POL00021422
POL00021422
Post Office Ltd - Strictly Confidential
RISK AND COMPLIANCE COMMITTEE
26%" March 2008 - Meeting Ref 05
Chairman:
Peter Corbett
Attendees:
Paula Vennells
John Scott
Lynn Hobbs
Keith Woollard
Shaun Delaney
Luke March
David Pardoe (Secretariat)
Apologies
Alan Cook
Kevin Fairbotham
Martin Ferlinc
SCHEDULE A - SUMMARY OF ACTION POINTS - MEEETING 05 - 26% MARCH 2008
ITEM I ACTION LEAD STATUS
Irrelevant
Page 1
POL00021422
POL00021422
Post Office Ltd - Strictly Confidential
0501
Acti
on
0502
Acti IEnsure that Lynn Hobbs is copied into futureID Pardoe I Done
on R&C arrangements and meeting papers.
0503
Acti IKeith Woollard to ensure that future changes IK Done. Reporting
on to impact / likelihood, are specifically IWoollard I format changed
0504 I highlighted on the “Top Risks” one shot slide.
Acti IKeith Woollard to chase stakeholders forIK Done. Next
on progression around partially deployed controls IWoollard I assessment to be
0505 I - cash supply (forecast & supply) and salary undertaken in Q2
& agent (remuneration & payment).
Acti IFuture losses report to show cleaned data and/K Done. Losses
on factor the £23.8K WH Smith loss at Kings Lynn. IWoollard I reporting data
0506 now aligned with
Clarity P&L
Acti IScope the possibility of splitting the types /IK Work in hand in
on of former Subpostmaster losses to provide IWoollard I Finance to
0507 Igreater clarity between fraud losses and create more
Page 2
Post Office Ltd - Strictly Confidential
POL00021422
POL00021422
other.
detailed loss
report to
support Clarity
PéL
Acti IKeith Woollard to prepare a major update forIK Done.
on the next Committee meeting on activities IWoollard I Presentation to
0508 Ideployed / planned to improve the compliance be provided to
piece.
the Committee
Page 3
POL00021422
POL00021422
Post Office Ltd - Strictly Confidential
Agenda
1. MINUTES FROM LAST MEETING
Meeting Ref 04 - minutes approved.
MATTERS DISCUSSED AT THE MEETING AND NEW ACTIONS
REQUESTED
Finally, Lynn Hobbs was introduced to the Committee as
the GM Network Support and a future meeting attendee;
Page 4
POL00021422
POL00021422
Post Office Ltd - Strictly Confidential
as such a request was made to ensure that Lynn was
copied into all future meeting arrangements = and
supporting papers.
Action 0503
Ensure that Lynn Hobbs is copied into future R&C
arrangements and meeting papers.
2.2 Top Risks - General Indicators of The Control
Environment
Keith Woollard presented the Post Office Limited risk
profile report updated to reflect activities to date.
Keith reiterated that this was a preview of “Top Risks”
which were traditionally taken to the ET Monday morning
meeting. In essence, slide 4 of the pack provided a one
shot overview of the estimated impact / likelihood,
whilst the supporting appendices supplied greater
detail and mitigating actions.
Peter Corbett commented that the one shot slide should
be improved by highlighting specifically where period
to period had seen a shift in either impact /
likelihood of any particular risk. This would then
support ET discussions on the severity of changed
assessments and any supporting activities required.
Action 0504
Keith Woollard to ensure that future changes to impact
/ likelihood are specifically highlighted on the “Top
Risks” one shot slide.
Paula Vennells remarked that risk changes’ should,
additionally, be stated within any summarised version
of the pack intended to support ET discussions.
Turning to emerging risks, then discussions were held
around PostComm recommendations around scoping works
regarding the separation of Group; Peter Corbett
supported the inclusion of this as an emerging risk (in
Page 5
POL00021422
POL00021422
Post Office Ltd - Strictly Confidential
respect of the distraction these scoping works are apt
to bring) and the Committee consensus was that these
matters were being adequately dealt with by Group
Compliance.
Luke March prompted debate around the amount of denoted
risks which appeared to lack true customer focus. Peter
Corbett stated that in fact risks 9 and 10 (capability
to deliver sales and direct channels effectiveness
respectively) were in fact close to the customers’
heart and that any seeming lack of focus was indicative
of the manner in which risks had been articulated.
