POL00094143
POL00094143
@
Conduct of
Criminal Investigation
Policy
POL00094143
POL00094143
Table of Content
1 Introduction
2 The Purpose
3 Case Raised
4 Event _Log
5 Supervision_of Investigation
6 Investigation
7 Enquiry Type
8 — Interview Framework and Timescales
9 Evidence
10 Background Checks
11 Planned Operation Risk Assessment
12 Interview
13° Searches
14 Notebook
15 Post Interview
16 Interview Notes
17 Searches
18 Notebook
19 File Construction
20 File Submission
21 Summons
22 Committal
23 Case Closure
24 Conclusion
25 Compliance
wee eee ee eee eee
POL00094143
POL00094143
Glossary of Terms
AE Application Enrolment Identity
AS Arrest Summons
ATM Automated Teller Machine
ccTv Close Circuit Television
DPA Designated Prosecution Authority
DVLA Department of Vehicle Licencing
DWP Department of Working Pensions
ECF Event Capture Form
FES Financial Evaluation Summary
FI Financial Investigator
HP Hewlett Packard
H&S Health and Safety
HSH Horizon System Helpdesk
NBSC Network Business Support Centre
NFSP National Federation of Sub Postmasters
NPA Non Police Authority
PACE Police and Criminal Evidence Act 1984
PAH Primary Account Holder
PEACE Planning, Engage and Explain, Account, Challenge, Evaluation
PNC Police National Computer
POCA Post Office Card Account
POL Post Office LTD
POLCT Post Office Legal and Compliance Team
PORA Planned Operation Risk Assessment
SecOps Security Operations
SPMR Sub Postmaster
TC Transaction Correction
I
POL00094143
POL00094143
SOURCE
Audit Shortage
Grapevine Team
Contract managers
Client e.g. DVLA - DWP - AEI
Commercial Team
Police
Further enquiries to be
made. File returned to
Team Leader
Further Enquiries to be
made. File returned to
Timinal Law Team.
Team Leader informed
Further Enquiries to be
made. File returned to
Cartwright King.
Team Leader/ Legal
informed
Proceed To Prosecution
Phase 2 File Completion
Further Action
<~_
Further Action
<—_
Further Action
<—>
Case Raised
Case assigned to Security
Manager. Is there
evidence to proceed?
Interview and
Compile Evidence
Case Preparation
Phase 1 MG Format
Team Leader to Review
the Case File, Proceed
with case?
Criminal Law Team to
review the Case File.
Proceed with Case?
Cartwright King to
produce Charges?
YES
Head of Security to
authorise prosecution?
No Further Action
case to be closed.
No Further Action
case to be closed.
POL00094143
POL00094143
1. Introduction
14.
1.2.
13.
14.
Properly conducted investigations form a key part in our strategy in protecting
assets and reducing loss. If poorly managed, an investigation can lead to
increased risk of future loss and significant damage to the corporate brand. In
commencing any investigation we need to consider the impact in terms of the
protection of business assets and limiting potential liabilities weighing against
the reputation of the organisation or damage to the brand should the
investigation fail. Post Office Security is almost unique in that unlike other
commercial organisations we are a non-police prosecuting agency and are
therefore subjected to the Codes of Practice and statutory requirements of the
Police and Criminal Evidence Act.
There is another anomaly that sets us aside from other commercial
investigators. Of our 11,800 branches, only 370 are currently staffed by
employees of the Post Office. In the majority of cases branches are either
Franchisees or Agents who receive remuneration. As neither is deemed to be
employees of the Post Office, the usual practices and procedures of an
employer employee investigation do not apply.
In cases where fraud is uncovered and good evidence of criminality exists, a
criminal investigation will invariably commence. At the same time Post Office
Contract Advisors have the responsibility to ensure that any contractual
breaches are investigated and impact on the business is minimised. As a result
close communication needs to be maintained between the Security Manager
investigating the criminal investigation and the Contract Advisor who needs to
maintain Post Office services. If this relationship is robust then sound decisions
can be made with the benefit of all the facts and evidence shared to ensure
that there is a successful outcome to the investigation that benefits the
business.
With the stakes so high, the department must be seen, internally as well as
externally, to be acting fairly, appropriately and within the law. The
investigation needs to be properly conducted to establish evidence that will
support a successful criminal prosecution.
2. The Purpose
24.
This guide been prepared as part of the case file review and is intended to
support Security Managers from the commencement through to the
conclusion of the investigation. Included in the document is comprehensive
guidance of the process including key points to consider at various stages of
the investigation.
POL00094143
POL00094143
2.2.
Prior to commencing an investigation the Security Manager will have to
consider:
The seriousness of the allegation
The level of criminality
Any contractual, compliance or regulatory concerns
The potential to damage the reputation of the Post Office
The expectations of key stakeholders.
3. Case Raised
3.1.
3.2.
3.3.
3.4.
3.5.
Cases are raised from various sources, in each instance the information is
passed to the relevant operational Team Leader who will evaluate the
allegation and decide whether or not a case should be raised.
A shortage at audit will result in the completion of an Event Capture Form
(ECF) report by the lead auditor. The ECF report is then emailed through to
the Post Office Security Casework Team. On receipt of the ECF (where a
suspension has taken place), this is passed onto the relevant Team Leader
who will make the decision whether to raise a case or not. If this is an
immediate open enquiry the case will be raised before the ECF is received.
