Skip to main content

We've saved some files called cookies on your device. These cookies are:

  • essential for the site to work
  • to help improve our website by collecting and reporting information on how you use it

We would also like to save some cookies to help tailor communications.

BETA
You're viewing an updated version of this service - your feedback will help us to improve it.
Give Feedback
Cymraeg

Contract Notice

Risk, Audit and Compliance Solution

  • First published: 02 February 2024
  • Last modified: 02 February 2024

    This file may not be fully accessible.

  •  

The buyer is not using this website to administer the notice.

To record your interest or obtain additional information or documents please find instructions within the Full Notice Text. (NOTE: Contract Award Notices and Prior Information Notices do not normally require a response)

You are viewing an expired notice.

Contents

Summary

OCID:
ocds-h6vhtk-043685
Published by:
Financial Conduct Authority
Authority ID:
AA21206
Publication date:
02 February 2024
Deadline date:
04 March 2024
Notice type:
Contract Notice
Has documents:
No
Has SPD:
No
Has Carbon Reduction Plan:
N/A

Abstract

The FCA is establishing a contractual mechanism to implement a Risk, Internal Audit and Compliance Solution to the FCA for a period of three years starting from 1 September 2024 with an option to extend by two further periods of 12 months each (maximum term 5 years).<br/>As a fully independent subsidiary of the FCA, the PSR operates to a shared service agreement, but each retains full data segregation. Any proposed solution will be required to maintain this segregation.<br/>The system will support the further embedding of the Risk Management Frameworks that are operated by the FCA and PSR respectively, enabling greater levels of risk maturity across both organisations and ensuring efficient and effective risk-conscious decision making and prioritisation. <br/>Risk Management plays an essential role in helping to deliver on our Strategy and statutory and operational objectives. It does this by helping to ensure we are operating in an effective and efficient risk-based manner in identifying and delivering the timely interventions to appropriately identify, prevent, mitigate, manage, influence and report on actual and potential Risks of Harm. <br/>The current risk system is a commercial off the shelf (COTS), software as a service (SaaS) platform. This has been configured to support, as examples, the FCA’s risk of harm and own risk taxonomies and scoring methodologies, to automate aspects of the FCA’s Risk and Control Self-Assessment (RCSA) process; Risk Event Management process; risk acceptance and various risk and assurance reviews that are conducted by 2LOD. Additionally, it includes a small number of cross-cutting Risks of Harm. <br/>The current Internal Audit (IA) system is used as a workflow tool to manage the activities associated with internal audits, including findings and actions. This is also a COTS SaaS, with a component hosted on desktop.<br/>Both systems are functionally similar platforms and classified as ‘Governance, Risk and Compliance’ software tools. Moving to a single platform for all risk and audit information will support the consolidation of our IT estate.<br/>A unified platform is envisaged to benefit day to day users, providing a clear view of the risks and controls they manage, linking the outcomes of IA reviews to wider risk management activities. In addition, this would provide stakeholders with an improved view of risk exposures and resultant mitigations by connecting the data to enable more effective and efficient decision making.<br/>The system will be required to support the FCA’s roadmap for critical risk management tools and processes and must therefore be able to support existing (and new) capabilities that have not previously been automated, such as Compliance (i.e., policy management and the implementation of a standardised control library) and Key Risk Indicator management. <br/>We anticipate the system will provide access to real time risk and audit data, providing a high degree of flexibility in the ability to analyse and report on that data on an individual and aggregated risk basis to identify and monitor trends over time. For example, linkages across various records and metrics on a one-to-one, one-to-many and/or one-to-all basis.<br/>The system must be implemented with minimal disruption to current processes and business operations. The supplier will demonstrate a robust approach to significant change and issue resolution, working cohesively with the FCA Product Group to support and independently configure the product.

Full notice text

Contract notice

Section I: Contracting authority

I.1) Name and addresses

Financial Conduct Authority

01920623

12 Endeavour Square

London

E20 1JN

UK

Contact person: Phil Lamacraft

Telephone: +44 2070661000

E-mail: fcaprocurement@fca.org.uk

NUTS: UK

Internet address(es)

Main address: www.fca.org.uk

Address of the buyer profile: www.fca.org.uk

I.3) Communication

The procurement documents are available for unrestricted and full direct access, free of charge at:

https://atamis-fca.my.salesforce.com/


Additional information can be obtained from the abovementioned address


Tenders or requests to participate must be sent electronically to:

https://atamis-fca.my.salesforce.com/


Tenders or requests to participate must be sent to the abovementioned address


I.4) Type of the contracting authority

Other: Financial Regulator

I.5) Main activity

Other: Financial Regulation

Section II: Object

II.1) Scope of the procurement

II.1.1) Title

Risk, Audit and Compliance Solution

Reference number: CON-23-235

II.1.2) Main CPV code

48517000

 

II.1.3) Type of contract

Supplies

II.1.4) Short description

The FCA is establishing a contractual mechanism to implement a Risk, Internal Audit and Compliance Solution to the FCA for a period of three years starting from 1 September 2024 with an option to extend by two further periods of 12 months each (maximum term 5 years).

