Finastra Trading as Accountis Europe

FINASTRA BACSACTIVE-IP

Finastra Bacsactive-IP offers Bacs Direct Credit and Direct Debit payment processing including payroll, supplier payments, expenses, dividends, subscriptions, bill payments, memberships and more. The solution has over 3,000 customers including banks, large corporate institutions and government departments. Enhanced security including Confirmation of Payee/Payer Name Verification is available.

Features

• Handles all Bacs transactions, including supplier payments, payroll, Direct Debits.
• FPS module allows submissions via DCA and file transfer.
• Powerful automation capabilities via workflow and API modules.
• Confirmation of Payee/Payer Name Verification module improves data accuracy.
• Automation modules allow integration with ERP, accounting and membership systems.
• Includes modules for Bureau, Direct Debit Management and more.
• Enhanced security options: Single Sign On (SSO), multi-factor authentication (MFA).
• Permissions: granular control with role profiles and segregation of duties.
• On-screen comprehensive data and audit reporting (exportable).

Benefits

• Ensures Bacs scheme rules compliance for Direct Debits and Credits.
• Increases productivity with intuitive user interface and workflow.
• Allows comprehensive file release management from any web-enabled device.
• Ensures data accuracy, reducing the need for corrective interventions.
• User-interface provides real-time access to data and submissions.
• Allows complete 'lights-off' operation to improve security of data.
• Accessible from web-enabled devices such as phone/tablet/PC.
• SaaS architecture means no hardware to buy or software installation.
• Minimise risk with secure and flexible authorisation levels.

£99.00 a licence a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales.fsc@finastra.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

562885267072401

Contact

Barry Plumley
+44 (0)345 519 0331
sales.fsc@finastra.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Bacs sponsorship is a prerequisite.; Bank issued smartcard software is Windows-based; however we do have service options that remove the need for smartcards.
• System requirements: Limitations on bank-issued smartcard software which vary between banks.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Telephone answered in person within five minutes.; Escalation to L2 Support if not resolved in five minutes.; Critical issues (L1 - submitting today) resolved same day.; High (L2 - submitting within two days) resolved within one working day.; Medium (L3 - submitting within one week) resolved within three working days.; Low (L4 - general query) answered within one working week.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support included for standard support times 9am - 5:30pm Monday to Fridays, not including Bank holidays, including Account Manager and Support Team, Extended support available at additional cost.; ; Telephone and email support is provided by a UK-based technical help desk, Monday to Friday between 9:00am and 5:30pm.; ; On-site support is available at additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We consult with the customer to understand their requirements and configure the service appropriately.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The user can extract their data using the various reports available within the product.
• End-of-contract process: Access to the service is disabled on the agreed date.; If the customer requires specific database extracts these can be provided at additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: All key and routine tasks are accessible via Open API calls. Initial setup and infrequent tasks may not be yet available but new calls are added with every software release.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The product has been designed and developed as a multi-tenanted SaaS solution since its inception, so impacts of tenant v tenant have been built into the solution. ; ; In addition, full monitoring is in place across the platforms, including performance. Regular capacity reviews are held to ensure the systems are managing their capacity, and appropriate action taken to ensure this will continue to be the case.

