
Notice number: 2024/S 000-003431
Section five. Award of contract
A contract/lot is awarded: Yes
five.2) Award of contract
five.2.1) Date of conclusion of the contract
23 September 2024
five.2.2) Information about tenders
Number of tenders received: 16
The contract has been awarded to a group of economic operators: No
five.2.3) Name and address of the contractor
CoreStream
20 Grosvenor Place,
London
Country
United Kingdom
NUTS code
- UKI - London
The contractor is an SME
No
five.2.4) Information on value of contract/lot (excluding VAT)
Initial estimated total value of the contract/lot: £565,550
Total value of the contract/lot: £565,550
Section six. Complementary information
six.4) Procedures for review
six.4.1) Review body
Financial Conduct Authority
12 Endeavour Square
London
E20 1JN
Country
United Kingdom
Internet address
six.4.2) Body responsible for mediation procedures
Financial Conduct Authority
12 Endeavour Square
London
E20 1JN
Country
United Kingdom
Internet address
six.4.4) Service from which information about the review procedure may be obtained
Financial Conduct Authority
12 Endeavour Square
London
E20 1JN
Country
United Kingdom