City of Toronto, PayIt, and Unsolicited Procurement Process Records

Bianca Wylie
13 min readDec 1, 2022


An Update on Records Requests and the Mediation Process

Yesterday I had the mediation call that was the result of an appeal to the Information and Privacy Commissioner of Ontario on records requests made to the City. It was based on the lack of records that the City is holding/has provided re: how the unsolicited proposals policy was followed for PayIt procurement.

The outcome, in summary, is that there is nothing further the City can do and that the current status of no direct records about the process stands. The next step I could take is to request to move this appeal to adjudication, but it seems that would not be productive. I’m going to sleep on that again.

As a summary, I have been unable to access records that would explain/document how the City of Toronto decided to accept and implement an unsolicited proposal that they received from PayIt on August 30, 2019. I have been looking for a set of records, written documentation, that would indicate how the City decided to “accept” the unsolicited proposal, and implement the technology for a payment system that is now live and in use at MyToronto Pay.

I think these should be different records than the first staff report on the matter: “Innovative Partnership for Digital Government Platform”, written on July 7, 2020. This report was produced nearly a year after receipt of the unsolicited proposal from PayIt. It puts the value of deal to the vendor at $13.6 million dollars over three years (p. 4).

This passage of time in work done on the City side, and lack of records related to that time, opens up questions. The Auditor General’s office is looking into the matter as a result of Coucil direction. I hope their investigation will shed some more light on what happened given that this feels to be, from a records seeking perspective, a dead end.

On the Passage of Time and Procurement Policy

There was a moment in time where City staff decided to go forward with the unsolicited proposal. And, based on my records requests so far, staff did not write anything down about their following of two steps of the procurement policy prior to launching into a proof of concept project: criteria gating to allow the procurement to not be competitive, and the creation of an evaluation team to review the proposal.

Those two decisions would, I would have thought, theoretically, exist in some type of a written record. As of now, they do not. If the decision was made without any records, then the implementation of a pilot project with the firm *are* part of the records, and the staff report is the rationale.

But there is the matter of roughly a year between these two things, work done outside of any contract, relationships formed and dependencies created. And in that year and those activities there are procurement implications.

Other Ways to Consider This

I am increasingly wondering if simply looking at and considering a policy constitutes following it? That might make sense for the first part here, looking at the criteria to accept an unsolicited proposal. I don’t agree with this, but see how it could happen. If the gating mechanism to accept something that evades standard procurement requires no written records for rationale at the point of beginning a proof of concept project outside of any governing contract, I would say that’s an issue.

From an accountability perspective, in public administration terms, this does not seem right. I have no problem acknowledging that I am likely wading into a set of norms that may be currently acceptable, but the benefit is that I’m not existing in them, so I am happy to try to surface the gap.

Some of this possible gap relates to the uniqueness of the proof-of-concept idea, as well as the timeline followed for this project. If we have a policy that says to follow a set of steps, and those steps aren’t followed in a way that creates records that align with the timescale of influence, and there are no consequences to this method — is the policy defensible as a decision-making tool that should support public oversight?

Working Theory/Reason for Documenting this Case, Broadly

What I think might be happening here, and as confirmed by this mediation call, is that I’m thinking about records in (possibly) the wrong way. I’m looking for the reasons something happened, and I’m assuming there would be records.

What I know, from the years of looking at this case, is that staff had and have ample reasons to pursue the deal with PayIt when considered against long-term strategic plans and other reports/items in the City’s history. I may also be getting the time-scale of this policy implementation wrong. I am looking for the response when the proposal came through the door. Staff may have been looking at the proposal and unsolicited procurement policy as something they implemented in their first staff report to council.

Regardless of where I might be getting this wrong/differently than City norms, the example relates to how records and policy processes line up, and don’t, against the social and cultural norms that create vulnerabilities in tech procurement. These have spawned and grown large in the world of government tech conferences, innovation narratives, and digital transformation activities.

The reason I’m detailing this case is to get a picture of an example of how tech procurement is informed and rationalized based on norms that exist outside of formal lobbying, record keeping, and public administration.

If policy is not being followed because of staffing capacity, that is also something we need to understand better from the outside. This matters in order to seek remedy for the representation that the public expects in decision-making from both staff and elected officials. The best way to interrogate the public service is to work from a place of good actor, good intent, and professional expertise. As well as from the perspective of problematic incentives. All of that is brought into how this being reviewed.


A few pieces of background as reminders:

The City of Toronto has a policy for what to do when it receives an unsolicited proposal from a vendor. That policy was written in 2007. It can be found here, and it contains two core pieces that I’ve been focused on.

The reason I’ve been focused on them is because if this policy would have been applied differently than it was, it’s plausible we would be in a different situation today in terms of the technology (and financing) approach we decided upon, as a City, in regards to digital transformation/payment systems.