Analytics

• Service usage metrics: Yes
• Metrics types: Service usage information can be accessed via reports or on the Customer Statistics screen.; In addition, Confirmation of Payee usage metrics can be accessed via API.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data is available via reports which can be downloaded in a range of formats.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Fixed File Format
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: SFTP/SSH with public key encryption
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability is defined in the service Terms and Conditions and Support Model Document. Refunds, where applicable, are via service credit.
• Approach to resilience: The service is based around duplicate, geographically separated data centres with N+1 resilience at both sites. Any single equipment failure, up to a full data centre loss, can be accommodated. All data and services are backed up nightly.
• Outage reporting: The support team will communicate outages with customers via email, software desktop message, and telephone on-hold messages to provide customers with updates.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: All users are assigned to a role profile which determines their level of access. Admin level users are able to maintain profiles and users.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: 1)Alcumus 2) Schellman
• ISO/IEC 27001 accreditation date: 1) 23/02/2011 2)25/02/2016
• What the ISO/IEC 27001 doesn’t cover: Live service of our product only
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: We are not ISO certified, but we align our program(s) to different ISO standards such as ISO 22301, ISO 3100 Enterprise Risk Management (ERM), ISO 27001/27002 (information security), ISO8583 (international standard for financial transaction card originated interchange messaging), and external certifications for SOC compliance, etc.
• Information security policies and processes: Finastra's Information Security Policy aligns to internationally recognised information security principles, for example, the International Organisation for Standardisation and International Electrotechnical Commission Information Security Standards (ISO/IEC 27002:2013) and National Institute of Standards and Technology (NIST). ; ; Adherence with this policy mitigates risk and aids the Company in compliance with mandatory regulations, including but not limited to the United States Federal Banking Agencies (FBA, fka FFIEC), and the European General Data Protection Regulation (GDPR). ; ; Information Security at Finastra is led by:; • Elona Ruka-Wright, Chief Risk and Compliance Officer; • Finastra's Senior Vice President, Chief Information Office, Customer Technology (CISO); • More than 20 information security managers; ; Finastra's Information Security team of professionals manages functions such as security incident response, identity and account management, vulnerability management, information security governance - people management, etc. The overall strategy for information security in alignment with compliance/regulatory requirements, technology and business strategy. ; ; As a member of the Audit & Risk Committee and the Finastra Leadership Team, partners across all functions globally including IT, Product and Risk & Audit, to develop and execute a robust enterprise information security program to protect Finastra and its clients from the ever evolving Cybersecurity risks the industry faces today.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All systems changes are defined and approved by change request tickets. Tickets are reviewed for security impact by multiple eyes, including a QA stage.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Finastra has a vulnerability management process, with continuous scanning and recording of available patches and known vulnerabilities. A central dashboard with burndown information is tracked on a daily basis. ; Patching is done on a monthly cycle with more critical vulnerabilities patched sooner, at the next available maintenance period. Information is collected from 3rd parties such as Qualys and processed by our Information Security team.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Security monitoring tools (EDR) are actively scanning all systems and feed into a 24/7 security team. The team triages alerts and acts accordingly within 15 minutes of detection, including following server isolation processes if required.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are either raised internally based on monitoring and alerts or raised by customers via phone or email with the Support Team. The Support Team will escalate any incident that has been raised to the relevant Finastra teams which will investigate and resolve incidents that are within our control. The Support Team will communicate with customers via email, software desktop message, and telephone on-hold messages to provide customers with updates. All processes, actions and messages for possible scenarios are defined in our incident procedures. Relevant personnel are familiar with these procedures and have access to them.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Finastra aims to be a carbon net zero organisation across its scope 1 and 2 emissions by 2030, from a baseline year of 2019, with a reduction target of 30% by FY2024 . To achieve this, we have hosted training sessions across our office locations about waste management for both in the office and at home. For our London-based UK employees, waste management company Veolia, delivered this session. Whilst for our employees in Singapore, charity Zero Waste Singapore delivered a well-received virtual session around reducing plastic consumption and improving recycling. All offices have recycling facilities.; Through our ESG strategy, Finastra aims to address climate change by reducing and offsetting carbon emissions within the financial services sector. This starts with Finastra reducing and offsetting our carbon footprint and extends to helping our customers reduce their impact on the environment through Finastra's solutions and services. Through digitising processes we not only reduce our customers paper usage, but our cloud software reduces emissions compared to servers on customer premises.; Finastra’s aim of reducing baseline emissions by 2024 is through multiple strategies involving workplaces to capture and reduce carbon, travel by reducing and promoting less carbon intensive methods and IT teams by moving data centres to the cloud. ; We plan to increase our number of product offerings related to the environment, as well as increase business supporting desire for planet saving solutions .; Finastra has implemented a variety of strategies to significantly reduce its Scope 1 and 2 emissions by 2030 by setting a science-based target in 2022 with intentions to reduce emissions in line with a 1.5oC warming world.

  Covid-19 recovery

  Finastra offered a multi-faceted response to Covid-19, through the introduction of our free self-service application tool to assist in the delivery of the $350 billion disbursement from the US government.; We supported Feeding America through our donation of $2.2million generated in loan fees from our solution. Our donation supported food distribution in the hardest-hit communities in the US via the charity’s network of food banks.; Finastra, during the pandemic in India, sponsored four COVID-19 vaccination drives in areas without health-care support, ensuring thousands of the most vulnerable received a vaccine. We held a medical emergency employee fundraiser raising $28,400 which was then matched by Finastra.; Additionally, we moved from working on-site to homeworking, we provided technology to work from home to assist in supporting the mental health of our employees.; For our employees, we amended shift schedules for those required to be at work to which we provided PPE and scheduling deep antimicrobial cleaning to ensure employees had a clean and safe working environment.; Contracts were also rearranged for no client impact, so staff could work from home. In adopting a complete remote approach to our work, this impacted the way we work with clients. We also leveraged our capabilities to implement our solutions to clients remotely to ensure continued high-quality outcomes for customers.; We recognised domestic violence worsened during lockdown and so we implemented a SAFE leave policy to support employees at risk. We also launched an ‘hour of code’ initiative in schools local to our employees to keep children engaged in learning in a fun and instructive way. Because school absenteeism increased after COVID restrictions were lifted, we continued the ‘hour of code’ initiative post-lockdown, allowing our employees paid time to attend local schools and provide engaging technology-based learning to encourage children to reconnect with their schools/ education.

