POL00027863
POL00027863
CONFIDENTIAL
Conduct of Criminal Investigations Policy
Document Control
Head of Security Head of Security
Operations Operations
1 Overview
29th August 2013
10/02/2014
Annually or major
change
2 Revision History
16/08/2013 Rob King Initial draft.
Andrew Wise
0.2 29/08/2013 Rob King Update post Senior Stakeholder
Andrew Wise Review.
03 10/02/2014 Rob King Changes to paragraph 12.6 and
Andrew Wise 24.
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
CONFIDENTIAL
Table of Content
boa Ba 4
NOANDOMOMN®R®ONAD
iy
R. King
100214
Case Progression Flow Chart
Glossary of Terms
Purpose and Statement
Background
Scope
Key Activities
Case Raised
Event Log
Supervision of Investigation
Investigation
Enquiry Type
Interview Framework and Timescales
Evidence
Background Checks
Planned Order Risk Assessment
Interview
Searches
Notebook
Post Interview
Interview Notes
Statements
Business Failings
File Construction
File Submission
Summons
Committal
Case Closed
Conclusion
Compliance
AA Conduct of Criminal Investigation Policy v3
(3)
Page
DDWOMAAANMAYW
18
18
19
19
20
20
21
23
24
25
25
26
POL00027863
POL00027863
SOURCE
Audit Shortage
Grapevine Team
Contract managers
Client e.g. DVLA — DWP —
AE!
Commercial Team
Police
Further enquiries to be
made. File returned to
Team Leader
Further Enquiries to be
made. File returned to
Criminal Law Team.
Team Leader informed
Further Enquiries to be
made. File returned to
Cartwright King.
Team Leader/ Legal
informed
Further
Action
Further Action
CONFIDENTIAL
Case Raised
Case assigned to
Security Manager. Is
there evidence to
proceed?
Interview and
Compile Evidence
Case Preparation
Phase 1 MG Format
Team Leader to Review
the Case File. Proceed
with case?
YES
Criminal Law Team to
review the Case File.
Proceed with Case?
Cartwright King to
produce Charges?
POL00027863
POL00027863
No Further Action
ease to be closed.
No Further Action
case to be closed.
CONFIDENTIAL
Head of Security to
authorise prosecution?
1 Glossary of Terms
AE Application Enrolment Identity
AS Arrest Summons
ATM Automated Teller Machine
CCTV Close Circuit Television
DPA Designated Prosecution Authority
DVLA Department of Vehicle Licencing
DWP Department of Working Pensions
ECF Event Capture Form
FES Financial Evaluation Summary
FI Financial Investigator
HP Hewlett Packard
H&S Health and Safety
HSH Horizon System Helpdesk
NBSC Network Business Support Centre
NFSP National Federation of Sub Postmasters
NPA Non Police Authority
PACE Police and Criminal Evidence Act 1984
PAH Primary Account Holder
PEACE I Planning, Engage and Explain, Account, Challenge,
Evaluation
PNC Police National Computer
POCA Post Office Card Account
POL Post Office LTD
POLCT I Post Office Legal and Compliance Team
PORA Planned Operation Risk Assessment
SecOps I Security Operations
SPMR Sub Postmaster
TC Transaction Correction
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
POL00027863
POL00027863
CONFIDENTIAL
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
CONFIDENTIAL
2 Purpose and Statement
2.1
2.2
2.3
This document been prepared as part of the case file review and is
intended to support Security Managers from the commencement through to
the conclusion of the investigation. Incorporated within this document is
policy, comprehensive guidance of the process along with key points to
consider at various stages of the investigation.
Properly conducted investigations form a key part in our strategy in
protecting assets and reducing loss. If poorly managed, an investigation
can lead to increased risk of future loss and significant damage to the
corporate brand. In commencing any investigation we need to consider the
impact in terms of the protection of business assets and limiting potential
liabilities weighing against the reputation of the organisation or damage to
the brand should the investigation fail.
With the stakes so high, the department must be seen, internally as well as
externally to be acting fairly, appropriately and within the law. The
investigation needs to be properly conducted to establish evidence that will
support a successful criminal prosecution.
3 Background
3.1
3.2
Post Office Security is almost unique in that unlike other commercial
organisations we are a non-police prosecuting agency and are therefore
subjected to the Codes of Practice and statutory requirements of the Police
and Criminal Evidence Act.
There is another anomaly that sets us aside from other commercial
investigators. Of our 11,800 branches, only 370 are currently staffed by
employees of the Post Office. In the majority of cases branches are either
Franchisees or Agents who receive remuneration. As neither is deemed to
be employees of the Post Office, the usual practices and procedures of an
employer employee investigation do not apply.
4 Scope
41
The scope includes the operational conduct of criminal investigations as
directed by current prosecution policy, and extends to include any other
investigative support as required by other internal stakeholders within Post
Office Ltd and law enforcement.
5 Key Activities
5.1 Prior to commencing an investigation the Security Manager will have to
consider
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
5.2
5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
CONFIDENTIAL
The seriousness of the allegation
The level of criminality
Any contractual, compliance or regulatory concerns
The potential to damage the reputation of the Post Office
The expectations of key stakeholders
Case Raised
Cases are raised from various sources, in each instance the information is
passed to the relevant operational Team Leader who will evaluate the
allegation and decide whether or not a case should be raised.