All losses where a suspension has taken place are raised this way, although
the loss is not always due to criminal activity. The Team Leader should review
the circumstances surrounding the audit shortage and assess whether an
investigation is the most suitable course of action.
The following are examples of types of audit shortages.
Cash Shortage at Audit No Explanation
Cash Shortage at Audit Comments made at audit
Cash Shortage - member of staff (Not the SPMR) suspected of criminality
Cash Shortage - Loss hidden Transfers
Cash Shortage - Loss hidden Remittances
Cash Shortage - Loss hidden Giro Suppression
Personal Cheque in Drawer
Cash Shortage in ATM
Cash Shortage in Lottery
Post Office Card Account (POCA) cases; On occasion, the Hewlett Packard (HP)
Call Centre is contacted by customers who claim they are victims of fraud.
The Post Office Card Account Primary Account Holder (PAH) may identify
persons who they suspect have defrauded them and on occasions they are
staff or Agents of the Post Office. The PAH allegation will be received through
the HP Call Centre who, working on behalf of Post Office Ltd, manage the day-
to-day POCA service. HP operators are requested to record as much detail as
6
3.6.
3.7.
3.8.
3.9.
3.10.
3.11.
POL00094143
POL00094143
possible and report the allegation to Post Office Ltd Security, Details of the
complaint will be passed onto the Team Leader. On receipt, the Team Leader
should make an assessment on the validity of the claim. Should they find no
reasonable grounds to support the claim they should return it to the Admin
and Support Team within 5 working days with ‘NO CONCERN’ annotated in
the Security Comment box. In the event the case is worthy of further
investigation they are to request a case number and pass to their Team for
investigation.
Cases can be raised in relation to a specific client; these can come from
various sources such as direct from the client via the Commercial Security
Team, a complaint from a customer or analysis from the Grapevine Team. In
each case the request is emailed to the Team Leader to review the details and
assess whether an investigation should take place. Post Office Ltd has a
massive client base; the following are sources from where cases are usually
Taised.
DVLA
Royal Mail
DWP
Government Services
AEI Machine
eoeoeee
Cases also can be raised from various other sources including.
Crown Office Issues / Loss
Suspicious Transactions
Remuneration
Contracts Manager
Police Request
These types of enquiries are sent to the relevant Team Leader who will make
the decision whether to raise a case or not. The Team Leader informs the
Casework Team via email that a case is to be raised and which Security
Manager has been nominated to deal with the case.
The Casework team then complete the new case raised document and email
this to the security manager along with any ECF or audit reports which they
have received.
The stakeholder Notification forms part of the New Case Raised Document.
Within this document details of all stakeholders are listed.
Once a case has been raised the Stakeholder notification should be emailed to
all stakeholders, casework team and Team Leader as soon as possible. The
POL00094143
POL00094143
Security Manager should ensure that as much detailed information is included
on the stakeholder notification.
3.12. Communication with the commercial team is essential. It is important to
ensure that all stakeholder updates throughout the investigation are copied to
the commercial security team.
3.13. A copy of the stakeholder notification should be printed; this is associated in
Appendix C of the case file.
4. Event Log
4.1. — All activities undertaken during an investigation should be recorded on the
event log; this should also include reasons for any delay in the progression of a
case.
4.2. The event log should be printed out and submitted with the green jacket. This
should be updated and a new event log entry inserted at each stage of the
investigation.
5. Supervision of Investigation
5.1. The decided course of action needs to be proportionate and necessary. It may,
if the circumstances warrant be more appropriate to consider other actions
that could be done that don’t necessarily lead to a criminal investigation.
Examples include pursuing a civil enquiry for breach of contract, civil debt
recovery, training review refresher, briefers, additional auditing, a caution,
warning letter and or NFSP engagement. Some of these possible outcomes
may not be obviously apparent until the subject is interviewed, although they
should be built into the process at this early stage. Close communication and
co-operation with key stakeholders is essential to ensure that a proper and
considered course of action is taken.
5.2. Proper consistent supervision is vital to ensure that cases are thoroughly
investigated and submitted in a timely manner. Team leaders with the support
of the Financial Investigators need to quality assure the investigation making
sure prior to initial submission that all available evidence has been gathered.
5.3. From the point the case is first raised Tearn Leaders should give due
consideration to the merits of a criminal investigation.
6. Investigation
6.1. It is important to consider the aims, objectives and scope of the investigation.
Not all Post Office investigations are criminal; the Security Manager may be
called upon to investigate employees under the grievance and disciplinary
8
POL00094143
POL00094143
6.2.
6.3.
64.
65.
6.6.
6.7.
procedure. It is important to determine what type of investigation is required,
what time frames are in place, available resources and what other issues may
affect the conduct of the investigation. An example may be a flag case with
potential to damage the reputation of the business where senior stakeholders
have an on-going interest in the progress of the investigation.
When a case is raised the Security Manager needs to prepare an investigation
plan which will outline the terms of reference in the way the investigation will
be conducted. Points to consider include:
Risk assessment
Duty of care
The source of the investigation
Statutory, regulatory or compliance considerations
Impact on the organisation
Media
Timeframes
Immediate open enquiry
In all cases stakeholder engagement is essential, updates to stakeholders
should be sent on a regular basis especially at relevant milestones such as
interview, file submission and summons served. For high profile cases such as
crown office losses updates should be more frequent and include key senior
stakeholders in the relevant directorate.
