Transparency data

6 September 2022: Next Generation Fraud and Cyber Crime Reporting and Analysis Service (FCCRAS) Project accounting officer assessment

Updated 2 April 2024

© Crown copyright 2024

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/home-office-major-programmes-accounting-officer-assessments/accounting-officer-assessment-next-generation-fraud-and-cyber-crime-reporting-and-analysis-service-fccras-project

Project Stage

Outline Business Case (OBC) was approved by Home Office Finance and Investment Committee (F&IC) in March 2021.

Background and context

Fraud and cyber crime affect more people, more often, than any other crime and represent 44% of all estimated crime, with 6.1 million incidents (4.5m fraud and 1.6m computer misuse) in England & Wales in 2021/22[footnote 1]. Fraud creates a huge net drain on the UK economy: it causes an estimated £4.7 billion of economic and social cost to individuals in England & Wales (based on a 15/16 assessment)[footnote 2]. Cyber threats continue to grow in scale and sophistication: cyber, including cyber crime, is a tier 1 national security threat.

The public report fraud and cyber crime incidents through the National Fraud and Cyber Reporting Service (Action Fraud) reporting system. This is supported by the National Fraud Intelligence Bureau (NFIB), which evaluates and links reports from across the country to assist police investigations and support wider disruption of the enablers of fraud and cyber crime activity. The Economic Crime Victim Care Unit (ECVCU) supports victims whose cases are not eligible to be referred to their local force due to a lack of evidence available. The Action Fraud and NFIB services are all the responsibility of the City of London Police (CoLP), as the national lead force for fraud.

Policing has been using Action Fraud since 2012. The Sir Craig Mackey review of the City of London Police’s role (as the national lead force for fraud) and HMICFRS’ reports on the police response to fraud and cyber crime, raised concerns over the performance of Action Fraud and NFIB. In his review, Sir Craig Mackey concluded that Action Fraud and NFIB have potential to serve policing well, however, its operations are significantly hampered by an operating system that is not fully functional and resourcing levels that have not kept pace with increased reporting.

The Security Minister agreed the scope of the replacement service in October 2020. As part of this process, the value for money for six options were explored, including combining the service with 101/police.uk. It was concluded that the best option would be to procure a new service which addressed the failings of the current one and better reflected the increasing volumes of fraud/cyber crime.

The Next Generation Fraud and Cyber Crime Reporting and Analysis Service (FCCRAS) project aims to deliver technology that is fit for purpose, provides greater intelligence and insight to law enforcement on fraud, and improve reporting tools and support services for victims, contributing to benefits which include avoided revictimisation, reduced emotional harms and increased judicial outcomes. The FCCRAS is also integral to the National Economic Crime Centre (NECC) vision for a step change in the fraud system.

Funding for the FCCRAS project, has been secured through the 2021 Spending Review up to FY24/25 and will be provided by the Home Office throughout its 8-year life-cycle, with agreed contributions from the Corporation of London (City of London Corporation and CoLP). These will be held under regular review during the procurement and updated in a Full Business Case (FBC) following completion of the procurement process in FY22/23. The management of these funds is underpinned by effective governance and reporting arrangements, and clear accountability for expenditure.

This assessment is made by the Permanent Secretary and Accounting Officer, Home Office.

Assessment against the Accounting Officer Standards

Regularity

We do not anticipate any issues in maintaining compliance with established United Kingdom law.

At the Economic Crime Strategic Board (ECSB) chaired by the Home Secretary in February 2021, it was agreed that tackling fraud needs to be a priority for the Home Office. Following those discussions, the Home Office is developing a new approach to fraud in the form of a new Fraud Strategy that will be published later this year. A key strategic objective of the upcoming Fraud Strategy includes the delivery of the Next Generation FCCRAS.

Expenditure on the FCCRAS project can be made under Section 169 of the Criminal Justice and Public Order Act 1994.

I am content that this project meets the test on regularity.

Propriety

The proposed course of action complies with Managing Public Money (3.3.3 Value for Money).

The OBC for the FCCRAS project was approved by the HO Finance & Investment Committee (F&IC) in March 2021 and it is anticipated that the project will not breach parliamentary control procedures or expectations. HO F&IC approved interim funding in April 2022 (£6.3m) until the presentation of the Full Business Case to HO F&IC in February 2023.

Responsibility for delivering this project lies with CoLP, working with City of London Corporation throughout the procurement process. The governance framework comprises a Project Board, chaired by the Commissioner of CoLP (the Senior Responsible Officer for the programme), with representation from all stakeholders across fraud and cyber, including the Director of Economic Crime (Home Office, Homeland Security).

A multi-disciplinary project team from across CoLP and CoLC will provide subject matter expertise and project delivery capabilities. The Project Board reports to the Home Office and CoLC assurance and governance boards, and Ministers have requested that the FFCRAS project is subject to Home Office commercial, financial and project delivery assurance processes. The current ‘go live’ date for the new service is projected to be May 2024, however the timetable for the project is still subject to change until the procurement is completed.

The new service will not be developed in isolation. System interoperability and alignment with national programmes has been reviewed and presented to the Home Office Technical Design Authority (TDA).

A Data Protection Impact Assessment (DPIA), in line with Information Commissioner’s Office (ICO) guidance, has been initiated for Phase 1 (new website and online reporting tool) and will be subject to review as the project develops. There is an expectation that the ICO will be consulted as part of the DPIA process.