Discussions were then held around risk management
maturity. Sean Delaney took the Committee through the
“Desired State” slide 6 (2.2) and commented that it was
to be expected that the upper quartile desired state
should show greater shading then those lower in the
chain. Sean went on to remark that in his opinion only
Group Procurement were in better risk managed maturity
state and that a series of activities were planned
(executive coaching, risk awareness and risk
coordinator training) which would strengthen the PO Ltd
position even further. Peter Corbett commented that
the increase in strength needed to come from our
ability to manage risk and not necessarily its
identification.
A brief overview of the deployment of critical business
controls was then presented by Sean Delaney. Sean
commented that since the pack production a number of
controls had progressed. However, Peter Corbett asked
that reminders be issued to stakeholders around the two
partially deployed controls —- cash supply (forecast &
supply) and salary & agent (remuneration & payment).
Action 0505
Keith Woollard to chase stakeholders for progression
around partially deployed controls - cash supply
Page 6
POL00021422
POL00021422
Post Office Ltd - Strictly Confidential
(forecast & supply) and salary & agent (remuneration &
payment) .
2.3 Losses Report
Keith Woollard outlined to the Committee work underway
as regards losses reduction. Peter Corbett commented
that that significant opportunities existed as regards
former Subpostmaster losses. Turning to WH Smith
losses, then Peter remarked that the Kings Lynn loss
was distorting the overall figure and asked that due
regard be taken of this in future Committee losses
reports.
Action 0506
Future losses report to show cleaned data and factor
the £23.8K WH Smith loss at Kings Lynn.
John Scott remarked that not all former Subpostmaster
losses would be attributable to fraud (followed by
contract termination) and that a percentage would
actually be losses which came to light after
resignation / closure. The Committee concurred and
requested that some work be undertaken to provide
greater clarity between former Subpostmaster losses by
fraud and losses through other reasons/
Action 0507
Scope the possibility of splitting the types of former
Subpostmaster losses to provide greater clarity between
fraud losses and other.
2.4 Network Audit Activities
An overview of Network Audit activity was presented by
Keith Woollard. Keith also outlined recent changes in
Audit personnel reporting lines, which would see Lynn
Hobbs take charge of this area of functionality.
Page 7
POL00021422
POL00021422
Post Office Ltd - Strictly Confidential
The 2008/09 Audit Plan was then detailed. In summary,
three broad options were outlined for the 2726
discretionary days which existed once event driven
activity was catered for; option one would see all
Crown Offices audited across a two year period, option
two saw activity driven by existing risk model
parameters and option three activity by level of losses
within the appropriate segments.
Both Keith Woollard and Sean Delaney explained that
opportunities were being examined to further improve
our existing risk models and that this was very much
work in progress.
Peter Corbett made a number of points over the need to
focus on the Crown Office piece and commented that our
past assumption that we could somehow leave the Crown
estate out of the audit equation had appeared flawed.
Additionally, Peter reiterated the need to carefully
monitor assets (including cash holdings obviously
across the Network and that this activity alone could
be a major contributor to ensuring loss minimisation.
John Scott briefly outlined that he planned to see his
team lead an initiative on further reducing Crown
losses (2008/09 by at least 25%) and that he was
pleased to see that consideration was being given to
renewed focus in this area. Keith Woollard concurred
and expanded on option one by saying that this could
well see a first quarter “blitz” on the Crown estate.
Keith Woollard and Lynn Hobbs remarked that the option
one model appeared, at this stage, to be the firm
favourite, albeit with discussion to be held around
account and centrally supported type branches.
Turning to Network Audit activities around compliance,
then the main areas of non compliance with Network were
detailed. Keith Woollard pointed out to the Committee
that the basket of measures across each of the segments
Page 8
POL00021422
POL00021422
Post Office Ltd - Strictly Confidential
continued to reveal standards as low as 80%, with
ongoing issues around Mystery Shopper reported findings
and particularly in respect of identification
requirements for >£5K bureau transactions.
Peter Corbett stated that the results across the board
concerned him and that those within the commercial
segments caused him some real consternation. Peter
asked if it was possible to prepare a major update
piece on activities planned to drive forward 2008/2009
activities aimed at improving the current situation.