For cases raised due to audit shortage, communication with the auditor on the
day of the loss or as soon after the case is raised is essential to gain an
understanding of the loss and to ensure they will send all audit documentation
(original documentation) to the Security Manager.
In all cases where a loss has been identified and a SPMR has been suspended
a case conference should be arranged with the contracts manager at the
earliest opportunity. This is essential and allows for an exchange of
information and understanding of expectations and direction the contract
manager is planning in relation to the conduct. The contract process can be
found in Appendix A.
There may be occasions where criminality is suspected that a request is made
directly to a contract manager to consider suspending the SPMR. In these
circumstances the Security Manager must provide a detailed explanation
outlining the rationale supporting the request. A record must be kept of this
decision which may at some future stage have to be justified in court
proceedings.
The Security Manager has been tasked to prove or dispel the allegation. In
criminal cases where the burden of proof is beyond all reasonable doubt, it is
POL00094143
POL00094143
6.8.
6.9.
necessary to draw on all available evidence which is likely to substantiate the
allegation. In cases concerning the Horizon system, it is important to establish
the level of training the subject received, when this was received and action
the subject took to remedy any identified faults. A key point to cover template
has been produced to ensure that Security Managers establish these facts
during the interview process. As part of the evidence gathering process, the
Security Manager can collect evidence from various sources including:
Statements from witnesses [current, previous members of staff]
Expert witnesses
Post Office accounting and HR databases
Contract Advisor database
CCTV
Banking records
Telephone records
Interviews with suspects
Alarm Data
{t is vital that all available witnesses are interviewed. If there is a good reason
for not doing so this must be recorded in the progress of investigation log.
The Security Manager must not overlook the fact that a fair investigation is
there to establish the truth as well as substantiate the allegation, so it is
important that any evidence uncovered that may support the subject's position
is also recovered. It is important to document every action, decision and
reason for decisions being made during the course of the investigation.
7. Enquiry Type
74,
7.2.
73.
7A,
Immediate Open Enquiry. Where immediate response is appropriate and few
pre-interview enquiries are needed or practicable.
Major Enquiry >£15,000 (or major customer / client / reputation impact)
where immediate response is not possible due to the requirement to perform
pre-interview enquiries / analysis.
Standard Enquiry. All other enquiries not included in the above - where
immediate response is not possible due to the requirement to perform pre-
interview enquiries.
Liaison. Any case where liaison with another investigative body conducting
enquiries into criminal activity at Post Office Ltd branches.
10
POL00094143
POL00094143
8. Interview Framework and Timescales
8.1.
8.2.
8.3.
84.
8.5.
8.6.
8.7.
8.8.
8.9.
All significant steps in the investigation including any lengthy delays in
concluding the enquiry need to be recorded. The progress of investigation
document will eventually form part of the unused material and should be
produced with the file. The details of investigation need to be sufficiently
informative although an element of objectivity needs to be applied.
Significant points can become critical should the enquiry concem non
availability of witnesses, external stakeholders or any other influential factors
which may force undue delay.
A culture needs to be embedded where Security Managers are aware and fully
understand the importance of providing a comprehensive chronological
account of an investigation, not merely to avoid undue criticism, but also
where there could be an issue with the case at some later stage which may
undermine the likelihood of successful prosecution.
Interview Date. Person concerned should be contacted and Interview should
be arranged without delay. Timescales will depend on preparatory work that
needs to take place prior to this. Good Evidence Takes Time. In complex cases
there may be a need to conduct a preliminary [holding] interview with a more
detailed interview taking place when further enquiries have been completed.
Immediate Open Enquiry. Interview on day of notification (where possible)
minimum within 48 hours and case submitted to normal report timescales (12
days).
Major Enquiry. Case to be at “person concerned” interviewed within 1 month
of case raised.
Standard Enquiry. Case to be at “person concerned” interviewed and
submitted / closure stage within 2 months of raise. Should enquiries indicate
increased loss or impact, status must be amended to Major Enquiry
immediately.
Liaison. Regular contact should be maintained with the authority (Police, Royal
Mail, DWP) dealing with the case.
After the first month the Security Manager should discuss the case with their
Team Leader and a way forward agreed, this will ensure that the liaison case
is progressed.
41
POL00094143
POL00094143
9. Evidence
9.1. Good communication with the audit team is crucial to ensure evidential
resilience in relation to the continuity of exhibits. Every effort must be made to
ensure that the person finding is the person exhibiting and original documents
that will form the evidential basis of the case are retained until collection. The
continuity will be stronger if the documents seized are secured and handed
over against a signature. In circumstances where the only viable way is to
send the documents through the post they should be sent by the Auditor to
the named Security Manager by Special Delivery.
9.2. Auditors are to be encouraged to record any significant comment made in the
course of the audit either unsolicited or in response to a reasonable question
to complete the audit such as “I have checked the money in the safe and there
appears to be a shortage, is there any money stored elsewhere that needs to
be checked?” . In the case of the unsolicited comment, the auditor should
record this ie. “I know you will find a shortage, I borrowed the money”.
However any further question such as “why” would constitute an interview and
the Auditor must refrain from asking such questions.