A shortage at audit will result in the completion of an Event Capture Form
(ECF) report by the lead auditor. The ECF report is then emailed through
to the Post Office Security Casework Team. On receipt of the ECF (where
a suspension has taken place), this is passed onto the relevant Team
Leader who will make the decision whether to raise a case or not. If this is
an immediate open enquiry the case will be raised before the ECF is
received.
All losses where a suspension has taken place are raised this way,
although the loss is not always due to criminal activity. The Team Leader
should review the circumstances surrounding the audit shortage and
assess whether an investigation is the most suitable course of action.
The following are examples of types of audit shortages.
e Cash Shortage at Audit No Explanation
e Cash Shortage at Audit Comments made at audit
Cash Shortage — member of staff (Not the SPMR) suspected of
criminality
Cash Shortage — Loss hidden Transfers
Cash Shortage — Loss hidden Remittances
Cash Shortage — Loss hidden Giro Suppression
Personal Cheque in Drawer
Cash Shortage in ATM
Cash Shortage in Lottery
Post Office Card Account (POCA) cases; On occasion, the Hewlett
Packard (HP) Call Centre is contacted by customers who claim they are
victims of fraud. The Post Office Card Account Primary Account Holder
(PAH) may identify persons who they suspect have defrauded them and
on occasions they are staff or Agents of the Post Office. The PAH
allegation will be received through the HP Call Centre who, working on
behalf of Post Office Ltd, manage the day-to-day POCA service. HP
operators are requested to record as much detail as possible and report
the allegation to Post Office Ltd Security, Details of the complaint will be
passed onto the Team Leader. On receipt, the Team Leader should make
an assessment on the validity of the claim. Should they find no
reasonable grounds to support the claim they should return it to the Admin
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
CONFIDENTIAL
and Support Team within 5 working days with ‘NO CONCERN’ annotated
in the Security Comment box. In the event the case is worthy of further
investigation they are to request a case number and pass to their Team
for investigation.
5.2.6 Cases can be raised in relation to a specific client; these can come from
various sources such as direct from the client via the Commercial Security
Team, a complaint from a customer or analysis from the Grapevine Team.
In each case the request is emailed to the Team Leader to review the
details and assess whether an investigation should take place. Post Office
Ltd has a massive client base; the following are sources from where
cases are usually raised.
DVLA
Royal Mail
DWP
Government Services
AEI Machine
5.2.7 Cases also can be raised from various other sources including.
Crown Office Issues / Loss
Suspicious Transactions
Remuneration
Contracts Manager
Police Request
5.2.8 These types of enquiries are sent to the relevant Team Leader who will
make the decision whether to raise a case or not. The Team Leader
informs the Casework Team via email that a case is to be raised and
which Security Manager has been nominated to deal with the case.
5.2.9 The Casework team then complete the new case raised document and
email this to the security manager along with any ECF or audit reports
which they have received.
5.2.10 The stakeholder Notification forms part of the New Case Raised
Document. Within this document details of all stakeholders are listed.
5.2.11 Once a case has been raised the Stakeholder notification should be
emailed to all stakeholders, casework team and Team Leader as soon as
possible. The Security Manager should ensure that as much detailed
information is included on the stakeholder notification.
5.2.12 Communication with the commercial team is essential. It is important to
ensure that all stakeholder updates throughout the investigation are
copied to the commercial security team.
5.2.13 A copy of the stakeholder notification should be printed; this is associated
in Appendix C of the case file.
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
CONFIDENTIAL
5.3 Event Log
5.3.1 All activities undertaken during an investigation should be recorded on the
event log; this should also include reasons for any delay in the
progression of a case.
5.3.2 The event log should be printed out and submitted with the green jacket.
This should be updated and a new event log entry inserted at each stage
of the investigation.
5.4 Supervision of Investigation
5.4.1. The decided course of action needs to be proportionate and necessary. It
may, if the circumstances warrant be more appropriate to consider other
actions that could be done that don’t necessarily lead to a criminal
investigation. Examples include pursuing a civil enquiry for breach of
contract, civil debt recovery, training review refresher, briefers, additional
auditing, a caution, warning letter and or NFSP engagement. Some of
these possible outcomes may not be obviously apparent until the subject
is interviewed, although they should be built into the process at this early
stage. Close communication and co-operation with key stakeholders is
essential to ensure that a proper and considered course of action is taken.
5.4.2 Proper consistent supervision is vital to ensure that cases are thoroughly
investigated and submitted in a timely manner. Team leaders with the
support of the Financial Investigators need to quality assure the
investigation making sure prior to initial submission that all available
evidence has been gathered.
5.4.3 From the point the case is first raised Team Leaders should give due
consideration to the merits of a criminal investigation.
5.5 Investigation
5.5.1 It is important to consider the aims, objectives and scope of the
investigation. Not all Post Office investigations are criminal; the Security
Manager may be called upon to investigate employees under the
grievance and disciplinary procedure. It is important to determine what
type of investigation is required, what time frames are in place, available
resources and what other issues may affect the conduct of the
investigation. An example may be a flag case with potential to damage the
reputation of the business where senior stakeholders have an on-going
interest in the progress of the investigation.
5.5.2 When a case is raised the Security Manager needs to prepare an
investigation plan which will outline the terms of reference in the way the
investigation will be conducted. Points to consider include:
e Risk assessment
e Duty of care
e The source of the investigation
e Statutory, regulatory or compliance considerations
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
5.5.3
5.5.4
5.5.5
5.5.6
5.5.7
CONFIDENTIAL
Impact on the organisation
Media
Timeframes
Immediate open enquiry
In all cases stakeholder engagement is essential, updates to stakeholders
should be sent on a regular basis especially at relevant milestones such
as interview, file submission and summons served. For high profile cases
such as crown Office losses updates should be more frequent and include
key senior stakeholders in the relevant directorate.
