POL00030903
POL00030903
GROUP POLICIES
Whistleblowing Policy
Version — V5
Chief Executive’s Endorsement
The Post Office Group is committed to doing things correctly. Our Values
and Behaviours represent the conduct we expect. This Policy supports these
to help us ensure that colleagues know how to report concerns regarding
wrongdoing or dangerous practices and that they can do so without fear of
recrimination.
Internal and External Page 1of17 — Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
1. Overview
1.1. Introduction by the Policy Owner
1.2. Purpose oe
1.3. Core Principles o.oo... eee esc cc cscs ceeeececeeeeeneeeeceteneecaeeceeseseeueaceceeesasaceseneneesetenseeees 3
1.4. Application ..
1.5. Legislation...
1.6. Protecting the Whistleblower (Your Legal Rights) ............cc:ccceeeeeeeneeeeeees
1.7 The Whistleblowing OffiC@r...........c. ccc cece ce eeseseseeeeeeseeeseseeceesestsseecaeseeeeeeneneeeeseneeeee
1.8 How to Report Whistleblowing
1.9 Responding to Whistleblowing Reports
1.10 External DiSCloSUreS.............ccccecceeesececeeeeeeeeeeeee
2. Risk Appetite and Minimum Control Standards
2.1. Risk Appetit
2.2. Policy Framework
2.3. WHO MUSt COMPLY? .......cccccesesesceceeesesesceseceeesessecscaceeeescecececseeeceseeaeeseecereeseeteeeeeetets
2.4. Minimum Control Standards
3. Definitions.
3.1. Definitions :
4. Where to go for Wel p on... ceeeceeeececcesceesessescseeneseseeesteeeseeseetseecsesestetesiteceseteneeeeeeeees 15
4.1. Additional Policies
4.2. How to raise a concern.
4.3. Who to contact for more information.
5. Governance
n
RoCwrwmMmmmaananan
5.1. Governance Responsibilities
6. Control
6.1. Policy Version . .
6.2. Policy APPrOVal...........ccccceceseseseseececeeeseseecececseeseseecaeeceecevecseaseseeeetavseeteneeeeeeteceteneees TZ
Company Details oo... ceceecececeeesecceesceeeseseececseeeeteecaceeeseecevecseaceseeeerscseeseseereeseaceneeeees TZ
Internal and External Page 20f17 —Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
1 « Overview
1.1. Introduction by the Policy Owner
The General Counsel has overall accountability to the Board of Directors for the
implementation of controls ensuring Post Office meets its Whistleblowing obligations.
Whistleblowing is an agenda item for the Audit and Risk Committee and the Post Office
board is updated as required.
1.2. Purpose
This Policy has been established to set the minimum operating standards relating to the
management of Whistleblowing throughout the Group’. It is one of a set of policies which
provide a clear risk and governance framework and an effective system of internal control
for the management of risk across the Group. Compliance with these policies supports the
Group in meeting its business objectives and to balance the needs of shareholders, staff?
and other stakeholders.
1.3. Core Principles
“Whistleblowing” refers to the act of exposing potential or actual wrongdoing, misconduct
and/or dangerous practices by reporting it either internally within an organisation, or to
an external party. A whistleblower is a person who raises a genuine concern in relation to
any wrongdoing, this includes criminal activity, regulatory breaches, miscarriages of
justice, damage to the environment, financial impropriety, reputational damage, any
breach of legal or professional obligations, dangers to health and safety and the deliberate
attempt to conceal it. In order to encourage Whistleblowing and provide appropriate
protections to whistleblowers, the governance arrangements described in this Policy are
based upon the following core principles:
* To encourage the reporting of any concerns as soon as possible in the knowledge that
Post Office will take all concerns raised seriously and investigate fully, and that the
confidentiality of all individuals will be respected;
e To provide guidance as to how to raise those concerns;
* To provide whistleblowers reassurance that all genuine concerns are raised without
fear of reprisals, even if they turn out to be mistaken;
e Post Office is committed to and oversees the implementation of the Policy in line with
the Group’s risk appetite. The Policy and associated procedures (set out or referred to
in this document) are proportionate to the risks and complexity of the Group;
¢ Post Office undertakes a training and awareness program to ensure all employees are
aware of the Whistleblowing policy and procedure.