9.3. In such cases, the Auditor should inform the subject that their comment will be
recorded but any further questions concerning the comment may be
conducted under caution by a Security Manager where the subject has been
accorded their rights. This should not distract from the role of the auditor and
questions around should still be asked to verify financial assets due to Post
Office Ltd.
9.4. In cases where the subject wishes to make comment, the Auditor again should
record the initial comment, advise the subject as above and if they continue,
note in the record, that the person concerned was advised that they would
have the opportunity to be interviewed by a Security Manager under caution
at a later stage. THEN CONTINUE TO RECORD THE COMMENT. Again any
questions even for clarification from the auditor would constitute an interview
and could/would render the evidence inadmissible so the Auditor must refrain
from asking such questions.
10. Background Checks
10.1. Local Management Checks; Contact with the contract manager is essential;
they can provide the Security Manager with a background on the individual
along with providing all information relating to the branch from their database.
10.2. Training Records. A request for the branch training history should be made to
the Network Support Admin Team email address. This will detail what training
was received for the SPMR when he was appointed to the branch, it will also
show any intervention training requested or delivered for the branch. It is the
12
POL00094143
POL00094143
10.3.
10.4.
10.5.
10.6.
SPMR’s responsibility to train his staff, no records for training (apart from
compliance training) is kept for SPMR assistants.
Post Office Ltd Human Resources Printout. The Sub Postmaster Printout or
employee printout should be obtained for all cases by emailing Human
Recourses using the HR Assistant Checks email address. This document can
provide the following information -
e The subject's personal details, such as NI number, home address, bank
account(s), next of kin
e Date the SPMR was appointed
¢ Claims data (i.e. holiday pay) & dates the SPMR was on holiday.
© The full SPMR file can be requested by emailing ‘Contract Admin Team’
P356 Assistant List. The P356 Assistant list should be requested at the same
time as the HR Printout from the HR Assistants Check email address. This
report can provide the following information
Name, date of birth and NI number
Persons registered to access Horizon (users), at that Post Office
The Horizon user's identities for each assistant
Whether the assistant is a permanently employed or temporary/holiday
relief.
e Date the person was activated to use Horizon and the date users were
removed from the Horizon system
SPMR Remuneration. The remuneration from a particular branch can be
obtained via an e-mail to HR Agent Remuneration.
Police National Computer (PNC). Post Office Ltd PNC checks can be made for
intelligence gathering purposes in respect of individuals and vehicles suspected
or known to be involved in crime against the Post Office Ltd. Examples of
authorised use are as follows:
e To assist authorised personnel with intelligence gathering around individuals
suspected/ known to be involved in committing criminal offences
¢ For operational Health & Safety considerations and evaluations prior to the
engagement with the person concerned as part of the operational risk
assessment
* To obtain previous conviction details of defendants and witnesses for cases
being prosecuted by Post Office Ltd
¢ To establish intelligence with regards to vehicles and occupants suspected to
be involved in criminal activity against the Post Office
¢ To identify the registered keeper of vehicles connected to the address of a
suspect/known offender involved in criminal offences against the Post Office
Ltd
13
10.7.
10.8.
10.9.
10.10.
POL00094143
POL00094143
Do not conduct checks for the following reasons:
e Unsubstantiated allegations about an individual
e “Fishing trips”, for example blanket checking vehicles or persons such as all
vehicles in a staff car park in an effort to identify a suspect's vehicle
¢ To identify ownership of a vehicle in accordance with Proceeds of Crime Act
Equifax: Security Managers can rely on Equifax to provide the following
information:
Personal details
Addresses
Court and Insolvency Information, (ie. county court judgments)
Alert Indicators (Office of Foreign Assets Control)
Alias and all names used
Associates
Electoral data confirmation
Credit transactional activity, including the client and transactional history
Record of searches done by Equifax clients, (ie. banks and retailers)
Property valuation
Additional addresses-linked addresses
Directors data
Commercial searches, (i.e. valuable data relating to the subject's business)
eoececeeer ee ee eee
Land Registry. Security Managers have access to the Land Registries in
England and Wales, Scotland and Northern Ireland. Most searches take
between a few minutes to a few days, depending on the registry. Obtaining the
subject's full address is important. Land Registry can provide the following
type of information/data:
The owner(s), type of ownership & address
The value of property
An extract of the official Title Deed
Copy of the Title Register, Title Plan
Registered Old Deeds, including historical editions of the register and title
plan
e Any charge on the property, and the relevant financial institution
(mortgage.)
Network Business Support Centre (NBSC) Call Logs. NBSC call logs can be
obtained by emailing the Branch and IT System Team at Dearne House. These
logs will detail all calls made by a branch into the NBSC. These logs can be
very useful where a SPMR or employee claim that they have reported the loss
or incident.
14
POL00094143
POL00094143
10.11.
10.12.
10.13.
10.14.
Credence; is a tool used to analyse detailed transactional data from a
particular branch. This is useful to prove details of particular transactions or
events. Only data, up to 90 days, can be extracted and analysed by Post Office
Ltd Security. An application to Fujitsu will turn the MI data into
data/documentary evidence for use in the criminal courts. Older historic data
can also be obtained. Fujitsu will only provide a witness statement relating to
the authenticity of the data only, not the specific transactions relating to your
enquiry.