II.1.5) Estimated total value

Value excluding VAT: 3 500 000.00  GBP

II.1.6) Information about lots

This contract is divided into lots: No

II.2) Description

II.2.3) Place of performance

NUTS code:

UKI4


Main site or place of performance:

Inner London - East

II.2.4) Description of the procurement

The FCA is establishing a contractual mechanism to implement a Risk, Internal Audit and Compliance Solution to the FCA for a period of three years starting from 1 September 2024 with an option to extend by two further periods of 12 months each (maximum term 5 years).<br/>As a fully independent subsidiary of the FCA, the PSR operates to a shared service agreement, but each retains full data segregation. Any proposed solution will be required to maintain this segregation.<br/>The system will support the further embedding of the Risk Management Frameworks that are operated by the FCA and PSR respectively, enabling greater levels of risk maturity across both organisations and ensuring efficient and effective risk-conscious decision making and prioritisation. <br/>Risk Management plays an essential role in helping to deliver on our Strategy and statutory and operational objectives. It does this by helping to ensure we are operating in an effective and efficient risk-based manner in identifying and delivering the timely interventions to appropriately identify, prevent, mitigate, manage, influence and report on actual and potential Risks of Harm. <br/>The current risk system is a commercial off the shelf (COTS), software as a service (SaaS) platform. This has been configured to support, as examples, the FCA’s risk of harm and own risk taxonomies and scoring methodologies, to automate aspects of the FCA’s Risk and Control Self-Assessment (RCSA) process; Risk Event Management process; risk acceptance and various risk and assurance reviews that are conducted by 2LOD. Additionally, it includes a small number of cross-cutting Risks of Harm. <br/>The current Internal Audit (IA) system is used as a workflow tool to manage the activities associated with internal audits, including findings and actions. This is also a COTS SaaS, with a component hosted on desktop.<br/>Both systems are functionally similar platforms and classified as ‘Governance, Risk and Compliance’ software tools. Moving to a single platform for all risk and audit information will support the consolidation of our IT estate.<br/>A unified platform is envisaged to benefit day to day users, providing a clear view of the risks and controls they manage, linking the outcomes of IA reviews to wider risk management activities. In addition, this would provide stakeholders with an improved view of risk exposures and resultant mitigations by connecting the data to enable more effective and efficient decision making.<br/>The system will be required to support the FCA’s roadmap for critical risk management tools and processes and must therefore be able to support existing (and new) capabilities that have not previously been automated, such as Compliance (i.e., policy management and the implementation of a standardised control library) and Key Risk Indicator management. <br/>We anticipate the system will provide access to real time risk and audit data, providing a high degree of flexibility in the ability to analyse and report on that data on an individual and aggregated risk basis to identify and monitor trends over time. For example, linkages across various records and metrics on a one-to-one, one-to-many and/or one-to-all basis.<br/>The system must be implemented with minimal disruption to current processes and business operations. The supplier will demonstrate a robust approach to significant change and issue resolution, working cohesively with the FCA Product Group to support and independently configure the product.

II.2.5) Award criteria

Price is not the only award criterion and all criteria are stated only in the procurement documents

II.2.6) Estimated value

Value excluding VAT: 3 500 000.00  GBP

II.2.7) Duration of the contract, framework agreement or dynamic purchasing system

Start: 01/09/2024

End: 31/08/2029

This contract is subject to renewal: No

II.2.9) Information about the limits on the number of candidates to be invited

II.2.10) Information about variants

Variants will be accepted: No

II.2.11) Information about options

Options: No

II.2.13) Information about European Union funds

The procurement is related to a project and/or programme financed by European Union funds: No

II.2.14) Additional information

The contract will have an initial term of 3 years and is envisaged to allow for a further 2 x 12 month extensions

Section III: Legal, economic, financial and technical information

III.1) Conditions for participation

III.1.2) Economic and financial standing

Selection criteria as stated in the procurement documents


III.1.3) Technical and professional ability

Selection criteria as stated in the procurement documents


III.2) Conditions related to the contract

Section IV: Procedure

IV.1) Description

IV.1.1) Type of procedure

Open procedure

IV.1.8) Information about Government Procurement Agreement (GPA)

The procurement is covered by the Government Procurement Agreement: Yes

IV.2) Administrative information

IV.2.2) Time limit for receipt of tenders or requests to participate

Date: 04/03/2024

Local time: 12:00

IV.2.4) Languages in which tenders or requests to participate may be submitted

EN

IV.2.6) Minimum time frame during which the tenderer must maintain the tender

Tender must be valid until: 01/09/2024

IV.2.7) Conditions for opening of tenders

Date: 04/03/2024

Local time: 12:00

Section VI: Complementary information

VI.1) Information about recurrence

This is a recurrent procurement: No

VI.4) Procedures for review

VI.4.1) Review body

Financial Conduct Authority

12 Endeavour Square

London

E20 1JN

UK

E-mail: chengetai.garaiza@fca.org.uk

Internet address(es)

URL: www.fca.org.uk

VI.5) Date of dispatch of this notice

01/02/2024

Coding

Commodity categories

ID Title Parent category
48517000 IT software package Communication software package

Delivery locations

ID Description
100 UK - All

Alert region restrictions

The buyer has restricted the alert for this notice to suppliers based in the following regions.

ID Description
There are no alert restrictions for this notice.

About the buyer

Main contact:
fcaprocurement@fca.org.uk
Admin contact:
N/a
Technical contact:
N/a
Other contact:
N/a

Further information

Date Details
No further information has been uploaded.
Follow Sell2Wales
Email icon
Sell2Wales Helpline
0800 222 9004

Lines are open 8:30am to 5pm Monday to Friday.

Rydym yn croesawu galwadau'n Gymraeg.

We welcome calls in Welsh.

Give feedback about this page
All content is available under the Open Government License, except where otherwise stated.