For cases raised due to audit shortage, communication with the auditor on
the day of the loss or as soon after the case is raised is essential to gain
an understanding of the loss and to ensure they will send all audit
documentation (original documentation) to the Security Manager.
In all cases where a loss has been identified and a SPMR has been
suspended a case conference should be arranged with the contracts
manager at the earliest opportunity. This is essential and allows for an
exchange of information and understanding of expectations and direction
the contract manager is planning in relation to the conduct. The contract
process can be found in Appendix A.
There may be occasions where criminality is suspected that a request is
made directly to a contract manager to consider suspending the SPMR. In
these circumstances the Security Manager must provide a detailed
explanation outlining the rationale supporting the request. A record must
be kept of this decision which may at some future stage have to be
justified in court proceedings.
The Security Manager has been tasked to prove or dispel the allegation.
In criminal cases where the burden of proof is beyond all reasonable
doubt, it is necessary to draw on all available evidence which is likely to
substantiate the allegation. In cases concerning the Horizon system, it is
important to establish the level of training the subject received, when this
was received and action the subject took to remedy any identified faults. A
key point to cover template has been produced to ensure that Security
Managers establish these facts during the interview process. As part of
the evidence gathering process, the Security Manager can collect
evidence from various sources including:
Statements from witnesses [current, previous members of staff]
Expert witnesses
Post Office accounting and HR databases
Contract Advisor database
CCTV
Banking records
Telephone records
Interviews with suspects
Alarm Data
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
10
5.5.8
5.5.9
CONFIDENTIAL
It is vital that all available witnesses are interviewed. If there is a good
reason for not doing so this must be recorded in the progress of
investigation log.
The Security Manager must not overlook the fact that a fair investigation is
there to establish the truth as well as substantiate the allegation, so it is
important that any evidence uncovered that may support the subject's
position is also recovered. It is important to document every action,
decision and reason for decisions being made during the course of the
investigation.
5.6 Enquiry Type
5.6.1
5.6.2
5.6.3
5.6.4
Immediate Open Enquiry. Where immediate response is appropriate and
few pre-interview enquiries are needed or practicable.
Major Enquiry >£15,000 (or major customer / client / reputation impact)
where immediate response is not possible due to the requirement to
perform pre-interview enquiries / analysis.
Standard Enquiry. All other enquiries not included in the above - where
immediate response is not possible due to the requirement to perform pre-
interview enquiries.
Liaison. Any case where liaison with another investigative body
conducting enquiries into criminal activity at Post Office Ltd branches.
5.7 Interview Framework and Timescales
5.7.1
5.7.2
5.7.3
5.7.4
R. King
All significant steps in the investigation including any lengthy delays in
concluding the enquiry need to be recorded. The progress of investigation
document will eventually form part of the unused material and should be
produced with the file. The details of investigation need to be sufficiently
informative although an element of objectivity needs to be applied.
Significant points can become critical should the enquiry concern non
availability of witnesses, external stakeholders or any other influential
factors which may force undue delay.
A culture needs to be embedded where Security Managers are aware and
fully understand the importance of providing a comprehensive
chronological account of an investigation, not merely to avoid undue
criticism, but also where there could be an issue with the case at some
later stage which may undermine the likelihood of successful prosecution.
Interview Date. Person concerned should be contacted and Interview
should be arranged without delay. Timescales will depend on preparatory
work that needs to take place prior to this. Good Evidence Takes Time. In
complex cases there may be a need to conduct a preliminary [holding]
interview with a more detailed interview taking place when further
enquiries have been completed.
AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
11
5.7.5
5.7.6
5.7.7
5.7.8
5.7.9
CONFIDENTIAL
Immediate Open Enquiry. Interview on day of notification (where possible)
minimum within 48 hours and case submitted to normal report timescales
(12 days).
Major Enquiry. Case to be at “person concerned” interviewed within 1
month of case raised.
Standard Enquiry. Case to be at “person concerned” interviewed and
submitted / closure stage within 2 months of raise. Should enquiries
indicate increased loss or impact, status must be amended to Major
Enquiry immediately.
Liaison. Regular contact should be maintained with the authority (Police,
Royal Mail, DWP) dealing with the case.
After the first month the Security Manager should discuss the case with
their Team Leader and a way forward agreed, this will ensure that the
liaison case is progressed.
5.8 Evidence
5.8.1
5.8.2
5.8.3
5.8.4
R. King
Good communication with the audit team is crucial to ensure evidential
resilience in relation to the continuity of exhibits. Every effort must be
made to ensure that the person finding is the person exhibiting and
original documents that will form the evidential basis of the case are
retained until collection. The continuity will be stronger if the documents
seized are secured and handed over against a_ signature. In
circumstances where the only viable way is to send the documents
through the post they should be sent by the Auditor to the named Security
Manager by Special Delivery.
Auditors are to be encouraged to record any significant comment made in
the course of the audit either unsolicited or in response to a reasonable
question to complete the audit such as “/ have checked the money in the
safe and there appears to be a shortage, is there any money stored
elsewhere that needs to be checked?” . In the case of the unsolicited
comment, the auditor should record this i.e. “/ know you will find a
shortage, I borrowed the money’. However any further question such as
“why” would constitute an interview and the Auditor must refrain from
asking such questions.