' In this Policy “Post Office” and “Group” mean Post Office Limited and any wholly owned subsidiary that formally adopts this
policy.
2 In this Policy “employee” and “staff” means POL or Group's permanent, temporary and fixed term employees, workers
including temporary workers, agency workers (where the terms on which they are engaged are not substantially determined
by them), contractors, consultants and anyone else working under a contract with Post Office, in all cases having regard to
8.230 (3) and s, 43K Employment Rights Act 1996.
Internal and External Page 30f17 — Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
1.4. Application
This Policy is applicable to all staff within the Group and outlines the manner in which Post
Office will encourage, receive and investigate incidents of whistleblowing and the
protections provided for whistleblowers by law.
In order to encourage reporting of wrongdoing, Post Office will, where appropriate, and to
the extent possible, follow equivalent principles to encourage, receive and investigate
incidents of whistleblowing by Postmasters, Agent Assistants, and members of the public
and will not subject any such persons to any detriment (including the termination of any
contract or relationship with Post Office) for raising a genuine whistleblowing concern in
an appropriate manner.
1.5. Legislation
The Group seeks to comply with all relevant UK legal and regulatory requirements
including (but not limited to) the following legislation as amended or supplemented from
time to time:
« Employment Rights Act 1996
¢ Public Interest Disclosure Act 1998
1.6. Protecting the Whistleblower (Your Legal Rights)
Post Office has a statutory obligation to protect whistleblowers and will support any
individual person who raises genuine concerns under this Policy in an appropriate manner,
even if they turn out to be mistaken. In respect of a certain class of person (broadly “staff”
as defined under this policy) Post Office has a statutory obligation not to subject such
persons to detriment or to dismiss them for whistleblowing.
Where a member of staff is subject to a Post Office settlement agreement, any clauses
within it will not prevent the member of staff from whistleblowing. This should in any event
be made clear by the terms of the settlement agreement itself and staff should receive
independent advice in relation to those terms when entering into a settlement agreement.
Post Office will, at all times, respect the confidentiality and protect the whistleblower’s
identity, however:
e It may be necessary in the course of an investigation to share this information with a
relevant stakeholder (e.g. an investigator).
e« There is no requirement for a whistleblower to provide personal contact information,
but not providing this information may reduce Post Office’s ability to undertake a
thorough investigation into the concerns raised.
Post Office will take all reasonable steps to ensure that whistleblowers do not suffer any
detrimental treatment as a result of raising a genuine concern in an appropriate manner.
Detrimental treatment includes disciplinary action, dismissal, threats or other
unfavourable treatment connected with raising a concern. Serious action, typically
disciplinary action, will be taken against any individual who threatens or retaliates against
whistleblowers in any way.
If a whistleblower believes that they have suffered any such treatment, they should inform
the Whistleblowing Officer immediately. The Whistleblowing Officer or nominated deputy
will take all necessary steps at the earliest opportunity to address any victimisation, which
may include working with the HR team to put appropriate remedial measures in place. If
Internal and External Page 40f17 — Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
the matter is not addressed the whistleblower (where they are staff) should raise it
formally using Post Office’s Grievance procedure.
In all cases the whistleblower’s concerns will be treated sensitively and in confidence.
1.7 The Whistleblowing Officer
Post Office has appointed the General Counsel as the Whistleblowing Officer who can be
contacted at f jor by telephone on: :
The role of the Whistleblowing Officer and their nominated deputies is to receive all internal
reports raised, regardless of the channel used, review any concerns raised and determine
the best course of action, if any. They may ask for further information in order to make
this decision.
The Whistleblowing Officer is also responsible for Post Office’s overall Whistleblowing Policy
and governance framework, which ensures that reports are investigated and responded to
in a timely manner. They are responsible for determining the appropriate parties who
should investigate the allegations raised, taking into account the sensitivities and
seriousness of the report and the need to protect the whistleblower.
The Whistleblowing Officer is also responsible for identifying key trends or issues, and
providing assurance to the Board that the policy is complied with.
1.8 How to Report Whistleblowing
Post Office supports and promotes a number, of reporting mechanism:
e Direct to the Whistleblowing Officer t RO. i
e Via a complaint to a front line team, e.g. customer complaints, BSC and Grapevine.