ONCH. The Cash Management team can provide Over Night Cash Holdings
(ONCH) data for a specific branch. This data gives in depth cash analysis for a
branch including what denomination of notes a branch has declared on a given
date along with cash remittances in and out. A request for this data can be
made to the Retail Cash Management Team who will highlight any concerns
they might have with the branch. The same information can be requested for
Foreign Currency holdings.
Full Rota Check. A ‘full rota check’ allows for a full data search for a specific
branch relating to transaction issues. This can include any transaction
corrections (TC's) scratch card, remittances, stock adjustments and other
specific office's products. This check can be arranged via Post Office Ltd
Security Grapevine strand, Analyst & Support team in Chesterfield.
Alarm data. Obtaining alarm data from ROMEC can be a useful tool in
determining access to the Post Office secure area and safes. Data around
perimeter and safe set / unset times can be interrogated to assist in the
investigation.
11. Planned Operation Risk Assessment (PORA)
111.
The PORA process is mandatory in any Post Office led investigation which may
involve a planned interview under caution or premises search. A PORA is
required for each subject involved in the investigation, In order to manage the
risks effectively Security Managers should conduct any risk related intelligence
checks and/or enquiries that they feel are necessary as part of the PORA
process. The following checks are available and thought to be the most
relevant to Post Office Security cases:
¢ Local Management check: This may also identify other information such as
health issues, including suspected drug or alcohol habits, or outside interest’s
e.g. domestic circumstances which may impact on H&S
¢ PNC Individual checks: This may identify “warning” indicators or previous
convictions of both suspects and others at the address. It may also identify
other information which impacts on H&S such as any history regarding the
certification (or refusal) of firearms or orders recalling persons to hospital
4s
POL00094143
POL00094143
11.2.
11.3.
e Full Equifax check: This check can be used to identify current occupants at
an address to be searched or visited. A “Full Investigation” Equifax check
should be undertaken
e PNC Vehicle check: This can reveal registered keepers of vehicles at a
specific address
e Land Registry checks: These will identify the owner of property
e Local Police Intelligence check: May identify risks regarding the suspect or
other incidents or persons at the address(es) and the geographical area(s) to
be visited. It may also identify other law enforcement interest
Risk Score. Where any risk is assessed as High, a Senior Security Manager
should be consulted and the assistance of the Police sought before any
investigation activities which bring Security Managers into contact with the
subject are commenced.
Where the Planned Operation is assessed as Low or Medium risk, line
manager's authority must be obtained before any Security Manager activities
which bring Security Managers into contact with the subject are commenced.
12. Interview
12.1.
12.2.
12.3.
Where the rights of a lawyer to be present are offered to the subject who
wants their own solicitor and they are not available, consider your position in
terms of recovering evidence and not compromising the investigation. In this
instance inform the subject that as their lawyer cannot attend within a
reasonable time, arrange for the subject to be arrested and booked in at the
local police station where a solicitor from the nominated list or the duty
solicitor can be offered.
Reasonable time may differ depending on the circumstances and any action
taken needs to be justified and documented. It is likely that an explanation for
this course of action will be required at court. A rule of thumb is what the
average lay person may consider reasonable given all the facts. It is important
to note that the need to gather evidence and investigate the case in a timely
manner is not unduly compromised.
Arrest by the police may be justified on the basis that there are reasonable
grounds to suspect an offence has been committed and there are reasonable
grounds for believing that the arrest is necessary. The statutory criteria for
what may constitute necessity are set out in para 2.9 of Code G PACE. Inviting
the subject to the police station to obtain legal representation may not be
effective as the person concerned is at liberty to leave at any time. The
Security Manager should direct the investigation appropriately to remain in
control of the evidential process without jeopardising the subject's legal rights.
Code G of PACE is laid out at Appendix B.
16
POL00094143
POL00094143
12.4.
12.5.
12.6.
12.7.
Training
Support
Consider maximising the opportunity to capture evidence at the earliest stage,
ie. where there is a significant comment. In more complex cases where a
more in depth interview is required hold a preliminary interview, cover off the
significant comment and hold a second interview at a later stage when more
evidence is gathered. Think of the Golden Hour of capturing the evidence.
Always follow the PEACE model [Planning, Engage and Explain, Account,
clarification and challenge, Closure, Evaluation]. Consider the ingredients of the
offence; dishonestly appropriates property belonging to another with the
intention of permanently depriving the other of it. Ensure that these are
established during the interview. Deep dive into areas where defences are
likely. These can be countered by careful planning and skilful questioning. A
comprehensive guide to interviewing using the PEACE model can be found at
Appendix C.
One on one interviewing should be considered on a case by case basis. There
is no reason why in a straight forward investigation where there have been
admissions and risk is considered low, that a one on one tape recorded
interview should not be considered. This will free up resources and should be
encouraged wherever possible. Clearly in more complex cases, where there is
a need to pre prepare and the nature of the investigation may benefit from an
interviewer with greater subject knowledge, then the interview must be
conducted by two persons. Similarly for training and development purposes.
Should the recent Second Sight review be brought up by a subject or his
representative during a PACE interview the Security Manager should state: ‘I
will listen to any personal concerns or issues that you may have had with the
Horizon system during the course of this interview ‘
The following three areas need to be covered in as much detail as possible at
an appropriate point during all PACE interviews, regardless of whether Horizon
is mentioned or not. Where the case clearly has no link with Horizon (e.g.
theft of mail) then you must gain authorisation from your line manager to
proceed outside of this process.