In such cases, the Auditor should inform the subject that their comment
will be recorded but any further questions concerning the comment may
be conducted under caution by a Security Manager where the subject has
been accorded their rights. This should not distract from the role of the
auditor and questions around should still be asked to verify financial
assets due to Post Office Ltd.
In cases where the subject wishes to make comment, the Auditor again
should record the initial comment, advise the subject as above and if they
continue, note in the record, that the person concerned was advised that
they would have the opportunity to be interviewed by a Security Manager
AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
12
CONFIDENTIAL
under caution at a later stage. THEN CONTINUE TO RECORD THE
COMMENT. Again any questions even for clarification from the auditor
would constitute an interview and could/would render the evidence
inadmissible so the Auditor must refrain from asking such questions.
5.9 Background Checks
5.9.1 Local Management Checks
Contact with the contract manager is essential; they can provide the
Security Manager with a background on the individual along with providing
all information relating to the branch from their database.
5.9.2 Training Records. A request for the branch training history should be
made to the Network Support Admin Team email address. This will detail
what training was received for the SPMR when he was appointed to the
branch, it will also show any intervention training requested or delivered
for the branch. It is the SPMR’s responsibility to train his staff, no records
for training (apart from compliance training) is kept for SPMR assistants.
5.9.3 Post Office Ltd Human Resources Printout. The Sub Postmaster Printout
or employee printout should be obtained for all cases by emailing Human
Recourses using the HR Assistant Checks email address. This document
can provide the following information —
e The subject's personal details, such as NI number, home address, bank
account(s), next of kin
e Date the SPMR was appointed
e Claims data (i.e. holiday pay) & dates the SPMR was on holiday.
e The full SPMR file can be requested by emailing ‘Contract Admin Team’
5.9.4 P356 Assistant List. The P356 Assistant list should be requested at the
same time as the HR Printout from the HR Assistants Check email
address. This report can provide the following information
Name, date of birth and NI number
Persons registered to access Horizon (users), at that Post Office
The Horizon user's identities for each assistant
Whether the assistant is a permanently employed or temporary/holiday
relief.
e Date the person was activated to use Horizon and the date users were
removed from the Horizon system
5.9.5 SPMR Remuneration. The remuneration from a particular branch can be
obtained via an e-mail to HR Agent Remuneration.
5.9.6 Police National Computer (PNC). Post Office Ltd PNC checks can be
made for intelligence gathering purposes in respect of individuals and
vehicles suspected or known to be involved in crime against the Post
Office Ltd. Examples of authorised use are as follows:
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
13
CONFIDENTIAL
e To assist authorised personnel with intelligence gathering around
individuals suspected/ known to be involved in committing criminal
offences
e For operational Health & Safety considerations and evaluations prior to
the engagement with the person concerned as part of the operational
risk assessment
e To obtain previous conviction details of defendants and witnesses for
cases being prosecuted by Post Office Ltd
e To establish intelligence with regards to vehicles and occupants
suspected to be involved in criminal activity against the Post Office
e To identify the registered keeper of vehicles connected to the address of
a suspect/known offender involved in criminal offences against the Post
Office Ltd
Do not conduct checks for the following reasons:
e Unsubstantiated allegations about an individual
e “Fishing trips”, for example blanket checking vehicles or persons such as
all vehicles in a staff car park in an effort to identify a suspect’s vehicle
e To identify ownership of a vehicle in accordance with Proceeds of Crime
Act
5.9.7 Equifax: Security Managers can rely on Equifax to provide the following
information:
e Personal details
e Addresses
e Court and Insolvency Information, (i.e. county court judgments)
e Alert Indicators (Office of Foreign Assets Control)
e Alias and all names used
e Associates
e Electoral data confirmation
e Credit transactional activity, including the client and transactional history
e Record of searches done by Equifax clients, (i.e. banks and retailers)
e Property valuation
e Additional addresses-linked addresses
¢ Directors data
e Commercial searches, (i.e. valuable data relating to the subject's
business)
5.9.8 Land Registry. Security Managers have access to the Land Registries in
England and Wales, Scotland and Northern Ireland. Most searches take
between a few minutes to a few days, depending on the registry.
Obtaining the subject's full address is important. Land Registry can
provide the following type of information/data:
e The owner(s), type of ownership & address
e The value of property
e An extract of the official Title Deed
e Copy of the Title Register, Title Plan
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
14
CONFIDENTIAL
e Registered Old Deeds, including historical editions of the register and
title plan
e Any charge on the property, and the relevant financial institution
(mortgage.)
5.9.9 Network Business Support Centre (NBSC) Call Logs. NBSC call logs can
be obtained by emailing the Branch and IT System Team at Dearne
House. These logs will detail all calls made by a branch into the NBSC.
These logs can be very useful where a SPMR or employee claim that they
have reported the loss or incident.
5.9.10 Credence; is a tool used to analyse detailed transactional data from a
particular branch. This is useful to prove details of particular transactions
or events. Only data, up to 90 days, can be extracted and analysed by
Post Office Ltd Security. An application to Fujitsu will turn the MI data into
data/documentary evidence for use in the criminal courts. Older historic
data can also be obtained. Fujitsu will only provide a witness statement
relating to the authenticity of the data only, not the specific transactions
relating to your enquiry.
