Transparency data

25 October 2024: Cerberus project Accounting Officer Assessment

Updated 6 December 2024

It is normal practice for accounting officers to scrutinise significant policy proposals or plans to start or vary major projects, and then assess whether they measure up to the standards set out in Managing Public Money. From April 2017, the government has committed to make a summary of the key points from these assessments available to Parliament when an accounting officer has agreed an assessment of projects within the government Major Projects Portfolio.

The assessment below reflects the position in July 2024.

Border Force works to secure the border, to ensure regulatory compliance, manage threats, and maintain high service standards. There is a critical gap in the current approach around the use of data at the border which leads to users having to access multiple systems. This inability to bring and utilise all data within one system reduces operating effectiveness and efficiency and ultimately limits success across Border Force’s strategic pillars.

To address this gap, we are developing Cerberus, a highly capable analytics and targeting system, that brings transformative change to our border intelligence and targeting capability. Cerberus joins together contextual and reference data, for both passengers and goods, into a single system. This ability to aggregate data and harness analytics capabilities will lead to a more efficient and effective workforce. A clearer data picture will result in better identification of threat and risk, increasing threat detections and seizures, and improving the flowrate of legitimate traffic. By connecting intelligence and data across modes, Cerberus will provide insights into the activity of Serious Organised Crime (SOC) and Counter Terrorism (CT) groups, reducing intelligence failure and economic and social harm.

The Cerberus AOA has been updated to reflect a refreshed Business Case for FY24/25, within our Business Case, this details changes that have been made to our Whole Life Cost, Optimism Bias Assessment and Appraisal Period.

Developing Cerberus in a commercially astute way, the Home Office is making significant efficiency savings by moving away from large supplier contracts and bringing services in-house. All intellectual property behind this core operational system will be owned by the Home Office.

Regularity

Cerberus is committed to complying with legislative and data ethics standards. The use of data within Cerberus services is based on a variety of established legislation and precedents governing the use of border movement data.

Processing of data towards the development, provision and use of Cerberus services will be primarily in accordance with Part 3 Data Protection Act 2018; being necessary for law enforcement purposes. The Home Office receives data from third parties under a variety of legal gateways such as UKBA 2007 amended by BCIA 2009, Anti-Terrorism, Crime and Security Act 2001 or in accordance with the duty to share data relevant to IANA 2006. Other impactful legislation includes CEMA 1979, Immigration Act 1971, Immigration and Asylum Act 1999, Postal Services Act 2000, Postal Packets (Revenue and Customs) Regulations 2011, Aviation Security Act 1982, the Crime and Courts Act 2013, the Equality Act 2010, the Human Rights Act 1998 and the Investigatory Powers Act 2016.

Processing of PNR is compliant with Passenger Name Record Data and Miscellaneous Amendments Regulations 2018 as amended by EU (Future Relationship Act) 2020.

Cerberus will not use any data that the Home Office does not have authorised access to. The Home Office has ongoing discussion with HMRC about interpretation of existing legislation specifically in relation to data sets shared by HMRC, the extent to which they can be processed in Cerberus and onward sharing. Bids for Primary legislation have also been tabled in relation to changes required to enable Cerberus bulk data exchanges and processing of a wider range of HMRC data sets including onward sharing in bulk with other government departments.

Cerberus has a dedicated Data Governance Team who oversee the development and delivery of the system and advise the Senior Responsible Owner (SRO) on the compliant development of the system. The programme regularly consults with Home Office Legal Advisors and reports to the Home Office Data and Information Steering Committee.

The Data Governance team, work with the Home Office Data Protection Officer and Information Commissioner’s Office (ICO) to help the programme to ensure data protection compliance within the build and delivery of the Cerberus capability. The Home Office Data Protection Office conducted an assurance review of the Cerberus programme against the ICO accountability framework finding the programme moderately compliant from a data governance perspective. The programme has since addressed the recommendations that came out of that review.

The Home Office Intelligence Data Governance Team own the operational requirement for compliance and define the functional requirements for audit and data handling to ensure continued compliance in operational use. They are also Data Protection Officer for Passenger Name Record (PNR) data so work with Policy leads to direct the programme build and development of any functionality that relates to processing of this data.

Propriety

Cerberus continues to deliver within the limits of the authority delegated to the SRO. The programme’s funding was allocated as part of the Spending Review (SR) process and the programme is being delivered within the allocated funding agreed with HM Treasury.

As a Government Major Projects Portfolio (GMPP) programme, Cerberus is subject to high standards of internal and external governance and assurance. The programme’s business case is submitted annually to InvestCo which provides governance, assurance and oversight of the Home Office’s significant investment decisions. Business cases are submitted to and approved by HM Treasury in consultation with the Cabinet Office. The programme reports into the GMPP with quarterly submissions. The programme is subject to regular assurance by the Infrastructure and Projects Authority (IPA).

The administration of Cerberus will include oversight on the appropriate use of data with ongoing monitoring and audit to detect and prevent improper system use. In particular, the use of passenger data will be closely managed, with functional controls to prevent improper access and use of this data, supported by the monitoring and audit regime. The programme is working to ensure that the use of the data is appropriately even handed and does not prejudice any protected groups, as is the collection of that data.