¢ How long have they worked at the Post Office?
e Had they any previous PO experience?
¢ How long did their initial training last? (Please see guidance below and get
as much detail as possible)
e What did it cover? (Ie. transactions, balancing, ATM, lottery etc.)
e Did they request any follow up training? (If so who with?)
« Was there a period when the accounts balanced? If so, then why did things
run smoothly then?
e Who did they tell that they were having problems?
17
POL00094143
POL00094143
Horizon
12.8.
12.9.
e Why didn’t they request any help?
What support are they aware of (ie. NBSC, HSH, area managers)
Have they contacted the NBSC for support before?
e Have they contacted the HSH before?
e If they believed that there was a fault with Horizon then who did they report
it to and when? If they didn’t report it then why not?
NBSC call logs should be requested for all cases. As should HSH call logs.
Training records for all new cases are automatically sent by casework team.
For info the current standard is:
e SPMR receives 6-8 days of classroom training (this depends on the
products that their office transacts)
e SPMR receives 6 days of onsite training and support including at least one
balance
e SPMR receives an announced visit after one month to provide support, go
through the compliance requirements and for a cash check to be completed
e SPMR receives an announced visit after 3 months for further support,
compliance questions and a cash check
e SPMR receives an unannounced visit after 6 months for further support,
compliance questions and a Financial Assurance audit
13. Searches
13.1.
13.2.
13.3.
In all cases a search of vehicle and premises should be considered. Searches
are conducted by consent and should be conducted in the spirit of PACE where
reasonable grounds to suspect there is evidence on the premises that relates
to the offence.
If the subject refuses to consent to a voluntary search the Security Managers
line manager should be contacted and if required further advice and guidance
sought from the criminal law team.
If the subject refuses to consent to a voluntary search and there are
reasonable grounds to suspect that evidence relating to the offence may be
found, then contact police with a view to arrest the subject. A search can then
be conducted by police following arrest. The Security Manager should agree
this course of action with their line manager and advice sought from the
criminal law team.
18
POL00094143
POL00094143
14. Notebook
144.
14.2.
14.3.
Notebooks are an essential element in a Security Managers toolkit. They are
the recognised and preferred way of recording evidence that is not recorded
elsewhere in a more formal document. They are numbered individually and
are issued to all Security Managers performing investigation duties.
Due to the nature of the information recorded in a notebook it can be
produced, if required by the Security Manager, in a Court of Law. It is
essential that all notebooks be completed with a degree of uniform
professionalism.
General rules
e Make all entries in chronological order
¢ All entries must be made in ink (black preferably)
¢ Any errors must be crossed out with a single line, so that the original entry
can be seen and then initialled
© Do not remove any pages, they are all numbered sequentially
e Do not make additional entries between the ruled lines. If it is of
paramount importance that, if you make an additional entry, make it at the
end of your existing entry explaining why it is not in chronological order
e Asingle line should be scored through any blank spaces or lines
¢ All entries should be signed, timed and dated
¢ All notes made on informal pieces of paper such as newspapers, should be
transferred to the notebook as soon as practicable. The entry should include
why it was not practical to enter the note directly into the notebook. The
Security Manager must retain the original note
15. Post Interview
15.1.
15.2.
15.3.
48 Hour Offender Report: To be emailed to Team Leader, Casework Team,
Financial Investigator (if appointed) Primary Stakeholder within 48 Hours of
the interview.
FES Report: Financial Evaluation Sheet to be emailed to Financial Investigator
within 48 hours of the interview.
Write the Case Summary Report: This is to be written using example report
and guidelines that can be found on the Secops sharepoint site. The case
summary should be a succinct chronological account of the investigation
highlighting key facts. The rule of thumb is to produce an account which the
reader can quickly digest to get a general overview of the allegation. Key
witnesses and a brief outline of what they say can be included as well as a
synopsis of what was said during interview. The statements, interview record
and exhibit list can be examined should the reader require further information.
19
POL00094143
POL00094143
15.4,
Write Discipline Report. The discipline report to be written using example
report and guidelines which can also be found on the sharepoint site.
16. Interview Notes
161.
16.2.
16.3.
16.4.
16.5.
In the majority of cases at initial submission, the Notes of interview need to be
a brief account of the interview and any significant comment. It is therefore
good practice to write down a note of the interview and generally what was
said on completion.
An example note could be: throughout the interview the subject stated that he
had borrowed the money to make up a shortfall and when challenged over
this accepted that it was wrong / dishonest to take the money.
No comment interviews should not be transcribed. Unless there is a very good
reason for a full transcript, in the majority of cases for the initial submission a
note of interview will suffice.
Where the prosecuting lawyers request a transcript as part of the advice
process or for preparation for committal proceedings it will be completed by
the typist, checked and sent by the Security Manager.
Where appropriate to transcribe the Audio recording of an interview the
request should be sent to the typist. An email should be sent to
cathphilbirt The email should also be copied to the FI at Chesterfield
to ensure return of the CD.
17. Statements
17.1.
17.2.
In all instances the following standard statements should be taken and
submitted with the green jacket.
First Officer Statement
Second officer Statement
Horizon System Statement
SPMR Contract Statement
Lead Auditor Statement
In the course of an investigation other statements may need to be acquired,
these could be statements to describe a particular process such as how to
carry out a particular transaction. If the Post Office Legal and Compliance
Team (POLCT) consider that such a statement is required to progress the
prosecution they will send an advice requesting this further information.