5.9.11 ONCH. The Cash Management team can provide Over Night Cash
Holdings (ONCH) data for a specific branch. This data gives in depth cash
analysis for a branch including what denomination of notes a branch has
declared on a given date along with cash remittances in and out. A
request for this data can be made to the Retail Cash Management Team
who will highlight any concerns they might have with the branch. The
same information can be requested for Foreign Currency holdings.
5.9.12 Full Rota Check. A ‘full rota check’ allows for a full data search for a
specific branch relating to transaction issues. This can include any
transaction corrections (TC’s) scratch card, remittances, stock
adjustments and other specific office’s products. This check can be
arranged via Post Office Ltd Security Grapevine strand, Analyst & Support
team in Chesterfield.
5.9.13 Alarm data. Obtaining alarm data from ROMEC can be a useful tool in
determining access to the Post Office secure area and safes. Data around
perimeter and safe set / unset times can be interrogated to assist in the
investigation.
5.10 Planned Operation Risk Assessment (PORA)
5.10.1 The PORA process is mandatory in any Post Office led investigation
which may involve a planned interview under caution or premises search.
A PORA is required for each subject involved in the investigation, In order
to manage the risks effectively Security Managers should conduct any risk
related intelligence checks and/or enquiries that they feel are necessary
as part of the PORA process. The following checks are available and
thought to be the most relevant to Post Office Security cases:
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
15
CONFIDENTIAL
e Local Management check: This may also identify other information such
as health issues, including suspected drug or alcohol habits, or outside
interest’s e.g. domestic circumstances which may impact on H&S
e PNC Individual checks: This may identify “warning” indicators or
previous convictions of both suspects and others at the address. It may
also identify other information which impacts on H&S such as any history
regarding the certification (or refusal) of firearms or orders recalling
persons to hospital
e Full Equifax check: This check can be used to identify current occupants
at an address to be searched or visited. A “Full Investigation” Equifax
check should be undertaken
e PNC Vehicle check: This can reveal registered keepers of vehicles at a
specific address
e Land Registry checks: These will identify the owner of property
e Local Police Intelligence check: May identify risks regarding the suspect
or other incidents or persons at the address(es) and the geographical
area(s) to be visited. It may also identify other law enforcement interest
5.10.2 Risk Score. Where any risk is assessed as High, a Senior Security
Manager should be consulted and the assistance of the Police sought
before any investigation activities which bring Security Managers into
contact with the subject are commenced.
5.10.3 Where the Planned Operation is assessed as Low or Medium risk, line
manager's authority must be obtained before any Security Manager
activities which bring Security Managers into contact with the subject are
commenced.
5.11 Interview
5.11.1 Where the rights of a lawyer to be present are offered to the subject who
wants their own solicitor and they are not available, consider your position
in terms of recovering evidence and not compromising the investigation.
In this instance inform the subject that as their lawyer cannot attend within
a reasonable time, arrange for the subject to be arrested and booked in at
the local police station where a solicitor from the nominated list or the duty
solicitor can be offered.
5.11.2 Reasonable time may differ depending on the circumstances and any
action taken needs to be justified and documented. It is likely that an
explanation for this course of action will be required at court. A rule of
thumb is what the average lay person may consider reasonable given all
the facts. It is important to note that the need to gather evidence and
investigate the case in a timely manner is not unduly compromised.
5.11.3 Arrest by the police may be justified on the basis that there are
reasonable grounds to suspect an offence has been committed and there
are reasonable grounds for believing that the arrest is necessary. The
statutory criteria for what may constitute necessity are set out in para 2.9
of Code G PACE. Inviting the subject to the police station to obtain legal
representation may not be effective as the person concerned is at liberty
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
16
POL00027863
POL00027863
CONFIDENTIAL
to leave at any time. The Security Manager should direct the investigation
appropriately to remain in control of the evidential process without
jeopardising the subject's legal rights. Code G of PACE is laid out at
Appendix B.
5.11.4 Consider maximising the opportunity to capture evidence at the earliest
stage, i.e. where there is a significant comment. In more complex cases
where a more in depth interview is required hold a preliminary interview,
cover off the significant comment and hold a second interview at a later
stage when more evidence is gathered. Think of the Golden Hour of
capturing the evidence. Always follow the PEACE model [Planning,
Engage and Explain, Account, clarification and challenge, Closure,
Evaluation]. Consider the ingredients of the offence; dishonestly
appropriates property belonging to another with the intention of
permanently depriving the other of it. Ensure that these are established
during the interview. Deep dive into areas where defences are likely.
These can be countered by careful planning and skilful questioning. A
comprehensive guide to interviewing using the PEACE model can be
found at Appendix C.
5.11.5 One on one interviewing should be considered on a case by case basis.
There is no reason why in a straight forward investigation where there
have been admissions and risk is considered low, that a one on one tape
recorded interview should not be considered. This will free up resources
and should be encouraged wherever possible. Clearly in more complex
cases, where there is a need to pre prepare and the nature of the
investigation may benefit from an interviewer with greater subject
knowledge, then the interview must be conducted by two persons.
Similarly for training and development purposes.
5.11.6 Should any issues with the Horizon System be brought up by a subject or
his representative during a PACE interview the Security Manager should
state: ‘/ will listen to any personal concerns or issues that you may have
had with the Horizon system during the course of this interview ‘
5.11.7 The following three areas need to be covered in as much detail as
possible at an appropriate point during all PACE interviews, regardless of
whether Horizon is mentioned or not. Where the case clearly has no link
with Horizon (e.g. theft of mail) then you must gain authorisation from your
line manager to proceed outside of this process.