These may be verbal or written communications.
e Contacting the “Speak Up” line, a confidential reporting service which is run by an
independent company, NAVEX Global (formerly Expolink Europe Ltd).
Contact details for the Speak Up line are:
¢ http://postoffice.ethicspoint.com/ which is a secure on-line web portal
What should be reported?
Whistleblowers should raise a concern if they are aware of, or suspect, certain wrongdoing
which affects others (e.g. customers, members of the public, colleagues or the Post Office).
The following lists some examples (this is a non-exhaustive list) of situations where an
individual may raise a concern:
e Where Post Office or the Group is in breach of any legal obligation to which it is
subject (usually a statutory rather than a contractual legal obligation)
e Financial Crime including fraud, money laundering and financing of terrorism,
Giving, offering or taking of bribes inating both inside or outside Post Office but
related to Post Office business activities,
Financial mismanagement, Tax evasion and Misreporting
Racial, sexual, disability or other discrimination (Improper Behaviour),
Practices that could put individuals or the environment at risk,
Breach of Post Office internal policies and procedures
Concerns about slavery or human trafficking3, and
Any conduct likely to damage Post Office’s reputation
? More information in relation to Modern Slavery can be found here
Internal and External Page 50f17 —Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
This policy should not be used by staff wishing to raise complaints relating to their own
personal circumstances, such as the way they have been treated at work. Grievances and
matters such as bullying and harassment should be raised in accordance with the
procedures set out in the appropriate HR policy.
If an individual is uncertain about whether something is within the scope of this Policy they
should seek advice from the Whistleblowing Officer, whose contact details are set out in
this Policy.
1.9 Responding to Whistleblowing Reports
In all instances any whistleblowing reports, regardless of reporting method, will be
responded to within 5 working days and passed onto the Whistleblowing Officer.
All reports will be fully reviewed and investigated and any information, including emails,
or records of telephone calls, letters, or any other form of communication stored securely
and confidentially.
The time frame for investigating the reports raised is dependent on the nature of the report
and the investigation required, however, the whistleblower will be given feedback via the
reporting channel they have used, or have given the Whistleblowing Officer permission to
use (Speak Up line, e-mail or phone call) during the investigation and once it has been
concluded.
The whistleblower may be kept informed of any action taken, however, this information
may be limited if it is required to keep the confidence of other people.
Where a report received is anonymous, whistleblowers will not ordinarily be able to receive
feedback and details of action taken by Post Office may be limited.
1.10 External Disclosures
The aim of this Policy is to provide an internal mechanism for reporting, investigating and
remedying any wrongdoing in the workplace and to demonstrate Post Office’s commitment
to listen to the concerns of staff. In most cases individuals should not find it necessary to
alert anyone externally.
However, the law recognises that in some circumstances it may be appropriate for
individuals to report their concerns to an external body such as a regulator. It will rarely,
if ever, be appropriate to alert the media at least without informing Post Office or an
external agency first and usually in that order.
We strongly encourage individuals to seek advice before reporting a concern to anyone
external. The independent whistleblowing charity, Protect (formerly Public Concern at
Work) have a list of prescribed regulators for reporting certain types of concerns. Their
contact details are as follows:
Website: https: //protect-advice.org.uk/
Protect operates free, confidential advice to people concerned about crime, danger or
wrongdoing in the workplace. All Protect advisors are legally trained and supervised by
qualified lawyers and their advice is fully confidential and subject to legal privilege. All
information, including emails, or records of telephone calls, letters, or any other form of
communication with Protect advisors is stored in a fully encrypted format.
Internal and External Page 60f17 —Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
Post Office Management Services (POMS) is directly regulated by the Financial Conduct
Authority (FCA), Post Office Limited is an appointed representative of Bank of Ireland (UK)
Limited. As such individuals may decide to whistleblow directly to the FCA, and can do so
by using one of the following channels.
te-info/contact/whistleblowing
Address: Intelligence Department (Ref PIDA), Financial Conduct Authority, 12 Endeavour
Square, London, E20 1JN
Whistleblowing concerns usually relate to the conduct of our staff, but they may sometimes
relate to the actions of a third party, such as a customer, supplier, agent, Postmaster or
service provider. In some circumstances the law will protect individuals if they raise the
matter with the third party directly. However, we encourage individuals to report such
concerns internally in the first instance.