The first point of interest in the policy is the four point criteria-based gating process to assess the proposal, which is described as follows. It’s critical to notice the explicit acknowledgement that unsolicited proposals are not supposed to be used to circumvent the City’s procurement process.

“Unsolicited quotations or proposals should not be allowed to circumvent the City’s procurement process. An unsolicited quotation or proposal should not be considered if:

  1. It resembles a current or upcoming competitive procurement that has or will be requested
  2. It requires substantial assistance from the City to complete the quotation or proposal
  3. The goods or services are readily available from other sources
  4. It is not deemed by the Division Head to be of sufficient value to the City of Toronto”

The second core part relates to the evaluation of an unsolicited proposal, should it make it through those four criteria: the assembly of an evaluation team and a review of the proposal by said team:

“If the Division Head feels that the unsolicited quotation or proposal has merit, the Division Head should assemble an Evaluation Team with sufficient expertise to evaluate the unsolicited proposal or quotation.

  • Prior to any evaluation of the unsolicited quotation or proposal, the Division Head must obtain in writing the vendor’s agreement to abide by this policy and acknowledgement that the City is under no obligation to accept the proposal or quotation, that all costs incurred by the vendor in relation to the unsolicited proposal or quotation are incurred at the vendor’s own risk and that the City shall not be liable for any costs or damages in connection with the rejection or non-acceptance of the proposal or quotation.
  • The Evaluation Team:
  • Evaluates the vendor’s technical, commercial, managerial and financial capability to determine whether the participant’s capabilities are adequate for undertaking the project.
  • Weighs the technical, commercial, managerial and financial aspects of the unsolicited quotation or proposal and determines if the scale and scope of the project is in line with the requirements, the funding ability, or the interests of the City.
  • Determines whether the sharing of risks as proposed in the proposal or quotation is acceptable to the City and if the project is in conformity with long term objectives of the City.
  • Based on the evaluation, the Evaluation Team may decide to reject the proposal, to request amendments to the quotation or proposal, or to continue with the process.
  • If the Evaluation Team recommends any modification in the technical, scale, scope and risk sharing of the proposal, the vendor will be allowed to consider the recommendations and resubmit its quotation or proposal within a given time period determined by the Evaluation Team.”

The crux of the missing records appeal relates to these two sets of policy requirements. In my records request to the City, I asked for the records that would show how the City did this work. How it a) stepped through the first four criteria that would have potentially re-routed the proposal back out through standard procurement and b) who was on the evaluation team, and how it assessed the proposal based on the criteria and steps laid out on in the policy.

The records returned to me via my request do not detail these processes. They include some back and forth engagement with the vendor, the City saying they will follow a process and get back to the vendor about their proposal, and the need to do a Swiss Challenge process.

There are no written records concerning the first criteria relating to whether this unsolicited proposal should be accepted as an unsolicited proposal. And there are no written records about an evaluation team, nor any process followed by an evaluation team.

Documentation of City Staff Decision Making

As stated on the first page of PayIt’s unsolicited proposal: “Amount of City Funding Requested: $0” — “Financial Benefit to the City: $20MM+ per year”

As we know at this stage of tracking technology procurement, there are companies that are capitalized in such a way that they are able to pitch their tech as free. This framing, coupled with a process to receive proposals outside of standard tendering, opens up a loophole of sorts that situates a narrow type of technology vendor/business model in an advantageous position to enter into business relationships with government.

In this case, and others, the “product” being supplied is software code and supporting infrastructure. But the actual “product” being supplied is also a financing model for said code and supporting infrastructure. This is of a significantly different flavour and profile than the direct purchase or licensing of software.

Once we get into these types of models, we move into the realm of valuations and cost-savings rather than standard pricing/licensing models.

The calculation in this case, for the terms of engaging with this vendor, are more expansive than the “cost savings” of avoiding up-front investments in infrastructure and operating costs related to maintenance. The flip side of this deal is the asset that the City had as part of its negotiation: access to the City’s tax base.

A large, and highly stable (thus rare) persistent amount of annual revenue. The City was, in effect, tendering access to this asset. In the model, as it stands, the vendor is taking a cut of every payment from resident to the City that the service is being applied to. In this model, the City has created a financial intermediary set-up that sees money flowing *through* PayIt to the City.

How much did staff engage with the fullness of the business model and negotiation strategy required by this unsolicited proposition before deciding to take it on in a pilot project? And in a manner that did not include standard procurement to open the opportunity to others?

Back-filling Rationale under Austerity

In the months and years that followed the receipt of the unsolicited proposal, additional work was done to rationalize the decision. This included the creation of a low-quality “market assessment” by Gartner to suggest that the sole sourcing of this product/service was legitimate. When Council read about a market assessment in a staff report they may have been surprised to learn that this “assessment” was a three-page summary of a phone call and the results of a few internet searches.