Training
e How long have they worked at the Post Office?
e Had they any previous PO experience?
e How long did their initial training last? (Please see guidance below and
get as much detail as possible)
e What did it cover? (I.e. transactions, balancing, ATM, lottery etc.)
e Did they request any follow up training? (If so who with?)
e Was there a period when the accounts balanced? If so, then why did
things run smoothly then?
Support
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
17
CONFIDENTIAL
e Who did they tell that they were having problems?
e Why didn’t they request any help?
e What support are they aware of (i.e. NBSC, HSH, area managers)
e Have they contacted the NBSC for support before?
Horizon
e Have they contacted the HSH before?
e If they believed that there was a fault with Horizon then who did they
report it to and when? If they didn’t report it then why not?
5.11.8 NBSC call logs should be requested for all cases. As should HSH call
logs.
5.11.9 Training records for all new cases are automatically sent by casework
team. For info the current standard is:
e SPMR receives 6-8 days of classroom training (this depends on the
products that their office transacts)
e SPMR receives 6 days of onsite training and support including at least
one balance
e SPMR receives an announced visit after one month to provide support,
go through the compliance requirements and for a cash check to be
completed
e SPMR receives an announced visit after 3 months for further support,
compliance questions and a cash check
e SPMR receives an unannounced visit after 6 months for further support,
compliance questions and a Financial Assurance audit
5.12 Searches
5.12.1 In all cases a search of vehicle and premises should be considered.
Searches are conducted by consent and should be conducted in the spirit
of PACE where reasonable grounds to suspect there is evidence on the
premises that relates to the offence.
5.12.2 If the subject refuses to consent to a voluntary search the Security
Managers line manager should be contacted and if required further advice
and guidance sought from the criminal law team.
5.12.3 If the subject refuses to consent to a voluntary search and there are
reasonable grounds to suspect that evidence relating to the offence may
be found, then contact police with a view to arrest the subject. A search
can then be conducted by police following arrest. The Security Manager
should agree this course of action with their line manager and advice
sought from the criminal law team.
5.13 Notebook
5.13.1 Notebooks are an essential element in a Security Managers toolkit. They
are the recognised and preferred way of recording evidence that is not
recorded elsewhere in a more formal document. They are numbered
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
18
CONFIDENTIAL
individually and are issued to all Security Managers performing
investigation duties.
5.13.2 Due to the nature of the information recorded in a notebook it can be
produced, if required by the Security Manager, in a Court of Law. It is
essential that all notebooks be completed with a degree of uniform
professionalism.
5.13.3 General rules
e Make all entries in chronological order
e All entries must be made in ink (black preferably)
e Any errors must be crossed out with a single line, so that the original
entry can be seen and then initialled
e Do not remove any pages, they are all numbered sequentially
e Do not make additional entries between the ruled lines. If it is of
paramount importance that, if you make an additional entry, make it at
the end of your existing entry explaining why it is not in chronological
order
e Asingle line should be scored through any blank spaces or lines
e All entries should be signed, timed and dated
e All notes made on informal pieces of paper such as newspapers, should
be transferred to the notebook as soon as practicable. The entry should
include why it was not practical to enter the note directly into the
notebook. The Security Manager must retain the original note
5.14 Post Interview
5.14.1 48 Hour Offender Report: To be emailed to Team Leader, Casework
Team, Financial Investigator (if appointed) Primary Stakeholder within 48
Hours of the interview.
5.14.2 FES Report: Financial Evaluation Sheet to be emailed to Financial
Investigator within 48 hours of the interview.
5.14.3 Write the Case Summary Report: This is to be written using example
report and guidelines that can be found on the Secops sharepoint site.
The case summary should be a succinct chronological account of the
investigation highlighting key facts. The rule of thumb is to produce an
account which the reader can quickly digest to get a general overview of
the allegation. Key witnesses and a brief outline of what they say can be
included as well as a synopsis of what was said during interview. The
statements, interview record and exhibit list can be examined should the
reader require further information.
5.14.4 Write Discipline Report. The discipline report to be written using example
report and guidelines which can also be found on the sharepoint site.
5.15 Interview Notes
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
19
CONFIDENTIAL
5.15.1 In the majority of cases at initial submission, the Notes of interview need
to be a brief account of the interview and any significant comment. It is
therefore good practice to write down a note of the interview and generally
what was said on completion.
5.15.2 An example note could be: throughout the interview the subject stated that
he had borrowed the money to make up a shortfall and when challenged
over this accepted that it was wrong / dishonest to take the money.
5.15.3 No comment interviews should not be transcribed. Unless there is a very
good reason for a full transcript, in the majority of cases for the initial
submission a note of interview will suffice.
5.15.4 Where the prosecuting lawyers request a transcript as part of the advice
process or for preparation for committal proceedings it will be completed
by the typist, checked and sent by the Security Manager.
5.15.5 Where appropriate to transcribe the Audio recording of an interview the
request should be sent to the typist. An email should be sent to
The email should also be copied to the FI at
“énisiire return of the CD.
5.16 Statements
5.16.1 In all instances the following standard statements should be taken and
submitted with the green jacket.
First Officer Statement
Second officer Statement
Horizon System Statement
SPMR Contract Statement
Lead Auditor Statement
5.16.2 In the course of an investigation other statements may need to be
acquired, these could be statements to describe a particular process such
as how to carry out a particular transaction. If the Post Office Legal and
Compliance Team (POLCT) consider that such a statement is required to
progress the prosecution they will send an advice requesting this further
information.