Action 0508
Keith Woollard to prepare a major update for the next
Committee meeting on activities deployed / planned to
improve the compliance piece.
2.5 C rime Risk
John Scott presented the Crime Risk elements of the
revised pack. An overview of Supply Chain and Network
burglary & robbery incidences were presented and John
explained that Supply Chain losses were just in excess
of 2006/07 performance. This was indicative of losing
more money per attack and work was ongoing to establish
if this “spike” was indicative of pre-funding over the
IA period or whether ATM location was a factor. Turning
to Network, then year on year performance continued to
improve with 2007/08 figures some 22.7% below the same
time the previous year.
John went on to comment over investment programmes
introduced by competitors (i.e. Smartwater introduced
by G4S) and their apparent successes in reducing
attacks. However, as PO Ltd continued to invest in a
Page 9
POL00021422
POL00021422
Post Office Ltd - Strictly Confidential
variety of initiatives, then it was unlikely that we
would be unduly hit by way of displacement.
A fraud update was detailed which showed YTD fraud
figures of £4.6M captured within 292 raised cases. John
advised the Committee that a Fraud Strand restructure
had seen greater focus placed on the identification and
drive of proactive fraud initiatives, as opposed to
simply delivering traditional investigative casework.
Peter Corbett commented that he fully supported the
approach, but that a number of cases of late had
reiterated that basic control mechanisms appeared
missing. The consensus of the Committee was that there
was a need for a strong and targeted communication
message to be aimed at those branches where concerns
existed. Luke March asked if there was an agreed tenet
and tone for such messages and David Pardoe explained
that the communication issues were work in progress.
Some discussion was held over utilising surplus BDM
resource in the activities to reduce fraud; Lynn Hobbs
explained that this was firmly in scope and that the
surplus BDMs were already being utilised in some of the
surplus ONCH issues.
John Scott then outlined the asset recovery position
YTD; in summary, £1.6M had been recovered against
closed cases and the two trainee Financial
Investigators were performing solidly. Accordingly,
once fully trained the two were expected to increase
recoveries to support 40% 2008/09 recovery targetary.
The 2008/09 Crown loss initiative would see Security
Team personnel target Crown estate losses with a view
to reducing by at least 25%. John Scott explained that
the plan to achieve this relied on better use of WTL
sessions, synergies with the losses & gains policy and
far firmer focus on poorer performing branches.
Page 10
POL00021422
POL00021422
Post Office Ltd - Strictly Confidential
Discussions were held around the open item position of
cheques. John Scott advised the Committee that whilst
no open items over 4 months were present at the time of
reporting, concerns still existed over potential fraud
hidden within delayed / not despatched cheques. John,
outlined a series of activities aimed at reducing this
threat and these ranged from better MI usage, through
to targeted communications to offending branches. It
was reiterated that 1.2M of fraud had been uncovered in
eight cases of fraud alone.
Travel Money Card chargebacks continued to be an issue
and whilst the viability of this product (certainly
within the call centre environment) had been questioned
between Alan Cook and Gary Hockey - Morley, efforts
continued to cap fraud accordingly. In this respect
then it was anticipated that recent changes to debit
card acceptance parameters would have a timely (and
positive) impact on the fraud risk.
Rejected postage labels continued to be an annoyance
rather than a major crime risk. Figures of unexpected
rejections had risen in period 11 and again it was
expected that targeted communications would be the
adopted approach in dealing with a number of branches.
Finally, John presented to the Committee the outline of
a recent HLBP that had been prepared in relation to
Saving Stamp. In summary, this supported efforts to
improve the efficacy of the existing reconciliation
issues and proposed a number of measures from
transaction correction issue through to the withdrawal
of the product and replacement with a closed looped
saving’s card.
For reference, sample checks on 1400 branches continued
to reveal (within the 1400) suspected fraud of around
£80K per month.
2.6 Internal Audit & Risk Management
Page 11
POL00021422
POL00021422
Post Office Ltd - Strictly Confidential
It was agreed that due to meeting room issues (apparent
double booking) this item would be taken off-line.
2.7 Business Environment Scanning
As above.
3.0 AOB
Next meeting is scheduled for 25th June 2008 1400 to
1600 -The Conservatory, 5“ Floor, 80 Old Street.
Page 12