As part of the Government Major Project Portfolio (GMPP), the project will report quarterly to the Infrastructure and Projects Authority (IPA) on progress. An assessment of the project’s progress will be published in the IPA annual report.

I am content that this project meets the test on propriety.

Value for Money

Value for money has been a key focus for the development of the Next Generation FCCRAS to replace a failing system. Technology has advanced and demand has grown considerably since the service was last procured in 2015. The national fraud and cyber crime landscape has changed and greater integration across law enforcement and wider partners is necessary. Automating and industrialising existing data sharing with partners will improve identification of serious and organised crime and maximise opportunities to reduce harm and prevent fraud.

The high-level design of the FCCRAS has been informed by consultation with internal stakeholders and over 60 external stakeholders. CoLP has also drawn on fraud and cyber crime victim research commissioned by Home Office Analysis and Insight (HOAI) and Action Fraud Live Victim Feedback analysis and current performance data.

The current estimate of the whole life cost of the project is £212.4m (incl. FY21/22) over the 8-year lifecycle. Funding between HO and Corporation of London (CoLP and CoLC) has been agreed as follows:

Corporation of London funding: £38.7m

HO baseline funding (run costs): £109.6m

HO funding over baseline: £64.1m

These costs will be held under regular review during the procurement and updated in a Full Business Case following completion of the procurement process in 2022.

Robust analysis by the HO Fraud Policy team and Home Office Analysis and Insights (HOAI), together with CoLP, has developed a cost-benefit model incorporating efficiency savings and quality improvements provided by a Next Generation service: the project has a positive NPV of £49.1m and BCR of 2.72 relative to the baseline, with total benefits of £401.5m over the whole life of the project.[footnote 3] The benefits are based on Action Fraud’s expected impact in terms of reducing revictimisation of its callers and NFIB’s expected contribution to law enforcement outcomes for cyber crime and fraud, and the reduction in harm associated with the incapacitation and disruption of these crimes.

Improvements are already being rolled out and more are coming, with the new service expected to be fully operational by 2024. These improvements will:

  • further improve the support services and reporting tools for victims,
  • provide greater intelligence and insight to policing on fraud and cyber crime affecting communities, and;
  • allow for greater prevention and disruption at scale.

As national lead force for fraud, CoLP is responsible and accountable to the Home Office and City of London Corporation (as its police authority) for the delivery of the FCCRAS, with responsibilities and performance reported through Home Office-chaired governance structures for economic and cyber crime. This provides a mechanism for engagement with, and oversight from, key stakeholders across the fraud and cyber landscape.

I am content that this project meets the test on value for money.

Feasibility

The procurement of a new service is driven by the need to provide an efficient, accessible service for the public and organisations to report fraud and cyber crime and the expiry of the existing service contract. The current contract ends in February 2024 with the option to extend beyond this date, at additional cost, to ensure continuity of service.

The project sits on the GMPP and underwent its first Gateway review, led by the Infrastructure Projects Authority (IPA), in January 2021. It received a Delivery Confidence Assessment of Amber Red. A follow-up Assurance of Action Plan (AAP) Review in June 2021 and a subsequent Home Office-led Health Check for F&IC in April 2022 both rated the programme Amber and all recommendations from both reviews continue to be progressed.

The SRO for the project is the Commissioner of CoLP, accountable to the Accounting Officer / Permanent Secretary through the Home Office Owner (Director of Economic Crime, Homeland Security Group). A multi-disciplinary project team from both CoLP and CoLC continue to ensure roles and responsibilities are clearly defined and resources deployed in line with the baselined plan, with established structured delivery controls including a regularly monitored detailed delivery plan, and changes managed through formal change control processes.

Proactive risk management is supported by a regularly updated risk log and a robust governance structure between the Home Office, CoLP and CoLC. The Home Office will provide oversight and assurance of the procurement and financial aspects of the project through the department level boards: Programme Board, Change Board, and scrutiny of HO Commercial Assurance Board (CAB) & F&IC.

The key current risks to delivery are the tight timeline around the contract end date (Feb 2024) and resourcing issues. We are waiting to finalise procurement which will provide more certainty on timelines, before determining further mitigating actions which will likely involve using the discovery phase to recoup lost time. Recruitment is progressing and the resourcing strategy is under review.

Subject to the monitoring of the actions referenced above, I am content this project meets the test on feasibility.

Conclusion

The procurement of a new service is driven by the need to provide an efficient, accessible service for the public and organisations to report fraud and cyber crime and the expiry of the existing service contract.

The Next Generation FCCRAS conforms to the four Accounting Officer standards of regularity, propriety, value for money and feasibility. If any of these factors change materially during the lifetime of this project, I undertake to revise my assessment.

As the Accounting Officer for the Home Office, I approve this assessment of Next Generation FCCRAS on 30 August 2022 and consider it an effective use of public resources.

Yours sincerely

Matthew Rycroft

Permanent Secretary for the Home Office

6 September 2022

  1. Crime Survey for England and Wales (Office for National Statistics), year ending March 2022 

  2. The economic and social costs of crime (Home Office, 2018) 

  3. A cost benefit analysis has been performed in which the economic costs and benefits are calculated for each year of the 8-year appraisal period (between 2021/22 and 2028/29) and then summed to produce a net figure for each year. Each of these annual net values is then discounted (as set out in HMT Green Book guidance) by 3.5% to reflect values in 2020/21 real prices. 

Back to top