20
POL00094143
POL00094143
17.3. Where statements can be taken over the telephone this should be done to
save time, resources and it must be encouraged. Statement taking over the
telephone is a modern and accepted practice.
17.4. Rather than a hand written Section 9 statement, there is no reason why a
draft statement cannot be prepared in note form. The statement can then be
typed up subsequently, with any changes, clarification or ambiguity amended.
It is vital that the original notes are retained. On typing up the statement it can
be sent to the recipient for checking and amending. Once agreed, the
statement must be signed and sent back to the Security Manager.
18. Business Failings
18.1. If business failings or procedural weaknesses are identified this should be
completed on the relevant tab of the new case raised form and emailed to all
stakeholders including Commercial Security. This should be printed off and
associated in appendix C of the file.
19. File Construction
19.1. A Green Jacket should be constructed as per the following guidelines.
19.2. Case files will include a schedule of unused non-sensitive material and unused
sensitive material [Public Interest Immunity, Legal Privilege and documents
that may highlight the methods used for investigation] The Appendix “C” in the
case file will be retained by the Security Manager as oppose to submitted with
the file. Where solicitors may wish to examine any unused material it should
be requested and sent by the Security Manager.
19.3. The body of the file.
Case Raised Front Sheet
Event Log [added to as the case progresses to conclusion]
File Contents Index
Case File summary; numbered paragraph.
Index of Statements (Actual Statements in Appendix A)
Interview Summary
Index to Exhibits
Unused Material list [This negates the need to submit Appendix C and fill the
file with emails. The unused material list can be added to as the case
progresses]
19.4. As a general rule Appendix; A = Witness Statement B = Evidence C = Other
material
19.5. Appendix A
21
POL00094143
POL00094143
20.
19.6.
19.7.
e Typed Witness Statements
e Summons Documents
Appendix B
POLOO1
Evidence
Notebook Entry
Search Documents
Working Tapes
PNC check results (include no trace replies)
Appendix C (Appendix C should be collated, but NOT be submitted with the file
when sent to Post Office Legal an Compliance Team)
Stakeholder Notification
HR Printout
Assistant List
Interview Letter
POLOO3
Business Failings
Discipline Report
Antecedents
NPAOL
eoeceoe ee eoe
File Submission
20.1.
20.2.
20.3.
Cases for Advice. In some instances where the Security Manager is unsure on
the strength of the evidence the case can be submitted to the POLCT for
advice. The POLCT will apply the evidential test and will advise on the next
course of action such as further statements or case to be closed.
On completion of the file, it will be submitted to the Team Leader for checking,
signing off and forwarded to the POLCT via registration. Should further
investigation be deemed necessary at this stage, the file will be returned to the
Security Manager. Where a request is made from POLCT for further enquiries,
the team leader will be copied into the relevant email. It is imperative that the
progress of enquiry document is comprehensively kept up to date and copies
of any generated emails saved. These can be inserted into the file in appendix
C when the enquiries are complete.
Should advice be sought from Cartwright King solicitors, the Team Leader and
POLCT will be copied into any requests for further evidence. The details of
investigation log must be maintained and copies of emails retained. On
completion of the enquiry, the green docket case file will be sent to the
22
POL00094143
POL00094143
20.4.
20.5.
20.6.
20.7.
20.8.
20.9.
Security Manager for copies of any emails to be inserted along with the
progress of investigation log prior to final submission to Head of Security via
the Team Leader.
Each case file should the follow the stated process:
e Security Manager > Team Leader > Post Office Legal and Compliance Team
> Cartwright King > Head Of Security > Team Leader > Security Manager
Security Manager > Team Leader
e Once the file is ready for submission the Security Manager should send the
green jacket to their Team Leader for review. The Team Leader should sense
check the case file and ensure it is evidentially robust and properly
constructed. The Security Manager should send electronic copies of the case
summary report, audio transcripts and discipline report to Post Office Security.
Team Leader > Post Office Legal and Compliance Team
¢ The Team Leader will then forward the file to the POLCT. The file will be
reviewed by the POLCT and a decision made whether further progression be
made with the case. If the decision is No Further Action the file is returned to
casework at that point. If the POLCT decides that further enquiries are
required this will be forwarded to the Security Manager including Casework
and the Team Leader.
Post Office Legal and Compliance Team > Cartwright King
e If the decision is to proceed with the prosecution case the file is the
forwarded to Cartwright King for advice on charges. (In some instances POLCT
will put charges together).
Cartwright King > Post Office Legal and Compliance Team
¢ Cartwright King will prepare advice and charges for the case (or advise no
further action). If further enquiries are required they will contact the Security
Manager direct, copying in the team leader and send an advice detailing the
further enquiries. The advice along with charges and case file is then sent
back to casework.
Post Office Legal and Compliance Team > Head Of Security
¢ The file is then forwarded to the designated prosecution authority (DPA) for
authority to proceed. The DPA will review the case file and decide whether to
proceed with the advice from the POLCT and Cartwright King or whether to
23
POL00094143
POL00094143
take a different course of action. The authority to proceed (or other
instruction) will be inserted into the case file.
20.10. Head Of Security > Team Leader
¢ The file is the forwarded back to the casework team.
20.11. Team Leader > Security Manager.
¢ The file is returned with advice and charges submitted in the case file for
the Security Manager to proceed.