How this extends out into a bigger issue for procurement and technology — and public control of assets — is as follows: staff could easily draw a line between the case made by the vendor, the long-term approach the City is taking with cloud technology and customer experience, and the “good deal” presented by the lack of up-front costs as outlined by the vendor. This is what is done in the first staff report.

The Auditor General’s office at the City has been asked to investigate this procurement, which is still pending an update/completion. There is a high likelihood, based on the Auditor General’s mode of assessing this deal, that they might buy into the “value” as proposed by both staff and the vendor. But here we run into both a technical and political problem.

The technical problem is that by failing to reject the unsolicited proposal and instead take the opportunity out to market, properly, we never had a chance to assess how the payments technology problem could have been approached in a different manner. So instead of a thoughtful assessment of the problem and an intentional procurement, we end up with City Staff in defensive mode, bringing numbers and rationale to backfill a choice they made with cost savings, estimates, and financial projections premised on the frame as presented by — the vendor.

The political problem is that there is a case to be made that this deal sits squarely within the general approach the City is taking with technology. So in that realm, there was likely an internalized political understanding within staff that this deal was politically aligned with the City’s leadership.

What Elected Officials Do and Don’t Know When an Item Comes to Council

In the instance of this procurement, there are a few items of note that would bother me if I were an elected official, because elected officials have to make decisions based on information brought to them by Staff.

Did Staff explicitly share with elected officials how they followed the process as outlined in the unsolicited proposals policy of 2007? Based on staff reports, this was not made explicit. Instead, staff decided to propose a sole source process. Did staff explicitly share with elected officials that the three (3) times the unsolicited proposal policy had been used in the City’s entire history it was used for much smaller ticket items. Based on staff reports, this was also not made explicit.

The unsolicited proposals policy is a fairly obscure policy. The one mention in the first staff report of the unsolicited proposal process is this: “After receiving an unsolicited proposal from PayIt and seeing value, staff
completed a successful proof of concept”

Here we have to slow down. Staff, with those few words — “seeing value” — went on to implicate Council in a decision-making process that, by all efforts to understand it to date, conferred assumptions that the policy designed to create legitimacy for this kind of tendering was followed.

All of the records and processes I’ve followed to try to understand what happened keep landing me back at the outcome that staff genuinely thought this proposal was a great idea, based on their knowledge of City policy and strategy, and so they went all in.

This is a valid element of their decision-making. I’m not sure if it is a valid characterization of their political authority. The pandemic also featured into the rationale. However, in conversations with City Staff about the evaluation team process — of which there are no records , which leads me to believe (could be wrong) that the process didn’t happen — I have been told that the individuals that would have knowledge of the matter are no longer with the City.

I would think, based on the purpose of record-keeping, that this is not an adequate answer. This process of trying to seek the records that explain how a decision was made is pointing me towards an issue related to omission. It may also very well be that the evaluation team part was followed and considered with more informality than the rigour I would expect for the process. Particularly given the context and importance of this deal. This is all plausible.

What Happens Now

What has been somewhat challenging is the constraint of records as a process when what I’m actually seeking is decision-making rationale. It has been, psychologically, a bit of a strange set of conversations to date. They boil down to something like:

me: the City made a multi-million dollar (unsolicited) procurement decision. We have a policy to guide how to make these decisions, in a very specific construct. Where are the records that outline how the decision was made to progress with this procurement, as per the policy?

City: here are the records you requested

me: ok but these records don’t answer my question?

City: these are the records the City has

What this boils down to, further, is that a decision was made to proceed.

How to close the gap between the decision and the lack of records? This is the accountability gap I’m trying (unsuccessfully) to close. The construct of my appeal, as the system understands it, is that I’m saying there are records that exist that haven’t been shared with me. The trouble is, that may yet be false. There may be no written records. But there was a decision. What to do when there are decisions without records? How does that work in public administration?

There is no doubt that staff believe this deal was a good idea. But that’s not the point. Staff have been forthcoming about their rationale and support for the deal. Staff continue to be responsive and supportive of my questions when and where they do have answers.

For a norm to set in where the rules are highly open to interpretation opens up a world of difficult to wrangle accountability. Primarily because decision-making information is not actually flowing through our elected officials. This is not a hard right or wrong situation — this is matter of how much information, interpretation, and where and how can it be accessed.

Rationale is not something that can be done solely in staff reports when those staff reports are selective about process disclosure. Staff reports are designed both for council and for the public. If we lose track of how operations inform staff reports we have a significant problem on our hands as we will only be reading writing that is created to back-fill decisions, rather than documenting decisions in the moment they occur.

screenshot from the City of Toronto’s Unsolicited Proposals Policy (2007)