Internal and External Page 7 0f17 — Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
2. Risk Appetite and Minimum — Control
Standards
2.1. Risk Appetite
Risk Appetite is the extent to which the Group will accept that a risk might happen in
pursuit of day to day business transactions. It therefore defines the boundaries of activity
and levels of exposure that the Group are willing and able to tolerate.
The Group takes its legal and regulatory responsibilities seriously and consequently has*:
e Tolerant risk appetite for Legal and Regulatory risk in those limited circumstances
where there are significant conflicting imperatives between conformance and
commercial practicality
e Averse risk appetite for litigation in relation to high profile cases/issues
¢ Averse risk appetite for ligation in relation to Financial Services matters
e Averse risk appetite for not complying with law and regulations or deviation from
business’ conduct standards for financial crime to occur within any part of the
organisation
« Averse Risk Appetite in relation to unethical behaviour by our staff.
The Group acknowledges however that in certain scenarios even after extensive controls
have been implemented an action may still sit outside the agreed Risk Appetite.
2.2. Policy Framework
Post Office has established a suite of policies and procedures, on a risk sensitive approach
which are subject to an annual review. The policy suite is designed to comply with
applicable legislation and regulation. The Whistleblowing Policy should be considered and
read in conjunction with other policies where relevant. These may include the Financial
Crime Policy, the Anti-Bribery & Corruption Policy, Health & Safety Policies and HR Policies
where relevant.
2.3. Who Must Comply?
All third parties who do business with the Group, including consultants, suppliers and
business and franchise partners, will be required to agree contractually to this policy or
have their own equivalent policy.
Any investigations will be carried out in accordance with the Investigations Policy which is
available on the Post Office Intranet.
“The Risk appetite was agreed by the Groups Board January 2015
Internal and External Page 8o0f17 — Whistleblowing Policy v5 July 2020.docx
2.4. Minimum Control Standards
POL00030903
POL00030903
A minimum control standard is an activity which must be in place in order to manage the risks so they remain within the defined Risk
Appetite statements. There must be mechanisms in place within each impacted business unit to demonstrate compliance. The minimum
control standards can cover a range of control types, i.e. directive, detective, corrective and preventive which are required to ensure risks
are managed to an acceptable level and within the defined Risk Appetite.
The table below sets out the relationships between identified risk and the required minimum control standards in consideration of the stated
risk appetite. The subsequent pages define the terms used in greater detail:
Risk Area
Description of Risk
Minimum Control Standards
Who is responsible
When
Receipt and
investigation of
whistleblowing reports
Failure to meet legal and
regulatory requirements
Directive Control:
Post Office must nominate a
Whistleblowing Officer to receive
reports, ensure that all reports are
fully investigated and that any
appropriate corrective action is
undertaken.
The Whistleblowing Officer must
provide a whistleblowing report to
the R&CC and ARC at least annually.
Any serious whistleblowing concerns
must be promptly escalated to the
Chairman of the Post Office Audit
and Risk Committee.
Preventative Control:
All employees are trained and the
policy is available to them.
Post Office CEO and
Board
Whistleblowing Officer
Whistleblowing Officer
Whistleblowing Officer
Ongoing
Annually
Ongoing
Training must
be provided at
least annually
and within 30
days of joining
Post Office
Internal and External
Page 9 of 17
Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
Risk Area
Description of Risk
Minimum Control Standards
Who is responsible
When
Receipt and
investigation of
whistleblowing reports
(continued)
The Whistleblowing Officer must
ensure that appropriate
arrangements are in place to ensure
that whistleblowing reports are
addressed promptly including during
absences.
Communications and awareness
provided to all employees.
Corrective Control:
The Whistleblowing Officer must
escalate Whistleblowing reports to
the appropriate Investigating
manager for investigation to take
place.
The nominated Investigating
manager responsible for conducting
the investigation must report the
findings back to the Whistleblowing
Officer.
Whistleblowing Officer
Head of Financial Crime
Whistleblowing officer
Investigating manager
Ongoing
Ongoing
Ongoing
Ongoing
Breach of
confidentiality
Failure to ensure
confidentiality for the
whistleblower
Preventative Control:
Whistleblowing Policy is robust and
up to date.