5.16.3 Where statements can be taken over the telephone this should be done to
save time, resources and it must be encouraged. Statement taking over
the telephone is a modern and accepted practice.
5.16.4 Rather than a hand written Section 9 statement, there is no reason why a
draft statement cannot be prepared in note form. The statement can then
be typed up subsequently, with any changes, clarification or ambiguity
amended. It is vital that the original notes are retained. On typing up the
statement it can be sent to the recipient for checking and amending. Once
agreed, the statement must be signed and sent back to the Security
Manager.
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
20
CONFIDENTIAL
5.17 Business Failings
5.17.1 If business failings or procedural weaknesses are identified this should be
completed on the relevant tab of the new case raised form and emailed to
all stakeholders including Commercial Security. This should be printed off
and associated in appendix C of the file.
5.18 File Construction
5.18.1 A Green Jacket should be constructed as per the following guidelines.
5.18.2 Case files will include a schedule of unused non-sensitive material and
unused sensitive material [Public Interest Immunity, Legal Privilege and
documents that may highlight the methods used for investigation] The
Appendix “C’” in the case file will be retained by the Security Manager as
oppose to submitted with the file. Where solicitors may wish to examine
any unused material it should be requested and sent by the Security
Manager.
5.18.3 The body of the file.
Case Raised Front Sheet
Event Log [added to as the case progresses to conclusion]
File Contents Index
Case File summary; numbered paragraph.
Index of Statements (Actual Statements in Appendix A)
Interview Summary
Index to Exhibits
Unused Material list [This negates the need to submit Appendix C and fill
the file with emails. The unused material list can be added to as the case
progresses]
5.18.4 As a general rule Appendix; A = Witness Statement B = Evidence C =
Other material
5.18.5 Appendix A
e Typed Witness Statements
e Summons Documents
5.18.6 Appendix B
POLO01
Evidence
Notebook Entry
Search Documents
Working Tapes
PNC check results (include no trace replies)
5.18.7 Appendix C (Appendix C should be collated, but NOT be submitted with
the file when sent to Post Office Legal an Compliance Team)
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
21
CONFIDENTIAL
Stakeholder Notification
HR Printout
Assistant List
Interview Letter
POL003
Business Failings
Discipline Report
Antecedents
NPAO1
5.19 File Submission
5.19.1
5.19.2
5.19.3
5.19.4
5.19.5
5.19.6
5.19.7
R. King
100214
Cases for Advice. In some instances where the Security Manager is
unsure on the strength of the evidence the case can be submitted to the
POLCT for advice. The POLCT will apply the evidential test and will
advise on the next course of action such as further statements or case to
be closed.
On completion of the file, it will be submitted to the Team Leader for
checking, signing off and forwarded to the POLCT via registration. Should
further investigation be deemed necessary at this stage, the file will be
returned to the Security Manager. Where a request is made from POLCT
for further enquiries, the team leader will be copied into the relevant email.
It is imperative that the progress of enquiry document is comprehensively
kept up to date and copies of any generated emails saved. These can be
inserted into the file in appendix C when the enquiries are complete.
Should advice be sought from Cartwright King solicitors, the Team Leader
and POLCT will be copied into any requests for further evidence. The
details of investigation log must be maintained and copies of emails
retained. On completion of the enquiry, the green docket case file will be
sent to the Security Manager for copies of any emails to be inserted along
with the progress of investigation log prior to final submission to Head of
Security via the Team Leader.
Each case file should the follow the stated process:
Security Manager > Team Leader > Post Office Legal and Compliance
Team > Cartwright King > Head Of Security > Team Leader > Security
Manager
Security Manager > Team Leader
Once the file is ready for submission the Security Manager should send
the green jacket to their Team Leader for review. The Team Leader
should sense check the case file and ensure it is evidentially robust and
properly constructed. The Security Manager should send electronic
copies of the case summary report, audio transcripts and discipline
report to Post Office Security.
Team Leader > Post Office Legal and Compliance Team
AA Conduct of Criminal Investigation Policy v3
(3)
POL00027863
POL00027863
22
CONFIDENTIAL
The Team Leader will then forward the file to the POLCT. The file will be
reviewed by the POLCT and a decision made whether further
progression be made with the case. If the decision is No Further Action
the file is returned to casework at that point. If the POLCT decides that
further enquiries are required this will be forwarded to the Security
Manager including Casework and the Team Leader.
5.19.8 Post Office Legal and Compliance Team > Cartwright King
If the decision is to proceed with the prosecution case the file is the
forwarded to Cartwright King for advice on charges. (In some instances
POLCT will put charges together).
5.19.9 Cartwright King > Post Office Legal and Compliance Team
Cartwright King will prepare advice and charges for the case (or advise
no further action). If further enquiries are required they will contact the
Security Manager direct, copying in the team leader and send an advice
detailing the further enquiries. The advice along with charges and case
file is then sent back to casework.
5.19.10 Post Office Legal and Compliance Team > Head Of Security
The file is then forwarded to the designated prosecution authority (DPA)
for authority to proceed. The DPA will review the case file and decide
whether to proceed with the advice from the POLCT and Cartwright King
or whether to take a different course of action. The authority to proceed
(or other instruction) will be inserted into the case file.
5.19.11 Head Of Security > Team Leader
The file is the forwarded back to the casework team.