21. Summons
21.1. If advice from Cartwright King or the POLCT is to prosecute and the Head of
Security has given authority to proceed, then the Security Manager needs to
obtain a summons.
21.2. The Security Manager will make contact with the relevant Magistrates’ Court
to set a date for the suspect's first appearance at court. Summonses are also
applied for. Upon receipt of the summonses the Security Manager will serve
the summonses by way of posting them to the Person Concerned using the
Royal Mail Special Delivery service.
21.3. Set a Court Date
e Contact the Magistrates court where the offence took place and confirm that
court deals with the matter and the address where the summons are to be
sent for signature
¢ Contact listings and inform them you are a private prosecution - (certain
courts have set days for non-police prosecutions)
e Obtain a date normally six weeks from date of request but no more than 8
weeks
21.4. Acquiring Arrest Summons (AS) Number
e Update the front of the NPAO1 with the date of the court hearing and the
details of the court
© Complete the offence and the method used in offence section on the front
of the NPAO4
« Email the updated NPAO1 to the casework team. The casework team will
apply to the relevant police force for an AS Number which is required for the
court to sign the summons. The AS number will be emailed back to the
Security Manager within a few days of the submission of the NPAQ1 (different
police forces work to different timescales to times will vary)
24
POL00094143
POL00094143
22.
21.5. Applying for the summons.
e Prepare three copies of the summons
e Prepare one information sheet
e Send to the court for signature with covering letter - all three copies of the
summons should be signed and returned
¢ Court will retain the information sheet
¢ Inform the agents Solicitors appointed by POLCT of the time and date of the
court appearance
21.6. On receipt of the summons
217.
Or
21.8.
21.9.
© Take a photocopy of the defendant's copy of the summons
e Send the original copy of the defendants summons together with a POLO44
(Charge or summons notice) and a copy of the means form
¢ Summons can be either served personally or via Royal Mail Special Delivery
to the person concerned
Once conformation has been obtained that the summons has been received
POLCT and Cartwright King must be informed. The back of the defendants
photocopied summons should be endorsed with the following:
I certify that today, (date), I personally served a copy of the summons upon
(Name), the defendant named overleaf.
¢ I certify that a copy of the summons overleaf has been served upon
(Name), the defendant named overleaf. The summons was sent via Royal Mail
Special Delivery (number) and was delivered (date and time).
Prepare and send to POLCT a covering letter confirming the summons has
been served, together with a copy of the POLO33 and any TIC’s by post.
Update the front of the NPA form with the summons was applied for and the
date the summons was served. Complete the offence and the method used in
offence on the front of the NPAOQ1.
Email Casework team and POLCT the confirmation of service letter together
with the NPAO1. If the case is a Fl case then the FI should be copied into the
email.
21.10. Copies of the summons go in Appendix A of the file.
Committal
© Committal Checklist
¢ POLOO6B Self Disclosure
¢ POLOO6c Schedule of non-sensitive unused material
25
POL00094143
POL00094143
Sensitive Material
Continued Disclosure Report
Witness List
Witness Address
Witness Non Availability
List Of Exhibits
Memo to POLCT
eooceeeoeve
23. Case Closure
23.1.
23.2.
23.3.
On completion of the investigation, it is vital that a review of the root cause of
the investigation is undertaken by the Security Manager. It is important to
ascertain whether any system processes, integrity of the financial commercial
product, technical issues, training delivered or procedures may have provided
an opportunity to commit the offence. Equally important, the vulnerability of
the product or process in its current form and likelihood of similar offences
being committed in the future needs to be considered. A comprehensive report
outlining the cause of the offence will be submitted to Commercial Security at
the conclusion of each investigation.
As part of the Post Office retention policy, case files must be archived and
retained for at least 7 years.
Case closed Notification.
e In all cases where a decision is taken to close a case it must be authorised
by the Security Managers Team Leader
e The Case Closed notification should be completed and emailed to the
Security Managers Team Leader, Post office Security all major stakeholders
and the Commercial Security team
e As much detail as possible should be included in the case closed notification
explaining the decision for the course of action taken
e Insome instances a case will be closed with no green jacket, this could be a
case where the matter was dealt with under conduct and no criminality
identified. If there is no green jacket this should be highlighted on the case
close notification and also annotated at the top of the email to Post office
Security
24. Conclusion
24.1.
One of the key programmes of the Security Operations strategic plan for 2013
has been the case file review. Separation from Royal Mail Group has presented
opportunities to shed outmoded investigation practices and tailor processes
that not only meet the current needs of the business, but challenges us as a
team to work smarter, and deliver a professional, comprehensive and fair
investigation in a timely manner. With the advent of the Second Sight interim
26
POL00094143
POL00094143
25. Compliance
25.1.
report it is likely that scrutiny will continue to focus on the fairness, evidential
quality and professional standard of criminal investigations. Completion of the
investigation review, which serves as a guide to Security Managers in the
conduct of their investigations is a timely document which embodies the ethos
of Care, Challenge and Commit.
Post Office Security Operations Management will regularly assess for
compliance against this policy. Any violation of this policy will be investigated
and if the cause is found to be due to wilful disregard or negligence, it will be
treated as a disciplinary offence. All disciplinary proceedings are coordinated
through the Human Resources Department.
27
POL00094143
POL00094143