Confidential Speak Up line reports
are shared only with the
Whistleblowing Officer and
nominated deputies
Whistleblowing email inbox access is
restricted to the Whistleblowing
Officer and nominated deputies.
Whistleblowing Officer
Whistleblowing Officer
Whistleblowing Officer
Ongoing
Ongoing
Ongoing
Internal and External
Page 10 of 17
Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
Risk Area Description of Risk Minimum Control Standards Who is responsible When
Breach of Whistleblowing Officer must put Whistleblowing Officer Ongoing
confidentiality arrangements in place to protect the
(continued) confidentiality of the whistleblower
during investigations
Corrective Control:
All incidents of breaches are Whistleblowing Officer I Ongoing
escalated to the Whistleblowing
Officer to review and take necessary
actions.
Incorrect handling of An individual may raise a Preventative Control:
whistleblowing report whistleblowing report with Training provided to contact teams Whistleblowing Officer Annually and
other individuals in the
Group. Details may then be
shared with various
stakeholders before being
passed onto the
Whistleblowing Officer
to identify potential whistleblowing
reports and ensure these are
correctly handled, e.g.:
e Grapevine,
* BSC,
¢ Customer Support, and
e Executive Correspondence Team
Communications and awareness
provided to all employees.
Corrective Control:
All incidents of breaches are
escalated to the Whistleblowing
Officer to investigate and take
appropriate actions.
Head of Financial Crime
Whistleblowing Officer
within 30 days
of joining the
Post Office
Ongoing
Ongoing
Insufficient
Information
Failure to capture/report
sufficient information about
the issue may mean that
the underlying issue cannot
Directive Control:
Individuals are encouraged to report
issues and provide full information
and their contact details where they
feel able to do so.
Whistleblowing Officer
Ongoing
Internal and External
Page 11 of 17
Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
Risk Area Description of Risk Minimum Control Standards Who is responsible When
Insufficient be properly investigated and I Corrective Control:
Information resolved. All reports, including those where Whistleblowing Officer I Ongoing
(continued) insufficient information has been
provided and no further action was
taken, are recorded on the
Whistleblowing database, which is
reviewed for trends and issues.
The ‘Speak Up’ Service I Failure to effectively record Preventative Control:
whistleblowing reports and The Whistleblowing Officer must Whistleblowing Officer Annually
pass onto the review the effectiveness of the
Whistleblowing Officer, due I service provided by NAVEX Global
to factors such as resource (formerly known as Expolink Europe
or IT failure. Ltd) at least annually.
The Whistleblowing Officer must Whistleblowing Officer Annually
review the effectiveness of the
processes operated by Grapevine,
BSC, Customer Support, and The
Executive Complaints Team at least
annually to ensure that
whistleblowing reports are identified
and communicated promptly.
Treatment of Breach of whistleblowing Preventative Control
Whistleblowers guidelines such that a Training must be provided to all Whistleblowing Officer Ongoing
whistleblower suffers people managers as part of their and People Training
prejudice, detriment or induction process as a manager and I Manager
dismissal as a result of on appointment to Post Office.
making a whistleblowing
report. Annual training must be provided to I Whistleblowing Officer I Ongoing
all Post Office staff to remind them and People Training
of the protections available to Manager
whistleblowers and the importance
Internal and External
Page 12 of 17
Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
must refer to the whistleblowing
policy and must be provided to all
new joiners as part of their induction
programme.
and People Training
Manager
Risk Area Description of Risk Minimum Control Standards Who is responsible When
Treatment of of identifying and reporting
Whistleblowers wrongdoing.
(continued)
The Code of Business Standards Whistleblowing Officer Ongoing
Internal and External
Page 13 of 17
Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
3. Definitions
3.1. Definitions
Grapevine
24/7 Security Support Centre provided by Kings Ltd. Grapevine provide security advice
and record all security incidents across the business, this includes burglaries, robberies
and the reporting of suspicious activity.
Telephone_Number:
E-mail:
BSC
Branch Support Centre (BSC) is a helpline and the first port of call for Post Office branches
if they have any operational query or require assistance.