5.19.12 Team Leader > Security Manager.
The file is returned with advice and charges submitted in the case file for
the Security Manager to proceed.
5.20 Summons
5.20.1 If advice from Cartwright King or the POLCT is to prosecute and the Head
of Security has given authority to proceed, then the Security Manager
needs to obtain a summons.
5.20.2 The Security Manager will make contact with the relevant Magistrates’
Court to set a date for the suspect's first appearance at court.
Summonses are also applied for. Upon receipt of the summonses the
Security Manager will serve the summonses by way of posting them to the
Person Concerned using the Royal Mail Special Delivery service.
5.20.3 Set a Court Date
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
23
CONFIDENTIAL
e Contact the Magistrates court where the offence took place and confirm
that court deals with the matter and the address where the summons are
to be sent for signature
e Contact listings and inform them you are a private prosecution — (certain
courts have set days for non-police prosecutions)
e Obtain a date normally six weeks from date of request but no more than
8 weeks
5.20.4 Acquiring Arrest Summons (AS) Number
e Update the front of the NPAO1 with the date of the court hearing and the
details of the court
e Complete the offence and the method used in offence section on the
front of the NPAO1
e Email the updated NPAO1 to the casework team. The casework team will
apply to the relevant police force for an AS Number which is required for
the court to sign the summons. The AS number will be emailed back to
the Security Manager within a few days of the submission of the NPA01
(different police forces work to different timescales to times will vary)
5.20.5 Applying for the summons.
e Prepare three copies of the summons
e Prepare one information sheet
e Send to the court for signature with covering letter — all three copies of
the summons should be signed and returned
¢ Court will retain the information sheet
e Inform the agents Solicitors appointed by POLCT of the time and date of
the court appearance
5.20.6 On receipt of the summons
e Take a photocopy of the defendant’s copy of the summons
e Send the original copy of the defendants summons together with a
POL044 (Charge or summons notice) and a copy of the means form
e Summons can be either served personally or via Royal Mail Special
Delivery to the person concerned
5.20.7 Once conformation has been obtained that the summons has been
received POLCT and Cartwright King must be informed. The back of the
defendants photocopied summons should be endorsed with the following:
I certify that today, (date), I personally served a copy of the summons
upon (Name), the defendant named overleaf.
Or
! certify that a copy of the summons overleaf has been served upon
(Name), the defendant named overleaf. The summons was sent via Royal
Mail Special Delivery (number) and was delivered (date and time).
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
24
CONFIDENTIAL
5.20.8 Prepare and send to POLCT a covering letter confirming the summons
has been served, together with a copy of the POL033 and any TIC’s by
post. Update the front of the NPA form with the summons was applied for
and the date the summons was served. Complete the offence and the
method used in offence on the front of the NPA01.
5.20.9 Email Casework team and POLCT the confirmation of service letter
together with the NPA0Q1. If the case is a Fl case then the FI should be
copied into the email.
Copies of the summons go in Appendix A of the file.
5.21 Committal
Committal Checklist
POLOO6B Self Disclosure
POLO06c Schedule of non-sensitive unused material
Sensitive Material
Continued Disclosure Report
Witness List
Witness Address
Witness Non Availability
List Of Exhibits
Memo to POLCT
5.22 CASE CLOSURE
5.22.1 On completion of the investigation, it is vital that a review of the root cause
of the investigation is undertaken by the Security Manager. It is important
to ascertain whether any system processes, integrity of the financial
commercial product, technical issues, training delivered or procedures
may have provided an opportunity to commit the offence. Equally
important, the vulnerability of the product or process in its current form
and likelihood of similar offences being committed in the future needs to
be considered. A comprehensive report outlining the cause of the offence
will be submitted to Commercial Security at the conclusion of each
investigation.
5.22.2 As part of the Post Office retention policy, case files must be archived and
retained for at least 7 years.
5.22.3 Case closed Notification.
e In all cases where a decision is taken to close a case it must be
authorised by the Security Managers Team Leader
e The Case Closed notification should be completed and emailed to the
Security Managers Team Leader, Post office Security all major
stakeholders and the Commercial Security team
e As much detail as possible should be included in the case closed
notification explaining the decision for the course of action taken
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
25
CONFIDENTIAL
e In some instances a case will be closed with no green jacket, this could
be a case where the matter was dealt with under conduct and no
criminality identified. If there is no green jacket this should be highlighted
on the case close notification and also annotated at the top of the email
to Post office Security
6 Conclusion
6.1
One of the key programmes of the Security Operations strategic plan for
2013 has been the case file review. Separation from Royal Mail Group has
presented opportunities to shed outmoded investigation practices and tailor
processes that not only meet the current needs of the business, but
challenges us as a team to work smarter, and deliver a professional,
comprehensive and fair investigation in a timely manner. It is likely that
security will continue to focus on the fairness, evidential quality and
professional standard of criminal investigations, completion of the
investigation review, which serves as a guide to Security Managers in the
conduct of their investigations is a timely document which embodies the
ethos of Care, Challenge and Commit.
7 Compliance
7.1
Post Office Security Operations Management will regularly assess for
compliance against this policy. Any violation of this policy will be
investigated and if the cause is found to be due to wilful disregard or
negligence, it will be treated as a disciplinary offence. All disciplinary
proceedings are coordinated through the Human Resources Department.
R. King AA Conduct of Criminal Investigation Policy v3
100214 (3)
POL00027863
POL00027863
26