  Tackling economic inequality

  Finastra has been a leader in creating employment opportunities for those who face barriers to employment and for people who may not have had the opportunity for a career using traditional roles. Finastra ensures that people who face barriers can obtain access to financial services.; We offer young adults between 16-21 the opportunity to be mentored and gain valuable work experience through our intern and graduate programs. Finastra partners with social mobility charities globally such as SEO London, upReach and internX to ensure preference is given to candidates that might not typically get the opportunity to work in large corporate enterprises.; In support of becoming the most inclusive employer in Fintech, we are committed to providing an integrated Talent, Performance, Learning & Development approach through our in-house FinTalent program rooted in performance coaching, talent identification and investment in the development and growth of our people to drive a high-performance culture. To support their learning, in 2021, our employees invested an average of 57 hours into our various learning and development programs.; Finastra has a strong culture of internal learning to upskill our staff. Internally, we have two formal programs to help mentor our staff. These are:; • Women@Finastra Leadership Program, a development program for women comprising of a learning track, mentorship track and a social track.; • Open4Inclusion Mentorship Program which is a program designed on the basis that Mentoring is a partnership, a two-way relationship between colleagues built on trust, with a clear purpose.; We have also extended our scope to provide mentorship activities within our local communities. Finastra ESG works with the charity code.org to give school children computer science and coding skills via the Hour of Code which has directly impacted more 20,000 students so far since its inception in 2018.

  Equal opportunity

  Our attitude towards Equal Opportunities is evidenced through our Equal Opportunities policy which outlines our efforts towards fair treatment, access and advancement for all, whilst identifying and eliminating barriers. We also have a strong procurement policy and have created a Modern Slavery statement which is reviewed annually.; At Finastra, we build inclusive products focussing on accessibility and usability. We are leading the way in tackling topics around bias, fairness in AI and Machine Learning technology. We achieve this through our Loan Document software, which is based on FinEqual Algorithms, assisting institutions in understanding and identifying biased lending within their business, such as high interest rates on commercial loans for minorities who apply for a mortgage.; Finastra also has a grassroots Employee Resource Group dedicated to inclusive actions and special abilities which promotes inclusion and employability of special needs through driving acceptance, promotion and creating awareness across the company.; We utilise resilience champions made up of diverse employees from across the organisation with professional training from the charity MIND. They are responsible for driving awareness, promoting activities in local sites, engaging colleagues across the relevant health and wellbeing opportunities, and signposting the mental health resource support available in Finastra.; Through a combination of external and internal insight, Finastra takes measures designed to ensure that global and local best practice are consulted, and all applicable legislative and statutory requirements provide the minimum foundation we build from.; We use third-party vendors to support our remuneration offering through benchmarking.

  Wellbeing

  At Finastra, we embrace being OPEN in every way, flexible hours and unlimited vacation, hybrid working and a focus on digital balance, our staff and customer wellbeing is at the heart of everything we do..; Health and safety of our employees is paramount, and we believe a holistic wellbeing approach is the best way to promote the physical and mental health of our employees. This is led by the management, supported by ERGs and resilience champions is essential to creating and conserving a high performing organisation.; Finastra offers TaskHuman, a mobile app that offers 1-on-1 sessions with free live wellness coaches via video call. Employees can search a topic and get instant support on all areas of staff wellbeing. We have always prioritised wellbeing at Finastra as we are primarily a people business: Our people look after our customers, build, and run our software and deliver the innovation that helps us to be successful both today and in the future. Employee wellbeing covers many areas, from mental and physical health to work-life balance and at Finastra we are invested in all of them.; Finastra’s Collaborative ESG program enables customers and partners to build on one another’s strengths, combine resources, expand outreach, and as a result, have a greater impact in both local communities and the planet. Finastra has successfully collaborated with over 37 customers and partners on various ESG engagements, such as Ecobank collaborating to bring cash management to 34 African countries.

Pricing

• Price: £99.00 a licence a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales.fsc@finastra.com. Tell them what format you need. It will help if you say what assistive technology you use.