Telephone Number: Cc
E-mail:
Customer Support Team
Complaints handling team based in Chesterfield. The team address complaints reported
into Post Office via various channels, including post and telephone.
Executive Correspondence Team
This team handles all complaints addressed directly to the Group Executives. The team
liaise with various stakeholders within the business in order to resolve complaints.
E-mail:
Internal and External Page 140f17 —Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
4. Where to go for help
4.1. Additional Policies
This Policy is one of a set of policies. The full set of policies can be found at:
https:
oluk.sharepoint.com/sites/thebub/SitePages/Key %20policies.aspx?web=1
4.2. How to raise a concern
Any Post Office employee who suspects that there is a breach of this Policy should report
this without any undue delay. Whistleblowing can be reported via the following channels:
Their line manager,
A senior member of the HR Team, or
If either or both are not available, staff can contact the Post Office’
Officer, who can bi tacted by email at:
telephone on: ~
The confidential Whistleblowing Speak Up service ‘Ethicspoint’ provided by Navex
Global via telephone on , or
Via a secure on-line web p -p://postoffice. ethicspoint.com/
‘s.Whistleblowing
or by
In some instances it may be appropriate for the individual to report in the form of a
complaint to Grapevine, the Customer Support Team or the Executive Correspondence
Team.
4.3. Who to contact for more information
If you need further information about this Policy or wish to report an issue in relation to
this Policy, please contact the Policy sponsor or Policy owner.
Internal and External Page 150f17 —Whistleblowing Policy v5 July 2020.docx
POL00030903
POL00030903
5 a Governance
5.1. Governance Responsibilities
As at the date of approval of this Policy, the General Counsel is both the Policy Sponsor
and Policy Owner, responsible for oversight of the Policy.
The Audit and Risk Committee are responsible for approving the Policy and overseeing
compliance.
The Board is responsible for setting the Group’s risk appetite.
Internal and External Page 16 0f17 —Whistleblowing Policy v5 July 2020.docx
6. Control
POL00030903
POL00030903
6.1. Policy Version
Date Version I Updated by Change Details
April 2016 1.4 Jane MacLeod Sponsors review and sing-off
August 2017 1.5 Vitor Camara Annual Review and update.
September 2017 1.6 Thomas Richmond _I POL R&CC approval
September 2017 2 Thomas Richmond _I Final version approved
June 2018 2.1 Vitor Camara Annual review and update.
July 2018 2.2 Sally Smith POL R&CC approval
July 2018 2.3 Sally Smith POL ARC approval
September 2018 2.4 Sally Smith POMS ARC approval
September 2018 3 Vitor Camara Final version approved
June 2019 3.1 Sally Smith Annual review and update
June 2019 3.2 Sally Smith Incorporating legal review comments
July 2019 3.3 Sally Smith POL R&CC approval
September 2019 3.4 Sally Smith POMS ARC approval
September 2019 4.0 Sally Smith Final version approved
April 2020 4.1 Sally Smith Updated with new Speak Up service
contact details
June 2020 4.2 Sally Smith Annual review and update
July 2020 4.3 Sally Smith POL RCC approval
July 2020 5.0 Sally Smith Final approval by ARC’s
6.2. Policy Approval
Group Oversight Committee:
Risk and Compliance Committee and Audit and Risk Committee
Committee I Date Approved
POL R&CC 13" July 2020
POL ARC 27" July 2020
POMS ARC 22° July 2020
Policy Sponsor:
Policy Owner:
Policy Author:
Next review:
Company Details
Group Director of Legal, Compliance & Governance
Whistleblowing Officer
Head of Financial Crime
July 2021
Post Office Limited and Post Office Management Services Limited are registered in England and Wales. Registered numbers
2154540 and 08459718 respectively. Registered Office: Finsbury Dials, 20 Finsbury Street, London EC2Y 9AQ.
Post Office Management Services Limited is authorised and regulated by the Financial Conduct Authority (FCA), FRN 630318. Its
Information Commissioners Office registration number is ZA090585.
Post Office Limited is authorised and regulated by Her Majesty's Revenue and Customs (HMRC), REF 12137104. Its Information
Commissioners Office registration number is 24866081.
Internal and External
Page 17 0f17 —Whistleblowing Policy v5 July 2020.docx