The Cerberus capability will increase our intelligence picture and understanding of threats, risks, and vulnerability. Actions arising from the analysis of data by the Cerberus capability will be appropriately targeted towards unlawful activities and, again, shall otherwise be appropriately even handed. Since the capability enables increased targeting towards unlawful activities, burden should be reduced on lawful business as a reduced proportion of searches should be conducted on the lawful passage of goods and people through the border. The targeted activity enabled by the capability supports several government policies, and the system is not known to frustrate any government policy.

In summary, the programme’s scope, and execution as well as the operational service are consistent with the Civil Service and Ministerial Code.

Value for Money

In the last spending review, Cerberus increased in cost and duration to bring more advanced and innovative analytics capability into scope. This increase in scope will allow an increase in benefits, some of which are monetisable, such as seizures of revenue goods, and some of which are not, such as drug seizures. While these benefits are difficult to forecast, the Net Present Value (NPV) has remained positive, and Cerberus remains good value for the exchequer and the UK public. The Cerberus business case proposed a recommended option which provided the best NPV of the affordable options over the appraisal period.

Over the appraisal period (FY19/20 – 34/35), the Whole Life Cost of the option taken forward (inclusive of sunk costs and optimism bias) is £241m, of which £126m is future expenditure from FY24/25 to 34/35. This includes the running costs of both incumbent systems and Cerberus.

Excluding irrecoverable VAT, the discounted future expenditure totals £112m. The discounted future benefits of the programme totals £157m. This gives an NPV of £46m. These figures are absolute, not relative to baseline.

Economic benefit will be delivered in several ways. Cerberus will facilitate the decommissioning of a number of incumbent technology systems, generating cashable savings of £81.2m (discounted). In addition to the projected savings of £81.2m, the project has already realised £6.5m in savings.

Cerberus is enabling an increase in interdiction of illicit goods moving across the border, as well as the identification of the illicit movement of people across the border. Cash seizures and revenue payable goods seizures contribute directly to the Exchequer via HMRC. The identification of illicit movement of people, particularly where these movements are identified before they reach the UK border, reduces the cost to the UK of illegal migration and the direct cost to the Home Office and wider Law Enforcement of addressing illegal migration in the UK. By increasing the interdiction of these threats, Cerberus will realise benefits of £69.2m (discounted) - £8.2m p/a following programme completion.

Other illicit goods, such as class A drugs and non-lethal firearms, do not have a monetised value but contribute to the reduction in organised criminal activity across the border and a reduction in the associated harms to the UK public. For example, by the end of the appraisal period, the programme is forecasting that Cerberus will enable interdiction of an additional 2.5 tonnes of class A drugs per annum at the border. Some of these illicit commodities do have an indeterminable economic impact to the UK, meaning the figures here understate the true economic impact of Cerberus.

Cerberus is also improving the efficiency of Border Force operations by reducing nugatory interventions at the border and by reducing the resource cost of identifying high threat, high harm border movements. Not all efficiencies have been quantified, but some associated with better risking of Safety & Security declarations are forecast to achieve cashable savings of £7.1m (discounted) - or £0.9m p/a - ramping up from the beginning of FY25/26.

Feasibility

Cerberus has an established delivery methodology. Whilst Cerberus has had challenges over the years and incurred delays, the Programme has delivered capability into live use during that time and continues to improve our ability to deliver. Cerberus enables an intelligence led Border Force to work in an agile manner providing our workforce with the ability to pivot rapidly to the highest threats as outlined in the BF (Border Force) Control Strategy.

The programme’s delivery is overseen by the Home Office’s Project and Portfolio Delivery Directorate. It has robust change control procedures with active risk and issue management and defined escalation routes to the SRO and senior boards.

Both programme resourcing and the establishment of formal agreements for authorisation of access to third-party data continue to challenge the programme’s schedule. These risks are under active management at a senior level and pose a manageable level of risk to the programme’s success.

The programme as an improving record of delivery to schedule and has made several changes to programme management practices over the last year. The programme has acted upon recent recommendations from the IPA to make further improvements to programme management mechanisms, whilst currently planning to go through another IPA review late 2024.

The Cerberus programme continues to forecast delivery within its agreed schedule, cost, and quality constraints.

Conclusion

The Cerberus Programme conforms to the Accounting Officer standards of regularity, propriety, value for money and feasibility. As the Accounting Officer for the Home Office, I have considered this assessment of the Cerberus Programme and approved it on 14 October.

I have prepared this summary to set out the key points which informed my decision. If any of these factors change materially during the lifetime of this programme, I undertake to prepare a revised summary, setting out my assessment of them.

This Accounting Officer Assessment will be published on the government’s website (GOV.UK). Copies will be deposited in the House Library and sent to the Comptroller and Auditor General, Treasury Officer of Accounts and Chair of the Public Accounts Committee.


Sir Matthew Rycroft KCMG CBE
Permanent Secretary, Home Office
25 October 2024